diff options
| author |   djm <djm@openbsd.org> | 2010-10-01 22:54:00 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2010-10-01 22:54:00 +0000 |
| commit | f1535dc82c407426dcbc37ddee0ceff3f0c94865 (patch) | |
| tree | f73777171acb436d21ef5cb0f2cd241a939ab7f8 /lib/libcrypto | |
| parent | - document new MODCPAN_MODULES (diff) | |
| download | wireguard-openbsd-f1535dc82c407426dcbc37ddee0ceff3f0c94865.tar.xz wireguard-openbsd-f1535dc82c407426dcbc37ddee0ceff3f0c94865.zip | |
import OpenSSL-1.0.0a
Diffstat (limited to 'lib/libcrypto')
256 files changed, 35115 insertions, 6013 deletions
diff --git a/lib/libcrypto/LPdir_win.c b/lib/libcrypto/LPdir_win.c index 09b475beed1..702dbc730f6 100644 --- a/lib/libcrypto/LPdir_win.c +++ b/lib/libcrypto/LPdir_win.c @@ -54,8 +54,6 @@ struct LP_dir_context_st const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) { - struct dirent *direntry = NULL; - if (ctx == NULL || directory == NULL) { errno = EINVAL; diff --git a/lib/libcrypto/aes/Makefile b/lib/libcrypto/aes/Makefile index 9d174f4c3ef..c501a43a8f6 100644 --- a/lib/libcrypto/aes/Makefile +++ b/lib/libcrypto/aes/Makefile @@ -11,7 +11,7 @@ CFLAG=-g MAKEFILE= Makefile AR= ar r -AES_ASM_OBJ=aes_core.o aes_cbc.o +AES_ENC=aes_core.o aes_cbc.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -26,7 +26,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \ aes_ctr.c aes_ige.c aes_wrap.c LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \ - $(AES_ASM_OBJ) + $(AES_ENC) SRC= $(LIBSRC) @@ -41,24 +41,27 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -$(LIBOBJ): $(LIBSRC) - aes-ia64.s: asm/aes-ia64.S $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@ -ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl + $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ aes-x86_64.s: asm/aes-x86_64.pl - $(PERL) asm/aes-x86_64.pl $@ + $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@ + +aes-sparcv9.s: asm/aes-sparcv9.pl + $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ + +aes-ppc.s: asm/aes-ppc.pl + $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +aes-%.s: asm/aes-%.pl; $(PERL) $< $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -97,16 +100,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h -aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h -aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -aes_cfb.o: aes_cfb.c aes_locl.h +aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c +aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -aes_core.o: aes_core.c aes_locl.h -aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h +aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h +aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h @@ -119,8 +120,8 @@ aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c -aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c +aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/lib/libcrypto/aes/aes_ige.c b/lib/libcrypto/aes/aes_ige.c index 45d70961818..c161351e654 100644 --- a/lib/libcrypto/aes/aes_ige.c +++ b/lib/libcrypto/aes/aes_ige.c @@ -77,11 +77,11 @@ typedef struct { /* N.B. The IV for this mode is _twice_ the block size */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc) { - unsigned long n; - unsigned long len; + size_t n; + size_t len = length; OPENSSL_assert(in && out && key && ivec); OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); @@ -211,12 +211,12 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, /* N.B. The IV for this mode is _four times_ the block size */ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec, const int enc) { - unsigned long n; - unsigned long len = length; + size_t n; + size_t len = length; unsigned char tmp[AES_BLOCK_SIZE]; unsigned char tmp2[AES_BLOCK_SIZE]; unsigned char tmp3[AES_BLOCK_SIZE]; diff --git a/lib/libcrypto/aes/asm/aes-armv4.pl b/lib/libcrypto/aes/asm/aes-armv4.pl index 15742c1ec54..690244111a6 100644 --- a/lib/libcrypto/aes/asm/aes-armv4.pl +++ b/lib/libcrypto/aes/asm/aes-armv4.pl @@ -1024,6 +1024,7 @@ _armv4_AES_decrypt: mov pc,lr @ return .size _armv4_AES_decrypt,.-_armv4_AES_decrypt .asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 ___ $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 diff --git a/lib/libcrypto/aes/asm/aes-ppc.pl b/lib/libcrypto/aes/asm/aes-ppc.pl index ce427655ef7..f82c5e18141 100644 --- a/lib/libcrypto/aes/asm/aes-ppc.pl +++ b/lib/libcrypto/aes/asm/aes-ppc.pl @@ -16,6 +16,19 @@ # at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact - # at 1/3 of ppc_AES_decrypt. +# February 2010 +# +# Rescheduling instructions to favour Power6 pipeline gives 10% +# performance improvement on the platfrom in question (and marginal +# improvement even on others). It should be noted that Power6 fails +# to process byte in 18 cycles, only in 23, because it fails to issue +# 4 load instructions in two cycles, only in 3. As result non-compact +# block subroutines are 25% slower than one would expect. Compact +# functions scale better, because they have pure computational part, +# which scales perfectly with clock frequency. To be specific +# ppc_AES_encrypt_compact operates at 42 cycles per byte, while +# ppc_AES_decrypt_compact - at 55 (in 64-bit build). + $flavour = shift; if ($flavour =~ /64/) { @@ -376,7 +389,7 @@ $code.=<<___; addi $sp,$sp,$FRAME blr -.align 4 +.align 5 Lppc_AES_encrypt: lwz $acc00,240($key) lwz $t0,0($key) @@ -397,46 +410,46 @@ Lppc_AES_encrypt: Lenc_loop: rlwinm $acc00,$s0,`32-24+3`,21,28 rlwinm $acc01,$s1,`32-24+3`,21,28 - lwz $t0,0($key) - lwz $t1,4($key) rlwinm $acc02,$s2,`32-24+3`,21,28 rlwinm $acc03,$s3,`32-24+3`,21,28 - lwz $t2,8($key) - lwz $t3,12($key) + lwz $t0,0($key) + lwz $t1,4($key) rlwinm $acc04,$s1,`32-16+3`,21,28 rlwinm $acc05,$s2,`32-16+3`,21,28 - lwzx $acc00,$Tbl0,$acc00 - lwzx $acc01,$Tbl0,$acc01 + lwz $t2,8($key) + lwz $t3,12($key) rlwinm $acc06,$s3,`32-16+3`,21,28 rlwinm $acc07,$s0,`32-16+3`,21,28 - lwzx $acc02,$Tbl0,$acc02 - lwzx $acc03,$Tbl0,$acc03 + lwzx $acc00,$Tbl0,$acc00 + lwzx $acc01,$Tbl0,$acc01 rlwinm $acc08,$s2,`32-8+3`,21,28 rlwinm $acc09,$s3,`32-8+3`,21,28 - lwzx $acc04,$Tbl1,$acc04 - lwzx $acc05,$Tbl1,$acc05 + lwzx $acc02,$Tbl0,$acc02 + lwzx $acc03,$Tbl0,$acc03 rlwinm $acc10,$s0,`32-8+3`,21,28 rlwinm $acc11,$s1,`32-8+3`,21,28 - lwzx $acc06,$Tbl1,$acc06 - lwzx $acc07,$Tbl1,$acc07 + lwzx $acc04,$Tbl1,$acc04 + lwzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s3,`0+3`,21,28 rlwinm $acc13,$s0,`0+3`,21,28 - lwzx $acc08,$Tbl2,$acc08 - lwzx $acc09,$Tbl2,$acc09 + lwzx $acc06,$Tbl1,$acc06 + lwzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s1,`0+3`,21,28 rlwinm $acc15,$s2,`0+3`,21,28 - lwzx $acc10,$Tbl2,$acc10 - lwzx $acc11,$Tbl2,$acc11 + lwzx $acc08,$Tbl2,$acc08 + lwzx $acc09,$Tbl2,$acc09 xor $t0,$t0,$acc00 xor $t1,$t1,$acc01 - lwzx $acc12,$Tbl3,$acc12 - lwzx $acc13,$Tbl3,$acc13 + lwzx $acc10,$Tbl2,$acc10 + lwzx $acc11,$Tbl2,$acc11 xor $t2,$t2,$acc02 xor $t3,$t3,$acc03 - lwzx $acc14,$Tbl3,$acc14 - lwzx $acc15,$Tbl3,$acc15 + lwzx $acc12,$Tbl3,$acc12 + lwzx $acc13,$Tbl3,$acc13 xor $t0,$t0,$acc04 xor $t1,$t1,$acc05 + lwzx $acc14,$Tbl3,$acc14 + lwzx $acc15,$Tbl3,$acc15 xor $t2,$t2,$acc06 xor $t3,$t3,$acc07 xor $t0,$t0,$acc08 @@ -452,60 +465,60 @@ Lenc_loop: addi $Tbl2,$Tbl0,2048 nop - lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4 - lwz $acc09,`2048+32`($Tbl0) - lwz $acc10,`2048+64`($Tbl0) - lwz $acc11,`2048+96`($Tbl0) - lwz $acc08,`2048+128`($Tbl0) - lwz $acc09,`2048+160`($Tbl0) - lwz $acc10,`2048+192`($Tbl0) - lwz $acc11,`2048+224`($Tbl0) - rlwinm $acc00,$s0,`32-24`,24,31 - rlwinm $acc01,$s1,`32-24`,24,31 lwz $t0,0($key) lwz $t1,4($key) - rlwinm $acc02,$s2,`32-24`,24,31 - rlwinm $acc03,$s3,`32-24`,24,31 + rlwinm $acc00,$s0,`32-24`,24,31 + rlwinm $acc01,$s1,`32-24`,24,31 lwz $t2,8($key) lwz $t3,12($key) + rlwinm $acc02,$s2,`32-24`,24,31 + rlwinm $acc03,$s3,`32-24`,24,31 + lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4 + lwz $acc09,`2048+32`($Tbl0) rlwinm $acc04,$s1,`32-16`,24,31 rlwinm $acc05,$s2,`32-16`,24,31 - lbzx $acc00,$Tbl2,$acc00 - lbzx $acc01,$Tbl2,$acc01 + lwz $acc10,`2048+64`($Tbl0) + lwz $acc11,`2048+96`($Tbl0) rlwinm $acc06,$s3,`32-16`,24,31 rlwinm $acc07,$s0,`32-16`,24,31 - lbzx $acc02,$Tbl2,$acc02 - lbzx $acc03,$Tbl2,$acc03 + lwz $acc12,`2048+128`($Tbl0) + lwz $acc13,`2048+160`($Tbl0) rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc04,$Tbl2,$acc04 - lbzx $acc05,$Tbl2,$acc05 + lwz $acc14,`2048+192`($Tbl0) + lwz $acc15,`2048+224`($Tbl0) rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc06,$Tbl2,$acc06 - lbzx $acc07,$Tbl2,$acc07 + lbzx $acc00,$Tbl2,$acc00 + lbzx $acc01,$Tbl2,$acc01 rlwinm $acc12,$s3,`0`,24,31 rlwinm $acc13,$s0,`0`,24,31 - lbzx $acc08,$Tbl2,$acc08 - lbzx $acc09,$Tbl2,$acc09 + lbzx $acc02,$Tbl2,$acc02 + lbzx $acc03,$Tbl2,$acc03 rlwinm $acc14,$s1,`0`,24,31 rlwinm $acc15,$s2,`0`,24,31 - lbzx $acc10,$Tbl2,$acc10 - lbzx $acc11,$Tbl2,$acc11 + lbzx $acc04,$Tbl2,$acc04 + lbzx $acc05,$Tbl2,$acc05 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc12,$Tbl2,$acc12 - lbzx $acc13,$Tbl2,$acc13 + lbzx $acc06,$Tbl2,$acc06 + lbzx $acc07,$Tbl2,$acc07 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 - lbzx $acc14,$Tbl2,$acc14 - lbzx $acc15,$Tbl2,$acc15 + lbzx $acc08,$Tbl2,$acc08 + lbzx $acc09,$Tbl2,$acc09 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc10,$Tbl2,$acc10 + lbzx $acc11,$Tbl2,$acc11 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 + lbzx $acc12,$Tbl2,$acc12 + lbzx $acc13,$Tbl2,$acc13 rlwimi $s0,$acc08,8,16,23 rlwimi $s1,$acc09,8,16,23 + lbzx $acc14,$Tbl2,$acc14 + lbzx $acc15,$Tbl2,$acc15 rlwimi $s2,$acc10,8,16,23 rlwimi $s3,$acc11,8,16,23 or $s0,$s0,$acc12 @@ -542,40 +555,40 @@ Lenc_compact_loop: rlwinm $acc01,$s1,`32-24`,24,31 rlwinm $acc02,$s2,`32-24`,24,31 rlwinm $acc03,$s3,`32-24`,24,31 - lbzx $acc00,$Tbl1,$acc00 - lbzx $acc01,$Tbl1,$acc01 rlwinm $acc04,$s1,`32-16`,24,31 rlwinm $acc05,$s2,`32-16`,24,31 - lbzx $acc02,$Tbl1,$acc02 - lbzx $acc03,$Tbl1,$acc03 rlwinm $acc06,$s3,`32-16`,24,31 rlwinm $acc07,$s0,`32-16`,24,31 - lbzx $acc04,$Tbl1,$acc04 - lbzx $acc05,$Tbl1,$acc05 + lbzx $acc00,$Tbl1,$acc00 + lbzx $acc01,$Tbl1,$acc01 rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc06,$Tbl1,$acc06 - lbzx $acc07,$Tbl1,$acc07 + lbzx $acc02,$Tbl1,$acc02 + lbzx $acc03,$Tbl1,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc08,$Tbl1,$acc08 - lbzx $acc09,$Tbl1,$acc09 + lbzx $acc04,$Tbl1,$acc04 + lbzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s3,`0`,24,31 rlwinm $acc13,$s0,`0`,24,31 - lbzx $acc10,$Tbl1,$acc10 - lbzx $acc11,$Tbl1,$acc11 + lbzx $acc06,$Tbl1,$acc06 + lbzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s1,`0`,24,31 rlwinm $acc15,$s2,`0`,24,31 - lbzx $acc12,$Tbl1,$acc12 - lbzx $acc13,$Tbl1,$acc13 + lbzx $acc08,$Tbl1,$acc08 + lbzx $acc09,$Tbl1,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc14,$Tbl1,$acc14 - lbzx $acc15,$Tbl1,$acc15 + lbzx $acc10,$Tbl1,$acc10 + lbzx $acc11,$Tbl1,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl1,$acc12 + lbzx $acc13,$Tbl1,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl1,$acc14 + lbzx $acc15,$Tbl1,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 @@ -725,7 +738,7 @@ Lenc_compact_done: addi $sp,$sp,$FRAME blr -.align 4 +.align 5 Lppc_AES_decrypt: lwz $acc00,240($key) lwz $t0,0($key) @@ -746,46 +759,46 @@ Lppc_AES_decrypt: Ldec_loop: rlwinm $acc00,$s0,`32-24+3`,21,28 rlwinm $acc01,$s1,`32-24+3`,21,28 - lwz $t0,0($key) - lwz $t1,4($key) rlwinm $acc02,$s2,`32-24+3`,21,28 rlwinm $acc03,$s3,`32-24+3`,21,28 - lwz $t2,8($key) - lwz $t3,12($key) + lwz $t0,0($key) + lwz $t1,4($key) rlwinm $acc04,$s3,`32-16+3`,21,28 rlwinm $acc05,$s0,`32-16+3`,21,28 - lwzx $acc00,$Tbl0,$acc00 - lwzx $acc01,$Tbl0,$acc01 + lwz $t2,8($key) + lwz $t3,12($key) rlwinm $acc06,$s1,`32-16+3`,21,28 rlwinm $acc07,$s2,`32-16+3`,21,28 - lwzx $acc02,$Tbl0,$acc02 - lwzx $acc03,$Tbl0,$acc03 + lwzx $acc00,$Tbl0,$acc00 + lwzx $acc01,$Tbl0,$acc01 rlwinm $acc08,$s2,`32-8+3`,21,28 rlwinm $acc09,$s3,`32-8+3`,21,28 - lwzx $acc04,$Tbl1,$acc04 - lwzx $acc05,$Tbl1,$acc05 + lwzx $acc02,$Tbl0,$acc02 + lwzx $acc03,$Tbl0,$acc03 rlwinm $acc10,$s0,`32-8+3`,21,28 rlwinm $acc11,$s1,`32-8+3`,21,28 - lwzx $acc06,$Tbl1,$acc06 - lwzx $acc07,$Tbl1,$acc07 + lwzx $acc04,$Tbl1,$acc04 + lwzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s1,`0+3`,21,28 rlwinm $acc13,$s2,`0+3`,21,28 - lwzx $acc08,$Tbl2,$acc08 - lwzx $acc09,$Tbl2,$acc09 + lwzx $acc06,$Tbl1,$acc06 + lwzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s3,`0+3`,21,28 rlwinm $acc15,$s0,`0+3`,21,28 - lwzx $acc10,$Tbl2,$acc10 - lwzx $acc11,$Tbl2,$acc11 + lwzx $acc08,$Tbl2,$acc08 + lwzx $acc09,$Tbl2,$acc09 xor $t0,$t0,$acc00 xor $t1,$t1,$acc01 - lwzx $acc12,$Tbl3,$acc12 - lwzx $acc13,$Tbl3,$acc13 + lwzx $acc10,$Tbl2,$acc10 + lwzx $acc11,$Tbl2,$acc11 xor $t2,$t2,$acc02 xor $t3,$t3,$acc03 - lwzx $acc14,$Tbl3,$acc14 - lwzx $acc15,$Tbl3,$acc15 + lwzx $acc12,$Tbl3,$acc12 + lwzx $acc13,$Tbl3,$acc13 xor $t0,$t0,$acc04 xor $t1,$t1,$acc05 + lwzx $acc14,$Tbl3,$acc14 + lwzx $acc15,$Tbl3,$acc15 xor $t2,$t2,$acc06 xor $t3,$t3,$acc07 xor $t0,$t0,$acc08 @@ -801,56 +814,56 @@ Ldec_loop: addi $Tbl2,$Tbl0,2048 nop - lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4 - lwz $acc09,`2048+32`($Tbl0) - lwz $acc10,`2048+64`($Tbl0) - lwz $acc11,`2048+96`($Tbl0) - lwz $acc08,`2048+128`($Tbl0) - lwz $acc09,`2048+160`($Tbl0) - lwz $acc10,`2048+192`($Tbl0) - lwz $acc11,`2048+224`($Tbl0) - rlwinm $acc00,$s0,`32-24`,24,31 - rlwinm $acc01,$s1,`32-24`,24,31 lwz $t0,0($key) lwz $t1,4($key) - rlwinm $acc02,$s2,`32-24`,24,31 - rlwinm $acc03,$s3,`32-24`,24,31 + rlwinm $acc00,$s0,`32-24`,24,31 + rlwinm $acc01,$s1,`32-24`,24,31 lwz $t2,8($key) lwz $t3,12($key) + rlwinm $acc02,$s2,`32-24`,24,31 + rlwinm $acc03,$s3,`32-24`,24,31 + lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4 + lwz $acc09,`2048+32`($Tbl0) rlwinm $acc04,$s3,`32-16`,24,31 rlwinm $acc05,$s0,`32-16`,24,31 + lwz $acc10,`2048+64`($Tbl0) + lwz $acc11,`2048+96`($Tbl0) lbzx $acc00,$Tbl2,$acc00 lbzx $acc01,$Tbl2,$acc01 + lwz $acc12,`2048+128`($Tbl0) + lwz $acc13,`2048+160`($Tbl0) rlwinm $acc06,$s1,`32-16`,24,31 rlwinm $acc07,$s2,`32-16`,24,31 - lbzx $acc02,$Tbl2,$acc02 - lbzx $acc03,$Tbl2,$acc03 + lwz $acc14,`2048+192`($Tbl0) + lwz $acc15,`2048+224`($Tbl0) rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc04,$Tbl2,$acc04 - lbzx $acc05,$Tbl2,$acc05 + lbzx $acc02,$Tbl2,$acc02 + lbzx $acc03,$Tbl2,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc06,$Tbl2,$acc06 - lbzx $acc07,$Tbl2,$acc07 + lbzx $acc04,$Tbl2,$acc04 + lbzx $acc05,$Tbl2,$acc05 rlwinm $acc12,$s1,`0`,24,31 rlwinm $acc13,$s2,`0`,24,31 - lbzx $acc08,$Tbl2,$acc08 - lbzx $acc09,$Tbl2,$acc09 + lbzx $acc06,$Tbl2,$acc06 + lbzx $acc07,$Tbl2,$acc07 rlwinm $acc14,$s3,`0`,24,31 rlwinm $acc15,$s0,`0`,24,31 - lbzx $acc10,$Tbl2,$acc10 - lbzx $acc11,$Tbl2,$acc11 + lbzx $acc08,$Tbl2,$acc08 + lbzx $acc09,$Tbl2,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc12,$Tbl2,$acc12 - lbzx $acc13,$Tbl2,$acc13 + lbzx $acc10,$Tbl2,$acc10 + lbzx $acc11,$Tbl2,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 - lbzx $acc14,$Tbl2,$acc14 - lbzx $acc15,$Tbl2,$acc15 + lbzx $acc12,$Tbl2,$acc12 + lbzx $acc13,$Tbl2,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl2,$acc14 + lbzx $acc15,$Tbl2,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 @@ -897,40 +910,40 @@ Ldec_compact_loop: rlwinm $acc01,$s1,`32-24`,24,31 rlwinm $acc02,$s2,`32-24`,24,31 rlwinm $acc03,$s3,`32-24`,24,31 - lbzx $acc00,$Tbl1,$acc00 - lbzx $acc01,$Tbl1,$acc01 rlwinm $acc04,$s3,`32-16`,24,31 rlwinm $acc05,$s0,`32-16`,24,31 - lbzx $acc02,$Tbl1,$acc02 - lbzx $acc03,$Tbl1,$acc03 rlwinm $acc06,$s1,`32-16`,24,31 rlwinm $acc07,$s2,`32-16`,24,31 - lbzx $acc04,$Tbl1,$acc04 - lbzx $acc05,$Tbl1,$acc05 + lbzx $acc00,$Tbl1,$acc00 + lbzx $acc01,$Tbl1,$acc01 rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc06,$Tbl1,$acc06 - lbzx $acc07,$Tbl1,$acc07 + lbzx $acc02,$Tbl1,$acc02 + lbzx $acc03,$Tbl1,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc08,$Tbl1,$acc08 - lbzx $acc09,$Tbl1,$acc09 + lbzx $acc04,$Tbl1,$acc04 + lbzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s1,`0`,24,31 rlwinm $acc13,$s2,`0`,24,31 - lbzx $acc10,$Tbl1,$acc10 - lbzx $acc11,$Tbl1,$acc11 + lbzx $acc06,$Tbl1,$acc06 + lbzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s3,`0`,24,31 rlwinm $acc15,$s0,`0`,24,31 - lbzx $acc12,$Tbl1,$acc12 - lbzx $acc13,$Tbl1,$acc13 + lbzx $acc08,$Tbl1,$acc08 + lbzx $acc09,$Tbl1,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc14,$Tbl1,$acc14 - lbzx $acc15,$Tbl1,$acc15 + lbzx $acc10,$Tbl1,$acc10 + lbzx $acc11,$Tbl1,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl1,$acc12 + lbzx $acc13,$Tbl1,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl1,$acc14 + lbzx $acc15,$Tbl1,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 diff --git a/lib/libcrypto/aes/asm/aes-s390x.pl b/lib/libcrypto/aes/asm/aes-s390x.pl index 4b27afd92fc..7e018892982 100644 --- a/lib/libcrypto/aes/asm/aes-s390x.pl +++ b/lib/libcrypto/aes/asm/aes-s390x.pl @@ -765,6 +765,11 @@ $code.=<<___ if (!$softonly); srl %r5,6 ar %r5,%r0 + larl %r1,OPENSSL_s390xcap_P + lg %r0,0(%r1) + tmhl %r0,0x4000 # check for message-security assist + jz .Lekey_internal + lghi %r0,0 # query capability vector la %r1,16($sp) .long 0xb92f0042 # kmc %r4,%r2 @@ -1323,6 +1328,7 @@ $code.=<<___; 4: ex $len,0($s1) j .Lcbc_dec_exit .size AES_cbc_encrypt,.-AES_cbc_encrypt +.comm OPENSSL_s390xcap_P,8,8 ___ } $code.=<<___; diff --git a/lib/libcrypto/aes/asm/aes-x86_64.pl b/lib/libcrypto/aes/asm/aes-x86_64.pl index f616f1751f7..a545e892aef 100755 --- a/lib/libcrypto/aes/asm/aes-x86_64.pl +++ b/lib/libcrypto/aes/asm/aes-x86_64.pl @@ -2,11 +2,12 @@ # # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. # ==================================================================== # -# Version 1.2. +# Version 2.1. # # aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on # Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version @@ -17,17 +18,29 @@ # # Performance in number of cycles per processed byte for 128-bit key: # -# ECB CBC encrypt -# AMD64 13.7 13.0(*) -# EM64T 20.2 18.6(*) +# ECB encrypt ECB decrypt CBC large chunk +# AMD64 33 41 13.0 +# EM64T 38 59 18.6(*) +# Core 2 30 43 14.5(*) # -# (*) CBC benchmarks are better than ECB thanks to custom ABI used -# by the private block encryption function. +# (*) with hyper-threading off + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour $output"; $verticalspin=1; # unlike 32-bit version $verticalspin performs # ~15% better on both AMD and Intel cores -$output=shift; -open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output"; +$speed_limit=512; # see aes-586.pl for details $code=".text\n"; @@ -35,9 +48,9 @@ $s0="%eax"; $s1="%ebx"; $s2="%ecx"; $s3="%edx"; -$acc0="%esi"; -$acc1="%edi"; -$acc2="%ebp"; +$acc0="%esi"; $mask80="%rsi"; +$acc1="%edi"; $maskfe="%rdi"; +$acc2="%ebp"; $mask1b="%rbp"; $inp="%r8"; $out="%r9"; $t0="%r10d"; @@ -51,6 +64,8 @@ sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; $r =~ s/%[er]([sd]i)/%\1l/; $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } +sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/; + $r =~ s/%r([0-9]+)/%r\1d/; $r; } sub _data_word() { my $i; while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; } @@ -138,22 +153,17 @@ $code.=<<___; movzb `&lo("$s0")`,$acc0 movzb `&lo("$s1")`,$acc1 movzb `&lo("$s2")`,$acc2 - mov 2($sbox,$acc0,8),$t0 - mov 2($sbox,$acc1,8),$t1 - mov 2($sbox,$acc2,8),$t2 - - and \$0x000000ff,$t0 - and \$0x000000ff,$t1 - and \$0x000000ff,$t2 + movzb 2($sbox,$acc0,8),$t0 + movzb 2($sbox,$acc1,8),$t1 + movzb 2($sbox,$acc2,8),$t2 movzb `&lo("$s3")`,$acc0 movzb `&hi("$s1")`,$acc1 movzb `&hi("$s2")`,$acc2 - mov 2($sbox,$acc0,8),$t3 + movzb 2($sbox,$acc0,8),$t3 mov 0($sbox,$acc1,8),$acc1 #$t0 mov 0($sbox,$acc2,8),$acc2 #$t1 - and \$0x000000ff,$t3 and \$0x0000ff00,$acc1 and \$0x0000ff00,$acc2 @@ -345,6 +355,234 @@ $code.=<<___; .size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt ___ +# it's possible to implement this by shifting tN by 8, filling least +# significant byte with byte load and finally bswap-ing at the end, +# but such partial register load kills Core 2... +sub enccompactvert() +{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); + +$code.=<<___; + movzb `&lo("$s0")`,$t0 + movzb `&lo("$s1")`,$t1 + movzb `&lo("$s2")`,$t2 + movzb ($sbox,$t0,1),$t0 + movzb ($sbox,$t1,1),$t1 + movzb ($sbox,$t2,1),$t2 + + movzb `&lo("$s3")`,$t3 + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + movzb ($sbox,$t3,1),$t3 + movzb ($sbox,$acc0,1),$t4 #$t0 + movzb ($sbox,$acc1,1),$t5 #$t1 + + movzb `&hi("$s3")`,$acc2 + movzb `&hi("$s0")`,$acc0 + shr \$16,$s2 + movzb ($sbox,$acc2,1),$acc2 #$t2 + movzb ($sbox,$acc0,1),$acc0 #$t3 + shr \$16,$s3 + + movzb `&lo("$s2")`,$acc1 + shl \$8,$t4 + shl \$8,$t5 + movzb ($sbox,$acc1,1),$acc1 #$t0 + xor $t4,$t0 + xor $t5,$t1 + + movzb `&lo("$s3")`,$t4 + shr \$16,$s0 + shr \$16,$s1 + movzb `&lo("$s0")`,$t5 + shl \$8,$acc2 + shl \$8,$acc0 + movzb ($sbox,$t4,1),$t4 #$t1 + movzb ($sbox,$t5,1),$t5 #$t2 + xor $acc2,$t2 + xor $acc0,$t3 + + movzb `&lo("$s1")`,$acc2 + movzb `&hi("$s3")`,$acc0 + shl \$16,$acc1 + movzb ($sbox,$acc2,1),$acc2 #$t3 + movzb ($sbox,$acc0,1),$acc0 #$t0 + xor $acc1,$t0 + + movzb `&hi("$s0")`,$acc1 + shr \$8,$s2 + shr \$8,$s1 + movzb ($sbox,$acc1,1),$acc1 #$t1 + movzb ($sbox,$s2,1),$s3 #$t3 + movzb ($sbox,$s1,1),$s2 #$t2 + shl \$16,$t4 + shl \$16,$t5 + shl \$16,$acc2 + xor $t4,$t1 + xor $t5,$t2 + xor $acc2,$t3 + + shl \$24,$acc0 + shl \$24,$acc1 + shl \$24,$s3 + xor $acc0,$t0 + shl \$24,$s2 + xor $acc1,$t1 + mov $t0,$s0 + mov $t1,$s1 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +sub enctransform_ref() +{ my $sn = shift; + my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d"); + +$code.=<<___; + mov $sn,$acc + and \$0x80808080,$acc + mov $acc,$tmp + shr \$7,$tmp + lea ($sn,$sn),$r2 + sub $tmp,$acc + and \$0xfefefefe,$r2 + and \$0x1b1b1b1b,$acc + mov $sn,$tmp + xor $acc,$r2 + + xor $r2,$sn + rol \$24,$sn + xor $r2,$sn + ror \$16,$tmp + xor $tmp,$sn + ror \$8,$tmp + xor $tmp,$sn +___ +} + +# unlike decrypt case it does not pay off to parallelize enctransform +sub enctransform() +{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d"); + +$code.=<<___; + mov $s0,$acc0 + mov $s1,$acc1 + and \$0x80808080,$acc0 + and \$0x80808080,$acc1 + mov $acc0,$t0 + mov $acc1,$t1 + shr \$7,$t0 + lea ($s0,$s0),$r20 + shr \$7,$t1 + lea ($s1,$s1),$r21 + sub $t0,$acc0 + sub $t1,$acc1 + and \$0xfefefefe,$r20 + and \$0xfefefefe,$r21 + and \$0x1b1b1b1b,$acc0 + and \$0x1b1b1b1b,$acc1 + mov $s0,$t0 + mov $s1,$t1 + xor $acc0,$r20 + xor $acc1,$r21 + + xor $r20,$s0 + xor $r21,$s1 + mov $s2,$acc0 + mov $s3,$acc1 + rol \$24,$s0 + rol \$24,$s1 + and \$0x80808080,$acc0 + and \$0x80808080,$acc1 + xor $r20,$s0 + xor $r21,$s1 + mov $acc0,$t2 + mov $acc1,$t3 + ror \$16,$t0 + ror \$16,$t1 + shr \$7,$t2 + lea ($s2,$s2),$r20 + xor $t0,$s0 + xor $t1,$s1 + shr \$7,$t3 + lea ($s3,$s3),$r21 + ror \$8,$t0 + ror \$8,$t1 + sub $t2,$acc0 + sub $t3,$acc1 + xor $t0,$s0 + xor $t1,$s1 + + and \$0xfefefefe,$r20 + and \$0xfefefefe,$r21 + and \$0x1b1b1b1b,$acc0 + and \$0x1b1b1b1b,$acc1 + mov $s2,$t2 + mov $s3,$t3 + xor $acc0,$r20 + xor $acc1,$r21 + + xor $r20,$s2 + xor $r21,$s3 + rol \$24,$s2 + rol \$24,$s3 + xor $r20,$s2 + xor $r21,$s3 + mov 0($sbox),$acc0 # prefetch Te4 + ror \$16,$t2 + ror \$16,$t3 + mov 64($sbox),$acc1 + xor $t2,$s2 + xor $t3,$s3 + mov 128($sbox),$r20 + ror \$8,$t2 + ror \$8,$t3 + mov 192($sbox),$r21 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +$code.=<<___; +.type _x86_64_AES_encrypt_compact,\@abi-omnipotent +.align 16 +_x86_64_AES_encrypt_compact: + lea 128($sbox),$inp # size optimization + mov 0-128($inp),$acc1 # prefetch Te4 + mov 32-128($inp),$acc2 + mov 64-128($inp),$t0 + mov 96-128($inp),$t1 + mov 128-128($inp),$acc1 + mov 160-128($inp),$acc2 + mov 192-128($inp),$t0 + mov 224-128($inp),$t1 + jmp .Lenc_loop_compact +.align 16 +.Lenc_loop_compact: + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + lea 16($key),$key +___ + &enccompactvert(); +$code.=<<___; + cmp 16(%rsp),$key + je .Lenc_compact_done +___ + &enctransform(); +$code.=<<___; + jmp .Lenc_loop_compact +.align 16 +.Lenc_compact_done: + xor 0($key),$s0 + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + .byte 0xf3,0xc3 # rep ret +.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact +___ + # void AES_encrypt (const void *inp,void *out,const AES_KEY *key); $code.=<<___; .globl AES_encrypt @@ -358,31 +596,57 @@ AES_encrypt: push %r14 push %r15 - mov %rdx,$key - mov %rdi,$inp - mov %rsi,$out - - .picmeup $sbox - lea AES_Te-.($sbox),$sbox - - mov 0($inp),$s0 - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 + # allocate frame "above" key schedule + mov %rsp,%r10 + lea -63(%rdx),%rcx # %rdx is key argument + and \$-64,%rsp + sub %rsp,%rcx + neg %rcx + and \$0x3c0,%rcx + sub %rcx,%rsp + sub \$32,%rsp - call _x86_64_AES_encrypt + mov %rsi,16(%rsp) # save out + mov %r10,24(%rsp) # save real stack pointer +.Lenc_prologue: - mov $s0,0($out) + mov %rdx,$key + mov 240($key),$rnds # load rounds + + mov 0(%rdi),$s0 # load input vector + mov 4(%rdi),$s1 + mov 8(%rdi),$s2 + mov 12(%rdi),$s3 + + shl \$4,$rnds + lea ($key,$rnds),%rbp + mov $key,(%rsp) # key schedule + mov %rbp,8(%rsp) # end of key schedule + + # pick Te4 copy which can't "overlap" with stack frame or key schedule + lea .LAES_Te+2048(%rip),$sbox + lea 768(%rsp),%rbp + sub $sbox,%rbp + and \$0x300,%rbp + lea ($sbox,%rbp),$sbox + + call _x86_64_AES_encrypt_compact + + mov 16(%rsp),$out # restore out + mov 24(%rsp),%rsi # restore saved stack pointer + mov $s0,0($out) # write output vector mov $s1,4($out) mov $s2,8($out) mov $s3,12($out) - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lenc_epilogue: ret .size AES_encrypt,.-AES_encrypt ___ @@ -453,19 +717,20 @@ sub declastvert() { my $t3="%r8d"; # zaps $inp! $code.=<<___; + lea 2048($sbox),$sbox # size optimization movzb `&lo("$s0")`,$acc0 movzb `&lo("$s1")`,$acc1 movzb `&lo("$s2")`,$acc2 - movzb 2048($sbox,$acc0,1),$t0 - movzb 2048($sbox,$acc1,1),$t1 - movzb 2048($sbox,$acc2,1),$t2 + movzb ($sbox,$acc0,1),$t0 + movzb ($sbox,$acc1,1),$t1 + movzb ($sbox,$acc2,1),$t2 movzb `&lo("$s3")`,$acc0 movzb `&hi("$s3")`,$acc1 movzb `&hi("$s0")`,$acc2 - movzb 2048($sbox,$acc0,1),$t3 - movzb 2048($sbox,$acc1,1),$acc1 #$t0 - movzb 2048($sbox,$acc2,1),$acc2 #$t1 + movzb ($sbox,$acc0,1),$t3 + movzb ($sbox,$acc1,1),$acc1 #$t0 + movzb ($sbox,$acc2,1),$acc2 #$t1 shl \$8,$acc1 shl \$8,$acc2 @@ -477,8 +742,8 @@ $code.=<<___; movzb `&hi("$s1")`,$acc0 movzb `&hi("$s2")`,$acc1 shr \$16,$s0 - movzb 2048($sbox,$acc0,1),$acc0 #$t2 - movzb 2048($sbox,$acc1,1),$acc1 #$t3 + movzb ($sbox,$acc0,1),$acc0 #$t2 + movzb ($sbox,$acc1,1),$acc1 #$t3 shl \$8,$acc0 shl \$8,$acc1 @@ -490,9 +755,9 @@ $code.=<<___; movzb `&lo("$s2")`,$acc0 movzb `&lo("$s3")`,$acc1 movzb `&lo("$s0")`,$acc2 - movzb 2048($sbox,$acc0,1),$acc0 #$t0 - movzb 2048($sbox,$acc1,1),$acc1 #$t1 - movzb 2048($sbox,$acc2,1),$acc2 #$t2 + movzb ($sbox,$acc0,1),$acc0 #$t0 + movzb ($sbox,$acc1,1),$acc1 #$t1 + movzb ($sbox,$acc2,1),$acc2 #$t2 shl \$16,$acc0 shl \$16,$acc1 @@ -505,9 +770,9 @@ $code.=<<___; movzb `&lo("$s1")`,$acc0 movzb `&hi("$s1")`,$acc1 movzb `&hi("$s2")`,$acc2 - movzb 2048($sbox,$acc0,1),$acc0 #$t3 - movzb 2048($sbox,$acc1,1),$acc1 #$t0 - movzb 2048($sbox,$acc2,1),$acc2 #$t1 + movzb ($sbox,$acc0,1),$acc0 #$t3 + movzb ($sbox,$acc1,1),$acc1 #$t0 + movzb ($sbox,$acc2,1),$acc2 #$t1 shl \$16,$acc0 shl \$24,$acc1 @@ -520,8 +785,8 @@ $code.=<<___; movzb `&hi("$s3")`,$acc0 movzb `&hi("$s0")`,$acc1 mov 16+12($key),$s3 - movzb 2048($sbox,$acc0,1),$acc0 #$t2 - movzb 2048($sbox,$acc1,1),$acc1 #$t3 + movzb ($sbox,$acc0,1),$acc0 #$t2 + movzb ($sbox,$acc1,1),$acc1 #$t3 mov 16+0($key),$s0 shl \$24,$acc0 @@ -532,6 +797,7 @@ $code.=<<___; mov 16+4($key),$s1 mov 16+8($key),$s2 + lea -2048($sbox),$sbox xor $t0,$s0 xor $t1,$s1 xor $t2,$s2 @@ -659,6 +925,260 @@ $code.=<<___; .size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt ___ +sub deccompactvert() +{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); + +$code.=<<___; + movzb `&lo("$s0")`,$t0 + movzb `&lo("$s1")`,$t1 + movzb `&lo("$s2")`,$t2 + movzb ($sbox,$t0,1),$t0 + movzb ($sbox,$t1,1),$t1 + movzb ($sbox,$t2,1),$t2 + + movzb `&lo("$s3")`,$t3 + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + movzb ($sbox,$t3,1),$t3 + movzb ($sbox,$acc0,1),$t4 #$t0 + movzb ($sbox,$acc1,1),$t5 #$t1 + + movzb `&hi("$s1")`,$acc2 + movzb `&hi("$s2")`,$acc0 + shr \$16,$s2 + movzb ($sbox,$acc2,1),$acc2 #$t2 + movzb ($sbox,$acc0,1),$acc0 #$t3 + shr \$16,$s3 + + movzb `&lo("$s2")`,$acc1 + shl \$8,$t4 + shl \$8,$t5 + movzb ($sbox,$acc1,1),$acc1 #$t0 + xor $t4,$t0 + xor $t5,$t1 + + movzb `&lo("$s3")`,$t4 + shr \$16,$s0 + shr \$16,$s1 + movzb `&lo("$s0")`,$t5 + shl \$8,$acc2 + shl \$8,$acc0 + movzb ($sbox,$t4,1),$t4 #$t1 + movzb ($sbox,$t5,1),$t5 #$t2 + xor $acc2,$t2 + xor $acc0,$t3 + + movzb `&lo("$s1")`,$acc2 + movzb `&hi("$s1")`,$acc0 + shl \$16,$acc1 + movzb ($sbox,$acc2,1),$acc2 #$t3 + movzb ($sbox,$acc0,1),$acc0 #$t0 + xor $acc1,$t0 + + movzb `&hi("$s2")`,$acc1 + shl \$16,$t4 + shl \$16,$t5 + movzb ($sbox,$acc1,1),$s1 #$t1 + xor $t4,$t1 + xor $t5,$t2 + + movzb `&hi("$s3")`,$acc1 + shr \$8,$s0 + shl \$16,$acc2 + movzb ($sbox,$acc1,1),$s2 #$t2 + movzb ($sbox,$s0,1),$s3 #$t3 + xor $acc2,$t3 + + shl \$24,$acc0 + shl \$24,$s1 + shl \$24,$s2 + xor $acc0,$t0 + shl \$24,$s3 + xor $t1,$s1 + mov $t0,$s0 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +# parallelized version! input is pair of 64-bit values: %rax=s1.s0 +# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1, +# %ecx=s2 and %edx=s3. +sub dectransform() +{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx"); + my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx"); + my $prefetch = shift; + +$code.=<<___; + mov $tp10,$acc0 + mov $tp18,$acc8 + and $mask80,$acc0 + and $mask80,$acc8 + mov $acc0,$tp40 + mov $acc8,$tp48 + shr \$7,$tp40 + lea ($tp10,$tp10),$tp20 + shr \$7,$tp48 + lea ($tp18,$tp18),$tp28 + sub $tp40,$acc0 + sub $tp48,$acc8 + and $maskfe,$tp20 + and $maskfe,$tp28 + and $mask1b,$acc0 + and $mask1b,$acc8 + xor $tp20,$acc0 + xor $tp28,$acc8 + mov $acc0,$tp20 + mov $acc8,$tp28 + + and $mask80,$acc0 + and $mask80,$acc8 + mov $acc0,$tp80 + mov $acc8,$tp88 + shr \$7,$tp80 + lea ($tp20,$tp20),$tp40 + shr \$7,$tp88 + lea ($tp28,$tp28),$tp48 + sub $tp80,$acc0 + sub $tp88,$acc8 + and $maskfe,$tp40 + and $maskfe,$tp48 + and $mask1b,$acc0 + and $mask1b,$acc8 + xor $tp40,$acc0 + xor $tp48,$acc8 + mov $acc0,$tp40 + mov $acc8,$tp48 + + and $mask80,$acc0 + and $mask80,$acc8 + mov $acc0,$tp80 + mov $acc8,$tp88 + shr \$7,$tp80 + xor $tp10,$tp20 # tp2^=tp1 + shr \$7,$tp88 + xor $tp18,$tp28 # tp2^=tp1 + sub $tp80,$acc0 + sub $tp88,$acc8 + lea ($tp40,$tp40),$tp80 + lea ($tp48,$tp48),$tp88 + xor $tp10,$tp40 # tp4^=tp1 + xor $tp18,$tp48 # tp4^=tp1 + and $maskfe,$tp80 + and $maskfe,$tp88 + and $mask1b,$acc0 + and $mask1b,$acc8 + xor $acc0,$tp80 + xor $acc8,$tp88 + + xor $tp80,$tp10 # tp1^=tp8 + xor $tp88,$tp18 # tp1^=tp8 + xor $tp80,$tp20 # tp2^tp1^=tp8 + xor $tp88,$tp28 # tp2^tp1^=tp8 + mov $tp10,$acc0 + mov $tp18,$acc8 + xor $tp80,$tp40 # tp4^tp1^=tp8 + xor $tp88,$tp48 # tp4^tp1^=tp8 + shr \$32,$acc0 + shr \$32,$acc8 + xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1 + xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1 + rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8) + rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8) + xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 + xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 + + rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8) + rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8) + xor `&LO("$tp80")`,`&LO("$tp10")` + xor `&LO("$tp88")`,`&LO("$tp18")` + shr \$32,$tp80 + shr \$32,$tp88 + xor `&LO("$tp80")`,`&LO("$acc0")` + xor `&LO("$tp88")`,`&LO("$acc8")` + + mov $tp20,$tp80 + mov $tp28,$tp88 + shr \$32,$tp80 + shr \$32,$tp88 + rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24) + rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24) + rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24) + rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24) + xor `&LO("$tp20")`,`&LO("$tp10")` + xor `&LO("$tp28")`,`&LO("$tp18")` + mov $tp40,$tp20 + mov $tp48,$tp28 + xor `&LO("$tp80")`,`&LO("$acc0")` + xor `&LO("$tp88")`,`&LO("$acc8")` + + `"mov 0($sbox),$mask80" if ($prefetch)` + shr \$32,$tp20 + shr \$32,$tp28 + `"mov 64($sbox),$maskfe" if ($prefetch)` + rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16) + rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16) + `"mov 128($sbox),$mask1b" if ($prefetch)` + rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16) + rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16) + `"mov 192($sbox),$tp80" if ($prefetch)` + xor `&LO("$tp40")`,`&LO("$tp10")` + xor `&LO("$tp48")`,`&LO("$tp18")` + `"mov 256($sbox),$tp88" if ($prefetch)` + xor `&LO("$tp20")`,`&LO("$acc0")` + xor `&LO("$tp28")`,`&LO("$acc8")` +___ +} + +$code.=<<___; +.type _x86_64_AES_decrypt_compact,\@abi-omnipotent +.align 16 +_x86_64_AES_decrypt_compact: + lea 128($sbox),$inp # size optimization + mov 0-128($inp),$acc1 # prefetch Td4 + mov 32-128($inp),$acc2 + mov 64-128($inp),$t0 + mov 96-128($inp),$t1 + mov 128-128($inp),$acc1 + mov 160-128($inp),$acc2 + mov 192-128($inp),$t0 + mov 224-128($inp),$t1 + jmp .Ldec_loop_compact + +.align 16 +.Ldec_loop_compact: + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + lea 16($key),$key +___ + &deccompactvert(); +$code.=<<___; + cmp 16(%rsp),$key + je .Ldec_compact_done + + mov 256+0($sbox),$mask80 + shl \$32,%rbx + shl \$32,%rdx + mov 256+8($sbox),$maskfe + or %rbx,%rax + or %rdx,%rcx + mov 256+16($sbox),$mask1b +___ + &dectransform(1); +$code.=<<___; + jmp .Ldec_loop_compact +.align 16 +.Ldec_compact_done: + xor 0($key),$s0 + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + .byte 0xf3,0xc3 # rep ret +.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact +___ + # void AES_decrypt (const void *inp,void *out,const AES_KEY *key); $code.=<<___; .globl AES_decrypt @@ -672,43 +1192,59 @@ AES_decrypt: push %r14 push %r15 - mov %rdx,$key - mov %rdi,$inp - mov %rsi,$out + # allocate frame "above" key schedule + mov %rsp,%r10 + lea -63(%rdx),%rcx # %rdx is key argument + and \$-64,%rsp + sub %rsp,%rcx + neg %rcx + and \$0x3c0,%rcx + sub %rcx,%rsp + sub \$32,%rsp + + mov %rsi,16(%rsp) # save out + mov %r10,24(%rsp) # save real stack pointer +.Ldec_prologue: - .picmeup $sbox - lea AES_Td-.($sbox),$sbox - - # prefetch Td4 - lea 2048+128($sbox),$sbox; - mov 0-128($sbox),$s0 - mov 32-128($sbox),$s1 - mov 64-128($sbox),$s2 - mov 96-128($sbox),$s3 - mov 128-128($sbox),$s0 - mov 160-128($sbox),$s1 - mov 192-128($sbox),$s2 - mov 224-128($sbox),$s3 - lea -2048-128($sbox),$sbox; - - mov 0($inp),$s0 - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - - call _x86_64_AES_decrypt - - mov $s0,0($out) + mov %rdx,$key + mov 240($key),$rnds # load rounds + + mov 0(%rdi),$s0 # load input vector + mov 4(%rdi),$s1 + mov 8(%rdi),$s2 + mov 12(%rdi),$s3 + + shl \$4,$rnds + lea ($key,$rnds),%rbp + mov $key,(%rsp) # key schedule + mov %rbp,8(%rsp) # end of key schedule + + # pick Td4 copy which can't "overlap" with stack frame or key schedule + lea .LAES_Td+2048(%rip),$sbox + lea 768(%rsp),%rbp + sub $sbox,%rbp + and \$0x300,%rbp + lea ($sbox,%rbp),$sbox + shr \$3,%rbp # recall "magic" constants! + add %rbp,$sbox + + call _x86_64_AES_decrypt_compact + + mov 16(%rsp),$out # restore out + mov 24(%rsp),%rsi # restore saved stack pointer + mov $s0,0($out) # write output vector mov $s1,4($out) mov $s2,8($out) mov $s3,12($out) - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Ldec_epilogue: ret .size AES_decrypt,.-AES_decrypt ___ @@ -718,27 +1254,26 @@ sub enckey() { $code.=<<___; movz %dl,%esi # rk[i]>>0 - mov 2(%rbp,%rsi,8),%ebx + movzb -128(%rbp,%rsi),%ebx movz %dh,%esi # rk[i]>>8 - and \$0xFF000000,%ebx + shl \$24,%ebx xor %ebx,%eax - mov 2(%rbp,%rsi,8),%ebx + movzb -128(%rbp,%rsi),%ebx shr \$16,%edx - and \$0x000000FF,%ebx movz %dl,%esi # rk[i]>>16 xor %ebx,%eax - mov 0(%rbp,%rsi,8),%ebx + movzb -128(%rbp,%rsi),%ebx movz %dh,%esi # rk[i]>>24 - and \$0x0000FF00,%ebx + shl \$8,%ebx xor %ebx,%eax - mov 0(%rbp,%rsi,8),%ebx - and \$0x00FF0000,%ebx + movzb -128(%rbp,%rsi),%ebx + shl \$16,%ebx xor %ebx,%eax - xor 2048(%rbp,%rcx,4),%eax # rcon + xor 1024-128(%rbp,%rcx,4),%eax # rcon ___ } @@ -751,7 +1286,29 @@ $code.=<<___; AES_set_encrypt_key: push %rbx push %rbp + push %r12 # redundant, but allows to share + push %r13 # exception handler... + push %r14 + push %r15 + sub \$8,%rsp +.Lenc_key_prologue: + + call _x86_64_AES_set_encrypt_key + + mov 8(%rsp),%r15 + mov 16(%rsp),%r14 + mov 24(%rsp),%r13 + mov 32(%rsp),%r12 + mov 40(%rsp),%rbp + mov 48(%rsp),%rbx + add \$56,%rsp +.Lenc_key_epilogue: + ret +.size AES_set_encrypt_key,.-AES_set_encrypt_key +.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent +.align 16 +_x86_64_AES_set_encrypt_key: mov %esi,%ecx # %ecx=bits mov %rdi,%rsi # %rsi=userKey mov %rdx,%rdi # %rdi=key @@ -761,8 +1318,18 @@ AES_set_encrypt_key: test \$-1,%rdi jz .Lbadpointer - .picmeup %rbp - lea AES_Te-.(%rbp),%rbp + lea .LAES_Te(%rip),%rbp + lea 2048+128(%rbp),%rbp + + # prefetch Te4 + mov 0-128(%rbp),%eax + mov 32-128(%rbp),%ebx + mov 64-128(%rbp),%r8d + mov 96-128(%rbp),%edx + mov 128-128(%rbp),%eax + mov 160-128(%rbp),%ebx + mov 192-128(%rbp),%r8d + mov 224-128(%rbp),%edx cmp \$128,%ecx je .L10rounds @@ -774,15 +1341,12 @@ AES_set_encrypt_key: jmp .Lexit .L10rounds: - mov 0(%rsi),%eax # copy first 4 dwords - mov 4(%rsi),%ebx - mov 8(%rsi),%ecx - mov 12(%rsi),%edx - mov %eax,0(%rdi) - mov %ebx,4(%rdi) - mov %ecx,8(%rdi) - mov %edx,12(%rdi) + mov 0(%rsi),%rax # copy first 4 dwords + mov 8(%rsi),%rdx + mov %rax,0(%rdi) + mov %rdx,8(%rdi) + shr \$32,%rdx xor %ecx,%ecx jmp .L10shortcut .align 4 @@ -810,19 +1374,14 @@ $code.=<<___; jmp .Lexit .L12rounds: - mov 0(%rsi),%eax # copy first 6 dwords - mov 4(%rsi),%ebx - mov 8(%rsi),%ecx - mov 12(%rsi),%edx - mov %eax,0(%rdi) - mov %ebx,4(%rdi) - mov %ecx,8(%rdi) - mov %edx,12(%rdi) - mov 16(%rsi),%ecx - mov 20(%rsi),%edx - mov %ecx,16(%rdi) - mov %edx,20(%rdi) - + mov 0(%rsi),%rax # copy first 6 dwords + mov 8(%rsi),%rbx + mov 16(%rsi),%rdx + mov %rax,0(%rdi) + mov %rbx,8(%rdi) + mov %rdx,16(%rdi) + + shr \$32,%rdx xor %ecx,%ecx jmp .L12shortcut .align 4 @@ -858,30 +1417,23 @@ $code.=<<___; jmp .Lexit .L14rounds: - mov 0(%rsi),%eax # copy first 8 dwords - mov 4(%rsi),%ebx - mov 8(%rsi),%ecx - mov 12(%rsi),%edx - mov %eax,0(%rdi) - mov %ebx,4(%rdi) - mov %ecx,8(%rdi) - mov %edx,12(%rdi) - mov 16(%rsi),%eax - mov 20(%rsi),%ebx - mov 24(%rsi),%ecx - mov 28(%rsi),%edx - mov %eax,16(%rdi) - mov %ebx,20(%rdi) - mov %ecx,24(%rdi) - mov %edx,28(%rdi) - + mov 0(%rsi),%rax # copy first 8 dwords + mov 8(%rsi),%rbx + mov 16(%rsi),%rcx + mov 24(%rsi),%rdx + mov %rax,0(%rdi) + mov %rbx,8(%rdi) + mov %rcx,16(%rdi) + mov %rdx,24(%rdi) + + shr \$32,%rdx xor %ecx,%ecx jmp .L14shortcut .align 4 .L14loop: + mov 0(%rdi),%eax # rk[0] mov 28(%rdi),%edx # rk[4] .L14shortcut: - mov 0(%rdi),%eax # rk[0] ___ &enckey (); $code.=<<___; @@ -900,24 +1452,23 @@ $code.=<<___; mov %eax,%edx mov 16(%rdi),%eax # rk[4] movz %dl,%esi # rk[11]>>0 - mov 2(%rbp,%rsi,8),%ebx + movzb -128(%rbp,%rsi),%ebx movz %dh,%esi # rk[11]>>8 - and \$0x000000FF,%ebx xor %ebx,%eax - mov 0(%rbp,%rsi,8),%ebx + movzb -128(%rbp,%rsi),%ebx shr \$16,%edx - and \$0x0000FF00,%ebx + shl \$8,%ebx movz %dl,%esi # rk[11]>>16 xor %ebx,%eax - mov 0(%rbp,%rsi,8),%ebx + movzb -128(%rbp,%rsi),%ebx movz %dh,%esi # rk[11]>>24 - and \$0x00FF0000,%ebx + shl \$16,%ebx xor %ebx,%eax - mov 2(%rbp,%rsi,8),%ebx - and \$0xFF000000,%ebx + movzb -128(%rbp,%rsi),%ebx + shl \$24,%ebx xor %ebx,%eax mov %eax,48(%rdi) # rk[12] @@ -938,31 +1489,61 @@ $code.=<<___; .Lbadpointer: mov \$-1,%rax .Lexit: - pop %rbp - pop %rbx - ret -.size AES_set_encrypt_key,.-AES_set_encrypt_key + .byte 0xf3,0xc3 # rep ret +.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key ___ -sub deckey() +sub deckey_ref() { my ($i,$ptr,$te,$td) = @_; + my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d"); $code.=<<___; - mov $i($ptr),%eax - mov %eax,%edx - movz %ah,%ebx - shr \$16,%edx - and \$0xFF,%eax - movzb 2($te,%rax,8),%rax - movzb 2($te,%rbx,8),%rbx - mov 0($td,%rax,8),%eax - xor 3($td,%rbx,8),%eax - movzb %dh,%ebx - and \$0xFF,%edx - movzb 2($te,%rdx,8),%rdx - movzb 2($te,%rbx,8),%rbx - xor 2($td,%rdx,8),%eax - xor 1($td,%rbx,8),%eax - mov %eax,$i($ptr) + mov $i($ptr),$tp1 + mov $tp1,$acc + and \$0x80808080,$acc + mov $acc,$tp4 + shr \$7,$tp4 + lea 0($tp1,$tp1),$tp2 + sub $tp4,$acc + and \$0xfefefefe,$tp2 + and \$0x1b1b1b1b,$acc + xor $tp2,$acc + mov $acc,$tp2 + + and \$0x80808080,$acc + mov $acc,$tp8 + shr \$7,$tp8 + lea 0($tp2,$tp2),$tp4 + sub $tp8,$acc + and \$0xfefefefe,$tp4 + and \$0x1b1b1b1b,$acc + xor $tp1,$tp2 # tp2^tp1 + xor $tp4,$acc + mov $acc,$tp4 + + and \$0x80808080,$acc + mov $acc,$tp8 + shr \$7,$tp8 + sub $tp8,$acc + lea 0($tp4,$tp4),$tp8 + xor $tp1,$tp4 # tp4^tp1 + and \$0xfefefefe,$tp8 + and \$0x1b1b1b1b,$acc + xor $acc,$tp8 + + xor $tp8,$tp1 # tp1^tp8 + rol \$8,$tp1 # ROTATE(tp1^tp8,8) + xor $tp8,$tp2 # tp2^tp1^tp8 + xor $tp8,$tp4 # tp4^tp1^tp8 + xor $tp2,$tp8 + xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2 + + xor $tp8,$tp1 + rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24) + xor $tp2,$tp1 + rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16) + xor $tp4,$tp1 + + mov $tp1,$i($ptr) ___ } @@ -973,19 +1554,23 @@ $code.=<<___; .type AES_set_decrypt_key,\@function,3 .align 16 AES_set_decrypt_key: - push %rdx - call AES_set_encrypt_key - cmp \$0,%eax - je .Lproceed - lea 24(%rsp),%rsp - ret -.Lproceed: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + push %rdx # save key schedule +.Ldec_key_prologue: + + call _x86_64_AES_set_encrypt_key mov (%rsp),%r8 # restore key schedule - mov %rbx,(%rsp) + cmp \$0,%eax + jne .Labort - mov 240(%r8),%ecx # pull number of rounds + mov 240(%r8),%r14d # pull number of rounds xor %rdi,%rdi - lea (%rdi,%rcx,4),%rcx + lea (%rdi,%r14d,4),%rcx mov %r8,%rsi lea (%r8,%rcx,4),%rdi # pointer to last chunk .align 4 @@ -1003,27 +1588,39 @@ AES_set_decrypt_key: cmp %rsi,%rdi jne .Linvert - .picmeup %r9 - lea AES_Td-.(%r9),%rdi - lea AES_Te-AES_Td(%rdi),%r9 + lea .LAES_Te+2048+1024(%rip),%rax # rcon - mov %r8,%rsi - mov 240(%r8),%ecx # pull number of rounds - sub \$1,%ecx + mov 40(%rax),$mask80 + mov 48(%rax),$maskfe + mov 56(%rax),$mask1b + + mov %r8,$key + sub \$1,%r14d .align 4 .Lpermute: - lea 16(%rsi),%rsi + lea 16($key),$key + mov 0($key),%rax + mov 8($key),%rcx ___ - &deckey (0,"%rsi","%r9","%rdi"); - &deckey (4,"%rsi","%r9","%rdi"); - &deckey (8,"%rsi","%r9","%rdi"); - &deckey (12,"%rsi","%r9","%rdi"); + &dectransform (); $code.=<<___; - sub \$1,%ecx + mov %eax,0($key) + mov %ebx,4($key) + mov %ecx,8($key) + mov %edx,12($key) + sub \$1,%r14d jnz .Lpermute xor %rax,%rax - pop %rbx +.Labort: + mov 8(%rsp),%r15 + mov 16(%rsp),%r14 + mov 24(%rsp),%r13 + mov 32(%rsp),%r12 + mov 40(%rsp),%rbp + mov 48(%rsp),%rbx + add \$56,%rsp +.Ldec_key_epilogue: ret .size AES_set_decrypt_key,.-AES_set_decrypt_key ___ @@ -1034,47 +1631,59 @@ ___ { # stack frame layout # -8(%rsp) return address -my $_rsp="0(%rsp)"; # saved %rsp -my $_len="8(%rsp)"; # copy of 3rd parameter, length -my $_key="16(%rsp)"; # copy of 4th parameter, key -my $_ivp="24(%rsp)"; # copy of 5th parameter, ivp -my $keyp="32(%rsp)"; # one to pass as $key -my $ivec="40(%rsp)"; # ivec[16] -my $aes_key="56(%rsp)"; # copy of aes_key -my $mark="56+240(%rsp)"; # copy of aes_key->rounds +my $keyp="0(%rsp)"; # one to pass as $key +my $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds]) +my $_rsp="16(%rsp)"; # saved %rsp +my $_inp="24(%rsp)"; # copy of 1st parameter, inp +my $_out="32(%rsp)"; # copy of 2nd parameter, out +my $_len="40(%rsp)"; # copy of 3rd parameter, length +my $_key="48(%rsp)"; # copy of 4th parameter, key +my $_ivp="56(%rsp)"; # copy of 5th parameter, ivp +my $ivec="64(%rsp)"; # ivec[16] +my $aes_key="80(%rsp)"; # copy of aes_key +my $mark="80+240(%rsp)"; # copy of aes_key->rounds $code.=<<___; .globl AES_cbc_encrypt .type AES_cbc_encrypt,\@function,6 .align 16 +.extern OPENSSL_ia32cap_P AES_cbc_encrypt: cmp \$0,%rdx # check length - je .Lcbc_just_ret + je .Lcbc_epilogue + pushfq push %rbx push %rbp push %r12 push %r13 push %r14 push %r15 - pushfq +.Lcbc_prologue: + cld mov %r9d,%r9d # clear upper half of enc - .picmeup $sbox -.Lcbc_pic_point: - + lea .LAES_Te(%rip),$sbox cmp \$0,%r9 - je .LDECRYPT - - lea AES_Te-.Lcbc_pic_point($sbox),$sbox + jne .Lcbc_picked_te + lea .LAES_Td(%rip),$sbox +.Lcbc_picked_te: + + mov OPENSSL_ia32cap_P(%rip),%r10d + cmp \$$speed_limit,%rdx + jb .Lcbc_slow_prologue + test \$15,%rdx + jnz .Lcbc_slow_prologue + bt \$28,%r10d + jc .Lcbc_slow_prologue # allocate aligned stack frame... - lea -64-248(%rsp),$key + lea -88-248(%rsp),$key and \$-64,$key - # ... and make it doesn't alias with AES_Te modulo 4096 + # ... and make sure it doesn't alias with AES_T[ed] modulo 4096 mov $sbox,%r10 - lea 2048($sbox),%r11 + lea 2304($sbox),%r11 mov $key,%r12 and \$0xFFF,%r10 # s = $sbox&0xfff and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff @@ -1094,22 +1703,27 @@ AES_cbc_encrypt: .Lcbc_te_ok: xchg %rsp,$key - add \$8,%rsp # reserve for return address! + #add \$8,%rsp # reserve for return address! mov $key,$_rsp # save %rsp +.Lcbc_fast_body: + mov %rdi,$_inp # save copy of inp + mov %rsi,$_out # save copy of out mov %rdx,$_len # save copy of len mov %rcx,$_key # save copy of key mov %r8,$_ivp # save copy of ivp movl \$0,$mark # copy of aes_key->rounds = 0; mov %r8,%rbp # rearrange input arguments + mov %r9,%rbx mov %rsi,$out mov %rdi,$inp mov %rcx,$key + mov 240($key),%eax # key->rounds # do we copy key schedule to stack? mov $key,%r10 sub $sbox,%r10 and \$0xfff,%r10 - cmp \$2048,%r10 + cmp \$2304,%r10 jb .Lcbc_do_ecopy cmp \$4096-248,%r10 jb .Lcbc_skip_ecopy @@ -1120,12 +1734,11 @@ AES_cbc_encrypt: lea $aes_key,$key mov \$240/8,%ecx .long 0x90A548F3 # rep movsq - mov (%rsi),%eax # copy aes_key->rounds - mov %eax,(%rdi) + mov %eax,(%rdi) # copy aes_key->rounds .Lcbc_skip_ecopy: mov $key,$keyp # save key pointer - mov \$16,%ecx + mov \$18,%ecx .align 4 .Lcbc_prefetch_te: mov 0($sbox),%r10 @@ -1135,184 +1748,77 @@ AES_cbc_encrypt: lea 128($sbox),$sbox sub \$1,%ecx jnz .Lcbc_prefetch_te - sub \$2048,$sbox + lea -2304($sbox),$sbox - test \$-16,%rdx # check upon length - mov %rdx,%r10 + cmp \$0,%rbx + je .LFAST_DECRYPT + +#----------------------------- ENCRYPT -----------------------------# mov 0(%rbp),$s0 # load iv mov 4(%rbp),$s1 mov 8(%rbp),$s2 mov 12(%rbp),$s3 - jz .Lcbc_enc_tail # short input... .align 4 -.Lcbc_enc_loop: +.Lcbc_fast_enc_loop: xor 0($inp),$s0 xor 4($inp),$s1 xor 8($inp),$s2 xor 12($inp),$s3 - mov $inp,$ivec # if ($verticalspin) save inp - mov $keyp,$key # restore key + mov $inp,$_inp # if ($verticalspin) save inp + call _x86_64_AES_encrypt - mov $ivec,$inp # if ($verticalspin) restore inp + mov $_inp,$inp # if ($verticalspin) restore inp + mov $_len,%r10 mov $s0,0($out) mov $s1,4($out) mov $s2,8($out) mov $s3,12($out) - mov $_len,%r10 lea 16($inp),$inp lea 16($out),$out sub \$16,%r10 test \$-16,%r10 mov %r10,$_len - jnz .Lcbc_enc_loop - test \$15,%r10 - jnz .Lcbc_enc_tail + jnz .Lcbc_fast_enc_loop mov $_ivp,%rbp # restore ivp mov $s0,0(%rbp) # save ivec mov $s1,4(%rbp) mov $s2,8(%rbp) mov $s3,12(%rbp) -.align 4 -.Lcbc_cleanup: - cmpl \$0,$mark # was the key schedule copied? - lea $aes_key,%rdi - mov $_rsp,%rsp - je .Lcbc_exit - mov \$240/8,%ecx - xor %rax,%rax - .long 0x90AB48F3 # rep stosq -.Lcbc_exit: - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx -.Lcbc_just_ret: - ret -.align 4 -.Lcbc_enc_tail: - mov %rax,%r11 - mov %rcx,%r12 - mov %r10,%rcx - mov $inp,%rsi - mov $out,%rdi - .long 0xF689A4F3 # rep movsb - mov \$16,%rcx # zero tail - sub %r10,%rcx - xor %rax,%rax - .long 0xF689AAF3 # rep stosb - mov $out,$inp # this is not a mistake! - movq \$16,$_len # len=16 - mov %r11,%rax - mov %r12,%rcx - jmp .Lcbc_enc_loop # one more spin... + jmp .Lcbc_fast_cleanup + #----------------------------- DECRYPT -----------------------------# .align 16 -.LDECRYPT: - lea AES_Td-.Lcbc_pic_point($sbox),$sbox - - # allocate aligned stack frame... - lea -64-248(%rsp),$key - and \$-64,$key - - # ... and make it doesn't alias with AES_Td modulo 4096 - mov $sbox,%r10 - lea 2304($sbox),%r11 - mov $key,%r12 - and \$0xFFF,%r10 # s = $sbox&0xfff - and \$0xFFF,%r11 # e = ($sbox+2048+256)&0xfff - and \$0xFFF,%r12 # p = %rsp&0xfff - - cmp %r11,%r12 # if (p=>e) %rsp =- (p-e); - jb .Lcbc_td_break_out - sub %r11,%r12 - sub %r12,$key - jmp .Lcbc_td_ok -.Lcbc_td_break_out: # else %rsp -= (p-s)&0xfff + framesz - sub %r10,%r12 - and \$0xFFF,%r12 - add \$320,%r12 - sub %r12,$key -.align 4 -.Lcbc_td_ok: - - xchg %rsp,$key - add \$8,%rsp # reserve for return address! - mov $key,$_rsp # save %rsp - mov %rdx,$_len # save copy of len - mov %rcx,$_key # save copy of key - mov %r8,$_ivp # save copy of ivp - movl \$0,$mark # copy of aes_key->rounds = 0; - mov %r8,%rbp # rearrange input arguments - mov %rsi,$out - mov %rdi,$inp - mov %rcx,$key - - # do we copy key schedule to stack? - mov $key,%r10 - sub $sbox,%r10 - and \$0xfff,%r10 - cmp \$2304,%r10 - jb .Lcbc_do_dcopy - cmp \$4096-248,%r10 - jb .Lcbc_skip_dcopy -.align 4 -.Lcbc_do_dcopy: - mov $key,%rsi - lea $aes_key,%rdi - lea $aes_key,$key - mov \$240/8,%ecx - .long 0x90A548F3 # rep movsq - mov (%rsi),%eax # copy aes_key->rounds - mov %eax,(%rdi) -.Lcbc_skip_dcopy: - mov $key,$keyp # save key pointer - - mov \$18,%ecx -.align 4 -.Lcbc_prefetch_td: - mov 0($sbox),%r10 - mov 32($sbox),%r11 - mov 64($sbox),%r12 - mov 96($sbox),%r13 - lea 128($sbox),$sbox - sub \$1,%ecx - jnz .Lcbc_prefetch_td - sub \$2304,$sbox - +.LFAST_DECRYPT: cmp $inp,$out - je .Lcbc_dec_in_place + je .Lcbc_fast_dec_in_place mov %rbp,$ivec .align 4 -.Lcbc_dec_loop: - mov 0($inp),$s0 # read input +.Lcbc_fast_dec_loop: + mov 0($inp),$s0 # read input mov 4($inp),$s1 mov 8($inp),$s2 mov 12($inp),$s3 - mov $inp,8+$ivec # if ($verticalspin) save inp - mov $keyp,$key # restore key + mov $inp,$_inp # if ($verticalspin) save inp + call _x86_64_AES_decrypt mov $ivec,%rbp # load ivp - mov 8+$ivec,$inp # if ($verticalspin) restore inp + mov $_inp,$inp # if ($verticalspin) restore inp + mov $_len,%r10 # load len xor 0(%rbp),$s0 # xor iv xor 4(%rbp),$s1 xor 8(%rbp),$s2 xor 12(%rbp),$s3 mov $inp,%rbp # current input, next iv - mov $_len,%r10 # load len sub \$16,%r10 - jc .Lcbc_dec_partial mov %r10,$_len # update len mov %rbp,$ivec # update ivp @@ -1323,81 +1829,281 @@ AES_cbc_encrypt: lea 16($inp),$inp lea 16($out),$out - jnz .Lcbc_dec_loop -.Lcbc_dec_end: + jnz .Lcbc_fast_dec_loop mov $_ivp,%r12 # load user ivp mov 0(%rbp),%r10 # load iv mov 8(%rbp),%r11 mov %r10,0(%r12) # copy back to user mov %r11,8(%r12) - jmp .Lcbc_cleanup - -.align 4 -.Lcbc_dec_partial: - mov $s0,0+$ivec # dump output to stack - mov $s1,4+$ivec - mov $s2,8+$ivec - mov $s3,12+$ivec - mov $out,%rdi - lea $ivec,%rsi - mov \$16,%rcx - add %r10,%rcx # number of bytes to copy - .long 0xF689A4F3 # rep movsb - jmp .Lcbc_dec_end + jmp .Lcbc_fast_cleanup .align 16 -.Lcbc_dec_in_place: +.Lcbc_fast_dec_in_place: + mov 0(%rbp),%r10 # copy iv to stack + mov 8(%rbp),%r11 + mov %r10,0+$ivec + mov %r11,8+$ivec +.align 4 +.Lcbc_fast_dec_in_place_loop: mov 0($inp),$s0 # load input mov 4($inp),$s1 mov 8($inp),$s2 mov 12($inp),$s3 + mov $keyp,$key # restore key + mov $inp,$_inp # if ($verticalspin) save inp - mov $inp,$ivec # if ($verticalspin) save inp - mov $keyp,$key call _x86_64_AES_decrypt - mov $ivec,$inp # if ($verticalspin) restore inp - mov $_ivp,%rbp - xor 0(%rbp),$s0 - xor 4(%rbp),$s1 - xor 8(%rbp),$s2 - xor 12(%rbp),$s3 + mov $_inp,$inp # if ($verticalspin) restore inp + mov $_len,%r10 + xor 0+$ivec,$s0 + xor 4+$ivec,$s1 + xor 8+$ivec,$s2 + xor 12+$ivec,$s3 + + mov 0($inp),%r11 # load input + mov 8($inp),%r12 + sub \$16,%r10 + jz .Lcbc_fast_dec_in_place_done - mov 0($inp),%r10 # copy input to iv - mov 8($inp),%r11 - mov %r10,0(%rbp) - mov %r11,8(%rbp) + mov %r11,0+$ivec # copy input to iv + mov %r12,8+$ivec mov $s0,0($out) # save output [zaps input] mov $s1,4($out) mov $s2,8($out) mov $s3,12($out) - mov $_len,%rcx lea 16($inp),$inp lea 16($out),$out - sub \$16,%rcx - jc .Lcbc_dec_in_place_partial - mov %rcx,$_len - jnz .Lcbc_dec_in_place - jmp .Lcbc_cleanup + mov %r10,$_len + jmp .Lcbc_fast_dec_in_place_loop +.Lcbc_fast_dec_in_place_done: + mov $_ivp,%rdi + mov %r11,0(%rdi) # copy iv back to user + mov %r12,8(%rdi) + + mov $s0,0($out) # save output [zaps input] + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) .align 4 -.Lcbc_dec_in_place_partial: - # one can argue if this is actually required - lea ($out,%rcx),%rdi - lea (%rbp,%rcx),%rsi - neg %rcx - .long 0xF689A4F3 # rep movsb # restore tail - jmp .Lcbc_cleanup +.Lcbc_fast_cleanup: + cmpl \$0,$mark # was the key schedule copied? + lea $aes_key,%rdi + je .Lcbc_exit + mov \$240/8,%ecx + xor %rax,%rax + .long 0x90AB48F3 # rep stosq + + jmp .Lcbc_exit + +#--------------------------- SLOW ROUTINE ---------------------------# +.align 16 +.Lcbc_slow_prologue: + # allocate aligned stack frame... + lea -88(%rsp),%rbp + and \$-64,%rbp + # ... just "above" key schedule + lea -88-63(%rcx),%r10 + sub %rbp,%r10 + neg %r10 + and \$0x3c0,%r10 + sub %r10,%rbp + + xchg %rsp,%rbp + #add \$8,%rsp # reserve for return address! + mov %rbp,$_rsp # save %rsp +.Lcbc_slow_body: + #mov %rdi,$_inp # save copy of inp + #mov %rsi,$_out # save copy of out + #mov %rdx,$_len # save copy of len + #mov %rcx,$_key # save copy of key + mov %r8,$_ivp # save copy of ivp + mov %r8,%rbp # rearrange input arguments + mov %r9,%rbx + mov %rsi,$out + mov %rdi,$inp + mov %rcx,$key + mov %rdx,%r10 + + mov 240($key),%eax + mov $key,$keyp # save key pointer + shl \$4,%eax + lea ($key,%rax),%rax + mov %rax,$keyend + + # pick Te4 copy which can't "overlap" with stack frame or key scdedule + lea 2048($sbox),$sbox + lea 768-8(%rsp),%rax + sub $sbox,%rax + and \$0x300,%rax + lea ($sbox,%rax),$sbox + + cmp \$0,%rbx + je .LSLOW_DECRYPT + +#--------------------------- SLOW ENCRYPT ---------------------------# + test \$-16,%r10 # check upon length + mov 0(%rbp),$s0 # load iv + mov 4(%rbp),$s1 + mov 8(%rbp),$s2 + mov 12(%rbp),$s3 + jz .Lcbc_slow_enc_tail # short input... + +.align 4 +.Lcbc_slow_enc_loop: + xor 0($inp),$s0 + xor 4($inp),$s1 + xor 8($inp),$s2 + xor 12($inp),$s3 + mov $keyp,$key # restore key + mov $inp,$_inp # save inp + mov $out,$_out # save out + mov %r10,$_len # save len + + call _x86_64_AES_encrypt_compact + + mov $_inp,$inp # restore inp + mov $_out,$out # restore out + mov $_len,%r10 # restore len + mov $s0,0($out) + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + lea 16($inp),$inp + lea 16($out),$out + sub \$16,%r10 + test \$-16,%r10 + jnz .Lcbc_slow_enc_loop + test \$15,%r10 + jnz .Lcbc_slow_enc_tail + mov $_ivp,%rbp # restore ivp + mov $s0,0(%rbp) # save ivec + mov $s1,4(%rbp) + mov $s2,8(%rbp) + mov $s3,12(%rbp) + + jmp .Lcbc_exit + +.align 4 +.Lcbc_slow_enc_tail: + mov %rax,%r11 + mov %rcx,%r12 + mov %r10,%rcx + mov $inp,%rsi + mov $out,%rdi + .long 0x9066A4F3 # rep movsb + mov \$16,%rcx # zero tail + sub %r10,%rcx + xor %rax,%rax + .long 0x9066AAF3 # rep stosb + mov $out,$inp # this is not a mistake! + mov \$16,%r10 # len=16 + mov %r11,%rax + mov %r12,%rcx + jmp .Lcbc_slow_enc_loop # one more spin... +#--------------------------- SLOW DECRYPT ---------------------------# +.align 16 +.LSLOW_DECRYPT: + shr \$3,%rax + add %rax,$sbox # recall "magic" constants! + + mov 0(%rbp),%r11 # copy iv to stack + mov 8(%rbp),%r12 + mov %r11,0+$ivec + mov %r12,8+$ivec + +.align 4 +.Lcbc_slow_dec_loop: + mov 0($inp),$s0 # load input + mov 4($inp),$s1 + mov 8($inp),$s2 + mov 12($inp),$s3 + mov $keyp,$key # restore key + mov $inp,$_inp # save inp + mov $out,$_out # save out + mov %r10,$_len # save len + + call _x86_64_AES_decrypt_compact + + mov $_inp,$inp # restore inp + mov $_out,$out # restore out + mov $_len,%r10 + xor 0+$ivec,$s0 + xor 4+$ivec,$s1 + xor 8+$ivec,$s2 + xor 12+$ivec,$s3 + + mov 0($inp),%r11 # load input + mov 8($inp),%r12 + sub \$16,%r10 + jc .Lcbc_slow_dec_partial + jz .Lcbc_slow_dec_done + + mov %r11,0+$ivec # copy input to iv + mov %r12,8+$ivec + + mov $s0,0($out) # save output [can zap input] + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + lea 16($inp),$inp + lea 16($out),$out + jmp .Lcbc_slow_dec_loop +.Lcbc_slow_dec_done: + mov $_ivp,%rdi + mov %r11,0(%rdi) # copy iv back to user + mov %r12,8(%rdi) + + mov $s0,0($out) # save output [can zap input] + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + jmp .Lcbc_exit + +.align 4 +.Lcbc_slow_dec_partial: + mov $_ivp,%rdi + mov %r11,0(%rdi) # copy iv back to user + mov %r12,8(%rdi) + + mov $s0,0+$ivec # save output to stack + mov $s1,4+$ivec + mov $s2,8+$ivec + mov $s3,12+$ivec + + mov $out,%rdi + lea $ivec,%rsi + lea 16(%r10),%rcx + .long 0x9066A4F3 # rep movsb + jmp .Lcbc_exit + +.align 16 +.Lcbc_exit: + mov $_rsp,%rsi + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lcbc_popfq: + popfq +.Lcbc_epilogue: + ret .size AES_cbc_encrypt,.-AES_cbc_encrypt ___ } $code.=<<___; -.globl AES_Te .align 64 -AES_Te: +.LAES_Te: ___ &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); @@ -1463,16 +2169,149 @@ ___ &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); + +#Te4 # four copies of Te4 to choose from to avoid L1 aliasing + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); #rcon: $code.=<<___; .long 0x00000001, 0x00000002, 0x00000004, 0x00000008 .long 0x00000010, 0x00000020, 0x00000040, 0x00000080 - .long 0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0 + .long 0x0000001b, 0x00000036, 0x80808080, 0x80808080 + .long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b ___ $code.=<<___; -.globl AES_Td .align 64 -AES_Td: +.LAES_Td: ___ &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); @@ -1538,7 +2377,116 @@ ___ &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); -#Td4: + +#Td4: # four copies of Td4 to choose from to avoid L1 aliasing + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +$code.=<<___; + .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe + .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 +___ + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +$code.=<<___; + .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe + .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 +___ + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +$code.=<<___; + .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe + .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 +___ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); @@ -1571,6 +2519,288 @@ ___ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +$code.=<<___; + .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe + .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 +.asciz "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>" +.align 64 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type block_se_handler,\@abi-omnipotent +.align 16 +block_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->Rip<prologue label + jb .Lin_block_prologue + + mov 152($context),%rax # pull context->Rsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lin_block_prologue + + mov 24(%rax),%rax # pull saved real stack pointer + lea 48(%rax),%rax # adjust... + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_block_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + jmp .Lcommon_seh_exit +.size block_se_handler,.-block_se_handler + +.type key_se_handler,\@abi-omnipotent +.align 16 +key_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->Rip<prologue label + jb .Lin_key_prologue + + mov 152($context),%rax # pull context->Rsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lin_key_prologue + + lea 56(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_key_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + jmp .Lcommon_seh_exit +.size key_se_handler,.-key_se_handler + +.type cbc_se_handler,\@abi-omnipotent +.align 16 +cbc_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lcbc_prologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lcbc_prologue + jb .Lin_cbc_prologue + + lea .Lcbc_fast_body(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lcbc_fast_body + jb .Lin_cbc_frame_setup + + lea .Lcbc_slow_prologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lcbc_slow_prologue + jb .Lin_cbc_body + + lea .Lcbc_slow_body(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lcbc_slow_body + jb .Lin_cbc_frame_setup + +.Lin_cbc_body: + mov 152($context),%rax # pull context->Rsp + + lea .Lcbc_epilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lcbc_epilogue + jae .Lin_cbc_prologue + + lea 8(%rax),%rax + + lea .Lcbc_popfq(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lcbc_popfq + jae .Lin_cbc_prologue + + mov `16-8`(%rax),%rax # biased $_rsp + lea 56(%rax),%rax + +.Lin_cbc_frame_setup: + mov -16(%rax),%rbx + mov -24(%rax),%rbp + mov -32(%rax),%r12 + mov -40(%rax),%r13 + mov -48(%rax),%r14 + mov -56(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_cbc_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + +.Lcommon_seh_exit: + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$`1232/8`,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size cbc_se_handler,.-cbc_se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_AES_encrypt + .rva .LSEH_end_AES_encrypt + .rva .LSEH_info_AES_encrypt + + .rva .LSEH_begin_AES_decrypt + .rva .LSEH_end_AES_decrypt + .rva .LSEH_info_AES_decrypt + + .rva .LSEH_begin_AES_set_encrypt_key + .rva .LSEH_end_AES_set_encrypt_key + .rva .LSEH_info_AES_set_encrypt_key + + .rva .LSEH_begin_AES_set_decrypt_key + .rva .LSEH_end_AES_set_decrypt_key + .rva .LSEH_info_AES_set_decrypt_key + + .rva .LSEH_begin_AES_cbc_encrypt + .rva .LSEH_end_AES_cbc_encrypt + .rva .LSEH_info_AES_cbc_encrypt + +.section .xdata +.align 8 +.LSEH_info_AES_encrypt: + .byte 9,0,0,0 + .rva block_se_handler + .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[] +.LSEH_info_AES_decrypt: + .byte 9,0,0,0 + .rva block_se_handler + .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] +.LSEH_info_AES_set_encrypt_key: + .byte 9,0,0,0 + .rva key_se_handler + .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] +.LSEH_info_AES_set_decrypt_key: + .byte 9,0,0,0 + .rva key_se_handler + .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] +.LSEH_info_AES_cbc_encrypt: + .byte 9,0,0,0 + .rva cbc_se_handler +___ +} $code =~ s/\`([^\`]*)\`/eval($1)/gem; diff --git a/lib/libcrypto/asn1/Makefile b/lib/libcrypto/asn1/Makefile index 94a6885804f..160544eede5 100644 --- a/lib/libcrypto/asn1/Makefile +++ b/lib/libcrypto/asn1/Makefile @@ -22,30 +22,32 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \ x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ - d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ + x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ + tasn_prn.c ameth_lib.c \ f_int.c f_string.c n_pkey.c \ - f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \ - asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ + f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \ + asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \ x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ - d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ + x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ + tasn_prn.o ameth_lib.o \ f_int.o f_string.o n_pkey.o \ - f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \ - asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ + f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \ + asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o SRC= $(LIBSRC) EXHEADER= asn1.h asn1_mac.h asn1t.h -HEADER= $(EXHEADER) +HEADER= $(EXHEADER) asn1_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -63,7 +65,7 @@ pk: pk.c all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -142,9 +144,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_digest.o: ../../include/openssl/opensslconf.h a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -173,14 +175,6 @@ a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c -a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h -a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -205,13 +199,6 @@ a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_mbstr.o: ../cryptlib.h a_mbstr.c -a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c a_object.o: ../../e_os.h ../../include/openssl/asn1.h a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -250,27 +237,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c +a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_sign.o: ../cryptlib.h a_sign.c asn1_locl.h a_strex.o: ../../e_os.h ../../include/openssl/asn1.h a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h +a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_strex.o: ../cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -318,14 +305,29 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h -a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_verify.o: ../../include/openssl/opensslconf.h +a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c +a_verify.o: asn1_locl.h +ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h +ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ameth_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ameth_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ameth_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ameth_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ameth_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ameth_lib.o: ../../include/openssl/opensslconf.h +ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ameth_lib.c +ameth_lib.o: asn1_locl.h asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -339,9 +341,8 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn1_gen.o: ../../include/openssl/opensslconf.h +asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -371,24 +372,23 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn_mime.o: ../../include/openssl/opensslconf.h +asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -asn_mime.o: ../cryptlib.h asn_mime.c +asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +asn_moid.o: ../../include/openssl/opensslconf.h asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -402,28 +402,43 @@ asn_pack.o: ../../include/openssl/opensslconf.h asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c +bio_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bio_asn1.o: ../../include/openssl/opensslconf.h +bio_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_asn1.o: ../../include/openssl/symhacks.h bio_asn1.c +bio_ndef.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +bio_ndef.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +bio_ndef.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bio_ndef.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bio_ndef.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_ndef.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_ndef.o: ../../include/openssl/symhacks.h bio_ndef.c d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +d2i_pr.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c +d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c +d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +d2i_pu.o: ../cryptlib.h d2i_pu.c evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -455,77 +470,76 @@ f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +i2d_pr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c +i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c +i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i2d_pu.o: ../cryptlib.h i2d_pu.c n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -n_pkey.o: ../cryptlib.h n_pkey.c +n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c +nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c +p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_pbe.o: ../cryptlib.h p5_pbe.c p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbev2.o: ../../include/openssl/opensslconf.h +p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -538,51 +552,48 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p8_pkey.o: ../cryptlib.h p8_pkey.c +p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c +t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_bitst.o: ../cryptlib.h t_bitst.c t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c +t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_crl.o: ../cryptlib.h t_crl.c t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h -t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +t_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h t_pkey.o: ../cryptlib.h t_pkey.c t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h @@ -591,57 +602,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c +t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_req.o: ../cryptlib.h t_req.c t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c +t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_spki.o: ../cryptlib.h t_spki.c t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c +t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_x509.o: ../cryptlib.h t_x509.c t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c +t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_x509a.o: ../cryptlib.h t_x509a.c tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -675,6 +686,21 @@ tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c +tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h +tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +tasn_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tasn_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tasn_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +tasn_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tasn_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tasn_prn.o: ../../include/openssl/opensslconf.h +tasn_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +tasn_prn.o: ../cryptlib.h asn1_locl.h tasn_prn.c tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h @@ -694,23 +720,21 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_algor.o: x_algor.c +x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_attrib.o: ../../include/openssl/opensslconf.h +x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -727,44 +751,42 @@ x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c x_crl.o: ../../e_os.h ../../include/openssl/asn1.h x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_crl.o: ../cryptlib.h x_crl.c +x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_exten.o: x_exten.c +x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_info.o: ../cryptlib.h x_info.c +x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c x_long.o: ../../e_os.h ../../include/openssl/asn1.h x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -780,125 +802,129 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_name.o: ../cryptlib.h x_name.c +x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h x_name.c +x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pkey.o: ../cryptlib.h x_pkey.c +x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_pubkey.o: ../../include/openssl/opensslconf.h x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pubkey.o: ../cryptlib.h x_pubkey.c +x_pubkey.o: ../cryptlib.h asn1_locl.h x_pubkey.c x_req.o: ../../e_os.h ../../include/openssl/asn1.h x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_req.o: ../cryptlib.h x_req.c +x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c x_sig.o: ../../e_os.h ../../include/openssl/asn1.h x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_sig.o: ../cryptlib.h x_sig.c +x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c x_spki.o: ../../e_os.h ../../include/openssl/asn1.h x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_spki.o: ../cryptlib.h x_spki.c +x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c x_val.o: ../../e_os.h ../../include/openssl/asn1.h x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_val.o: ../cryptlib.h x_val.c +x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c x_x509.o: ../../e_os.h ../../include/openssl/asn1.h x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x_x509.o: ../cryptlib.h x_x509.c +x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_x509a.o: ../cryptlib.h x_x509a.c +x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c diff --git a/lib/libcrypto/asn1/ameth_lib.c b/lib/libcrypto/asn1/ameth_lib.c index 18957c669e4..9a8b6cc2226 100644 --- a/lib/libcrypto/asn1/ameth_lib.c +++ b/lib/libcrypto/asn1/ameth_lib.c @@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, if (!ameth->info) goto err; } + else + ameth->info = NULL; if (pem_str) { @@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, if (!ameth->pem_str) goto err; } + else + ameth->pem_str = NULL; ameth->pub_decode = 0; ameth->pub_encode = 0; diff --git a/lib/libcrypto/asn1/asn1_gen.c b/lib/libcrypto/asn1/asn1_gen.c index 2da38292c8c..4fc241908f6 100644 --- a/lib/libcrypto/asn1/asn1_gen.c +++ b/lib/libcrypto/asn1/asn1_gen.c @@ -227,6 +227,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) /* Allocate buffer for new encoding */ new_der = OPENSSL_malloc(len); + if (!new_der) + goto err; /* Generate tagged encoding */ @@ -245,8 +247,14 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) /* If IMPLICIT, output tag */ if (asn1_tags.imp_tag != -1) + { + if (asn1_tags.imp_class == V_ASN1_UNIVERSAL + && (asn1_tags.imp_tag == V_ASN1_SEQUENCE + || asn1_tags.imp_tag == V_ASN1_SET) ) + hdr_constructed = V_ASN1_CONSTRUCTED; ASN1_put_object(&p, hdr_constructed, hdr_len, asn1_tags.imp_tag, asn1_tags.imp_class); + } /* Copy across original encoding */ memcpy(p, cpy_start, cpy_len); @@ -439,13 +447,15 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) { - ASN1_TYPE *ret = NULL, *typ = NULL; + ASN1_TYPE *ret = NULL; STACK_OF(ASN1_TYPE) *sk = NULL; STACK_OF(CONF_VALUE) *sect = NULL; - unsigned char *der = NULL, *p; + unsigned char *der = NULL; int derlen; - int i, is_set; + int i; sk = sk_ASN1_TYPE_new_null(); + if (!sk) + goto bad; if (section) { if (!cnf) @@ -455,28 +465,23 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) goto bad; for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { - typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); + ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); if (!typ) goto bad; - sk_ASN1_TYPE_push(sk, typ); - typ = NULL; + if (!sk_ASN1_TYPE_push(sk, typ)) + goto bad; } } /* Now we has a STACK of the components, convert to the correct form */ if (utype == V_ASN1_SET) - is_set = 1; + derlen = i2d_ASN1_SET_ANY(sk, &der); else - is_set = 0; - + derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); - derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, - V_ASN1_UNIVERSAL, is_set); - der = OPENSSL_malloc(derlen); - p = der; - i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, - V_ASN1_UNIVERSAL, is_set); + if (derlen < 0) + goto bad; if (!(ret = ASN1_TYPE_new())) goto bad; @@ -498,8 +503,6 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) if (sk) sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); - if (typ) - ASN1_TYPE_free(typ); if (sect) X509V3_section_free(cnf, sect); @@ -549,7 +552,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons static int asn1_str2tag(const char *tagstr, int len) { unsigned int i; - static struct tag_name_st *tntmp, tnst [] = { + static const struct tag_name_st *tntmp, tnst [] = { ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), ASN1_GEN_STR("NULL", V_ASN1_NULL), @@ -584,6 +587,8 @@ static int asn1_str2tag(const char *tagstr, int len) ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), + ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), + ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), /* Special cases */ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), @@ -729,6 +734,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_VISIBLESTRING: case V_ASN1_UNIVERSALSTRING: case V_ASN1_GENERALSTRING: + case V_ASN1_NUMERICSTRING: if (format == ASN1_GEN_FORMAT_ASCII) format = MBSTRING_ASC; diff --git a/lib/libcrypto/asn1/charmap.h b/lib/libcrypto/asn1/charmap.h index bd020a9562f..b55e6387259 100644 --- a/lib/libcrypto/asn1/charmap.h +++ b/lib/libcrypto/asn1/charmap.h @@ -2,7 +2,7 @@ * Mask of various character properties */ -static unsigned char char_type[] = { +static const unsigned char char_type[] = { 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16, diff --git a/lib/libcrypto/bf/Makefile b/lib/libcrypto/bf/Makefile index 7f4f03eb821..dd2c2c708e6 100644 --- a/lib/libcrypto/bf/Makefile +++ b/lib/libcrypto/bf/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r BF_ENC= bf_enc.o -# or use -#DES_ENC= bx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -40,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -# COFF -bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -# a.out -bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +bf-586.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -103,9 +94,5 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c -bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h -bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_skey.o: bf_locl.h bf_pi.h bf_skey.c +bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h +bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c diff --git a/lib/libcrypto/bio/Makefile b/lib/libcrypto/bio/Makefile index 1cd76ce7a2f..c395d804968 100644 --- a/lib/libcrypto/bio/Makefile +++ b/lib/libcrypto/bio/Makefile @@ -45,7 +45,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -102,11 +102,12 @@ b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c b_sock.o: ../../e_os.h ../../include/openssl/bio.h b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c +b_sock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +b_sock.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +b_sock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +b_sock.o: ../cryptlib.h b_sock.c bf_buff.o: ../../e_os.h ../../include/openssl/bio.h bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/lib/libcrypto/bio/bio_lcl.h b/lib/libcrypto/bio/bio_lcl.h index dba2919d430..e7f7ec8d8bf 100644 --- a/lib/libcrypto/bio/bio_lcl.h +++ b/lib/libcrypto/bio/bio_lcl.h @@ -18,11 +18,19 @@ #define UP_ftell ftell #define UP_fflush fflush #define UP_ferror ferror +#ifdef _WIN32 +#define UP_fileno _fileno +#define UP_open _open +#define UP_read _read +#define UP_write _write +#define UP_lseek _lseek +#define UP_close _close +#else #define UP_fileno fileno - #define UP_open open #define UP_read read #define UP_write write #define UP_lseek lseek #define UP_close close #endif +#endif diff --git a/lib/libcrypto/bn/asm/alpha-mont.pl b/lib/libcrypto/bn/asm/alpha-mont.pl index 7a2cc3173b0..f7e0ca1646c 100644 --- a/lib/libcrypto/bn/asm/alpha-mont.pl +++ b/lib/libcrypto/bn/asm/alpha-mont.pl @@ -53,15 +53,15 @@ $code=<<___; .align 5 .ent bn_mul_mont bn_mul_mont: - lda sp,-40(sp) + lda sp,-48(sp) stq ra,0(sp) stq s3,8(sp) stq s4,16(sp) stq s5,24(sp) stq fp,32(sp) mov sp,fp - .mask 0x0400f000,-40 - .frame fp,40,ra + .mask 0x0400f000,-48 + .frame fp,48,ra .prologue 0 .align 4 @@ -306,7 +306,7 @@ bn_mul_mont: ldq s4,16(sp) ldq s5,24(sp) ldq fp,32(sp) - lda sp,40(sp) + lda sp,48(sp) ret (ra) .end bn_mul_mont .rdata diff --git a/lib/libcrypto/bn/asm/armv4-mont.pl b/lib/libcrypto/bn/asm/armv4-mont.pl index 05d5dc1a482..14e0d2d1dd5 100644 --- a/lib/libcrypto/bn/asm/armv4-mont.pl +++ b/lib/libcrypto/bn/asm/armv4-mont.pl @@ -193,6 +193,7 @@ bn_mul_mont: bx lr @ interoperable with Thumb ISA:-) .size bn_mul_mont,.-bn_mul_mont .asciz "Montgomery multiplication for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 ___ $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 diff --git a/lib/libcrypto/bn/asm/co-586.pl b/lib/libcrypto/bn/asm/co-586.pl index 5d962cb957d..57101a6bd77 100644 --- a/lib/libcrypto/bn/asm/co-586.pl +++ b/lib/libcrypto/bn/asm/co-586.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); diff --git a/lib/libcrypto/bn/asm/ppc.pl b/lib/libcrypto/bn/asm/ppc.pl index 08e00534738..37c65d35111 100644 --- a/lib/libcrypto/bn/asm/ppc.pl +++ b/lib/libcrypto/bn/asm/ppc.pl @@ -100,9 +100,9 @@ # me a note at schari@us.ibm.com # -$opf = shift; +$flavour = shift; -if ($opf =~ /32\.s/) { +if ($flavour =~ /32/) { $BITS= 32; $BNSZ= $BITS/8; $ISA= "\"ppc\""; @@ -125,7 +125,7 @@ if ($opf =~ /32\.s/) { $INSR= "insrwi"; # insert right $ROTL= "rotlwi"; # rotate left by immediate $TR= "tw"; # conditional trap -} elsif ($opf =~ /64\.s/) { +} elsif ($flavour =~ /64/) { $BITS= 64; $BNSZ= $BITS/8; $ISA= "\"ppc64\""; @@ -149,93 +149,16 @@ if ($opf =~ /32\.s/) { $INSR= "insrdi"; # insert right $ROTL= "rotldi"; # rotate left by immediate $TR= "td"; # conditional trap -} else { die "nonsense $opf"; } +} else { die "nonsense $flavour"; } -( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!"; +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; -# function entry points from the AIX code -# -# There are other, more elegant, ways to handle this. We (IBM) chose -# this approach as it plays well with scripts we run to 'namespace' -# OpenSSL .i.e. we add a prefix to all the public symbols so we can -# co-exist in the same process with other implementations of OpenSSL. -# 'cleverer' ways of doing these substitutions tend to hide data we -# need to be obvious. -# -my @items = ("bn_sqr_comba4", - "bn_sqr_comba8", - "bn_mul_comba4", - "bn_mul_comba8", - "bn_sub_words", - "bn_add_words", - "bn_div_words", - "bn_sqr_words", - "bn_mul_words", - "bn_mul_add_words"); +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; -if ($opf =~ /linux/) { do_linux(); } -elsif ($opf =~ /aix/) { do_aix(); } -elsif ($opf =~ /osx/) { do_osx(); } -else { do_bsd(); } - -sub do_linux { - $d=&data(); - - if ($BITS==64) { - foreach $t (@items) { - $d =~ s/\.$t:/\ -\t.section\t".opd","aw"\ -\t.align\t3\ -\t.globl\t$t\ -$t:\ -\t.quad\t.$t,.TOC.\@tocbase,0\ -\t.size\t$t,24\ -\t.previous\n\ -\t.type\t.$t,\@function\ -\t.globl\t.$t\ -.$t:/g; - } - } - else { - foreach $t (@items) { - $d=~s/\.$t/$t/g; - } - } - # hide internal labels to avoid pollution of name table... - $d=~s/Lppcasm_/.Lppcasm_/gm; - print $d; -} - -sub do_aix { - # AIX assembler is smart enough to please the linker without - # making us do something special... - print &data(); -} - -# MacOSX 32 bit -sub do_osx { - $d=&data(); - # Change the bn symbol prefix from '.' to '_' - foreach $t (@items) { - $d=~s/\.$t/_$t/g; - } - # Change .machine to something OS X asm will accept - $d=~s/\.machine.*/.text/g; - $d=~s/\#/;/g; # change comment from '#' to ';' - print $d; -} - -# BSD (Untested) -sub do_bsd { - $d=&data(); - foreach $t (@items) { - $d=~s/\.$t/_$t/g; - } - print $d; -} - -sub data { - local($data)=<<EOF; +$data=<<EOF; #-------------------------------------------------------------------- # # @@ -297,33 +220,20 @@ sub data { # # Defines to be used in the assembly code. # -.set r0,0 # we use it as storage for value of 0 -.set SP,1 # preserved -.set RTOC,2 # preserved -.set r3,3 # 1st argument/return value -.set r4,4 # 2nd argument/volatile register -.set r5,5 # 3rd argument/volatile register -.set r6,6 # ... -.set r7,7 -.set r8,8 -.set r9,9 -.set r10,10 -.set r11,11 -.set r12,12 -.set r13,13 # not used, nor any other "below" it... - -.set BO_IF_NOT,4 -.set BO_IF,12 -.set BO_dCTR_NZERO,16 -.set BO_dCTR_ZERO,18 -.set BO_ALWAYS,20 -.set CR0_LT,0; -.set CR0_GT,1; -.set CR0_EQ,2 -.set CR1_FX,4; -.set CR1_FEX,5; -.set CR1_VX,6 -.set LR,8 +#.set r0,0 # we use it as storage for value of 0 +#.set SP,1 # preserved +#.set RTOC,2 # preserved +#.set r3,3 # 1st argument/return value +#.set r4,4 # 2nd argument/volatile register +#.set r5,5 # 3rd argument/volatile register +#.set r6,6 # ... +#.set r7,7 +#.set r8,8 +#.set r9,9 +#.set r10,10 +#.set r11,11 +#.set r12,12 +#.set r13,13 # not used, nor any other "below" it... # Declare function names to be global # NOTE: For gcc these names MUST be changed to remove @@ -344,7 +254,7 @@ sub data { # .text section - .machine $ISA + .machine "any" # # NOTE: The following label name should be changed to @@ -478,7 +388,7 @@ sub data { $ST r9,`6*$BNSZ`(r3) #r[6]=c1 $ST r10,`7*$BNSZ`(r3) #r[7]=c2 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -903,7 +813,7 @@ sub data { $ST r9, `15*$BNSZ`(r3) #r[15]=c1; - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 @@ -1055,7 +965,7 @@ sub data { $ST r10,`6*$BNSZ`(r3) #r[6]=c1 $ST r11,`7*$BNSZ`(r3) #r[7]=c2 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1591,7 +1501,7 @@ sub data { adde r10,r10,r9 $ST r12,`14*$BNSZ`(r3) #r[14]=c3; $ST r10,`15*$BNSZ`(r3) #r[15]=c1; - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1623,7 +1533,7 @@ sub data { subfc. r7,r0,r6 # If r6 is 0 then result is 0. # if r6 > 0 then result !=0 # In either case carry bit is set. - bc BO_IF,CR0_EQ,Lppcasm_sub_adios + beq Lppcasm_sub_adios addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ addi r5,r5,-$BNSZ @@ -1635,11 +1545,11 @@ Lppcasm_sub_mainloop: # if carry = 1 this is r7-r8. Else it # is r7-r8 -1 as we need. $STU r6,$BNSZ(r3) - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop + bdnz- Lppcasm_sub_mainloop Lppcasm_sub_adios: subfze r3,r0 # if carry bit is set then r3 = 0 else -1 andi. r3,r3,1 # keep only last bit. - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 @@ -1670,7 +1580,7 @@ Lppcasm_sub_adios: # check for r6 = 0. Is this needed? # addic. r6,r6,0 #test r6 and clear carry bit. - bc BO_IF,CR0_EQ,Lppcasm_add_adios + beq Lppcasm_add_adios addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ addi r5,r5,-$BNSZ @@ -1680,10 +1590,10 @@ Lppcasm_add_mainloop: $LDU r8,$BNSZ(r5) adde r8,r7,r8 $STU r8,$BNSZ(r3) - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop + bdnz- Lppcasm_add_mainloop Lppcasm_add_adios: addze r3,r0 #return carry bit. - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1707,24 +1617,24 @@ Lppcasm_add_adios: # r5 = d $UCMPI 0,r5,0 # compare r5 and 0 - bc BO_IF_NOT,CR0_EQ,Lppcasm_div1 # proceed if d!=0 + bne Lppcasm_div1 # proceed if d!=0 li r3,-1 # d=0 return -1 - bclr BO_ALWAYS,CR0_LT + blr Lppcasm_div1: xor r0,r0,r0 #r0=0 li r8,$BITS $CNTLZ. r7,r5 #r7 = num leading 0s in d. - bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if no leading zeros + beq Lppcasm_div2 #proceed if no leading zeros subf r8,r7,r8 #r8 = BN_num_bits_word(d) $SHR. r9,r3,r8 #are there any bits above r8'th? $TR 16,r9,r0 #if there're, signal to dump core... Lppcasm_div2: $UCMP 0,r3,r5 #h>=d? - bc BO_IF,CR0_LT,Lppcasm_div3 #goto Lppcasm_div3 if not + blt Lppcasm_div3 #goto Lppcasm_div3 if not subf r3,r5,r3 #h-=d ; Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i cmpi 0,0,r7,0 # is (i == 0)? - bc BO_IF,CR0_EQ,Lppcasm_div4 + beq Lppcasm_div4 $SHL r3,r3,r7 # h = (h<< i) $SHR r8,r4,r8 # r8 = (l >> BN_BITS2 -i) $SHL r5,r5,r7 # d<<=i @@ -1741,7 +1651,7 @@ Lppcasm_divouterloop: $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4 # compute here for innerloop. $UCMP 0,r8,r9 # is (h>>BN_BITS4)==dh - bc BO_IF_NOT,CR0_EQ,Lppcasm_div5 # goto Lppcasm_div5 if not + bne Lppcasm_div5 # goto Lppcasm_div5 if not li r8,-1 $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l @@ -1762,9 +1672,9 @@ Lppcasm_divinnerloop: # the following 2 instructions do that $SHLI r7,r10,`$BITS/2` # r7 = (t<<BN_BITS4) or r7,r7,r11 # r7|=((l&BN_MASK2h)>>BN_BITS4) - $UCMP 1,r6,r7 # compare (tl <= r7) - bc BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit - bc BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit + $UCMP cr1,r6,r7 # compare (tl <= r7) + bne Lppcasm_divinnerexit + ble cr1,Lppcasm_divinnerexit addi r8,r8,-1 #q-- subf r12,r9,r12 #th -=dh $CLRU r10,r5,`$BITS/2` #r10=dl. t is no longer needed in loop. @@ -1773,14 +1683,14 @@ Lppcasm_divinnerloop: Lppcasm_divinnerexit: $SHRI r10,r6,`$BITS/2` #t=(tl>>BN_BITS4) $SHLI r11,r6,`$BITS/2` #tl=(tl<<BN_BITS4)&BN_MASK2h; - $UCMP 1,r4,r11 # compare l and tl + $UCMP cr1,r4,r11 # compare l and tl add r12,r12,r10 # th+=t - bc BO_IF_NOT,CR1_FX,Lppcasm_div7 # if (l>=tl) goto Lppcasm_div7 + bge cr1,Lppcasm_div7 # if (l>=tl) goto Lppcasm_div7 addi r12,r12,1 # th++ Lppcasm_div7: subf r11,r11,r4 #r11=l-tl - $UCMP 1,r3,r12 #compare h and th - bc BO_IF_NOT,CR1_FX,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 + $UCMP cr1,r3,r12 #compare h and th + bge cr1,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 addi r8,r8,-1 # q-- add r3,r5,r3 # h+=d Lppcasm_div8: @@ -1791,12 +1701,12 @@ Lppcasm_div8: # the following 2 instructions will do this. $INSR r11,r12,`$BITS/2`,`$BITS/2` # r11 is the value we want rotated $BITS/2. $ROTL r3,r11,`$BITS/2` # rotate by $BITS/2 and store in r3 - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ; + bdz Lppcasm_div9 #if (count==0) break ; $SHLI r0,r8,`$BITS/2` #ret =q<<BN_BITS4 b Lppcasm_divouterloop Lppcasm_div9: or r3,r8,r0 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1822,7 +1732,7 @@ Lppcasm_div9: # No unrolling done here. Not performance critical. addic. r5,r5,0 #test r5. - bc BO_IF,CR0_EQ,Lppcasm_sqr_adios + beq Lppcasm_sqr_adios addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ mtctr r5 @@ -1833,9 +1743,9 @@ Lppcasm_sqr_mainloop: $UMULH r8,r6,r6 $STU r7,$BNSZ(r3) $STU r8,$BNSZ(r3) - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop + bdnz- Lppcasm_sqr_mainloop Lppcasm_sqr_adios: - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 @@ -1858,7 +1768,7 @@ Lppcasm_sqr_adios: xor r0,r0,r0 xor r12,r12,r12 # used for carry rlwinm. r7,r5,30,2,31 # num >> 2 - bc BO_IF,CR0_EQ,Lppcasm_mw_REM + beq Lppcasm_mw_REM mtctr r7 Lppcasm_mw_LOOP: #mul(rp[0],ap[0],w,c1); @@ -1896,11 +1806,11 @@ Lppcasm_mw_LOOP: addi r3,r3,`4*$BNSZ` addi r4,r4,`4*$BNSZ` - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP + bdnz- Lppcasm_mw_LOOP Lppcasm_mw_REM: andi. r5,r5,0x3 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul(rp[0],ap[0],w,c1); $LD r8,`0*$BNSZ`(r4) $UMULL r9,r6,r8 @@ -1912,7 +1822,7 @@ Lppcasm_mw_REM: addi r5,r5,-1 cmpli 0,0,r5,0 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul(rp[1],ap[1],w,c1); @@ -1926,7 +1836,7 @@ Lppcasm_mw_REM: addi r5,r5,-1 cmpli 0,0,r5,0 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul_add(rp[2],ap[2],w,c1); $LD r8,`2*$BNSZ`(r4) @@ -1939,7 +1849,7 @@ Lppcasm_mw_REM: Lppcasm_mw_OVER: addi r3,r12,0 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1964,7 +1874,7 @@ Lppcasm_mw_OVER: xor r0,r0,r0 #r0 = 0 xor r12,r12,r12 #r12 = 0 . used for carry rlwinm. r7,r5,30,2,31 # num >> 2 - bc BO_IF,CR0_EQ,Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover + beq Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover mtctr r7 Lppcasm_maw_mainloop: #mul_add(rp[0],ap[0],w,c1); @@ -2017,11 +1927,11 @@ Lppcasm_maw_mainloop: $ST r11,`3*$BNSZ`(r3) addi r3,r3,`4*$BNSZ` addi r4,r4,`4*$BNSZ` - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop + bdnz- Lppcasm_maw_mainloop Lppcasm_maw_leftover: andi. r5,r5,0x3 - bc BO_IF,CR0_EQ,Lppcasm_maw_adios + beq Lppcasm_maw_adios addi r3,r3,-$BNSZ addi r4,r4,-$BNSZ #mul_add(rp[0],ap[0],w,c1); @@ -2036,7 +1946,7 @@ Lppcasm_maw_leftover: addze r12,r10 $ST r9,0(r3) - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios + bdz Lppcasm_maw_adios #mul_add(rp[1],ap[1],w,c1); $LDU r8,$BNSZ(r4) $UMULL r9,r6,r8 @@ -2048,7 +1958,7 @@ Lppcasm_maw_leftover: addze r12,r10 $ST r9,0(r3) - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios + bdz Lppcasm_maw_adios #mul_add(rp[2],ap[2],w,c1); $LDU r8,$BNSZ(r4) $UMULL r9,r6,r8 @@ -2062,17 +1972,10 @@ Lppcasm_maw_leftover: Lppcasm_maw_adios: addi r3,r12,0 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 .align 4 EOF - $data =~ s/\`([^\`]*)\`/eval $1/gem; - - # if some assembler chokes on some simplified mnemonic, - # this is the spot to fix it up, e.g.: - # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare - $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm; - # assembler X doesn't accept li, load immediate value - #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm; - return($data); -} +$data =~ s/\`([^\`]*)\`/eval $1/gem; +print $data; +close STDOUT; diff --git a/lib/libcrypto/bn/asm/x86_64-gcc.c b/lib/libcrypto/bn/asm/x86_64-gcc.c index f13f52dd853..acb0b401181 100644 --- a/lib/libcrypto/bn/asm/x86_64-gcc.c +++ b/lib/libcrypto/bn/asm/x86_64-gcc.c @@ -1,4 +1,5 @@ -#ifdef __SUNPRO_C +#include "../bn_lcl.h" +#if !(defined(__GNUC__) && __GNUC__>=2) # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ #else /* @@ -54,7 +55,15 @@ * machine. */ +#ifdef _WIN64 +#define BN_ULONG unsigned long long +#else #define BN_ULONG unsigned long +#endif + +#undef mul +#undef mul_add +#undef sqr /* * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; @@ -97,7 +106,7 @@ : "a"(a) \ : "cc"); -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1=0; @@ -121,7 +130,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c1); } -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1=0; @@ -144,7 +153,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c1); } -void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) +void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { if (n <= 0) return; @@ -175,14 +184,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) return ret; } -BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) +BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) { BN_ULONG ret=0,i=0; if (n <= 0) return 0; asm ( " subq %2,%2 \n" - ".align 16 \n" + ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" " adcq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" @@ -198,14 +207,14 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) } #ifndef SIMICS -BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) +BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) { BN_ULONG ret=0,i=0; if (n <= 0) return 0; asm ( " subq %2,%2 \n" - ".align 16 \n" + ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" " sbbq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" @@ -485,7 +494,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) r[7]=c2; } -void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) +void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -561,7 +570,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) r[15]=c1; } -void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) +void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; diff --git a/lib/libcrypto/bn/asm/x86_64-mont.pl b/lib/libcrypto/bn/asm/x86_64-mont.pl index c43b69592a5..3b7a6f243f2 100755 --- a/lib/libcrypto/bn/asm/x86_64-mont.pl +++ b/lib/libcrypto/bn/asm/x86_64-mont.pl @@ -15,14 +15,18 @@ # respectful 50%. It remains to be seen if loop unrolling and # dedicated squaring routine can provide further improvement... -$output=shift; +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $output"; +open STDOUT,"| $^X $xlate $flavour $output"; # int bn_mul_mont( $rp="%rdi"; # BN_ULONG *rp, @@ -55,13 +59,14 @@ bn_mul_mont: push %r15 mov ${num}d,${num}d - lea 2($num),%rax - mov %rsp,%rbp - neg %rax - lea (%rsp,%rax,8),%rsp # tp=alloca(8*(num+2)) + lea 2($num),%r10 + mov %rsp,%r11 + neg %r10 + lea (%rsp,%r10,8),%rsp # tp=alloca(8*(num+2)) and \$-1024,%rsp # minimize TLB usage - mov %rbp,8(%rsp,$num,8) # tp[num+1]=%rsp + mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp +.Lprologue: mov %rdx,$bp # $bp reassigned, remember? mov ($n0),$n0 # pull n0[0] value @@ -197,18 +202,129 @@ bn_mul_mont: dec $j jge .Lcopy - mov 8(%rsp,$num,8),%rsp # restore %rsp + mov 8(%rsp,$num,8),%rsi # restore %rsp mov \$1,%rax + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue: + ret +.size bn_mul_mont,.-bn_mul_mont +.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>" +.align 16 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + mov 192($context),%r10 # pull $num + mov 8(%rax,%r10,8),%rax # pull saved stack pointer + lea 48(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq pop %r15 pop %r14 pop %r13 pop %r12 pop %rbp pop %rbx + pop %rdi + pop %rsi ret -.size bn_mul_mont,.-bn_mul_mont -.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>" +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_bn_mul_mont + .rva .LSEH_end_bn_mul_mont + .rva .LSEH_info_bn_mul_mont + +.section .xdata +.align 8 +.LSEH_info_bn_mul_mont: + .byte 9,0,0,0 + .rva se_handler ___ +} print $code; close STDOUT; diff --git a/lib/libcrypto/buffer/Makefile b/lib/libcrypto/buffer/Makefile index 9e0f46e19ab..9f3a88d2d6a 100644 --- a/lib/libcrypto/buffer/Makefile +++ b/lib/libcrypto/buffer/Makefile @@ -17,8 +17,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= buffer.c buf_str.c buf_err.c -LIBOBJ= buffer.o buf_str.o buf_err.o +LIBSRC= buffer.c buf_err.c +LIBOBJ= buffer.o buf_err.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -81,13 +81,6 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h buf_err.o: buf_err.c -buf_str.o: ../../e_os.h ../../include/openssl/bio.h -buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c buffer.o: ../../e_os.h ../../include/openssl/bio.h buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/lib/libcrypto/camellia/Makefile b/lib/libcrypto/camellia/Makefile index dfb12951fd4..ff5fe4a01db 100644 --- a/lib/libcrypto/camellia/Makefile +++ b/lib/libcrypto/camellia/Makefile @@ -11,7 +11,7 @@ CFLAG=-g MAKEFILE= Makefile AR= ar r -CAMELLIA_ASM_OBJ= +CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -25,8 +25,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \ cmll_cfb.c cmll_ctr.c -LIBOBJ= camellia.o cmll_misc.o cmll_ecb.o cmll_cbc.o cmll_ofb.o \ - cmll_cfb.o cmll_ctr.o $(CAMELLIA_ASM_OBJ) +LIBOBJ= cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o $(CMLL_ENC) SRC= $(LIBSRC) @@ -41,12 +40,14 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -$(LIBOBJ): $(LIBSRC) - +cmll-x86.s: asm/cmll-x86.pl ../perlasm/x86asm.pl + $(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +cmll-x86_64.s: asm/cmll-x86_64.pl + $(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -85,19 +86,18 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -camellia.o: camellia.c camellia.h cmll_locl.h -cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h -cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h -cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h -cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -cmll_cfb.o: cmll_cfb.c cmll_locl.h -cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h -cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h -cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h +camellia.o: ../../include/openssl/opensslconf.h camellia.c camellia.h +camellia.o: cmll_locl.h +cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h +cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c +cmll_cfb.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h +cmll_cfb.o: ../../include/openssl/opensslconf.h cmll_cfb.c +cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h +cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c +cmll_ecb.o: ../../include/openssl/camellia.h cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h -cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h +cmll_misc.o: ../../include/openssl/camellia.h cmll_misc.o: ../../include/openssl/opensslconf.h cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c -cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h -cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c +cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h +cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_ofb.c diff --git a/lib/libcrypto/camellia/asm/cmll-x86.pl b/lib/libcrypto/camellia/asm/cmll-x86.pl index 0812815bfb8..027302ac869 100644 --- a/lib/libcrypto/camellia/asm/cmll-x86.pl +++ b/lib/libcrypto/camellia/asm/cmll-x86.pl @@ -1133,6 +1133,6 @@ my ($s0,$s1,$s2,$s3) = @T; &function_end("Camellia_cbc_encrypt"); } -&asciz("Camellia for x86 by <appro@openssl.org>"); +&asciz("Camellia for x86 by <appro\@openssl.org>"); &asm_finish(); diff --git a/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/lib/libcrypto/camellia/asm/cmll-x86_64.pl index c683646ca7c..76955e47265 100644 --- a/lib/libcrypto/camellia/asm/cmll-x86_64.pl +++ b/lib/libcrypto/camellia/asm/cmll-x86_64.pl @@ -656,7 +656,7 @@ Camellia_cbc_encrypt: mov %rsi,$out # out argument mov %r8,%rbx # ivp argument mov %rcx,$key # key argument - mov 272(%rcx),$keyend # grandRounds + mov 272(%rcx),${keyend}d # grandRounds mov %r8,$_ivp mov %rbp,$_rsp @@ -859,7 +859,7 @@ Camellia_cbc_encrypt: ret .size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt -.asciz "Camellia for x86_64 by <appro@openssl.org>" +.asciz "Camellia for x86_64 by <appro\@openssl.org>" ___ } diff --git a/lib/libcrypto/camellia/camellia.c b/lib/libcrypto/camellia/camellia.c index 491c26b39e9..75fc8991c08 100644 --- a/lib/libcrypto/camellia/camellia.c +++ b/lib/libcrypto/camellia/camellia.c @@ -68,1557 +68,515 @@ /* Algorithm Specification http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html */ - - -#include <string.h> -#include <stdlib.h> + +/* + * This release balances code size and performance. In particular key + * schedule setup is fully unrolled, because doing so *significantly* + * reduces amount of instructions per setup round and code increase is + * justifiable. In block functions on the other hand only inner loops + * are unrolled, as full unroll gives only nominal performance boost, + * while code size grows 4 or 7 times. Also, unlike previous versions + * this one "encourages" compiler to keep intermediate variables in + * registers, which should give better "all round" results, in other + * words reasonable performance even with not so modern compilers. + */ #include "camellia.h" #include "cmll_locl.h" +#include <string.h> +#include <stdlib.h> -/* key constants */ -#define CAMELLIA_SIGMA1L (0xA09E667FL) -#define CAMELLIA_SIGMA1R (0x3BCC908BL) -#define CAMELLIA_SIGMA2L (0xB67AE858L) -#define CAMELLIA_SIGMA2R (0x4CAA73B2L) -#define CAMELLIA_SIGMA3L (0xC6EF372FL) -#define CAMELLIA_SIGMA3R (0xE94F82BEL) -#define CAMELLIA_SIGMA4L (0x54FF53A5L) -#define CAMELLIA_SIGMA4R (0xF1D36F1CL) -#define CAMELLIA_SIGMA5L (0x10E527FAL) -#define CAMELLIA_SIGMA5R (0xDE682D1DL) -#define CAMELLIA_SIGMA6L (0xB05688C2L) -#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) - +/* 32-bit rotations */ +#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +# define RightRotate(x, s) _lrotr(x, s) +# define LeftRotate(x, s) _lrotl(x, s) +# if _MSC_VER >= 1400 +# define SWAP(x) _byteswap_ulong(x) +# else +# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +# endif +# define GETU32(p) SWAP(*((u32 *)(p))) +# define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v))) +# elif defined(__GNUC__) && __GNUC__>=2 +# if defined(__i386) || defined(__x86_64) +# define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) +# define LeftRotate(x,s) ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) +# if defined(B_ENDIAN) /* stratus.com does it */ +# define GETU32(p) (*(u32 *)(p)) +# define PUTU32(p,v) (*(u32 *)(p)=(v)) +# else +# define GETU32(p) ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; }) +# define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; }) +# endif +# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) +# define LeftRotate(x,s) ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; }) +# define RightRotate(x,s) LeftRotate(x,(32-s)) +# elif defined(__s390x__) +# define LeftRotate(x,s) ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; }) +# define RightRotate(x,s) LeftRotate(x,(32-s)) +# define GETU32(p) (*(u32 *)(p)) +# define PUTU32(p,v) (*(u32 *)(p)=(v)) +# endif +# endif +#endif + +#if !defined(RightRotate) && !defined(LeftRotate) +# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) +# define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) +#endif + +#if !defined(GETU32) && !defined(PUTU32) +# define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) +# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) +#endif + +/* S-box data */ +#define SBOX1_1110 Camellia_SBOX[0] +#define SBOX4_4404 Camellia_SBOX[1] +#define SBOX2_0222 Camellia_SBOX[2] +#define SBOX3_3033 Camellia_SBOX[3] +static const u32 Camellia_SBOX[][256] = { +{ 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, + 0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, + 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00, + 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, + 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, + 0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, + 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000, + 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, + 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, + 0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, + 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00, + 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, + 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, + 0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, + 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700, + 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, + 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, + 0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, + 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400, + 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, + 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, + 0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, + 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00, + 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, + 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, + 0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, + 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00, + 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, + 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, + 0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, + 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600, + 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, + 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, + 0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, + 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800, + 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, + 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, + 0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, + 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900, + 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, + 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, + 0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, + 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 }, +{ 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, + 0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, + 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af, + 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, + 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, + 0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, + 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb, + 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, + 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, + 0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, + 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0, + 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, + 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, + 0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, + 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8, + 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, + 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, + 0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, + 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9, + 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, + 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, + 0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, + 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093, + 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, + 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, + 0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, + 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066, + 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, + 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, + 0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, + 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2, + 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, + 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, + 0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, + 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002, + 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, + 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, + 0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, + 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a, + 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, + 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, + 0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, + 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e }, +{ 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, + 0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, + 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf, + 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, + 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, + 0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, + 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060, + 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, + 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, + 0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, + 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a, + 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, + 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, + 0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, + 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f, + 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, + 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, + 0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, + 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888, + 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, + 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, + 0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, + 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6, + 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, + 0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, + 0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, + 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8, + 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, + 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, + 0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, + 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d, + 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, + 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, + 0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, + 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131, + 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, + 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, + 0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, + 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292, + 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, + 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, + 0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, + 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d }, +{ 0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, + 0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, + 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7, + 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, + 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, + 0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, + 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818, + 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, + 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, + 0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, + 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686, + 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, + 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, + 0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, + 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb, + 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, + 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, + 0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, + 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222, + 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, + 0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, + 0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, + 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad, + 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, + 0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, + 0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, + 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e, + 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, + 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, + 0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, + 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b, + 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, + 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, + 0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, + 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c, + 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, + 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, + 0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, + 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4, + 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, + 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, + 0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, + 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f } +}; + +/* Key generation constants */ +static const u32 SIGMA[] = { + 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be, + 0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd +}; + +/* The phi algorithm given in C.2.7 of the Camellia spec document. */ /* - * macros + * This version does not attempt to minimize amount of temporary + * variables, but instead explicitly exposes algorithm's parallelism. + * It is therefore most appropriate for platforms with not less than + * ~16 registers. For platforms with less registers [well, x86 to be + * specific] assembler version should be/is provided anyway... */ - -/* e is pointer of subkey */ -#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) -#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) - -/* rotation right shift 1byte */ -#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) -/* rotation left shift 1bit */ -#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) -/* rotation left shift 1byte */ -#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) - -#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ -do \ - { \ - w0 = ll; \ - ll = (ll << bits) + (lr >> (32 - bits)); \ - lr = (lr << bits) + (rl >> (32 - bits)); \ - rl = (rl << bits) + (rr >> (32 - bits)); \ - rr = (rr << bits) + (w0 >> (32 - bits)); \ - } while(0) - -#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ -do \ - { \ - w0 = ll; \ - w1 = lr; \ - ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ - lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ - rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ - rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ - } while(0) - -#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) -#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) -#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) -#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) - -#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ -do \ - { \ - il = xl ^ kl; \ - ir = xr ^ kr; \ - t0 = il >> 16; \ - t1 = ir >> 16; \ - yl = CAMELLIA_SP1110(ir & 0xff) \ - ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ - ^ CAMELLIA_SP3033(t1 & 0xff) \ - ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ - yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ - ^ CAMELLIA_SP0222(t0 & 0xff) \ - ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ - ^ CAMELLIA_SP4404(il & 0xff); \ - yl ^= yr; \ - yr = CAMELLIA_RR8(yr); \ - yr ^= yl; \ - } while(0) - +#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\ + register u32 _t0,_t1,_t2,_t3;\ +\ + _t0 = _s0 ^ (_key)[0];\ + _t3 = SBOX4_4404[_t0&0xff];\ + _t1 = _s1 ^ (_key)[1];\ + _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\ + _t2 = SBOX1_1110[_t1&0xff];\ + _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\ + _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\ + _t3 ^= SBOX1_1110[(_t0 >> 24)];\ + _t2 ^= _t3;\ + _t3 = RightRotate(_t3,8);\ + _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\ + _s3 ^= _t3;\ + _t2 ^= SBOX2_0222[(_t1 >> 24)];\ + _s2 ^= _t2; \ + _s3 ^= _t2;\ +} while(0) /* - * for speed up - * + * Note that n has to be less than 32. Rotations for larger amount + * of bits are achieved by "rotating" order of s-elements and + * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32). */ -#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ -do \ - { \ - t0 = kll; \ - t0 &= ll; \ - lr ^= CAMELLIA_RL1(t0); \ - t1 = klr; \ - t1 |= lr; \ - ll ^= t1; \ - \ - t2 = krr; \ - t2 |= rr; \ - rl ^= t2; \ - t3 = krl; \ - t3 &= rl; \ - rr ^= CAMELLIA_RL1(t3); \ - } while(0) - -#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ -do \ - { \ - il = xl; \ - ir = xr; \ - t0 = il >> 16; \ - t1 = ir >> 16; \ - ir = CAMELLIA_SP1110(ir & 0xff) \ - ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ - ^ CAMELLIA_SP3033(t1 & 0xff) \ - ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ - il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ - ^ CAMELLIA_SP0222(t0 & 0xff) \ - ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ - ^ CAMELLIA_SP4404(il & 0xff); \ - il ^= kl; \ - ir ^= kr; \ - ir ^= il; \ - il = CAMELLIA_RR8(il); \ - il ^= ir; \ - yl ^= ir; \ - yr ^= il; \ - } while(0) - -static const u32 camellia_sp1110[256] = - { - 0x70707000,0x82828200,0x2c2c2c00,0xececec00, - 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, - 0xe4e4e400,0x85858500,0x57575700,0x35353500, - 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, - 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, - 0x45454500,0x19191900,0xa5a5a500,0x21212100, - 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, - 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, - 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, - 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, - 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, - 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, - 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, - 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, - 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, - 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, - 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, - 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, - 0x74747400,0x12121200,0x2b2b2b00,0x20202000, - 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, - 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, - 0x34343400,0x7e7e7e00,0x76767600,0x05050500, - 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, - 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, - 0x14141400,0x58585800,0x3a3a3a00,0x61616100, - 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, - 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, - 0x53535300,0x18181800,0xf2f2f200,0x22222200, - 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, - 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, - 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, - 0x60606000,0xfcfcfc00,0x69696900,0x50505000, - 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, - 0xa1a1a100,0x89898900,0x62626200,0x97979700, - 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, - 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, - 0x10101000,0xc4c4c400,0x00000000,0x48484800, - 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, - 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, - 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, - 0x87878700,0x5c5c5c00,0x83838300,0x02020200, - 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, - 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, - 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, - 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, - 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, - 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, - 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, - 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, - 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, - 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, - 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, - 0x78787800,0x98989800,0x06060600,0x6a6a6a00, - 0xe7e7e700,0x46464600,0x71717100,0xbababa00, - 0xd4d4d400,0x25252500,0xababab00,0x42424200, - 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, - 0x72727200,0x07070700,0xb9b9b900,0x55555500, - 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, - 0x36363600,0x49494900,0x2a2a2a00,0x68686800, - 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, - 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, - 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, - 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, - 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, - }; - -static const u32 camellia_sp0222[256] = +#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\ + u32 _t0=_s0>>(32-_n);\ + _s0 = (_s0<<_n) | (_s1>>(32-_n));\ + _s1 = (_s1<<_n) | (_s2>>(32-_n));\ + _s2 = (_s2<<_n) | (_s3>>(32-_n));\ + _s3 = (_s3<<_n) | _t0;\ +} while (0) + +int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k) { - 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, - 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, - 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, - 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, - 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, - 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, - 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, - 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, - 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, - 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, - 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, - 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, - 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, - 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, - 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, - 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, - 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, - 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, - 0x00e8e8e8,0x00242424,0x00565656,0x00404040, - 0x00e1e1e1,0x00636363,0x00090909,0x00333333, - 0x00bfbfbf,0x00989898,0x00979797,0x00858585, - 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, - 0x00dadada,0x006f6f6f,0x00535353,0x00626262, - 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, - 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, - 0x00bdbdbd,0x00363636,0x00222222,0x00383838, - 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, - 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, - 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, - 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, - 0x00484848,0x00101010,0x00d1d1d1,0x00515151, - 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, - 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, - 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, - 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, - 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, - 0x00202020,0x00898989,0x00000000,0x00909090, - 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, - 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, - 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, - 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, - 0x009b9b9b,0x00949494,0x00212121,0x00666666, - 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, - 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, - 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, - 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, - 0x00030303,0x002d2d2d,0x00dedede,0x00969696, - 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, - 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, - 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, - 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, - 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, - 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, - 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, - 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, - 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, - 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, - 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, - 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, - 0x00787878,0x00707070,0x00e3e3e3,0x00494949, - 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, - 0x00777777,0x00939393,0x00868686,0x00838383, - 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, - 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, - }; - -static const u32 camellia_sp3033[256] = - { - 0x38003838,0x41004141,0x16001616,0x76007676, - 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, - 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, - 0x75007575,0x06000606,0x57005757,0xa000a0a0, - 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, - 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, - 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, - 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, - 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, - 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, - 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, - 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, - 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, - 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, - 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, - 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, - 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, - 0xfd00fdfd,0x66006666,0x58005858,0x96009696, - 0x3a003a3a,0x09000909,0x95009595,0x10001010, - 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, - 0xef00efef,0x26002626,0xe500e5e5,0x61006161, - 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, - 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, - 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, - 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, - 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, - 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, - 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, - 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, - 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, - 0x12001212,0x04000404,0x74007474,0x54005454, - 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, - 0x55005555,0x68006868,0x50005050,0xbe00bebe, - 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, - 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, - 0x70007070,0xff00ffff,0x32003232,0x69006969, - 0x08000808,0x62006262,0x00000000,0x24002424, - 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, - 0x45004545,0x81008181,0x73007373,0x6d006d6d, - 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, - 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, - 0xe600e6e6,0x25002525,0x48004848,0x99009999, - 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, - 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, - 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, - 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, - 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, - 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, - 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, - 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, - 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, - 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, - 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, - 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, - 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, - 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, - 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, - 0x7c007c7c,0x77007777,0x56005656,0x05000505, - 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, - 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, - 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, - 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, - 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, - 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, - }; - -static const u32 camellia_sp4404[256] = - { - 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, - 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, - 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, - 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, - 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, - 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, - 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, - 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, - 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, - 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, - 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, - 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, - 0x14140014,0x3a3a003a,0xdede00de,0x11110011, - 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, - 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, - 0x24240024,0xe8e800e8,0x60600060,0x69690069, - 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, - 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, - 0x10100010,0x00000000,0xa3a300a3,0x75750075, - 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, - 0x87870087,0x83830083,0xcdcd00cd,0x90900090, - 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, - 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, - 0x81810081,0x6f6f006f,0x13130013,0x63630063, - 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, - 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, - 0x78780078,0x06060006,0xe7e700e7,0x71710071, - 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, - 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, - 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, - 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, - 0x15150015,0xadad00ad,0x77770077,0x80800080, - 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, - 0x85850085,0x35350035,0x0c0c000c,0x41410041, - 0xefef00ef,0x93930093,0x19190019,0x21210021, - 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, - 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, - 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, - 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, - 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, - 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, - 0x12120012,0x20200020,0xb1b100b1,0x99990099, - 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, - 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, - 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, - 0x0f0f000f,0x16160016,0x18180018,0x22220022, - 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, - 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, - 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, - 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, - 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, - 0x03030003,0xdada00da,0x3f3f003f,0x94940094, - 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, - 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, - 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, - 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, - 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, - 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, - 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, - 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, - 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, - 0x49490049,0x68680068,0x38380038,0xa4a400a4, - 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, - 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, - }; - -/** - * Stuff related to the Camellia key schedule - */ -#define subl(x) subL[(x)] -#define subr(x) subR[(x)] - -void camellia_setup128(const u8 *key, u32 *subkey) - { - u32 kll, klr, krl, krr; - u32 il, ir, t0, t1, w0, w1; - u32 kw4l, kw4r, dw, tl, tr; - u32 subL[26]; - u32 subR[26]; - - /** - * k == kll || klr || krl || krr (|| is concatination) - */ - kll = GETU32(key ); - klr = GETU32(key + 4); - krl = GETU32(key + 8); - krr = GETU32(key + 12); - /** - * generate KL dependent subkeys - */ - /* kw1 */ - subl(0) = kll; subr(0) = klr; - /* kw2 */ - subl(1) = krl; subr(1) = krr; - /* rotation left shift 15bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k3 */ - subl(4) = kll; subr(4) = klr; - /* k4 */ - subl(5) = krl; subr(5) = krr; - /* rotation left shift 15+30bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); - /* k7 */ - subl(10) = kll; subr(10) = klr; - /* k8 */ - subl(11) = krl; subr(11) = krr; - /* rotation left shift 15+30+15bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k10 */ - subl(13) = krl; subr(13) = krr; - /* rotation left shift 15+30+15+17 bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* kl3 */ - subl(16) = kll; subr(16) = klr; - /* kl4 */ - subl(17) = krl; subr(17) = krr; - /* rotation left shift 15+30+15+17+17 bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* k13 */ - subl(18) = kll; subr(18) = klr; - /* k14 */ - subl(19) = krl; subr(19) = krr; - /* rotation left shift 15+30+15+17+17+17 bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* k17 */ - subl(22) = kll; subr(22) = klr; - /* k18 */ - subl(23) = krl; subr(23) = krr; - - /* generate KA */ - kll = subl(0); klr = subr(0); - krl = subl(1); krr = subr(1); - CAMELLIA_F(kll, klr, - CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, - w0, w1, il, ir, t0, t1); - krl ^= w0; krr ^= w1; - CAMELLIA_F(krl, krr, - CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, - kll, klr, il, ir, t0, t1); - /* current status == (kll, klr, w0, w1) */ - CAMELLIA_F(kll, klr, - CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, - krl, krr, il, ir, t0, t1); - krl ^= w0; krr ^= w1; - CAMELLIA_F(krl, krr, - CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, - w0, w1, il, ir, t0, t1); - kll ^= w0; klr ^= w1; - - /* generate KA dependent subkeys */ - /* k1, k2 */ - subl(2) = kll; subr(2) = klr; - subl(3) = krl; subr(3) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k5,k6 */ - subl(6) = kll; subr(6) = klr; - subl(7) = krl; subr(7) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* kl1, kl2 */ - subl(8) = kll; subr(8) = klr; - subl(9) = krl; subr(9) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k9 */ - subl(12) = kll; subr(12) = klr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k11, k12 */ - subl(14) = kll; subr(14) = klr; - subl(15) = krl; subr(15) = krr; - CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); - /* k15, k16 */ - subl(20) = kll; subr(20) = klr; - subl(21) = krl; subr(21) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* kw3, kw4 */ - subl(24) = kll; subr(24) = klr; - subl(25) = krl; subr(25) = krr; - - - /* absorb kw2 to other subkeys */ -/* round 2 */ - subl(3) ^= subl(1); subr(3) ^= subr(1); -/* round 4 */ - subl(5) ^= subl(1); subr(5) ^= subr(1); -/* round 6 */ - subl(7) ^= subl(1); subr(7) ^= subr(1); - subl(1) ^= subr(1) & ~subr(9); - dw = subl(1) & subl(9), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ -/* round 8 */ - subl(11) ^= subl(1); subr(11) ^= subr(1); -/* round 10 */ - subl(13) ^= subl(1); subr(13) ^= subr(1); -/* round 12 */ - subl(15) ^= subl(1); subr(15) ^= subr(1); - subl(1) ^= subr(1) & ~subr(17); - dw = subl(1) & subl(17), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ -/* round 14 */ - subl(19) ^= subl(1); subr(19) ^= subr(1); -/* round 16 */ - subl(21) ^= subl(1); subr(21) ^= subr(1); -/* round 18 */ - subl(23) ^= subl(1); subr(23) ^= subr(1); -/* kw3 */ - subl(24) ^= subl(1); subr(24) ^= subr(1); - - /* absorb kw4 to other subkeys */ - kw4l = subl(25); kw4r = subr(25); -/* round 17 */ - subl(22) ^= kw4l; subr(22) ^= kw4r; -/* round 15 */ - subl(20) ^= kw4l; subr(20) ^= kw4r; -/* round 13 */ - subl(18) ^= kw4l; subr(18) ^= kw4r; - kw4l ^= kw4r & ~subr(16); - dw = kw4l & subl(16), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ -/* round 11 */ - subl(14) ^= kw4l; subr(14) ^= kw4r; -/* round 9 */ - subl(12) ^= kw4l; subr(12) ^= kw4r; -/* round 7 */ - subl(10) ^= kw4l; subr(10) ^= kw4r; - kw4l ^= kw4r & ~subr(8); - dw = kw4l & subl(8), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ -/* round 5 */ - subl(6) ^= kw4l; subr(6) ^= kw4r; -/* round 3 */ - subl(4) ^= kw4l; subr(4) ^= kw4r; -/* round 1 */ - subl(2) ^= kw4l; subr(2) ^= kw4r; -/* kw1 */ - subl(0) ^= kw4l; subr(0) ^= kw4r; - - - /* key XOR is end of F-function */ - CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */ - CamelliaSubkeyR(0) = subr(0) ^ subr(2); - CamelliaSubkeyL(2) = subl(3); /* round 1 */ - CamelliaSubkeyR(2) = subr(3); - CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ - CamelliaSubkeyR(3) = subr(2) ^ subr(4); - CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ - CamelliaSubkeyR(4) = subr(3) ^ subr(5); - CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ - CamelliaSubkeyR(5) = subr(4) ^ subr(6); - CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ - CamelliaSubkeyR(6) = subr(5) ^ subr(7); - tl = subl(10) ^ (subr(10) & ~subr(8)); - dw = tl & subl(8), /* FL(kl1) */ - tr = subr(10) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ - CamelliaSubkeyR(7) = subr(6) ^ tr; - CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ - CamelliaSubkeyR(8) = subr(8); - CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ - CamelliaSubkeyR(9) = subr(9); - tl = subl(7) ^ (subr(7) & ~subr(9)); - dw = tl & subl(9), /* FLinv(kl2) */ - tr = subr(7) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ - CamelliaSubkeyR(10) = tr ^ subr(11); - CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ - CamelliaSubkeyR(11) = subr(10) ^ subr(12); - CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ - CamelliaSubkeyR(12) = subr(11) ^ subr(13); - CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ - CamelliaSubkeyR(13) = subr(12) ^ subr(14); - CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ - CamelliaSubkeyR(14) = subr(13) ^ subr(15); - tl = subl(18) ^ (subr(18) & ~subr(16)); - dw = tl & subl(16), /* FL(kl3) */ - tr = subr(18) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ - CamelliaSubkeyR(15) = subr(14) ^ tr; - CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ - CamelliaSubkeyR(16) = subr(16); - CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ - CamelliaSubkeyR(17) = subr(17); - tl = subl(15) ^ (subr(15) & ~subr(17)); - dw = tl & subl(17), /* FLinv(kl4) */ - tr = subr(15) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ - CamelliaSubkeyR(18) = tr ^ subr(19); - CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ - CamelliaSubkeyR(19) = subr(18) ^ subr(20); - CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ - CamelliaSubkeyR(20) = subr(19) ^ subr(21); - CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ - CamelliaSubkeyR(21) = subr(20) ^ subr(22); - CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ - CamelliaSubkeyR(22) = subr(21) ^ subr(23); - CamelliaSubkeyL(23) = subl(22); /* round 18 */ - CamelliaSubkeyR(23) = subr(22); - CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */ - CamelliaSubkeyR(24) = subr(24) ^ subr(23); - - /* apply the inverse of the last half of P-function */ - dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), - dw = CAMELLIA_RL8(dw);/* round 1 */ - CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, - CamelliaSubkeyL(2) = dw; - dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), - dw = CAMELLIA_RL8(dw);/* round 2 */ - CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, - CamelliaSubkeyL(3) = dw; - dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), - dw = CAMELLIA_RL8(dw);/* round 3 */ - CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, - CamelliaSubkeyL(4) = dw; - dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), - dw = CAMELLIA_RL8(dw);/* round 4 */ - CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, - CamelliaSubkeyL(5) = dw; - dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), - dw = CAMELLIA_RL8(dw);/* round 5 */ - CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, - CamelliaSubkeyL(6) = dw; - dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), - dw = CAMELLIA_RL8(dw);/* round 6 */ - CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, - CamelliaSubkeyL(7) = dw; - dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), - dw = CAMELLIA_RL8(dw);/* round 7 */ - CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, - CamelliaSubkeyL(10) = dw; - dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), - dw = CAMELLIA_RL8(dw);/* round 8 */ - CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, - CamelliaSubkeyL(11) = dw; - dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), - dw = CAMELLIA_RL8(dw);/* round 9 */ - CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, - CamelliaSubkeyL(12) = dw; - dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), - dw = CAMELLIA_RL8(dw);/* round 10 */ - CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, - CamelliaSubkeyL(13) = dw; - dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), - dw = CAMELLIA_RL8(dw);/* round 11 */ - CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, - CamelliaSubkeyL(14) = dw; - dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), - dw = CAMELLIA_RL8(dw);/* round 12 */ - CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, - CamelliaSubkeyL(15) = dw; - dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), - dw = CAMELLIA_RL8(dw);/* round 13 */ - CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, - CamelliaSubkeyL(18) = dw; - dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), - dw = CAMELLIA_RL8(dw);/* round 14 */ - CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, - CamelliaSubkeyL(19) = dw; - dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), - dw = CAMELLIA_RL8(dw);/* round 15 */ - CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, - CamelliaSubkeyL(20) = dw; - dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), - dw = CAMELLIA_RL8(dw);/* round 16 */ - CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, - CamelliaSubkeyL(21) = dw; - dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), - dw = CAMELLIA_RL8(dw);/* round 17 */ - CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, - CamelliaSubkeyL(22) = dw; - dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), - dw = CAMELLIA_RL8(dw);/* round 18 */ - CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, - CamelliaSubkeyL(23) = dw; - - return; + register u32 s0,s1,s2,s3; + + k[0] = s0 = GETU32(rawKey); + k[1] = s1 = GETU32(rawKey+4); + k[2] = s2 = GETU32(rawKey+8); + k[3] = s3 = GETU32(rawKey+12); + + if (keyBitLength != 128) + { + k[8] = s0 = GETU32(rawKey+16); + k[9] = s1 = GETU32(rawKey+20); + if (keyBitLength == 192) + { + k[10] = s2 = ~s0; + k[11] = s3 = ~s1; + } + else + { + k[10] = s2 = GETU32(rawKey+24); + k[11] = s3 = GETU32(rawKey+28); + } + s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3]; + } + + /* Use the Feistel routine to scramble the key material */ + Camellia_Feistel(s0,s1,s2,s3,SIGMA+0); + Camellia_Feistel(s2,s3,s0,s1,SIGMA+2); + + s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3]; + Camellia_Feistel(s0,s1,s2,s3,SIGMA+4); + Camellia_Feistel(s2,s3,s0,s1,SIGMA+6); + + /* Fill the keyTable. Requires many block rotations. */ + if (keyBitLength == 128) + { + k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 15 */ + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 30 */ + k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 45 */ + k[24] = s0, k[25] = s1; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 60 */ + k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3; + RotLeft128(s1,s2,s3,s0,2); /* KA <<< 94 */ + k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0; + RotLeft128(s1,s2,s3,s0,17); /* KA <<<111 */ + k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0; + + s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3]; + RotLeft128(s0,s1,s2,s3,15); /* KL <<< 15 */ + k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KL <<< 45 */ + k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KL <<< 60 */ + k[26] = s2, k[27] = s3; + RotLeft128(s0,s1,s2,s3,17); /* KL <<< 77 */ + k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3; + RotLeft128(s0,s1,s2,s3,17); /* KL <<< 94 */ + k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3; + RotLeft128(s0,s1,s2,s3,17); /* KL <<<111 */ + k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3; + + return 3; /* grand rounds */ + } + else + { + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + s0 ^= k[8], s1 ^= k[9], s2 ^=k[10], s3 ^=k[11]; + Camellia_Feistel(s0,s1,s2,s3,(SIGMA+8)); + Camellia_Feistel(s2,s3,s0,s1,(SIGMA+10)); + + k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KB <<< 30 */ + k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KB <<< 60 */ + k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3; + RotLeft128(s1,s2,s3,s0,19); /* KB <<<111 */ + k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0; + + s0 = k[ 8], s1 = k[ 9], s2 = k[10], s3 = k[11]; + RotLeft128(s0,s1,s2,s3,15); /* KR <<< 15 */ + k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KR <<< 30 */ + k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KR <<< 60 */ + k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3; + RotLeft128(s1,s2,s3,s0,2); /* KR <<< 94 */ + k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0; + + s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15]; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 15 */ + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KA <<< 45 */ + k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3; + /* KA <<< 77 */ + k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0; + RotLeft128(s1,s2,s3,s0,17); /* KA <<< 94 */ + k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0; + + s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3]; + RotLeft128(s1,s2,s3,s0,13); /* KL <<< 45 */ + k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0; + RotLeft128(s1,s2,s3,s0,15); /* KL <<< 60 */ + k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0; + RotLeft128(s1,s2,s3,s0,17); /* KL <<< 77 */ + k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0; + RotLeft128(s2,s3,s0,s1,2); /* KL <<<111 */ + k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1; + + return 4; /* grand rounds */ + } + /* + * It is possible to perform certain precalculations, which + * would spare few cycles in block procedure. It's not done, + * because it upsets the performance balance between key + * setup and block procedures, negatively affecting overall + * throughput in applications operating on short messages + * and volatile keys. + */ } -void camellia_setup256(const u8 *key, u32 *subkey) +void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) { - u32 kll,klr,krl,krr; /* left half of key */ - u32 krll,krlr,krrl,krrr; /* right half of key */ - u32 il, ir, t0, t1, w0, w1; /* temporary variables */ - u32 kw4l, kw4r, dw, tl, tr; - u32 subL[34]; - u32 subR[34]; - - /** - * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) - * (|| is concatination) - */ - - kll = GETU32(key ); - klr = GETU32(key + 4); - krl = GETU32(key + 8); - krr = GETU32(key + 12); - krll = GETU32(key + 16); - krlr = GETU32(key + 20); - krrl = GETU32(key + 24); - krrr = GETU32(key + 28); - - /* generate KL dependent subkeys */ - /* kw1 */ - subl(0) = kll; subr(0) = klr; - /* kw2 */ - subl(1) = krl; subr(1) = krr; - CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); - /* k9 */ - subl(12) = kll; subr(12) = klr; - /* k10 */ - subl(13) = krl; subr(13) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* kl3 */ - subl(16) = kll; subr(16) = klr; - /* kl4 */ - subl(17) = krl; subr(17) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* k17 */ - subl(22) = kll; subr(22) = klr; - /* k18 */ - subl(23) = krl; subr(23) = krr; - CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); - /* k23 */ - subl(30) = kll; subr(30) = klr; - /* k24 */ - subl(31) = krl; subr(31) = krr; - - /* generate KR dependent subkeys */ - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); - /* k3 */ - subl(4) = krll; subr(4) = krlr; - /* k4 */ - subl(5) = krrl; subr(5) = krrr; - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); - /* kl1 */ - subl(8) = krll; subr(8) = krlr; - /* kl2 */ - subl(9) = krrl; subr(9) = krrr; - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); - /* k13 */ - subl(18) = krll; subr(18) = krlr; - /* k14 */ - subl(19) = krrl; subr(19) = krrr; - CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); - /* k19 */ - subl(26) = krll; subr(26) = krlr; - /* k20 */ - subl(27) = krrl; subr(27) = krrr; - CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); - - /* generate KA */ - kll = subl(0) ^ krll; klr = subr(0) ^ krlr; - krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; - CAMELLIA_F(kll, klr, - CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, - w0, w1, il, ir, t0, t1); - krl ^= w0; krr ^= w1; - CAMELLIA_F(krl, krr, - CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, - kll, klr, il, ir, t0, t1); - kll ^= krll; klr ^= krlr; - CAMELLIA_F(kll, klr, - CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, - krl, krr, il, ir, t0, t1); - krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; - CAMELLIA_F(krl, krr, - CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, - w0, w1, il, ir, t0, t1); - kll ^= w0; klr ^= w1; - - /* generate KB */ - krll ^= kll; krlr ^= klr; - krrl ^= krl; krrr ^= krr; - CAMELLIA_F(krll, krlr, - CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, - w0, w1, il, ir, t0, t1); - krrl ^= w0; krrr ^= w1; - CAMELLIA_F(krrl, krrr, - CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, - w0, w1, il, ir, t0, t1); - krll ^= w0; krlr ^= w1; - - /* generate KA dependent subkeys */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k5 */ - subl(6) = kll; subr(6) = klr; - /* k6 */ - subl(7) = krl; subr(7) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); - /* k11 */ - subl(14) = kll; subr(14) = klr; - /* k12 */ - subl(15) = krl; subr(15) = krr; - /* rotation left shift 32bit */ - /* kl5 */ - subl(24) = klr; subr(24) = krl; - /* kl6 */ - subl(25) = krr; subr(25) = kll; - /* rotation left shift 49 from k11,k12 -> k21,k22 */ - CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); - /* k21 */ - subl(28) = kll; subr(28) = klr; - /* k22 */ - subl(29) = krl; subr(29) = krr; - - /* generate KB dependent subkeys */ - /* k1 */ - subl(2) = krll; subr(2) = krlr; - /* k2 */ - subl(3) = krrl; subr(3) = krrr; - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); - /* k7 */ - subl(10) = krll; subr(10) = krlr; - /* k8 */ - subl(11) = krrl; subr(11) = krrr; - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); - /* k15 */ - subl(20) = krll; subr(20) = krlr; - /* k16 */ - subl(21) = krrl; subr(21) = krrr; - CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); - /* kw3 */ - subl(32) = krll; subr(32) = krlr; - /* kw4 */ - subl(33) = krrl; subr(33) = krrr; - - /* absorb kw2 to other subkeys */ -/* round 2 */ - subl(3) ^= subl(1); subr(3) ^= subr(1); -/* round 4 */ - subl(5) ^= subl(1); subr(5) ^= subr(1); -/* round 6 */ - subl(7) ^= subl(1); subr(7) ^= subr(1); - subl(1) ^= subr(1) & ~subr(9); - dw = subl(1) & subl(9), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ -/* round 8 */ - subl(11) ^= subl(1); subr(11) ^= subr(1); -/* round 10 */ - subl(13) ^= subl(1); subr(13) ^= subr(1); -/* round 12 */ - subl(15) ^= subl(1); subr(15) ^= subr(1); - subl(1) ^= subr(1) & ~subr(17); - dw = subl(1) & subl(17), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ -/* round 14 */ - subl(19) ^= subl(1); subr(19) ^= subr(1); -/* round 16 */ - subl(21) ^= subl(1); subr(21) ^= subr(1); -/* round 18 */ - subl(23) ^= subl(1); subr(23) ^= subr(1); - subl(1) ^= subr(1) & ~subr(25); - dw = subl(1) & subl(25), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */ -/* round 20 */ - subl(27) ^= subl(1); subr(27) ^= subr(1); -/* round 22 */ - subl(29) ^= subl(1); subr(29) ^= subr(1); -/* round 24 */ - subl(31) ^= subl(1); subr(31) ^= subr(1); -/* kw3 */ - subl(32) ^= subl(1); subr(32) ^= subr(1); - - - /* absorb kw4 to other subkeys */ - kw4l = subl(33); kw4r = subr(33); -/* round 23 */ - subl(30) ^= kw4l; subr(30) ^= kw4r; -/* round 21 */ - subl(28) ^= kw4l; subr(28) ^= kw4r; -/* round 19 */ - subl(26) ^= kw4l; subr(26) ^= kw4r; - kw4l ^= kw4r & ~subr(24); - dw = kw4l & subl(24), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */ -/* round 17 */ - subl(22) ^= kw4l; subr(22) ^= kw4r; -/* round 15 */ - subl(20) ^= kw4l; subr(20) ^= kw4r; -/* round 13 */ - subl(18) ^= kw4l; subr(18) ^= kw4r; - kw4l ^= kw4r & ~subr(16); - dw = kw4l & subl(16), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ -/* round 11 */ - subl(14) ^= kw4l; subr(14) ^= kw4r; -/* round 9 */ - subl(12) ^= kw4l; subr(12) ^= kw4r; -/* round 7 */ - subl(10) ^= kw4l; subr(10) ^= kw4r; - kw4l ^= kw4r & ~subr(8); - dw = kw4l & subl(8), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ -/* round 5 */ - subl(6) ^= kw4l; subr(6) ^= kw4r; -/* round 3 */ - subl(4) ^= kw4l; subr(4) ^= kw4r; -/* round 1 */ - subl(2) ^= kw4l; subr(2) ^= kw4r; -/* kw1 */ - subl(0) ^= kw4l; subr(0) ^= kw4r; - - /* key XOR is end of F-function */ - CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */ - CamelliaSubkeyR(0) = subr(0) ^ subr(2); - CamelliaSubkeyL(2) = subl(3); /* round 1 */ - CamelliaSubkeyR(2) = subr(3); - CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ - CamelliaSubkeyR(3) = subr(2) ^ subr(4); - CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ - CamelliaSubkeyR(4) = subr(3) ^ subr(5); - CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ - CamelliaSubkeyR(5) = subr(4) ^ subr(6); - CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ - CamelliaSubkeyR(6) = subr(5) ^ subr(7); - tl = subl(10) ^ (subr(10) & ~subr(8)); - dw = tl & subl(8), /* FL(kl1) */ - tr = subr(10) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ - CamelliaSubkeyR(7) = subr(6) ^ tr; - CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ - CamelliaSubkeyR(8) = subr(8); - CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ - CamelliaSubkeyR(9) = subr(9); - tl = subl(7) ^ (subr(7) & ~subr(9)); - dw = tl & subl(9), /* FLinv(kl2) */ - tr = subr(7) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ - CamelliaSubkeyR(10) = tr ^ subr(11); - CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ - CamelliaSubkeyR(11) = subr(10) ^ subr(12); - CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ - CamelliaSubkeyR(12) = subr(11) ^ subr(13); - CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ - CamelliaSubkeyR(13) = subr(12) ^ subr(14); - CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ - CamelliaSubkeyR(14) = subr(13) ^ subr(15); - tl = subl(18) ^ (subr(18) & ~subr(16)); - dw = tl & subl(16), /* FL(kl3) */ - tr = subr(18) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ - CamelliaSubkeyR(15) = subr(14) ^ tr; - CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ - CamelliaSubkeyR(16) = subr(16); - CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ - CamelliaSubkeyR(17) = subr(17); - tl = subl(15) ^ (subr(15) & ~subr(17)); - dw = tl & subl(17), /* FLinv(kl4) */ - tr = subr(15) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ - CamelliaSubkeyR(18) = tr ^ subr(19); - CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ - CamelliaSubkeyR(19) = subr(18) ^ subr(20); - CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ - CamelliaSubkeyR(20) = subr(19) ^ subr(21); - CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ - CamelliaSubkeyR(21) = subr(20) ^ subr(22); - CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ - CamelliaSubkeyR(22) = subr(21) ^ subr(23); - tl = subl(26) ^ (subr(26) - & ~subr(24)); - dw = tl & subl(24), /* FL(kl5) */ - tr = subr(26) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */ - CamelliaSubkeyR(23) = subr(22) ^ tr; - CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */ - CamelliaSubkeyR(24) = subr(24); - CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */ - CamelliaSubkeyR(25) = subr(25); - tl = subl(23) ^ (subr(23) & - ~subr(25)); - dw = tl & subl(25), /* FLinv(kl6) */ - tr = subr(23) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */ - CamelliaSubkeyR(26) = tr ^ subr(27); - CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */ - CamelliaSubkeyR(27) = subr(26) ^ subr(28); - CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */ - CamelliaSubkeyR(28) = subr(27) ^ subr(29); - CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */ - CamelliaSubkeyR(29) = subr(28) ^ subr(30); - CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */ - CamelliaSubkeyR(30) = subr(29) ^ subr(31); - CamelliaSubkeyL(31) = subl(30); /* round 24 */ - CamelliaSubkeyR(31) = subr(30); - CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */ - CamelliaSubkeyR(32) = subr(32) ^ subr(31); - - /* apply the inverse of the last half of P-function */ - dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), - dw = CAMELLIA_RL8(dw);/* round 1 */ - CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, - CamelliaSubkeyL(2) = dw; - dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), - dw = CAMELLIA_RL8(dw);/* round 2 */ - CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, - CamelliaSubkeyL(3) = dw; - dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), - dw = CAMELLIA_RL8(dw);/* round 3 */ - CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, - CamelliaSubkeyL(4) = dw; - dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), - dw = CAMELLIA_RL8(dw);/* round 4 */ - CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, - CamelliaSubkeyL(5) = dw; - dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), - dw = CAMELLIA_RL8(dw);/* round 5 */ - CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, - CamelliaSubkeyL(6) = dw; - dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), - dw = CAMELLIA_RL8(dw);/* round 6 */ - CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, - CamelliaSubkeyL(7) = dw; - dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), - dw = CAMELLIA_RL8(dw);/* round 7 */ - CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, - CamelliaSubkeyL(10) = dw; - dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), - dw = CAMELLIA_RL8(dw);/* round 8 */ - CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, - CamelliaSubkeyL(11) = dw; - dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), - dw = CAMELLIA_RL8(dw);/* round 9 */ - CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, - CamelliaSubkeyL(12) = dw; - dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), - dw = CAMELLIA_RL8(dw);/* round 10 */ - CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, - CamelliaSubkeyL(13) = dw; - dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), - dw = CAMELLIA_RL8(dw);/* round 11 */ - CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, - CamelliaSubkeyL(14) = dw; - dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), - dw = CAMELLIA_RL8(dw);/* round 12 */ - CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, - CamelliaSubkeyL(15) = dw; - dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), - dw = CAMELLIA_RL8(dw);/* round 13 */ - CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, - CamelliaSubkeyL(18) = dw; - dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), - dw = CAMELLIA_RL8(dw);/* round 14 */ - CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, - CamelliaSubkeyL(19) = dw; - dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), - dw = CAMELLIA_RL8(dw);/* round 15 */ - CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, - CamelliaSubkeyL(20) = dw; - dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), - dw = CAMELLIA_RL8(dw);/* round 16 */ - CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, - CamelliaSubkeyL(21) = dw; - dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), - dw = CAMELLIA_RL8(dw);/* round 17 */ - CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, - CamelliaSubkeyL(22) = dw; - dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), - dw = CAMELLIA_RL8(dw);/* round 18 */ - CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, - CamelliaSubkeyL(23) = dw; - dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), - dw = CAMELLIA_RL8(dw);/* round 19 */ - CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, - CamelliaSubkeyL(26) = dw; - dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), - dw = CAMELLIA_RL8(dw);/* round 20 */ - CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, - CamelliaSubkeyL(27) = dw; - dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), - dw = CAMELLIA_RL8(dw);/* round 21 */ - CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, - CamelliaSubkeyL(28) = dw; - dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), - dw = CAMELLIA_RL8(dw);/* round 22 */ - CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, - CamelliaSubkeyL(29) = dw; - dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), - dw = CAMELLIA_RL8(dw);/* round 23 */ - CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, - CamelliaSubkeyL(30) = dw; - dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), - dw = CAMELLIA_RL8(dw);/* round 24 */ - CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, - CamelliaSubkeyL(31) = dw; - - - return; + register u32 s0,s1,s2,s3; + const u32 *k = keyTable,*kend = keyTable+grandRounds*16; + + s0 = GETU32(plaintext) ^ k[0]; + s1 = GETU32(plaintext+4) ^ k[1]; + s2 = GETU32(plaintext+8) ^ k[2]; + s3 = GETU32(plaintext+12) ^ k[3]; + k += 4; + + while (1) + { + /* Camellia makes 6 Feistel rounds */ + Camellia_Feistel(s0,s1,s2,s3,k+0); + Camellia_Feistel(s2,s3,s0,s1,k+2); + Camellia_Feistel(s0,s1,s2,s3,k+4); + Camellia_Feistel(s2,s3,s0,s1,k+6); + Camellia_Feistel(s0,s1,s2,s3,k+8); + Camellia_Feistel(s2,s3,s0,s1,k+10); + k += 12; + + if (k == kend) break; + + /* This is the same function as the diffusion function D + * of the accompanying documentation. See section 3.2 + * for properties of the FLlayer function. */ + s1 ^= LeftRotate(s0 & k[0], 1); + s2 ^= s3 | k[3]; + s0 ^= s1 | k[1]; + s3 ^= LeftRotate(s2 & k[2], 1); + k += 4; + } + + s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3]; + + PUTU32(ciphertext, s2); + PUTU32(ciphertext+4, s3); + PUTU32(ciphertext+8, s0); + PUTU32(ciphertext+12,s1); } - -void camellia_setup192(const u8 *key, u32 *subkey) - { - u8 kk[32]; - u32 krll, krlr, krrl,krrr; - - memcpy(kk, key, 24); - memcpy((u8 *)&krll, key+16,4); - memcpy((u8 *)&krlr, key+20,4); - krrl = ~krll; - krrr = ~krlr; - memcpy(kk+24, (u8 *)&krrl, 4); - memcpy(kk+28, (u8 *)&krrr, 4); - camellia_setup256(kk, subkey); - return; - } - - -/** - * Stuff related to camellia encryption/decryption - */ -void camellia_encrypt128(const u32 *subkey, u32 *io) - { - u32 il, ir, t0, t1; - - /* pre whitening but absorb kw2*/ - io[0] ^= CamelliaSubkeyL(0); - io[1] ^= CamelliaSubkeyR(0); - /* main iteration */ - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(2),CamelliaSubkeyR(2), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(3),CamelliaSubkeyR(3), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(4),CamelliaSubkeyR(4), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(5),CamelliaSubkeyR(5), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(6),CamelliaSubkeyR(6), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(7),CamelliaSubkeyR(7), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(8),CamelliaSubkeyR(8), - CamelliaSubkeyL(9),CamelliaSubkeyR(9), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(10),CamelliaSubkeyR(10), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(11),CamelliaSubkeyR(11), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(12),CamelliaSubkeyR(12), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(13),CamelliaSubkeyR(13), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(14),CamelliaSubkeyR(14), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(15),CamelliaSubkeyR(15), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(16),CamelliaSubkeyR(16), - CamelliaSubkeyL(17),CamelliaSubkeyR(17), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(18),CamelliaSubkeyR(18), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(19),CamelliaSubkeyR(19), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(20),CamelliaSubkeyR(20), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(21),CamelliaSubkeyR(21), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(22),CamelliaSubkeyR(22), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(23),CamelliaSubkeyR(23), - io[0],io[1],il,ir,t0,t1); - - /* post whitening but kw4 */ - io[2] ^= CamelliaSubkeyL(24); - io[3] ^= CamelliaSubkeyR(24); - - t0 = io[0]; - t1 = io[1]; - io[0] = io[2]; - io[1] = io[3]; - io[2] = t0; - io[3] = t1; - - return; - } - -void camellia_decrypt128(const u32 *subkey, u32 *io) +void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) { - u32 il,ir,t0,t1; /* temporary valiables */ - - /* pre whitening but absorb kw2*/ - io[0] ^= CamelliaSubkeyL(24); - io[1] ^= CamelliaSubkeyR(24); - - /* main iteration */ - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(23),CamelliaSubkeyR(23), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(22),CamelliaSubkeyR(22), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(21),CamelliaSubkeyR(21), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(20),CamelliaSubkeyR(20), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(19),CamelliaSubkeyR(19), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(18),CamelliaSubkeyR(18), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(17),CamelliaSubkeyR(17), - CamelliaSubkeyL(16),CamelliaSubkeyR(16), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(15),CamelliaSubkeyR(15), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(14),CamelliaSubkeyR(14), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(13),CamelliaSubkeyR(13), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(12),CamelliaSubkeyR(12), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(11),CamelliaSubkeyR(11), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(10),CamelliaSubkeyR(10), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(9),CamelliaSubkeyR(9), - CamelliaSubkeyL(8),CamelliaSubkeyR(8), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(7),CamelliaSubkeyR(7), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(6),CamelliaSubkeyR(6), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(5),CamelliaSubkeyR(5), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(4),CamelliaSubkeyR(4), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(3),CamelliaSubkeyR(3), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(2),CamelliaSubkeyR(2), - io[0],io[1],il,ir,t0,t1); - - /* post whitening but kw4 */ - io[2] ^= CamelliaSubkeyL(0); - io[3] ^= CamelliaSubkeyR(0); - - t0 = io[0]; - t1 = io[1]; - io[0] = io[2]; - io[1] = io[3]; - io[2] = t0; - io[3] = t1; - - return; + Camellia_EncryptBlock_Rounds(keyBitLength==128?3:4, + plaintext,keyTable,ciphertext); } -/** - * stuff for 192 and 256bit encryption/decryption - */ -void camellia_encrypt256(const u32 *subkey, u32 *io) +void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]) { - u32 il,ir,t0,t1; /* temporary valiables */ - - /* pre whitening but absorb kw2*/ - io[0] ^= CamelliaSubkeyL(0); - io[1] ^= CamelliaSubkeyR(0); - - /* main iteration */ - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(2),CamelliaSubkeyR(2), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(3),CamelliaSubkeyR(3), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(4),CamelliaSubkeyR(4), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(5),CamelliaSubkeyR(5), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(6),CamelliaSubkeyR(6), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(7),CamelliaSubkeyR(7), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(8),CamelliaSubkeyR(8), - CamelliaSubkeyL(9),CamelliaSubkeyR(9), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(10),CamelliaSubkeyR(10), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(11),CamelliaSubkeyR(11), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(12),CamelliaSubkeyR(12), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(13),CamelliaSubkeyR(13), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(14),CamelliaSubkeyR(14), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(15),CamelliaSubkeyR(15), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(16),CamelliaSubkeyR(16), - CamelliaSubkeyL(17),CamelliaSubkeyR(17), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(18),CamelliaSubkeyR(18), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(19),CamelliaSubkeyR(19), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(20),CamelliaSubkeyR(20), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(21),CamelliaSubkeyR(21), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(22),CamelliaSubkeyR(22), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(23),CamelliaSubkeyR(23), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(24),CamelliaSubkeyR(24), - CamelliaSubkeyL(25),CamelliaSubkeyR(25), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(26),CamelliaSubkeyR(26), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(27),CamelliaSubkeyR(27), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(28),CamelliaSubkeyR(28), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(29),CamelliaSubkeyR(29), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(30),CamelliaSubkeyR(30), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(31),CamelliaSubkeyR(31), - io[0],io[1],il,ir,t0,t1); - - /* post whitening but kw4 */ - io[2] ^= CamelliaSubkeyL(32); - io[3] ^= CamelliaSubkeyR(32); - - t0 = io[0]; - t1 = io[1]; - io[0] = io[2]; - io[1] = io[3]; - io[2] = t0; - io[3] = t1; - - return; + u32 s0,s1,s2,s3; + const u32 *k = keyTable+grandRounds*16,*kend = keyTable+4; + + s0 = GETU32(ciphertext) ^ k[0]; + s1 = GETU32(ciphertext+4) ^ k[1]; + s2 = GETU32(ciphertext+8) ^ k[2]; + s3 = GETU32(ciphertext+12) ^ k[3]; + + while (1) + { + /* Camellia makes 6 Feistel rounds */ + k -= 12; + Camellia_Feistel(s0,s1,s2,s3,k+10); + Camellia_Feistel(s2,s3,s0,s1,k+8); + Camellia_Feistel(s0,s1,s2,s3,k+6); + Camellia_Feistel(s2,s3,s0,s1,k+4); + Camellia_Feistel(s0,s1,s2,s3,k+2); + Camellia_Feistel(s2,s3,s0,s1,k+0); + + if (k == kend) break; + + /* This is the same function as the diffusion function D + * of the accompanying documentation. See section 3.2 + * for properties of the FLlayer function. */ + k -= 4; + s1 ^= LeftRotate(s0 & k[2], 1); + s2 ^= s3 | k[1]; + s0 ^= s1 | k[3]; + s3 ^= LeftRotate(s2 & k[0], 1); + } + + k -= 4; + s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3]; + + PUTU32(plaintext, s2); + PUTU32(plaintext+4, s3); + PUTU32(plaintext+8, s0); + PUTU32(plaintext+12,s1); } - -void camellia_decrypt256(const u32 *subkey, u32 *io) +void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) { - u32 il,ir,t0,t1; /* temporary valiables */ - - /* pre whitening but absorb kw2*/ - io[0] ^= CamelliaSubkeyL(32); - io[1] ^= CamelliaSubkeyR(32); - - /* main iteration */ - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(31),CamelliaSubkeyR(31), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(30),CamelliaSubkeyR(30), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(29),CamelliaSubkeyR(29), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(28),CamelliaSubkeyR(28), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(27),CamelliaSubkeyR(27), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(26),CamelliaSubkeyR(26), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(25),CamelliaSubkeyR(25), - CamelliaSubkeyL(24),CamelliaSubkeyR(24), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(23),CamelliaSubkeyR(23), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(22),CamelliaSubkeyR(22), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(21),CamelliaSubkeyR(21), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(20),CamelliaSubkeyR(20), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(19),CamelliaSubkeyR(19), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(18),CamelliaSubkeyR(18), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(17),CamelliaSubkeyR(17), - CamelliaSubkeyL(16),CamelliaSubkeyR(16), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(15),CamelliaSubkeyR(15), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(14),CamelliaSubkeyR(14), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(13),CamelliaSubkeyR(13), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(12),CamelliaSubkeyR(12), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(11),CamelliaSubkeyR(11), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(10),CamelliaSubkeyR(10), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(9),CamelliaSubkeyR(9), - CamelliaSubkeyL(8),CamelliaSubkeyR(8), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(7),CamelliaSubkeyR(7), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(6),CamelliaSubkeyR(6), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(5),CamelliaSubkeyR(5), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(4),CamelliaSubkeyR(4), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(3),CamelliaSubkeyR(3), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(2),CamelliaSubkeyR(2), - io[0],io[1],il,ir,t0,t1); - - /* post whitening but kw4 */ - io[2] ^= CamelliaSubkeyL(0); - io[3] ^= CamelliaSubkeyR(0); - - t0 = io[0]; - t1 = io[1]; - io[0] = io[2]; - io[1] = io[3]; - io[2] = t0; - io[3] = t1; - - return; + Camellia_DecryptBlock_Rounds(keyBitLength==128?3:4, + plaintext,keyTable,ciphertext); } - diff --git a/lib/libcrypto/camellia/camellia.h b/lib/libcrypto/camellia/camellia.h index b8a8b6e10b9..cf0457dd976 100644 --- a/lib/libcrypto/camellia/camellia.h +++ b/lib/libcrypto/camellia/camellia.h @@ -58,6 +58,8 @@ #error CAMELLIA is disabled. #endif +#include <stddef.h> + #define CAMELLIA_ENCRYPT 1 #define CAMELLIA_DECRYPT 0 @@ -74,24 +76,18 @@ extern "C" { #define CAMELLIA_TABLE_BYTE_LEN 272 #define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) - /* to match with WORD */ -typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match with WORD */ struct camellia_key_st { - KEY_TABLE_TYPE rd_key; - int bitLength; - void (*enc)(const unsigned int *subkey, unsigned int *io); - void (*dec)(const unsigned int *subkey, unsigned int *io); + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; }; - typedef struct camellia_key_st CAMELLIA_KEY; -#ifdef OPENSSL_FIPS -int private_Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key); -#endif - int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); @@ -103,25 +99,22 @@ void Camellia_decrypt(const unsigned char *in, unsigned char *out, void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key, const int enc); void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, const int enc); void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); -void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, - const int nbits,const CAMELLIA_KEY *key, - unsigned char *ivec,const int enc); void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num); void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char ivec[CAMELLIA_BLOCK_SIZE], unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num); @@ -131,4 +124,3 @@ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, #endif #endif /* !HEADER_Camellia_H */ - diff --git a/lib/libcrypto/camellia/cmll_cbc.c b/lib/libcrypto/camellia/cmll_cbc.c index 4141a7b59bb..4c8d455adef 100644 --- a/lib/libcrypto/camellia/cmll_cbc.c +++ b/lib/libcrypto/camellia/cmll_cbc.c @@ -49,225 +49,16 @@ * */ -#ifndef CAMELLIA_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> -#include <stdio.h> -#include <string.h> - #include <openssl/camellia.h> -#include "cmll_locl.h" +#include <openssl/modes.h> void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, - unsigned char *ivec, const int enc) { - - unsigned long n; - unsigned long len = length; - const unsigned char *iv = ivec; - union { u32 t32[CAMELLIA_BLOCK_SIZE/sizeof(u32)]; - u8 t8 [CAMELLIA_BLOCK_SIZE]; } tmp; - const union { long one; char little; } camellia_endian = {1}; - - - assert(in && out && key && ivec); - assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc)); + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc) + { - if(((size_t)in|(size_t)out|(size_t)ivec) % sizeof(u32) == 0) - { - if (CAMELLIA_ENCRYPT == enc) - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - XOR4WORD2((u32 *)out, - (u32 *)in, (u32 *)iv); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->enc(key->rd_key, (u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - iv = out; - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - for(n=0; n < len; ++n) - out[n] = in[n] ^ iv[n]; - for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) - out[n] = iv[n]; - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->enc(key->rd_key, (u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - iv = out; - } - memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); - } - else if (in != out) - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - memcpy(out,in,CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->dec(key->rd_key,(u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - XOR4WORD((u32 *)out, (u32 *)iv); - iv = in; - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < len; ++n) - out[n] = tmp.t8[n] ^ iv[n]; - iv = in; - } - memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); - } - else /* in == out */ - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->dec(key->rd_key, (u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - XOR4WORD((u32 *)out, (u32 *)ivec); - memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE); - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->dec(key->rd_key,(u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - for(n=0; n < len; ++n) - out[n] ^= ivec[n]; - for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) - out[n] = tmp.t8[n]; - memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE); - } - } - } - else /* no aligned */ - { - if (CAMELLIA_ENCRYPT == enc) - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) - tmp.t8[n] = in[n] ^ iv[n]; - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->enc(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE); - iv = out; - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - for(n=0; n < len; ++n) - tmp.t8[n] = in[n] ^ iv[n]; - for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) - tmp.t8[n] = iv[n]; - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->enc(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE); - iv = out; - } - memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); - } - else if (in != out) - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - memcpy(tmp.t8,in,CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key,tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) - out[n] = tmp.t8[n] ^ iv[n]; - iv = in; - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < len; ++n) - out[n] = tmp.t8[n] ^ iv[n]; - iv = in; - } - memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); - } - else - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) - tmp.t8[n] ^= ivec[n]; - memcpy(ivec, in, CAMELLIA_BLOCK_SIZE); - memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE); - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key,tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < len; ++n) - tmp.t8[n] ^= ivec[n]; - memcpy(ivec, in, CAMELLIA_BLOCK_SIZE); - memcpy(out,tmp.t8,len); - } - } - } -} + if (enc) + CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)Camellia_encrypt); + else + CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)Camellia_decrypt); + } diff --git a/lib/libcrypto/camellia/cmll_cfb.c b/lib/libcrypto/camellia/cmll_cfb.c index af0f9f49ad9..3d81b51d3f4 100644 --- a/lib/libcrypto/camellia/cmll_cfb.c +++ b/lib/libcrypto/camellia/cmll_cfb.c @@ -105,17 +105,8 @@ * [including the GNU Public Licence.] */ -#ifndef CAMELLIA_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> -#include <string.h> - #include <openssl/camellia.h> -#include "cmll_locl.h" -#include "e_os.h" +#include <openssl/modes.h> /* The input and output encrypted as though 128bit cfb mode is being @@ -124,112 +115,25 @@ */ void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - unsigned long l = length; - unsigned char c; - - assert(in && out && key && ivec && num); - - n = *num; - - if (enc) - { - while (l--) - { - if (n == 0) - { - Camellia_encrypt(ivec, ivec, key); - } - ivec[n] = *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % CAMELLIA_BLOCK_SIZE; - } - } - else - { - while (l--) - { - if (n == 0) - { - Camellia_encrypt(ivec, ivec, key); - } - c = *(in); - *(out++) = *(in++) ^ ivec[n]; - ivec[n] = c; - n = (n+1) % CAMELLIA_BLOCK_SIZE; - } - } - - *num=n; - } - -/* This expects a single block of size nbits for both in and out. Note that - it corrupts any extra bits in the last byte of out */ -void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, - const int nbits,const CAMELLIA_KEY *key, - unsigned char *ivec,const int enc) - { - int n,rem,num; - unsigned char ovec[CAMELLIA_BLOCK_SIZE*2]; - - if (nbits<=0 || nbits>128) return; - - /* fill in the first half of the new IV with the current IV */ - memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE); - /* construct the new IV */ - Camellia_encrypt(ivec,ivec,key); - num = (nbits+7)/8; - if (enc) /* encrypt the input */ - for(n=0 ; n < num ; ++n) - out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]); - else /* decrypt the input */ - for(n=0 ; n < num ; ++n) - out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; - /* shift ovec left... */ - rem = nbits%8; - num = nbits/8; - if(rem==0) - memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE); - else - for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n) - ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem); - - /* it is not necessary to cleanse ovec, since the IV is not secret */ + CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt); } /* N.B. This expects the input to be packed, MS bit first */ void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - unsigned char c[1],d[1]; - - assert(in && out && key && ivec && num); - assert(*num == 0); - - memset(out,0,(length+7)/8); - for(n=0 ; n < length ; ++n) - { - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; - Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc); - out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); - } + CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt); } void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - - assert(in && out && key && ivec && num); - assert(*num == 0); - - for(n=0 ; n < length ; ++n) - Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); + CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt); } diff --git a/lib/libcrypto/camellia/cmll_ctr.c b/lib/libcrypto/camellia/cmll_ctr.c index cc21b70890d..014e621a34b 100644 --- a/lib/libcrypto/camellia/cmll_ctr.c +++ b/lib/libcrypto/camellia/cmll_ctr.c @@ -49,95 +49,16 @@ * */ -#ifndef CAMELLIA_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> - #include <openssl/camellia.h> -#include "cmll_locl.h" - -/* NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia code - * is endian-neutral. */ -/* increment counter (128-bit int) by 1 */ -static void Camellia_ctr128_inc(unsigned char *counter) - { - unsigned long c; - - /* Grab bottom dword of counter and increment */ - c = GETU32(counter + 12); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 12, c); - - /* if no overflow, we're done */ - if (c) - return; - - /* Grab 1st dword of counter and increment */ - c = GETU32(counter + 8); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 8, c); - - /* if no overflow, we're done */ - if (c) - return; - - /* Grab 2nd dword of counter and increment */ - c = GETU32(counter + 4); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 4, c); - - /* if no overflow, we're done */ - if (c) - return; +#include <openssl/modes.h> - /* Grab top dword of counter and increment */ - c = GETU32(counter + 0); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 0, c); - } - -/* The input encrypted as though 128bit counter mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num, and the - * encrypted counter is kept in ecount_buf. Both *num and - * ecount_buf must be initialised with zeros before the first - * call to Camellia_ctr128_encrypt(). - * - * This algorithm assumes that the counter is in the x lower bits - * of the IV (ivec), and that the application has full control over - * overflow and the rest of the IV. This implementation takes NO - * responsability for checking that the counter doesn't overflow - * into the rest of the IV when incremented. - */ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char ivec[CAMELLIA_BLOCK_SIZE], unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num) { - unsigned int n; - unsigned long l=length; - - assert(in && out && key && counter && num); - assert(*num < CAMELLIA_BLOCK_SIZE); - - n = *num; - - while (l--) - { - if (n == 0) - { - Camellia_encrypt(ivec, ecount_buf, key); - Camellia_ctr128_inc(ivec); - } - *(out++) = *(in++) ^ ecount_buf[n]; - n = (n+1) % CAMELLIA_BLOCK_SIZE; - } - - *num=n; + CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)Camellia_encrypt); } diff --git a/lib/libcrypto/camellia/cmll_locl.h b/lib/libcrypto/camellia/cmll_locl.h index 2ac2e954357..4a4d880d163 100644 --- a/lib/libcrypto/camellia/cmll_locl.h +++ b/lib/libcrypto/camellia/cmll_locl.h @@ -68,98 +68,16 @@ #ifndef HEADER_CAMELLIA_LOCL_H #define HEADER_CAMELLIA_LOCL_H -#include "openssl/e_os2.h" -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - +typedef unsigned int u32; typedef unsigned char u8; -typedef unsigned int u32; - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 ) -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) ) - -#else /* not windows */ -# define GETU32(pt) (((u32)(pt)[0] << 24) \ - ^ ((u32)(pt)[1] << 16) \ - ^ ((u32)(pt)[2] << 8) \ - ^ ((u32)(pt)[3])) - -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \ - (ct)[1] = (u8)((st) >> 16); \ - (ct)[2] = (u8)((st) >> 8); \ - (ct)[3] = (u8)(st); } - -#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64))) -#define CAMELLIA_SWAP4(x) \ - do{\ - asm("bswap %1" : "+r" (x));\ - }while(0) -#else -#define CAMELLIA_SWAP4(x) \ - do{\ - x = ((u32)x << 16) + ((u32)x >> 16);\ - x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\ - } while(0) -#endif -#endif - -#define COPY4WORD(dst, src) \ - do \ - { \ - (dst)[0]=(src)[0]; \ - (dst)[1]=(src)[1]; \ - (dst)[2]=(src)[2]; \ - (dst)[3]=(src)[3]; \ - }while(0) - -#define SWAP4WORD(word) \ - do \ - { \ - CAMELLIA_SWAP4((word)[0]); \ - CAMELLIA_SWAP4((word)[1]); \ - CAMELLIA_SWAP4((word)[2]); \ - CAMELLIA_SWAP4((word)[3]); \ - }while(0) - -#define XOR4WORD(a, b)/* a = a ^ b */ \ - do \ - { \ - (a)[0]^=(b)[0]; \ - (a)[1]^=(b)[1]; \ - (a)[2]^=(b)[2]; \ - (a)[3]^=(b)[3]; \ - }while(0) - -#define XOR4WORD2(a, b, c)/* a = b ^ c */ \ - do \ - { \ - (a)[0]=(b)[0]^(c)[0]; \ - (a)[1]=(b)[1]^(c)[1]; \ - (a)[2]=(b)[2]^(c)[2]; \ - (a)[3]=(b)[3]^(c)[3]; \ - }while(0) - - -void camellia_setup128(const u8 *key, u32 *subkey); -void camellia_setup192(const u8 *key, u32 *subkey); -void camellia_setup256(const u8 *key, u32 *subkey); - -void camellia_encrypt128(const u32 *subkey, u32 *io); -void camellia_decrypt128(const u32 *subkey, u32 *io); -void camellia_encrypt256(const u32 *subkey, u32 *io); -void camellia_decrypt256(const u32 *subkey, u32 *io); - -#ifdef __cplusplus -} -#endif +int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE keyTable); +void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); +void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ - diff --git a/lib/libcrypto/camellia/cmll_misc.c b/lib/libcrypto/camellia/cmll_misc.c index 2cd7aba9bbd..f44689124b4 100644 --- a/lib/libcrypto/camellia/cmll_misc.c +++ b/lib/libcrypto/camellia/cmll_misc.c @@ -52,78 +52,28 @@ #include <openssl/opensslv.h> #include <openssl/camellia.h> #include "cmll_locl.h" -#include <openssl/crypto.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT; int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key) -#ifdef OPENSSL_FIPS { - if (FIPS_mode()) - FIPS_BAD_ABORT(CAMELLIA) - return private_Camellia_set_key(userKey, bits, key); - } -int private_Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key) -#endif - { - if (!userKey || !key) - { + if(!userKey || !key) return -1; - } - - switch(bits) - { - case 128: - camellia_setup128(userKey, (unsigned int *)key->rd_key); - key->enc = camellia_encrypt128; - key->dec = camellia_decrypt128; - break; - case 192: - camellia_setup192(userKey, (unsigned int *)key->rd_key); - key->enc = camellia_encrypt256; - key->dec = camellia_decrypt256; - break; - case 256: - camellia_setup256(userKey, (unsigned int *)key->rd_key); - key->enc = camellia_encrypt256; - key->dec = camellia_decrypt256; - break; - default: + if(bits != 128 && bits != 192 && bits != 256) return -2; - } - - key->bitLength = bits; + key->grand_rounds = Camellia_Ekeygen(bits , userKey, key->u.rd_key); return 0; } void Camellia_encrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key) { - u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)]; - const union { long one; char little; } camellia_endian = {1}; - - memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) SWAP4WORD(tmp); - key->enc(key->rd_key, tmp); - if (camellia_endian.little) SWAP4WORD(tmp); - memcpy(out, tmp, CAMELLIA_BLOCK_SIZE); + Camellia_EncryptBlock_Rounds(key->grand_rounds, in , key->u.rd_key , out); } void Camellia_decrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key) { - u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)]; - const union { long one; char little; } camellia_endian = {1}; - - memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) SWAP4WORD(tmp); - key->dec(key->rd_key, tmp); - if (camellia_endian.little) SWAP4WORD(tmp); - memcpy(out, tmp, CAMELLIA_BLOCK_SIZE); + Camellia_DecryptBlock_Rounds(key->grand_rounds, in , key->u.rd_key , out); } - diff --git a/lib/libcrypto/camellia/cmll_ofb.c b/lib/libcrypto/camellia/cmll_ofb.c index d89cf9f3b32..a482befc747 100644 --- a/lib/libcrypto/camellia/cmll_ofb.c +++ b/lib/libcrypto/camellia/cmll_ofb.c @@ -105,37 +105,15 @@ * [including the GNU Public Licence.] */ -#ifndef CAMELLIA_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> #include <openssl/camellia.h> -#include "cmll_locl.h" +#include <openssl/modes.h> /* The input and output encrypted as though 128bit ofb mode is being * used. The extra state information to record how much of the * 128bit block we have used is contained in *num; */ void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num) { - - unsigned int n; - unsigned long l=length; - - assert(in && out && key && ivec && num); - - n = *num; - - while (l--) { - if (n == 0) { - Camellia_encrypt(ivec, ivec, key); - } - *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % CAMELLIA_BLOCK_SIZE; - } - - *num=n; + CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)Camellia_encrypt); } diff --git a/lib/libcrypto/cast/Makefile b/lib/libcrypto/cast/Makefile index 2e026dbe0da..0acc38f28d5 100644 --- a/lib/libcrypto/cast/Makefile +++ b/lib/libcrypto/cast/Makefile @@ -38,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@) -# COFF -cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@) -# a.out -cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@) +cast-586.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/cast-586.pl $(PERLASM_SCHEME) $(CLAGS) $(PROCESSOR) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -102,8 +95,5 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h c_ofb64.o: c_ofb64.c cast_lcl.h c_skey.o: ../../e_os.h ../../include/openssl/cast.h -c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h +c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +c_skey.o: c_skey.c cast_lcl.h cast_s.h diff --git a/lib/libcrypto/cms/Makefile b/lib/libcrypto/cms/Makefile index 1c137e0cff6..5837049725d 100644 --- a/lib/libcrypto/cms/Makefile +++ b/lib/libcrypto/cms/Makefile @@ -37,7 +37,7 @@ test: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -108,6 +108,71 @@ cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h cms_att.o: cms.h cms_att.c cms_lcl.h +cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h +cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h +cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_cd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_cd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_cd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +cms_cd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +cms_cd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_cd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_cd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +cms_cd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_cd.c cms_lcl.h +cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h +cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_dd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_dd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_dd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_dd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_dd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_dd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_dd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_dd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_dd.o: ../cryptlib.h cms_dd.c cms_lcl.h +cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h +cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_enc.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +cms_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +cms_enc.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_enc.c cms_lcl.h +cms_env.o: ../../e_os.h ../../include/openssl/aes.h +cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h +cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_env.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_env.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_env.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_env.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +cms_env.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_env.o: ../asn1/asn1_locl.h ../cryptlib.h cms_env.c cms_lcl.h cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -121,6 +186,22 @@ cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms_err.o: cms_err.c +cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h +cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_ess.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_ess.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_ess.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_ess.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_ess.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +cms_ess.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_ess.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_ess.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +cms_ess.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_ess.c cms_lcl.h cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -164,7 +245,7 @@ cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c +cms_sd.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_sd.c cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h diff --git a/lib/libcrypto/cms/cms.h b/lib/libcrypto/cms/cms.h index 25f88745f23..09c45d0412a 100644 --- a/lib/libcrypto/cms/cms.h +++ b/lib/libcrypto/cms/cms.h @@ -76,8 +76,9 @@ typedef struct CMS_Receipt_st CMS_Receipt; DECLARE_STACK_OF(CMS_SignerInfo) DECLARE_STACK_OF(GENERAL_NAMES) -DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo) -DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) #define CMS_SIGNERINFO_ISSUER_SERIAL 0 #define CMS_SIGNERINFO_KEYIDENTIFIER 1 @@ -124,9 +125,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached); DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) #endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); @@ -230,6 +235,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); int CMS_SignedData_init(CMS_ContentInfo *cms); diff --git a/lib/libcrypto/cms/cms_asn1.c b/lib/libcrypto/cms/cms_asn1.c index 76649218618..fcba4dcbccf 100644 --- a/lib/libcrypto/cms/cms_asn1.c +++ b/lib/libcrypto/cms/cms_asn1.c @@ -87,7 +87,8 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { } ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) /* Minor tweak to operation: free up signer key, cert */ -static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_FREE_POST) { @@ -130,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { @@ -213,7 +214,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { } ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) /* Free up RecipientInfo additional data */ -static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_FREE_PRE) { @@ -300,10 +302,42 @@ ASN1_ADB(CMS_ContentInfo) = { ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); -ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = { +/* CMS streaming support */ +static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) + { + ASN1_STREAM_ARG *sarg = exarg; + CMS_ContentInfo *cms = NULL; + if (pval) + cms = (CMS_ContentInfo *)*pval; + else + return 1; + switch(operation) + { + + case ASN1_OP_STREAM_PRE: + if (CMS_stream(&sarg->boundary, cms) <= 0) + return 0; + case ASN1_OP_DETACHED_PRE: + sarg->ndef_bio = CMS_dataInit(cms, sarg->out); + if (!sarg->ndef_bio) + return 0; + break; + + case ASN1_OP_STREAM_POST: + case ASN1_OP_DETACHED_POST: + if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0) + return 0; + break; + + } + return 1; + } + +ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), ASN1_ADB_OBJECT(CMS_ContentInfo) -} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo) +} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo) /* Specials for signed attributes */ diff --git a/lib/libcrypto/cms/cms_env.c b/lib/libcrypto/cms/cms_env.c index d499ae85b40..b3237d4b94e 100644 --- a/lib/libcrypto/cms/cms_env.c +++ b/lib/libcrypto/cms/cms_env.c @@ -60,6 +60,7 @@ #include <openssl/rand.h> #include <openssl/aes.h> #include "cms_lcl.h" +#include "asn1_locl.h" /* CMS EnvelopedData Utilities */ @@ -151,7 +152,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, CMS_KeyTransRecipientInfo *ktri; CMS_EnvelopedData *env; EVP_PKEY *pk = NULL; - int type; + int i, type; env = cms_get0_enveloped(cms); if (!env) goto err; @@ -200,21 +201,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) goto err; - /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, - * hard code algorithm parameters. - */ - - if (pk->type == EVP_PKEY_RSA) - { - X509_ALGOR_set0(ktri->keyEncryptionAlgorithm, - OBJ_nid2obj(NID_rsaEncryption), - V_ASN1_NULL, 0); - } - else + if (pk->ameth && pk->ameth->pkey_ctrl) { - CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, + i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE, + 0, ri); + if (i == -2) + { + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - goto err; + goto err; + } + if (i <= 0) + { + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, + CMS_R_CTRL_FAILURE); + goto err; + } } if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) @@ -301,8 +303,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, { CMS_KeyTransRecipientInfo *ktri; CMS_EncryptedContentInfo *ec; + EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; - int eklen; + size_t eklen; int ret = 0; @@ -315,7 +318,22 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, ktri = ri->d.ktri; ec = cms->d.envelopedData->encryptedContentInfo; - eklen = EVP_PKEY_size(ktri->pkey); + pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); + if (!pctx) + return 0; + + if (EVP_PKEY_encrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); + goto err; + } + + if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) + goto err; ek = OPENSSL_malloc(eklen); @@ -326,9 +344,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, goto err; } - eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey); - - if (eklen <= 0) + if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) goto err; ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); @@ -337,6 +353,8 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, ret = 1; err: + if (pctx) + EVP_PKEY_CTX_free(pctx); if (ek) OPENSSL_free(ek); return ret; @@ -349,8 +367,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) { CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; + EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; - int eklen; + size_t eklen; int ret = 0; if (ktri->pkey == NULL) @@ -360,7 +379,24 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, return 0; } - eklen = EVP_PKEY_size(ktri->pkey); + pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); + if (!pctx) + return 0; + + if (EVP_PKEY_decrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, + EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); + goto err; + } + + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, + ktri->encryptedKey->data, + ktri->encryptedKey->length) <= 0) + goto err; ek = OPENSSL_malloc(eklen); @@ -371,10 +407,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, goto err; } - eklen = EVP_PKEY_decrypt(ek, + if (EVP_PKEY_decrypt(pctx, ek, &eklen, ktri->encryptedKey->data, - ktri->encryptedKey->length, ktri->pkey); - if (eklen <= 0) + ktri->encryptedKey->length) <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); goto err; @@ -386,6 +421,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, cms->d.envelopedData->encryptedContentInfo->keylen = eklen; err: + if (pctx) + EVP_PKEY_CTX_free(pctx); if (!ret && ek) OPENSSL_free(ek); diff --git a/lib/libcrypto/cms/cms_err.c b/lib/libcrypto/cms/cms_err.c index 52fa53954f3..ff7b0309e51 100644 --- a/lib/libcrypto/cms/cms_err.c +++ b/lib/libcrypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* crypto/cms/cms_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -133,7 +133,7 @@ static ERR_STRING_DATA CMS_str_functs[]= {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, -{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"}, +{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"}, {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, {0,NULL} diff --git a/lib/libcrypto/cms/cms_ess.c b/lib/libcrypto/cms/cms_ess.c index ed34ff32282..90c0b82fb56 100644 --- a/lib/libcrypto/cms/cms_ess.c +++ b/lib/libcrypto/cms/cms_ess.c @@ -63,7 +63,7 @@ DECLARE_ASN1_ITEM(CMS_ReceiptRequest) DECLARE_ASN1_ITEM(CMS_Receipt) -IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) +IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) /* ESS services: for now just Signed Receipt related */ @@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(osi, &rr)) + if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); goto err; @@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(si, &rr)) + if (CMS_get1_ReceiptRequest(si, &rr) <= 0) { CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); goto err; diff --git a/lib/libcrypto/cms/cms_io.c b/lib/libcrypto/cms/cms_io.c index 30f5ddfe6d2..1cb0264cc53 100644 --- a/lib/libcrypto/cms/cms_io.c +++ b/lib/libcrypto/cms/cms_io.c @@ -58,6 +58,25 @@ #include "cms.h" #include "cms_lcl.h" +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) + { + ASN1_OCTET_STRING **pos; + pos = CMS_get0_content(cms); + if (!pos) + return 0; + if (!*pos) + *pos = ASN1_OCTET_STRING_new(); + if (*pos) + { + (*pos)->flags |= ASN1_STRING_FLAG_NDEF; + (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; + *boundary = &(*pos)->data; + return 1; + } + CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE); + return 0; + } + CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) { return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); @@ -70,52 +89,26 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) -/* Callback for int_smime_write_ASN1 */ - -static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it) +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) { - CMS_ContentInfo *cms = (CMS_ContentInfo *)val; - BIO *tmpbio, *cmsbio; - int r = 0; - - if (!(flags & SMIME_DETACHED)) - { - SMIME_crlf_copy(data, out, flags); - return 1; - } - - /* Let CMS code prepend any needed BIOs */ - - cmsbio = CMS_dataInit(cms, out); - - if (!cmsbio) - return 0; - - /* Copy data across, passing through filter BIOs for processing */ - SMIME_crlf_copy(data, cmsbio, flags); - - /* Finalize structure */ - if (CMS_dataFinal(cms, cmsbio) <= 0) - goto err; - - r = 1; - - err: - - /* Now remove any digests prepended to the BIO */ - - while (cmsbio != out) - { - tmpbio = BIO_pop(cmsbio); - BIO_free(cmsbio); - cmsbio = tmpbio; - } + return BIO_new_NDEF(out, (ASN1_VALUE *)cms, + ASN1_ITEM_rptr(CMS_ContentInfo)); + } - return 1; +/* CMS wrappers round generalised stream and MIME routines */ +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) + { + return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags, + ASN1_ITEM_rptr(CMS_ContentInfo)); } +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) + { + return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags, + "CMS", + ASN1_ITEM_rptr(CMS_ContentInfo)); + } int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) { @@ -127,9 +120,8 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) else mdalgs = NULL; - return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, + return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid, econt_nid, mdalgs, - cms_output_data, ASN1_ITEM_rptr(CMS_ContentInfo)); } @@ -138,3 +130,4 @@ CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(CMS_ContentInfo)); } + diff --git a/lib/libcrypto/cms/cms_lcl.h b/lib/libcrypto/cms/cms_lcl.h index 7d60fac67eb..c8ecfa724a4 100644 --- a/lib/libcrypto/cms/cms_lcl.h +++ b/lib/libcrypto/cms/cms_lcl.h @@ -406,6 +406,7 @@ struct CMS_Receipt_st ASN1_OCTET_STRING *originatorSignatureValue; }; +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_ITEM(CMS_SignerInfo) DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) DECLARE_ASN1_ITEM(CMS_Attributes_Sign) diff --git a/lib/libcrypto/cms/cms_lib.c b/lib/libcrypto/cms/cms_lib.c index 8e6c1d29a52..d00fe0f87b3 100644 --- a/lib/libcrypto/cms/cms_lib.c +++ b/lib/libcrypto/cms/cms_lib.c @@ -60,7 +60,8 @@ #include "cms.h" #include "cms_lcl.h" -IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo) +IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) +IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) DECLARE_ASN1_ITEM(CMS_CertificateChoices) DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) @@ -346,20 +347,10 @@ void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) { int param_type; - switch (EVP_MD_type(md)) - { - case NID_sha1: - case NID_sha224: - case NID_sha256: - case NID_sha384: - case NID_sha512: + if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) param_type = V_ASN1_UNDEF; - break; - - default: + else param_type = V_ASN1_NULL; - break; - } X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); @@ -415,7 +406,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, return 0; } BIO_get_md_ctx(chain, &mtmp); - if (EVP_MD_CTX_type(mtmp) == nid) + if (EVP_MD_CTX_type(mtmp) == nid + /* Workaround for broken implementations that use signature + * algorithm OID instead of digest. + */ + || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) { EVP_MD_CTX_copy_ex(mctx, mtmp); return 1; @@ -557,6 +552,15 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) return 1; } +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) + { + int r; + r = CMS_add0_crl(cms, crl); + if (r > 0) + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + return r; + } + STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) { STACK_OF(X509) *certs = NULL; diff --git a/lib/libcrypto/cms/cms_sd.c b/lib/libcrypto/cms/cms_sd.c index cdac3b870dd..e3192b9c574 100644 --- a/lib/libcrypto/cms/cms_sd.c +++ b/lib/libcrypto/cms/cms_sd.c @@ -58,6 +58,7 @@ #include <openssl/err.h> #include <openssl/cms.h> #include "cms_lcl.h" +#include "asn1_locl.h" /* CMS SignedData Utilities */ @@ -218,10 +219,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, X509_get_issuer_name(cert))) goto merr; - ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); - sid->d.issuerAndSerialNumber->serialNumber = - ASN1_STRING_dup(X509_get_serialNumber(cert)); - if(!sid->d.issuerAndSerialNumber->serialNumber) + if (!ASN1_STRING_copy( + sid->d.issuerAndSerialNumber->serialNumber, + X509_get_serialNumber(cert))) goto merr; break; @@ -341,16 +341,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (!cms_set1_SignerIdentifier(si->sid, signer, type)) goto err; - /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */ if (md == NULL) - md = EVP_sha1(); - - /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */ + { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) + goto err; + md = EVP_get_digestbynid(def_nid); + if (md == NULL) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); + goto err; + } + } - if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) + if (!md) { - CMSerr(CMS_F_CMS_ADD1_SIGNER, - CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); goto err; } @@ -379,37 +385,21 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } } - /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, - * hard code algorithm parameters. - */ - - switch (pk->type) + if (pk->ameth && pk->ameth->pkey_ctrl) { - - case EVP_PKEY_RSA: - X509_ALGOR_set0(si->signatureAlgorithm, - OBJ_nid2obj(NID_rsaEncryption), - V_ASN1_NULL, 0); - break; - - case EVP_PKEY_DSA: - X509_ALGOR_set0(si->signatureAlgorithm, - OBJ_nid2obj(NID_dsaWithSHA1), - V_ASN1_UNDEF, 0); - break; - - - case EVP_PKEY_EC: - X509_ALGOR_set0(si->signatureAlgorithm, - OBJ_nid2obj(NID_ecdsa_with_SHA1), - V_ASN1_UNDEF, 0); - break; - - default: - CMSerr(CMS_F_CMS_ADD1_SIGNER, + i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN, + 0, si); + if (i == -2) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - goto err; - + goto err; + } + if (i <= 0) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE); + goto err; + } } if (!(flags & CMS_NOATTR)) @@ -626,25 +616,6 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, *psig = si->signatureAlgorithm; } -/* In OpenSSL 0.9.8 we have the link between digest types and public - * key types so we need to fixup the digest type if the public key - * type is not appropriate. - */ - -static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey) - { - if (EVP_MD_CTX_type(mctx) != NID_sha1) - return; -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - mctx->digest = EVP_dss1(); -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - mctx->digest = EVP_ecdsa(); -#endif - } - static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain) { @@ -693,7 +664,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, ERR_R_MALLOC_FAILURE); goto err; } - cms_fixup_mctx(&mctx, si->pkey); if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, @@ -731,9 +701,10 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) int CMS_SignerInfo_sign(CMS_SignerInfo *si) { EVP_MD_CTX mctx; + EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; - unsigned int siglen; + size_t siglen; const EVP_MD *md = NULL; md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); @@ -748,40 +719,38 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) goto err; } - if (EVP_SignInit_ex(&mctx, md, NULL) <= 0) + if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; -#if 0 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; } -#endif alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, ASN1_ITEM_rptr(CMS_Attributes_Sign)); if(!abuf) goto err; - if (EVP_SignUpdate(&mctx, abuf, alen) <= 0) + if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) + goto err; + if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) goto err; - siglen = EVP_PKEY_size(si->pkey); OPENSSL_free(abuf); abuf = OPENSSL_malloc(siglen); if(!abuf) goto err; - cms_fixup_mctx(&mctx, si->pkey); - if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0) + if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) goto err; -#if 0 + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; } -#endif + EVP_MD_CTX_cleanup(&mctx); ASN1_STRING_set0(si->signature, abuf, siglen); @@ -799,6 +768,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) int CMS_SignerInfo_verify(CMS_SignerInfo *si) { EVP_MD_CTX mctx; + EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen, r = -1; const EVP_MD *md = NULL; @@ -813,23 +783,22 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) if (md == NULL) return -1; EVP_MD_CTX_init(&mctx); - if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0) + if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, ASN1_ITEM_rptr(CMS_Attributes_Verify)); if(!abuf) goto err; - r = EVP_VerifyUpdate(&mctx, abuf, alen); + r = EVP_DigestVerifyUpdate(&mctx, abuf, alen); OPENSSL_free(abuf); if (r <= 0) { r = -1; goto err; } - cms_fixup_mctx(&mctx, si->pkey); - r = EVP_VerifyFinal(&mctx, - si->signature->data, si->signature->length, si->pkey); + r = EVP_DigestVerifyFinal(&mctx, + si->signature->data, si->signature->length); if (r <= 0) CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); err: @@ -922,7 +891,6 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else { - cms_fixup_mctx(&mctx, si->pkey); r = EVP_VerifyFinal(&mctx, si->signature->data, si->signature->length, si->pkey); if (r <= 0) @@ -991,17 +959,19 @@ static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) return CMS_add_simple_smimecap(sk, nid, arg); return 1; } -#if 0 + static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) { if (EVP_get_digestbynid(nid)) return CMS_add_simple_smimecap(sk, nid, arg); return 1; } -#endif + int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) { if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) + || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) + || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) diff --git a/lib/libcrypto/comp/Makefile b/lib/libcrypto/comp/Makefile index 5d364b85133..efda832dce4 100644 --- a/lib/libcrypto/comp/Makefile +++ b/lib/libcrypto/comp/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libcrypto/conf/Makefile b/lib/libcrypto/conf/Makefile index ccd07213326..78bb3241065 100644 --- a/lib/libcrypto/conf/Makefile +++ b/lib/libcrypto/conf/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -114,8 +114,8 @@ conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_mall.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +conf_mall.o: ../../include/openssl/objects.h conf_mall.o: ../../include/openssl/opensslconf.h conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -128,9 +128,9 @@ conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_mod.o: ../../include/openssl/opensslconf.h conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -143,9 +143,8 @@ conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_sap.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -conf_sap.o: ../../include/openssl/opensslconf.h +conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libcrypto/conf/README b/lib/libcrypto/conf/README index ca58d0240f5..96e53b34ed8 100644 --- a/lib/libcrypto/conf/README +++ b/lib/libcrypto/conf/README @@ -1,8 +1,3 @@ -WARNING WARNING WARNING!!! - -This stuff is experimental, may change radically or be deleted altogether -before OpenSSL 0.9.7 release. You have been warned! - Configuration modules. These are a set of modules which can perform various configuration functions. @@ -13,7 +8,7 @@ The routines read a configuration file set up like this: ----- #default section -openssl_init=init_section +openssl_conf=init_section [init_section] @@ -30,29 +25,27 @@ path=/some/path/to/some/dso.so other_stuff=other_value ---- -When this file is loaded a configuration module with the specified -string (module* in the above example) is looked up and its init -function called as: +When this file is loaded a configuration module with the specified string +(module* in the above example) is looked up and its init function called as: int conf_init_func(CONF_IMODULE *md, CONF *cnf); -The function can then take whatever action is appropriate, for example -further lookups based on the value. Multiple instances of the same -config module can be loaded. +The function can then take whatever action is appropriate, for example further +lookups based on the value. Multiple instances of the same config module can be +loaded. -When the application closes down the modules are cleaned up by calling -an optional finish function: +When the application closes down the modules are cleaned up by calling an +optional finish function: void conf_finish_func(CONF_IMODULE *md); The finish functions are called in reverse order: that is the last module loaded is the first one cleaned up. -If no module exists with a given name then an attempt is made to load -a DSO with the supplied name. This might mean that "module3" attempts -to load a DSO called libmodule3.so or module3.dll for example. An explicit -DSO name can be given by including a separate section as in the module4 example -above. +If no module exists with a given name then an attempt is made to load a DSO +with the supplied name. This might mean that "module3" attempts to load a DSO +called libmodule3.so or module3.dll for example. An explicit DSO name can be +given by including a separate section as in the module4 example above. The DSO is expected to at least contain an initialization function: @@ -64,15 +57,17 @@ void OPENSSL_finish(CONF_IMODULE *md); Static modules can also be added using, -int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc); +int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func +*ffunc); -where "name" is the name in the configuration file this function corresponds to. +where "name" is the name in the configuration file this function corresponds +to. -A set of builtin modules (currently only an ASN1 non functional test module) can be -added by calling OPENSSL_load_builtin_modules(). +A set of builtin modules (currently only an ASN1 non functional test module) +can be added by calling OPENSSL_load_builtin_modules(). -The function OPENSSL_config() is intended as a simple configuration function that -any application can call to perform various default configuration tasks. It uses the -file openssl.cnf in the usual locations. +The function OPENSSL_config() is intended as a simple configuration function +that any application can call to perform various default configuration tasks. +It uses the file openssl.cnf in the usual locations. diff --git a/lib/libcrypto/des/Makefile b/lib/libcrypto/des/Makefile index 786e68802ea..ae982265fde 100644 --- a/lib/libcrypto/des/Makefile +++ b/lib/libcrypto/des/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r RANLIB= ranlib DES_ENC= des_enc.o fcrypt_b.o -# or use -#DES_ENC= dx86-elf.o yx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -24,7 +22,7 @@ TEST=destest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ +LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \ fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c \ qud_cksm.c rand_key.c rpc_enc.c set_key.c \ @@ -33,7 +31,7 @@ LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \ read2pwd.c -LIBOBJ= des_lib.o set_key.o ecb_enc.o cbc_enc.o \ +LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ enc_read.o enc_writ.o ofb64enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ @@ -54,7 +52,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -64,21 +62,10 @@ des: des.o cbc3_enc.o lib des_enc-sparc.S: asm/des_enc.m4 m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S -# ELF -dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@) -yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@) -# COFF -dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@) -yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@) -# a.out -dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@) -yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@) +des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ +crypt586.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -156,14 +143,7 @@ des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -des_enc.o: des_enc.c des_locl.h ncbc_enc.c -des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -des_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -des_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_lib.o: ../../include/openssl/ui_compat.h des_lib.c des_locl.h des_ver.h +des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h @@ -182,12 +162,13 @@ ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ecb3_enc.o: des_locl.h ecb3_enc.c +ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ecb_enc.o: des_locl.h ecb_enc.c spr.h +ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ede_cbcm_enc.o: ../../include/openssl/e_os2.h ede_cbcm_enc.o: ../../include/openssl/opensslconf.h @@ -277,11 +258,11 @@ rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h -set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c +set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +set_key.o: des_locl.h set_key.c str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/lib/libcrypto/des/asm/des_enc.m4 b/lib/libcrypto/des/asm/des_enc.m4 index f59333a0308..32805954782 100644 --- a/lib/libcrypto/des/asm/des_enc.m4 +++ b/lib/libcrypto/des/asm/des_enc.m4 @@ -1954,9 +1954,11 @@ DES_ede3_cbc_encrypt: .word LOOPS ! 280 .word 0x0000FC00 ! 284 - .type .PIC.DES_SPtrans,#object - .size .PIC.DES_SPtrans,2048 + .global DES_SPtrans + .type DES_SPtrans,#object + .size DES_SPtrans,2048 .align 64 +DES_SPtrans: .PIC.DES_SPtrans: ! nibble 0 .word 0x02080800, 0x00080000, 0x02000002, 0x02080802 diff --git a/lib/libcrypto/dh/dh_ameth.c b/lib/libcrypto/dh/dh_ameth.c new file mode 100644 index 00000000000..377caf96c93 --- /dev/null +++ b/lib/libcrypto/dh/dh_ameth.c @@ -0,0 +1,500 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/asn1.h> +#include <openssl/dh.h> +#include <openssl/bn.h> +#include "asn1_locl.h" + +static void int_dh_free(EVP_PKEY *pkey) + { + DH_free(pkey->pkey.dh); + } + +static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DH *dh = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ + if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DH(pkey, dh); + return 1; + + err: + if (public_key) + ASN1_INTEGER_free(public_key); + if (dh) + DH_free(dh); + return 0; + + } + +static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + DH *dh; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL; + int penclen; + ASN1_STRING *str; + ASN1_INTEGER *pub_key = NULL; + + dh=pkey->pkey.dh; + + str = ASN1_STRING_new(); + str->length = i2d_DHparams(dh, &str->data); + if (str->length <= 0) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + pval = str; + ptype = V_ASN1_SEQUENCE; + + pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); + if (!pub_key) + goto err; + + penclen = i2d_ASN1_INTEGER(pub_key, &penc); + + ASN1_INTEGER_free(pub_key); + + if (penclen <= 0) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), + ptype, pval, penc, penclen)) + return 1; + + err: + if (penc) + OPENSSL_free(penc); + if (pval) + ASN1_STRING_free(pval); + + return 0; + } + + +/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in + * that the AlgorithmIdentifier contains the paramaters, the private key + * is explcitly included and the pubkey must be recalculated. + */ + +static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + + DH *dh = NULL; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + goto decerr; + + if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) + goto decerr; + + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + goto decerr; + /* We have parameters now set private key */ + if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) + { + DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR); + goto dherr; + } + /* Calculate public key */ + if (!DH_generate_key(dh)) + goto dherr; + + EVP_PKEY_assign_DH(pkey, dh); + + ASN1_INTEGER_free(privkey); + + return 1; + + decerr: + DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); + dherr: + DH_free(dh); + return 0; + } + +static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + params = ASN1_STRING_new(); + + if (!params) + { + DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DHparams(pkey->pkey.dh, ¶ms->data); + if (params->length <= 0) + { + DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); + + if (!prkey) + { + DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) + goto err; + + return 1; + +err: + if (dp != NULL) + OPENSSL_free(dp); + if (params != NULL) + ASN1_STRING_free(params); + if (prkey != NULL) + ASN1_INTEGER_free(prkey); + return 0; +} + + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + +static int dh_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + DH *dh; + if (!(dh = d2i_DHparams(NULL, pder, derlen))) + { + DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); + return 0; + } + EVP_PKEY_assign_DH(pkey, dh); + return 1; + } + +static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_DHparams(pkey->pkey.dh, pder); + } + +static int do_dh_print(BIO *bp, const DH *x, int indent, + ASN1_PCTX *ctx, int ptype) + { + unsigned char *m=NULL; + int reason=ERR_R_BUF_LIB,ret=0; + size_t buf_len=0; + + const char *ktype = NULL; + + BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + update_buflen(x->p, &buf_len); + + if (buf_len == 0) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + update_buflen(x->g, &buf_len); + update_buflen(pub_key, &buf_len); + update_buflen(priv_key, &buf_len); + + if (ptype == 2) + ktype = "PKCS#3 DH Private-Key"; + else if (ptype == 1) + ktype = "PKCS#3 DH Public-Key"; + else + ktype = "PKCS#3 DH Parameters"; + + m= OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + reason=ERR_R_MALLOC_FAILURE; + goto err; + } + + BIO_indent(bp, indent, 128); + if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) + goto err; + indent += 4; + + if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err; + if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err; + + if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err; + if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err; + if (x->length != 0) + { + BIO_indent(bp, indent, 128); + if (BIO_printf(bp,"recommended-private-length: %d bits\n", + (int)x->length) <= 0) goto err; + } + + + ret=1; + if (0) + { +err: + DHerr(DH_F_DO_DH_PRINT,reason); + } + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +static int int_dh_size(const EVP_PKEY *pkey) + { + return(DH_size(pkey->pkey.dh)); + } + +static int dh_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.dh->p); + } + +static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) || + BN_cmp(a->pkey.dh->g,b->pkey.dh->g)) + return 0; + else + return 1; + } + +static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { + BIGNUM *a; + + if ((a=BN_dup(from->pkey.dh->p)) == NULL) + return 0; + if (to->pkey.dh->p != NULL) + BN_free(to->pkey.dh->p); + to->pkey.dh->p=a; + + if ((a=BN_dup(from->pkey.dh->g)) == NULL) + return 0; + if (to->pkey.dh->g != NULL) + BN_free(to->pkey.dh->g); + to->pkey.dh->g=a; + + return 1; + } + +static int dh_missing_parameters(const EVP_PKEY *a) + { + if (!a->pkey.dh->p || !a->pkey.dh->g) + return 1; + return 0; + } + +static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (dh_cmp_parameters(a, b) == 0) + return 0; + if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0) + return 0; + else + return 1; + } + +static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); + } + +static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); + } + +static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); + } + +int DHparams_print(BIO *bp, const DH *x) + { + return do_dh_print(bp, x, 4, NULL, 0); + } + +const EVP_PKEY_ASN1_METHOD dh_asn1_meth = + { + EVP_PKEY_DH, + EVP_PKEY_DH, + 0, + + "DH", + "OpenSSL PKCS#3 DH method", + + dh_pub_decode, + dh_pub_encode, + dh_pub_cmp, + dh_public_print, + + dh_priv_decode, + dh_priv_encode, + dh_private_print, + + int_dh_size, + dh_bits, + + dh_param_decode, + dh_param_encode, + dh_missing_parameters, + dh_copy_parameters, + dh_cmp_parameters, + dh_param_print, + + int_dh_free, + 0 + }; + diff --git a/lib/libcrypto/dh/dh_pmeth.c b/lib/libcrypto/dh/dh_pmeth.c new file mode 100644 index 00000000000..5ae72b7d4cc --- /dev/null +++ b/lib/libcrypto/dh/dh_pmeth.c @@ -0,0 +1,254 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/evp.h> +#include <openssl/dh.h> +#include <openssl/bn.h> +#include "evp_locl.h" + +/* DH pkey context structure */ + +typedef struct + { + /* Parameter gen parameters */ + int prime_len; + int generator; + int use_dsa; + /* Keygen callback info */ + int gentmp[2]; + /* message digest */ + } DH_PKEY_CTX; + +static int pkey_dh_init(EVP_PKEY_CTX *ctx) + { + DH_PKEY_CTX *dctx; + dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); + if (!dctx) + return 0; + dctx->prime_len = 1024; + dctx->generator = 2; + dctx->use_dsa = 0; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; + } + +static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + DH_PKEY_CTX *dctx, *sctx; + if (!pkey_dh_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->prime_len = sctx->prime_len; + dctx->generator = sctx->generator; + dctx->use_dsa = sctx->use_dsa; + return 1; + } + +static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) + { + DH_PKEY_CTX *dctx = ctx->data; + if (dctx) + OPENSSL_free(dctx); + } + +static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + DH_PKEY_CTX *dctx = ctx->data; + switch (type) + { + case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: + if (p1 < 256) + return -2; + dctx->prime_len = p1; + return 1; + + case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: + dctx->generator = p1; + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + return 1; + + default: + return -2; + + } + } + + +static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, "dh_paramgen_prime_len")) + { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); + } + if (!strcmp(type, "dh_paramgen_generator")) + { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); + } + return -2; + } + +static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DH *dh = NULL; + DH_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + if (ctx->pkey_gencb) + { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } + else + pcb = NULL; + dh = DH_new(); + if (!dh) + return 0; + ret = DH_generate_parameters_ex(dh, + dctx->prime_len, dctx->generator, pcb); + if (ret) + EVP_PKEY_assign_DH(pkey, dh); + else + DH_free(dh); + return ret; + } + +static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DH *dh = NULL; + if (ctx->pkey == NULL) + { + DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); + return 0; + } + dh = DH_new(); + if (!dh) + return 0; + EVP_PKEY_assign_DH(pkey, dh); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DH_generate_key(pkey->pkey.dh); + } + +static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) + { + int ret; + if (!ctx->pkey || !ctx->peerkey) + { + DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); + return 0; + } + ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key, + ctx->pkey->pkey.dh); + if (ret < 0) + return ret; + *keylen = ret; + return 1; + } + +const EVP_PKEY_METHOD dh_pkey_meth = + { + EVP_PKEY_DH, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_dh_init, + pkey_dh_copy, + pkey_dh_cleanup, + + 0, + pkey_dh_paramgen, + + 0, + pkey_dh_keygen, + + 0, + 0, + + 0, + 0, + + 0,0, + + 0,0,0,0, + + 0,0, + + 0,0, + + 0, + pkey_dh_derive, + + pkey_dh_ctrl, + pkey_dh_ctrl_str + + }; diff --git a/lib/libcrypto/dh/dh_prn.c b/lib/libcrypto/dh/dh_prn.c new file mode 100644 index 00000000000..ae58c2ac873 --- /dev/null +++ b/lib/libcrypto/dh/dh_prn.c @@ -0,0 +1,80 @@ +/* crypto/asn1/t_pkey.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/dh.h> + +#ifndef OPENSSL_NO_FP_API +int DHparams_print_fp(FILE *fp, const DH *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DHparams_print(b, x); + BIO_free(b); + return(ret); + } +#endif diff --git a/lib/libcrypto/doc/DSA_get_ex_new_index.pod b/lib/libcrypto/doc/DSA_get_ex_new_index.pod index 4612e708ecc..fb6efc11826 100644 --- a/lib/libcrypto/doc/DSA_get_ex_new_index.pod +++ b/lib/libcrypto/doc/DSA_get_ex_new_index.pod @@ -6,7 +6,7 @@ DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specifi =head1 SYNOPSIS - #include <openssl/DSA.h> + #include <openssl/dsa.h> int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, diff --git a/lib/libcrypto/doc/EVP_DigestSignInit.pod b/lib/libcrypto/doc/EVP_DigestSignInit.pod new file mode 100644 index 00000000000..37d960e3b22 --- /dev/null +++ b/lib/libcrypto/doc/EVP_DigestSignInit.pod @@ -0,0 +1,87 @@ +=pod + +=head1 NAME + +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); + int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); + +=head1 DESCRIPTION + +The EVP signature routines are a high level interface to digital signatures. + +EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from +ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with +EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the +EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can +be used to set alternative signing options. + +EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the +signature context B<ctx>. This function can be called several times on the +same B<ctx> to include additional data. This function is currently implemented +usig a macro. + +EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>. +If B<sig> is B<NULL> then the maximum size of the output buffer is written to +the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the +B<siglen> parameter should contain the length of the B<sig> buffer, if the +call is successful the signature is written to B<sig> and the amount of data +written to B<siglen>. + +=head1 RETURN VALUES + +EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return +1 for success and 0 or a negative value for failure. In particular a return +value of -2 indicates the operation is not supported by the public key +algorithm. + +The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 NOTES + +The B<EVP> interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. + +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged. + +For some key types and parameters the random number generator must be seeded +or the operation will fail. + +The call to EVP_DigestSignFinal() internally finalizes a copy of the digest +context. This means that calls to EVP_DigestSignUpdate() and +EVP_DigestSignFinal() can be called later to digest and sign additional data. + +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +will occur. + +The use of EVP_PKEY_size() with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result EVP_PKEY_size() would have to return a value +which indicates the maximum possible signature for any set of parameters. + +=head1 SEE ALSO + +L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>, +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, +L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, +L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, +L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> + +=head1 HISTORY + +EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() +were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/lib/libcrypto/doc/EVP_DigestVerifyInit.pod new file mode 100644 index 00000000000..f2244889783 --- /dev/null +++ b/lib/libcrypto/doc/EVP_DigestVerifyInit.pod @@ -0,0 +1,82 @@ +=pod + +=head1 NAME + +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); + int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); + +=head1 DESCRIPTION + +The EVP signature routines are a high level interface to digital signatures. + +EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest +B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be initialized +with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the +EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this +can be used to set alternative verification options. + +EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the +verification context B<ctx>. This function can be called several times on the +same B<ctx> to include additional data. This function is currently implemented +using a macro. + +EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in +B<sig> of length B<siglen>. + +=head1 RETURN VALUES + +EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 indicates +the operation is not supported by the public key algorithm. + +Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only +indicates that the signature did not not verify successfully (that is tbs did +not match the original data or the signature was of invalid form) it is not an +indication of a more serious error. + +The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 NOTES + +The B<EVP> interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. + +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged. + +For some key types and parameters the random number generator must be seeded +or the operation will fail. + +The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest +context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can +be called later to digest and verify additional data. + +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +will occur. + +=head1 SEE ALSO + +L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, +L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, +L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, +L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> + +=head1 HISTORY + +EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() +were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod b/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod new file mode 100644 index 00000000000..f2f455990f5 --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod @@ -0,0 +1,128 @@ +=pod + +=head1 NAME + +EVP_PKEY_ctrl, EVP_PKEY_ctrl_str - algorithm specific control operations + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); + int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + + int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + + #include <openssl/rsa.h> + + int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + + int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); + int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); + int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); + + #include <openssl/dsa.h> + int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); + + #include <openssl/dh.h> + int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); + + #include <openssl/ec.h> + int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); + +=head1 DESCRIPTION + +The function EVP_PKEY_CTX_ctrl() sends a control operation to the context +B<ctx>. The key type used must match B<keytype> if it is not -1. The parameter +B<optype> is a mask indicating which operations the control can be applied to. +The control command is indicated in B<cmd> and any additional arguments in +B<p1> and B<p2>. + +Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will +instead call one of the algorithm specific macros below. + +The function EVP_PKEY_ctrl_str() allows an application to send an algorithm +specific control operation to a context B<ctx> in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option B<-pkeyopt> which is supported by the +B<pkeyutl>, B<genpkey> and B<req> commands. + +All the remaining "functions" are implemented as macros. + +The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used +in a signature. It can be used with any public key algorithm supporting +signature operations. + +The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>. +The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, +RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding, +RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only), +RSA_X931_PADDING for X9.31 padding (signature operations only) and +RSA_PKCS1_PSS_PADDING (sign and verify only). + +Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with RSA and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for RSA the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. + +The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to +B<len> as its name implies it is only supported for PSS padding. Two special +values are supported: -1 sets the salt length to the digest length. When +signing -2 sets the salt length to the maximum permissible value. When +verifying -2 causes the salt length to be automatically determined based on the +B<PSS> block structure. If this macro is not called a salt length value of -2 +is used by default. + +The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for +RSA key genration to B<bits>. If not specified 1024 bits is used. + +The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value +for RSA key generation to B<pubexp> currently it should be an odd integer. The +B<pubexp> pointer is used internally by this function so it should not be +modified or free after the call. If this macro is not called then 65537 is used. + +The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used +for DSA parameter generation to B<bits>. If not specified 1024 is used. + +The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH +prime parameter B<p> for DH parameter generation. If this macro is not called +then 1024 is used. + +The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen> +for DH parameter generation. If not specified 2 is used. + +The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter +generation to B<nid>. For EC parameter generation this macro must be called +or an error occurs because there is no default curve. + +=head1 RETURN VALUES + +EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod b/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod new file mode 100644 index 00000000000..a9af8675801 --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions. + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); + EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); + EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); + void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +=head1 DESCRIPTION + +The EVP_PKEY_CTX_new() function allocates public key algorithm context using +the algorithm specified in B<pkey> and ENGINE B<e>. + +The EVP_PKEY_CTX_new_id() function allocates public key algorithm context +using the algorithm specified by B<id> and ENGINE B<e>. It is normally used +when no B<EVP_PKEY> structure is associated with the operations, for example +during parameter generation of key genration for some algorithms. + +EVP_PKEY_CTX_dup() duplicates the context B<ctx>. + +EVP_PKEY_CTX_free() frees up the context B<ctx>. + +=head1 NOTES + +The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used +by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads. + +=head1 RETURN VALUES + +EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either +the newly allocated B<EVP_PKEY_CTX> structure of B<NULL> if an error occurred. + +EVP_PKEY_CTX_free() does not return a value. + +=head1 SEE ALSO + +L<EVP_PKEY_new(3)|EVP_PKEY_new(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_cmp.pod b/lib/libcrypto/doc/EVP_PKEY_cmp.pod new file mode 100644 index 00000000000..4f8185e36cd --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_cmp.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); + int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); + + int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +=head1 DESCRIPTION + +The function EVP_PKEY_missing_parameters() returns 1 if the public key +parameters of B<pkey> are missing and 0 if they are present or the algorithm +doesn't use parameters. + +The function EVP_PKEY_copy_parameters() copies the parameters from key +B<from> to key B<to>. + +The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys +B<a> and B<b>. + +The funcion EVP_PKEY_cmp() compares the public key components and paramters +(if present) of keys B<a> and B<b>. + +=head1 NOTES + +The main purpose of the functions EVP_PKEY_missing_parameters() and +EVP_PKEY_copy_parameters() is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the CA that signed it. + +Since OpenSSL private keys contain public key components too the function +EVP_PKEY_cmp() can also be used to determine if a private key matches +a public key. + +=head1 RETURN VALUES + +The function EVP_PKEY_missing_parameters() returns 1 if the public key +parameters of B<pkey> are missing and 0 if they are present or the algorithm +doesn't use parameters. + +These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for +failure. + +The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the +keys match, 0 if they don't match, -1 if the key types are different and +-2 if the operation is not supported. + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_decrypt.pod b/lib/libcrypto/doc/EVP_PKEY_decrypt.pod new file mode 100644 index 00000000000..42b2a8c44ed --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_decrypt.pod @@ -0,0 +1,93 @@ +=pod + +=head1 NAME + +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +=head1 DESCRIPTION + +The EVP_PKEY_decrypt_init() function initializes a public key algorithm +context using key B<pkey> for a decryption operation. + +The EVP_PKEY_decrypt() function performs a public key decryption operation +using B<ctx>. The data to be decrypted is specified using the B<in> and +B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output +buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then +before the call the B<outlen> parameter should contain the length of the +B<out> buffer, if the call is successful the decrypted data is written to +B<out> and the amount of data written to B<outlen>. + +=head1 NOTES + +After the call to EVP_PKEY_decrypt_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_decrypt() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Decrypt data using OAEP (for RSA keys): + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *out, *in; + size_t outlen, inlen; + EVP_PKEY *key; + /* NB: assumes key in, inlen are already set up + * and that key is an RSA private key + */ + ctx = EVP_PKEY_CTX_new(key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_decrypt_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) + /* Error */ + + out = OPENSSL_malloc(outlen); + + if (!out) + /* malloc failure */ + + if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) + /* Error */ + + /* Decrypted data is outlen bytes written to buffer out */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_derive.pod b/lib/libcrypto/doc/EVP_PKEY_derive.pod new file mode 100644 index 00000000000..d9d6d76c721 --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_derive.pod @@ -0,0 +1,93 @@ +=pod + +=head1 NAME + +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret. + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); + int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +=head1 DESCRIPTION + +The EVP_PKEY_derive_init() function initializes a public key algorithm +context using key B<pkey> for shared secret derivation. + +The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally +be a public key. + +The EVP_PKEY_derive() derives a shared secret using B<ctx>. +If B<key> is B<NULL> then the maximum size of the output buffer is written to +the B<keylen> parameter. If B<key> is not B<NULL> then before the call the +B<keylen> parameter should contain the length of the B<key> buffer, if the call +is successful the shared secret is written to B<key> and the amount of data +written to B<keylen>. + +=head1 NOTES + +After the call to EVP_PKEY_derive_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_derive() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Derive shared secret (for example DH or EC keys): + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *skey; + size_t skeylen; + EVP_PKEY *pkey, *peerkey; + /* NB: assumes pkey, peerkey have been already set up */ + + ctx = EVP_PKEY_CTX_new(pkey); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_derive_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) + /* Error */ + + skey = OPENSSL_malloc(skeylen); + + if (!skey) + /* malloc failure */ + + if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) + /* Error */ + + /* Shared secret is skey bytes written to buffer skey */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_encrypt.pod b/lib/libcrypto/doc/EVP_PKEY_encrypt.pod new file mode 100644 index 00000000000..91c9c5d0a5d --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_encrypt.pod @@ -0,0 +1,93 @@ +=pod + +=head1 NAME + +EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +=head1 DESCRIPTION + +The EVP_PKEY_encrypt_init() function initializes a public key algorithm +context using key B<pkey> for an encryption operation. + +The EVP_PKEY_encrypt() function performs a public key encryption operation +using B<ctx>. The data to be encrypted is specified using the B<in> and +B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output +buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then +before the call the B<outlen> parameter should contain the length of the +B<out> buffer, if the call is successful the encrypted data is written to +B<out> and the amount of data written to B<outlen>. + +=head1 NOTES + +After the call to EVP_PKEY_encrypt_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_encrypt() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Encrypt data using OAEP (for RSA keys): + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *out, *in; + size_t outlen, inlen; + EVP_PKEY *key; + /* NB: assumes key in, inlen are already set up + * and that key is an RSA public key + */ + ctx = EVP_PKEY_CTX_new(key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_encrypt_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) + /* Error */ + + out = OPENSSL_malloc(outlen); + + if (!out) + /* malloc failure */ + + if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) + /* Error */ + + /* Encrypted data is outlen bytes written to buffer out */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod b/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod new file mode 100644 index 00000000000..1a9c7954c55 --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +EVP_PKEY_get_default_digest_nid - get default signature digest + +=head1 SYNOPSIS + + #include <openssl/evp.h> + int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +=head1 DESCRIPTION + +The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default +message digest NID for the public key signature operations associated with key +B<pkey>. + +=head1 NOTES + +For all current standard OpenSSL public key algorithms SHA1 is returned. + +=head1 RETURN VALUES + +The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest +is advisory (that is other digests can be used) and 2 if it is mandatory (other +digests can not be used). It returns 0 or a negative value for failure. In +particular a return value of -2 indicates the operation is not supported by the +public key algorithm. + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, + +=head1 HISTORY + +This function was first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/lib/libcrypto/doc/EVP_PKEY_keygen.pod new file mode 100644 index 00000000000..37c6fe95030 --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_keygen.pod @@ -0,0 +1,161 @@ +=pod + +=head1 NAME + +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + + typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + + void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); + EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + + int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + + void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); + void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +=head1 DESCRIPTION + +The EVP_PKEY_keygen_init() function initializes a public key algorithm +context using key B<pkey> for a key genration operation. + +The EVP_PKEY_keygen() function performs a key generation operation, the +generated key is written to B<ppkey>. + +The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar +except parameters are generated. + +The function EVP_PKEY_set_cb() sets the key or parameter generation callback +to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter +generation callback. + +The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated +with the generation operation. If B<idx> is -1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for +B<idx> should only be called within the generation callback. + +If the callback returns 0 then the key genration operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a "cancel" button. + +The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a "progress dialog". + +=head1 NOTES + +After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. + +The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than +once on the same context if several operations are performed using the same +parameters. + +The meaning of the parameters passed to the callback will depend on the +algorithm and the specifiic implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback. + +The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. EC with a supplied named curve) the "generation" +option merely sets the appropriate fields in an EVP_PKEY structure. + +In OpenSSL an EVP_PKEY structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a "key pair". A private key can be used +in functions which require the use of a public key or parameters. + +=head1 RETURN VALUES + +EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and +EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. + +=head1 EXAMPLES + +Generate a 2048 bit RSA key: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + EVP_PKEY *pkey = NULL; + ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_keygen_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) + /* Error */ + + /* Generate key */ + if (EVP_PKEY_keygen(ctx, &pkey) <= 0) + /* Error */ + +Generate a key from a set of parameters: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + EVP_PKEY *pkey = NULL, *param; + /* Assumed param is set up already */ + ctx = EVP_PKEY_CTX_new(param); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_keygen_init(ctx) <= 0) + /* Error */ + + /* Generate key */ + if (EVP_PKEY_keygen(ctx, &pkey) <= 0) + /* Error */ + +Example of generation callback for OpenSSL public key implementations: + + /* Application data is a BIO to output status to */ + + EVP_PKEY_CTX_set_app_data(ctx, status_bio); + + static int genpkey_cb(EVP_PKEY_CTX *ctx) + { + char c='*'; + BIO *b = EVP_PKEY_CTX_get_app_data(ctx); + int p; + p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write(b,&c,1); + (void)BIO_flush(b); + return 1; + } + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_print_private.pod b/lib/libcrypto/doc/EVP_PKEY_print_private.pod new file mode 100644 index 00000000000..ce9d70d7a7a --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_print_private.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines. + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +=head1 DESCRIPTION + +The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and +EVP_PKEY_print_params() print out the public, private or parameter components +of key B<pkey> respectively. The key is sent to BIO B<out> in human readable +form. The parameter B<indent> indicated how far the printout should be indented. + +The B<pctx> parameter allows the print output to be finely tuned by using +ASN1 printing options. If B<pctx> is set to NULL then default values will +be used. + +=head1 NOTES + +Currently no public key algorithms include any options in the B<pctx> parameter +parameter. + +If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to EVP_PKEY_print_private() will only print the public components. + +=head1 RETURN VALUES + +These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_sign.pod b/lib/libcrypto/doc/EVP_PKEY_sign.pod new file mode 100644 index 00000000000..2fb52c34863 --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_sign.pod @@ -0,0 +1,96 @@ +=pod + +=head1 NAME + +EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + +=head1 DESCRIPTION + +The EVP_PKEY_sign_init() function initializes a public key algorithm +context using key B<pkey> for a signing operation. + +The EVP_PKEY_sign() function performs a public key signing operation +using B<ctx>. The data to be signed is specified using the B<tbs> and +B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output +buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then +before the call the B<siglen> parameter should contain the length of the +B<sig> buffer, if the call is successful the signature is written to +B<sig> and the amount of data written to B<siglen>. + +=head1 NOTES + +After the call to EVP_PKEY_sign_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_sign() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Sign data using RSA with PKCS#1 padding and SHA256 digest: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *md, *sig; + size_t mdlen, siglen; + EVP_PKEY *signing_key; + /* NB: assumes signing_key, md and mdlen are already set up + * and that signing_key is an RSA private key + */ + ctx = EVP_PKEY_CTX_new(signing_key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_sign_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) + /* Error */ + + sig = OPENSSL_malloc(siglen); + + if (!sig) + /* malloc failure */ + + if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) + /* Error */ + + /* Signature is siglen bytes written to buffer sig */ + + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/EVP_PKEY_verify.pod b/lib/libcrypto/doc/EVP_PKEY_verify.pod new file mode 100644 index 00000000000..10633da3f23 --- /dev/null +++ b/lib/libcrypto/doc/EVP_PKEY_verify.pod @@ -0,0 +1,91 @@ +=pod + +=head1 NAME + +EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + +=head1 DESCRIPTION + +The EVP_PKEY_verify_init() function initializes a public key algorithm +context using key B<pkey> for a signature verification operation. + +The EVP_PKEY_verify() function performs a public key verification operation +using B<ctx>. The signature is specified using the B<sig> and +B<siglen> parameters. The verified data (i.e. the data believed originally +signed) is specified using the B<tbs> and B<tbslen> parameters. + +=head1 NOTES + +After the call to EVP_PKEY_verify_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_verify() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +EVP_PKEY_verify() only indicates that the signature did not not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. + +A negative value indicates an error other that signature verification failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. + +=head1 EXAMPLE + +Verify signature using PKCS#1 and SHA256 digest: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *md, *sig; + size_t mdlen, siglen; + EVP_PKEY *verify_key; + /* NB: assumes verify_key, sig, siglen md and mdlen are already set up + * and that verify_key is an RSA public key + */ + ctx = EVP_PKEY_CTX_new(verify_key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_verify_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + + /* Perform operation */ + ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen); + + /* ret == 1 indicates success, 0 verify failure and < 0 for some + * other error. + */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/OBJ_nid2obj.pod b/lib/libcrypto/doc/OBJ_nid2obj.pod index 7dcc07923ff..1e45dd40f6b 100644 --- a/lib/libcrypto/doc/OBJ_nid2obj.pod +++ b/lib/libcrypto/doc/OBJ_nid2obj.pod @@ -8,6 +8,8 @@ functions =head1 SYNOPSIS + #include <openssl/objects.h> + ASN1_OBJECT * OBJ_nid2obj(int n); const char * OBJ_nid2ln(int n); const char * OBJ_nid2sn(int n); diff --git a/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod b/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod new file mode 100644 index 00000000000..e070c45c2e9 --- /dev/null +++ b/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + + PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + #include <openssl/pem.h> + + int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); + +=head1 DESCRIPTION + +PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format. + +It is otherwise identical to the function SMIME_write_CMS(). + +=head1 NOTES + +This function is effectively a version of the PEM_write_bio_CMS() supporting +streaming. + +=head1 RETURN VALUES + +PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<CMS_decrypt(3)|CMS_decrypt(3)>, +L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>, +L<i2d_CMS_bio_stream(3)|i2d_CMS_bio_stream(3)> + +=head1 HISTORY + +PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod b/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod new file mode 100644 index 00000000000..16fc9b68458 --- /dev/null +++ b/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format. + +=head1 SYNOPSIS + + #include <openssl/pkcs7.h> + #include <openssl/pem.h> + + int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); + +=head1 DESCRIPTION + +PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format. + +It is otherwise identical to the function SMIME_write_PKCS7(). + +=head1 NOTES + +This function is effectively a version of the PEM_write_bio_PKCS7() supporting +streaming. + +=head1 RETURN VALUES + +PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, +L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> +L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>, +L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>, +L<i2d_PKCS7_bio_stream(3)|i2d_PKCS7_bio_stream(3)> + +=head1 HISTORY + +PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libcrypto/doc/PKCS12_parse.pod b/lib/libcrypto/doc/PKCS12_parse.pod index 51344f883a9..c54cf2ad613 100644 --- a/lib/libcrypto/doc/PKCS12_parse.pod +++ b/lib/libcrypto/doc/PKCS12_parse.pod @@ -20,24 +20,31 @@ certificate to B<*cert> and any additional certificates to B<*ca>. =head1 NOTES -The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> -in which case additional certificates will be discarded. B<*ca> can also -be a valid STACK in which case additional certificates are appended to -B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated. +The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> in +which case additional certificates will be discarded. B<*ca> can also be a +valid STACK in which case additional certificates are appended to B<*ca>. If +B<*ca> is B<NULL> a new STACK will be allocated. -The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate -will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure. +The B<friendlyName> and B<localKeyID> attributes (if present) on each +certificate will be stored in the B<alias> and B<keyid> attributes of the +B<X509> structure. + +=head1 RETURN VALUES + +PKCS12_parse() returns 1 for success and zero if an error occurred. + +The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> =head1 BUGS -Only a single private key and corresponding certificate is returned by this function. -More complex PKCS#12 files with multiple private keys will only return the first -match. +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. -Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates. -Other attributes are discarded. +Only B<friendlyName> and B<localKeyID> attributes are currently stored in +certificates. Other attributes are discarded. -Attributes currently cannot be store in the private key B<EVP_PKEY> structure. +Attributes currently cannot be stored in the private key B<EVP_PKEY> structure. =head1 SEE ALSO diff --git a/lib/libcrypto/doc/PKCS7_decrypt.pod b/lib/libcrypto/doc/PKCS7_decrypt.pod index b0ca067b892..325699d0b6d 100644 --- a/lib/libcrypto/doc/PKCS7_decrypt.pod +++ b/lib/libcrypto/doc/PKCS7_decrypt.pod @@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure =head1 SYNOPSIS -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); + #include <openssl/pkcs7.h> + + int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); =head1 DESCRIPTION diff --git a/lib/libcrypto/doc/PKCS7_encrypt.pod b/lib/libcrypto/doc/PKCS7_encrypt.pod index 1a507b22a29..2cd925a7e0b 100644 --- a/lib/libcrypto/doc/PKCS7_encrypt.pod +++ b/lib/libcrypto/doc/PKCS7_encrypt.pod @@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure =head1 SYNOPSIS -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); + #include <openssl/pkcs7.h> + + PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); =head1 DESCRIPTION @@ -16,43 +18,55 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags. =head1 NOTES -Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not have to -be signed using the RSA algorithm. +Only RSA keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain RSA public keys, though +they do not have to be signed using the RSA algorithm. -EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because -most clients will support it. +EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use +because most clients will support it. -Some old "export grade" clients may only support weak encryption using 40 or 64 bit -RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively. +Some old "export grade" clients may only support weak encryption using 40 or 64 +bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() +respectively. -The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its -parameters. +The algorithm passed in the B<cipher> parameter must support ASN1 encoding of +its parameters. -Many browsers implement a "sign and encrypt" option which is simply an S/MIME +Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory BIO and passing it to PKCS7_encrypt(). The following flags can be passed in the B<flags> parameter. -If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended -to the data. +If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are +prepended to the data. -Normally the supplied content is translated into MIME canonical format (as required -by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This -option should be used if the supplied data is in binary format otherwise the translation -will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored. +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If B<PKCS7_BINARY> is set then +B<PKCS7_TEXT> is ignored. -=head1 RETURN VALUES +If the B<PKCS7_STREAM> flag is set a partial B<PKCS7> structure is output +suitable for streaming I/O: no data is read from the BIO B<in>. -PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred. -The error can be obtained from ERR_get_error(3). +=head1 NOTES -=head1 BUGS +If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not> +complete and outputting its contents via a function that does not +properly finalize the B<PKCS7> structure will give unpredictable +results. -The lack of single pass processing and need to hold all data in memory as -mentioned in PKCS7_sign() also applies to PKCS7_verify(). +Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), +PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 B<BIO> directly using +BIO_new_PKCS7(). + +=head1 RETURN VALUES + +PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred. +The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -61,5 +75,6 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)> =head1 HISTORY PKCS7_decrypt() was added to OpenSSL 0.9.5 +The B<PKCS7_STREAM> flag was first supported in OpenSSL 1.0.0. =cut diff --git a/lib/libcrypto/doc/PKCS7_sign.pod b/lib/libcrypto/doc/PKCS7_sign.pod index ffd0c734b09..64a35144f8c 100644 --- a/lib/libcrypto/doc/PKCS7_sign.pod +++ b/lib/libcrypto/doc/PKCS7_sign.pod @@ -6,14 +6,16 @@ PKCS7_sign - create a PKCS#7 signedData structure =head1 SYNOPSIS -PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); + #include <openssl/pkcs7.h> + + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); =head1 DESCRIPTION -PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> -is the certificate to sign with, B<pkey> is the corresponsding private key. -B<certs> is an optional additional set of certificates to include in the -PKCS#7 structure (for example any intermediate CAs in the chain). +PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is +the certificate to sign with, B<pkey> is the corresponsding private key. +B<certs> is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). The data to be signed is read from BIO B<data>. @@ -21,72 +23,83 @@ B<flags> is an optional set of flags. =head1 NOTES -Any of the following flags (ored together) can be passed in the B<flags> parameter. +Any of the following flags (ored together) can be passed in the B<flags> +parameter. Many S/MIME clients expect the signed content to include valid MIME headers. If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended to the data. If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the -PKCS7 structure, the signer's certificate must still be supplied in the B<signcert> -parameter though. This can reduce the size of the signature if the signers certificate -can be obtained by other means: for example a previously signed message. - -The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> -is set in which case it is omitted. This is used for PKCS7 detached signatures -which are used in S/MIME plaintext signed messages for example. +PKCS7 structure, the signer's certificate must still be supplied in the +B<signcert> parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. + +The data being signed is included in the PKCS7 structure, unless +B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7 +detached signatures which are used in S/MIME plaintext signed messages for +example. + +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. + +The signedData structure includes several PKCS#7 autenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no +authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just +the SMIMECapabilities are omitted. -Normally the supplied content is translated into MIME canonical format (as required -by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This -option should be used if the supplied data is in binary format otherwise the translation -will corrupt it. +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of +these algorithms is disabled then it will not be included. -The signedData structure includes several PKCS#7 autenticatedAttributes including -the signing time, the PKCS#7 content type and the supported list of ciphers in -an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes -will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are -omitted. +If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is +just initialized ready to perform the signing operation. The signing is however +B<not> performed and the data to be signed is not read from the B<data> +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass. -If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any -of these algorithms is disabled then it will not be included. +If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to +which additional signers and capabilities can be added before finalization. -If the flags B<PKCS7_PARTSIGN> is set then the returned B<PKCS7> structure -is just initialized ready to perform the signing operation. The signing -is however B<not> performed and the data to be signed is not read from -the B<data> parameter. Signing is deferred until after the data has been -written. In this way data can be signed in a single pass. Currently the -flag B<PKCS7_DETACHED> B<must> also be set. =head1 NOTES -Currently the flag B<PKCS7_PARTSIGN> is only supported for detached -data. If this flag is set the returned B<PKCS7> structure is B<not> -complete and outputting its contents via a function that does not -properly finalize the B<PKCS7> structure will give unpredictable -results. +If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not> +complete and outputting its contents via a function that does not properly +finalize the B<PKCS7> structure will give unpredictable results. -At present only the SMIME_write_PKCS7() function properly finalizes the -structure. +Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), +PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 B<BIO> directly using +BIO_new_PKCS7(). -=head1 BUGS +If a signer is specified it will use the default digest for the signing +algorithm. This is B<SHA1> for both RSA and DSA keys. + +In OpenSSL 1.0.0 the B<certs>, B<signcert> and B<pkey> parameters can all be +B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added +using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method. -PKCS7_sign() is somewhat limited. It does not support multiple signers, some -advanced attributes such as counter signatures are not supported. +In OpenSSL 1.0.0 if B<signcert> and B<pkey> are NULL then a certificates only +PKCS#7 structure is output. -The SHA1 digest algorithm is currently always used. +In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must +B<NOT> be NULL. -When the signed data is not detached it will be stored in memory within the -B<PKCS7> structure. This effectively limits the size of messages which can be -signed due to memory restraints. There should be a way to sign data without -having to hold it all in memory, this would however require fairly major -revisions of the OpenSSL ASN1 code. +=head1 BUGS +Some advanced attributes such as counter signatures are not supported. =head1 RETURN VALUES -PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred. -The error can be obtained from ERR_get_error(3). +PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -96,6 +109,8 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)> PKCS7_sign() was added to OpenSSL 0.9.5 -The B<PKCS7_PARTSIGN> flag was added in OpenSSL 0.9.8 +The B<PKCS7_PARTIAL> flag was added in OpenSSL 1.0.0 + +The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0 =cut diff --git a/lib/libcrypto/doc/PKCS7_sign_add_signer.pod b/lib/libcrypto/doc/PKCS7_sign_add_signer.pod new file mode 100644 index 00000000000..ebec4d57dea --- /dev/null +++ b/lib/libcrypto/doc/PKCS7_sign_add_signer.pod @@ -0,0 +1,87 @@ +=pod + +=head1 NAME + +PKCS7_sign_add_signer - add a signer PKCS7 signed data structure. + +=head1 SYNOPSIS + + #include <openssl/pkcs7.h> + + PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags); + + +=head1 DESCRIPTION + +PKCS7_sign_add_signer() adds a signer with certificate B<signcert> and private +key B<pkey> using message digest B<md> to a PKCS7 signed data structure +B<p7>. + +The PKCS7 structure should be obtained from an initial call to PKCS7_sign() +with the flag B<PKCS7_PARTIAL> set or in the case or re-signing a valid PKCS7 +signed data structure. + +If the B<md> parameter is B<NULL> then the default digest for the public +key algorithm will be used. + +Unless the B<PKCS7_REUSE_DIGEST> flag is set the returned PKCS7 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to PKCS7_final(). + + +=head1 NOTES + +The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler PKCS7_sign() function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed. + +Any of the following flags (ored together) can be passed in the B<flags> +parameter. + +If B<PKCS7_REUSE_DIGEST> is set then an attempt is made to copy the content +digest value from the PKCS7 struture: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned PKCS7 structure will be valid and finalized when this flag is set. + +If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the +B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes +can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is +needed to finalize it. + +If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the +PKCS7 structure, the signer's certificate must still be supplied in the +B<signcert> parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. + +The signedData structure includes several PKCS#7 autenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no +authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just +the SMIMECapabilities are omitted. + +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of +these algorithms is disabled then it will not be included. + + +PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +structure just added, this can be used to set additional attributes +before it is finalized. + +=head1 RETURN VALUES + +PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +structure just added or NULL if an error occurs. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, +L<PKCS7_final(3)|PKCS7_final(3)>, + +=head1 HISTORY + +PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libcrypto/doc/PKCS7_verify.pod b/lib/libcrypto/doc/PKCS7_verify.pod index 3490b5dc825..7c10a4cc3c0 100644 --- a/lib/libcrypto/doc/PKCS7_verify.pod +++ b/lib/libcrypto/doc/PKCS7_verify.pod @@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedData structure =head1 SYNOPSIS -int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); + #include <openssl/pkcs7.h> -STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); + + STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); =head1 DESCRIPTION diff --git a/lib/libcrypto/doc/SMIME_read_CMS.pod b/lib/libcrypto/doc/SMIME_read_CMS.pod new file mode 100644 index 00000000000..acc5524c140 --- /dev/null +++ b/lib/libcrypto/doc/SMIME_read_CMS.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + + SMIME_read_CMS - parse S/MIME message. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); + +=head1 DESCRIPTION + +SMIME_read_CMS() parses a message in S/MIME format. + +B<in> is a BIO to read the message from. + +If cleartext signing is used then the content is saved in a memory bio which is +written to B<*bcont>, otherwise B<*bcont> is set to NULL. + +The parsed CMS_ContentInfo structure is returned or NULL if an +error occurred. + +=head1 NOTES + +If B<*bcont> is not NULL then the message is clear text signed. B<*bcont> can +then be passed to CMS_verify() with the B<CMS_DETACHED> flag set. + +Otherwise the type of the returned structure can be determined +using CMS_get0_type(). + +To support future functionality if B<bcont> is not NULL B<*bcont> should be +initialized to NULL. For example: + + BIO *cont = NULL; + CMS_ContentInfo *cms; + + cms = SMIME_read_CMS(in, &cont); + +=head1 BUGS + +The MIME parser used by SMIME_read_CMS() is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. + +The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format. + +The use of a memory BIO to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. + +=head1 RETURN VALUES + +SMIME_read_CMS() returns a valid B<CMS_ContentInfo> structure or B<NULL> +if an error occurred. The error can be obtained from ERR_get_error(3). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_type(3)|CMS_type(3)> +L<SMIME_read_CMS(3)|SMIME_read_CMS(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<CMS_decrypt(3)|CMS_decrypt(3)> + +=head1 HISTORY + +SMIME_read_CMS() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libcrypto/doc/SMIME_read_PKCS7.pod b/lib/libcrypto/doc/SMIME_read_PKCS7.pod index ffafa378877..9d467159418 100644 --- a/lib/libcrypto/doc/SMIME_read_PKCS7.pod +++ b/lib/libcrypto/doc/SMIME_read_PKCS7.pod @@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message. =head1 SYNOPSIS -PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); + #include <openssl/pkcs7.h> + + PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); =head1 DESCRIPTION diff --git a/lib/libcrypto/doc/SMIME_write_CMS.pod b/lib/libcrypto/doc/SMIME_write_CMS.pod new file mode 100644 index 00000000000..04bedfb4297 --- /dev/null +++ b/lib/libcrypto/doc/SMIME_write_CMS.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + + SMIME_write_CMS - convert CMS structure to S/MIME format. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); + +=head1 DESCRIPTION + +SMIME_write_CMS() adds the appropriate MIME headers to a CMS +structure to produce an S/MIME message. + +B<out> is the BIO to write the data to. B<cms> is the appropriate +B<CMS_ContentInfo> structure. If streaming is enabled then the content must be +supplied in the B<data> argument. B<flags> is an optional set of flags. + +=head1 NOTES + +The following flags can be passed in the B<flags> parameter. + +If B<CMS_DETACHED> is set then cleartext signing will be used, this option only +makes sense for SignedData where B<CMS_DETACHED> is also set when CMS_sign() is +called. + +If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are added to +the content, this only makes sense if B<CMS_DETACHED> is also set. + +If the B<CMS_STREAM> flag is set streaming is performed. This flag should only +be set if B<CMS_STREAM> was also set in the previous call to a CMS_ContentInfo +creation function. + +If cleartext signing is being used and B<CMS_STREAM> not set then the data must +be read twice: once to compute the signature in CMS_sign() and once to output +the S/MIME message. + +If streaming is performed the content is output in BER format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and DER format is used. + +=head1 BUGS + +SMIME_write_CMS() always base64 encodes CMS structures, there should be an +option to disable this. + +=head1 RETURN VALUES + +SMIME_write_CMS() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<CMS_decrypt(3)|CMS_decrypt(3)> + +=head1 HISTORY + +SMIME_write_CMS() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libcrypto/doc/SMIME_write_PKCS7.pod b/lib/libcrypto/doc/SMIME_write_PKCS7.pod index 61945b38872..ca6bd027635 100644 --- a/lib/libcrypto/doc/SMIME_write_PKCS7.pod +++ b/lib/libcrypto/doc/SMIME_write_PKCS7.pod @@ -6,17 +6,18 @@ SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format. =head1 SYNOPSIS -int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); + #include <openssl/pkcs7.h> + + int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); =head1 DESCRIPTION SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7 structure to produce an S/MIME message. -B<out> is the BIO to write the data to. B<p7> is the appropriate -B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is -being used then the signed data must be supplied in the B<data> -argument. B<flags> is an optional set of flags. +B<out> is the BIO to write the data to. B<p7> is the appropriate B<PKCS7> +structure. If streaming is enabled then the content must be supplied in the +B<data> argument. B<flags> is an optional set of flags. =head1 NOTES @@ -30,15 +31,18 @@ If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are added to the content, this only makes sense if B<PKCS7_DETACHED> is also set. -If the B<PKCS7_PARTSIGN> flag is set the signed data is finalized -and output along with the content. This flag should only be set -if B<PKCS7_DETACHED> is also set and the previous call to PKCS7_sign() -also set these flags. +If the B<PKCS7_STREAM> flag is set streaming is performed. This flag should +only be set if B<PKCS7_STREAM> was also set in the previous call to +PKCS7_sign() or B<PKCS7_encrypt()>. -If cleartext signing is being used and B<PKCS7_PARTSIGN> not set then +If cleartext signing is being used and B<PKCS7_STREAM> not set then the data must be read twice: once to compute the signature in PKCS7_sign() and once to output the S/MIME message. +If streaming is performed the content is output in BER format using indefinite +length constructuted encoding except in the case of signed data with detached +content where the content is absent and DER format is used. + =head1 BUGS SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there diff --git a/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod index 11b35f6fd35..41902c0d455 100644 --- a/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod +++ b/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod @@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions =head1 SYNOPSIS -ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + #include <openssl/x509.h> -int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); + ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); + ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); + int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); + int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); =head1 DESCRIPTION diff --git a/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod index e2ab4b0d2bb..1afd008cb37 100644 --- a/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod +++ b/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod @@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions =head1 SYNOPSIS -int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); + #include <openssl/x509.h> -int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); -int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); -int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); -X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); + int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); + + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); =head1 DESCRIPTION diff --git a/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod index 333323d734e..3b1f9ff43b6 100644 --- a/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod +++ b/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod @@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functions =head1 SYNOPSIS -int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); -int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); + #include <openssl/x509.h> -int X509_NAME_entry_count(X509_NAME *name); -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); + int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); -int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); + int X509_NAME_entry_count(X509_NAME *name); + X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); + int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); =head1 DESCRIPTION diff --git a/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod b/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod new file mode 100644 index 00000000000..a883f6c0978 --- /dev/null +++ b/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod @@ -0,0 +1,303 @@ +=pod + +=head1 NAME + +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information + +=head1 SYNOPSIS + + #include <openssl/x509.h> + #include <openssl/x509_vfy.h> + + int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); + + const char *X509_verify_cert_error_string(long n); + +=head1 DESCRIPTION + +These functions are typically called after X509_verify_cert() has indicated +an error or in a verification callback to determine the nature of an error. + +X509_STORE_CTX_get_error() returns the error code of B<ctx>, see +the B<ERROR CODES> section for a full description of all error codes. + +X509_STORE_CTX_set_error() sets the error code of B<ctx> to B<s>. For example +it might be used in a verification callback to set an error based on additional +checks. + +X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occured in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on. + +X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which +caused the error or B<NULL> if no certificate is relevant. + +X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous +call to X509_verify_cert() is successful. If the call to X509_verify_cert() +is B<not> successful the returned chain may be incomplete or invalid. The +returned chain persists after the B<ctx> structure is freed, when it is +no longer needed it should be free up using: + + sk_X509_pop_free(chain, X509_free); + +X509_verify_cert_error_string() returns a human readable error string for +verification error B<n>. + +=head1 RETURN VALUES + +X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code. + +X509_STORE_CTX_get_error_depth() returns a non-negative error depth. + +X509_STORE_CTX_get_current_cert() returns the cerificate which caused the +error or B<NULL> if no certificate is relevant to the error. + +X509_verify_cert_error_string() returns a human readable error string for +verification error B<n>. + +=head1 ERROR CODES + +A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +"unused". + +=over 4 + +=item B<X509_V_OK: ok> + +the operation was successful. + +=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate> + +the issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. + +=item B<X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL> + +the CRL of a certificate could not be found. + +=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature> + +the certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for RSA keys. + +=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature> + +the CRL signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused. + +=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key> + +the public key in the certificate SubjectPublicKeyInfo could not be read. + +=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure> + +the signature of the certificate is invalid. + +=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure> + +the signature of the certificate is invalid. + +=item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid> + +the certificate is not yet valid: the notBefore date is after the current time. + +=item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired> + +the certificate has expired: that is the notAfter date is before the current time. + +=item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> + +the CRL is not yet valid. + +=item B<X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired> + +the CRL has expired. + +=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field> + +the certificate notBefore field contains an invalid time. + +=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field> + +the certificate notAfter field contains an invalid time. + +=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field> + +the CRL lastUpdate field contains an invalid time. + +=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field> + +the CRL nextUpdate field contains an invalid time. + +=item B<X509_V_ERR_OUT_OF_MEM: out of memory> + +an error occurred trying to allocate memory. This should never happen. + +=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate> + +the passed certificate is self signed and the same certificate cannot be found +in the list of trusted certificates. + +=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain> + +the certificate chain could be built up using the untrusted certificates but +the root could not be found locally. + +=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate> + +the issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. + +=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate> + +no signatures could be verified because the chain contains only one certificate +and it is not self signed. + +=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long> + +the certificate chain length is greater than the supplied maximum depth. Unused. + +=item B<X509_V_ERR_CERT_REVOKED: certificate revoked> + +the certificate has been revoked. + +=item B<X509_V_ERR_INVALID_CA: invalid CA certificate> + +a CA certificate is invalid. Either it is not a CA or its extensions are not +consistent with the supplied purpose. + +=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded> + +the basicConstraints pathlength parameter has been exceeded. + +=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose> + +the supplied certificate cannot be used for the specified purpose. + +=item B<X509_V_ERR_CERT_UNTRUSTED: certificate not trusted> + +the root CA is not marked as trusted for the specified purpose. + +=item B<X509_V_ERR_CERT_REJECTED: certificate rejected> + +the root CA is marked to reject the specified purpose. + +=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch> + +the current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. This is only set +if issuer check debugging is enabled it is used for status notification and +is B<not> in itself an error. + +=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch> + +the current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. This is only set if issuer check debugging is enabled it is used +for status notification and is B<not> in itself an error. + +=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch> + +the current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. This is only set if issuer check debugging is enabled +it is used for status notification and is B<not> in itself an error. + +=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing> + +the current candidate issuer certificate was rejected because its keyUsage +extension does not permit certificate signing. This is only set if issuer check +debugging is enabled it is used for status notification and is B<not> in itself +an error. + +=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension> + +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. + + +=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension> + +A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled. + +=item B<X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy> + +The verification flags were set to require and explicit policy but none was +present. + +=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope> + +The only CRLs that could be found did not match the scope of the certificate. + +=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature> + +Some feature of a certificate extension is not supported. Unused. + +=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation> + +A name constraint violation occured in the permitted subtrees. + +=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation> + +A name constraint violation occured in the excluded subtrees. + +=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported> + +A certificate name constraints extension included a minimum or maximum field: +this is not supported. + +=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type> + +An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, DNS name, email and URI types. + +=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax> + +The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in RFC3280. This could be caused by +a garbage extension or some new feature not currently supported. + +=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error> + +An error occured when attempting to verify the CRL path. This error can only +happen if extended CRL checking is enabled. + +=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure> + +an application specific error. This will never be returned unless explicitly +set by an application. + +=head1 NOTES + +The above functions should be used instead of directly referencing the fields +in the B<X509_VERIFY_CTX> structure. + +In versions of OpenSSL before 1.0 the current certificate returned by +X509_STORE_CTX_get_current_cert() was never B<NULL>. Applications should +check the return value before printing out any debugging information relating +to the current certificate. + +If an unrecognised error code is passed to X509_verify_cert_error_string() the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed. + +=head1 SEE ALSO + +L<X509_verify_cert(3)|X509_verify_cert(3)> + +=head1 HISTORY + +TBA + +=cut diff --git a/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod b/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod new file mode 100644 index 00000000000..8d6b9dda47e --- /dev/null +++ b/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX structures + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + + int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg); + + char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx); + +=head1 DESCRIPTION + +These functions handle application specific data in X509_STORE_CTX structures. +Their usage is identical to that of RSA_get_ex_new_index(), RSA_set_ex_data() +and RSA_get_ex_data() as described in L<RSA_get_ex_new_index(3)>. + +=head1 NOTES + +This mechanism is used internally by the B<ssl> library to store the B<SSL> +structure associated with a verification operation in an B<X509_STORE_CTX> +structure. + +=head1 SEE ALSO + +L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)> + +=head1 HISTORY + +X509_STORE_CTX_get_ex_new_index(), X509_STORE_CTX_set_ex_data() and +X509_STORE_CTX_get_ex_data() are available since OpenSSL 0.9.5. + +=cut diff --git a/lib/libcrypto/doc/X509_STORE_CTX_new.pod b/lib/libcrypto/doc/X509_STORE_CTX_new.pod new file mode 100644 index 00000000000..b17888f149e --- /dev/null +++ b/lib/libcrypto/doc/X509_STORE_CTX_new.pod @@ -0,0 +1,122 @@ +=pod + +=head1 NAME + +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX initialisation + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + X509_STORE_CTX *X509_STORE_CTX_new(void); + void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + void X509_STORE_CTX_free(X509_STORE_CTX *ctx); + + int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); + + void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); + + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x); + void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk); + void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); + + X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +=head1 DESCRIPTION + +These functions initialise an B<X509_STORE_CTX> structure for subsequent use +by X509_verify_cert(). + +X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure. + +X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure. +The context can then be reused with an new call to X509_STORE_CTX_init(). + +X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx> +is no longer valid. + +X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation. +The trusted certificate store is set to B<store>, the end entity certificate +to be verified is set to B<x509> and a set of additional certificates (which +will be untrusted but may be used to build the chain) in B<chain>. Any or +all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>. + +X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx> +to B<sk>. This is an alternative way of specifying trusted certificates +instead of using an B<X509_STORE>. + +X509_STORE_CTX_set_cert() sets the certificate to be vertified in B<ctx> to +B<x>. + +X509_STORE_CTX_set_chain() sets the additional certificate chain used by B<ctx> +to B<sk>. + +X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate +verification to B<sk>. These CRLs will only be used if CRL verification is +enabled in the associated B<X509_VERIFY_PARAM> structure. This might be +used where additional "useful" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure. + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an intenal pointer +to the verification parameters associated with B<ctx>. + +X509_STORE_CTX_set0_param() sets the intenal verification parameter pointer +to B<param>. After this call B<param> should not be used. + +X509_STORE_CTX_set_default() looks up and sets the default verification +method to B<name>. This uses the function X509_VERIFY_PARAM_lookup() to +find an appropriate set of parameters from B<name>. + +=head1 NOTES + +The certificates and CRLs in a store are used internally and should B<not> +be freed up until after the associated B<X509_STORE_CTX> is freed. Legacy +applications might implicitly use an B<X509_STORE_CTX> like this: + + X509_STORE_CTX ctx; + X509_STORE_CTX_init(&ctx, store, cert, chain); + +this is B<not> recommended in new applications they should instead do: + + X509_STORE_CTX *ctx; + ctx = X509_STORE_CTX_new(); + if (ctx == NULL) + /* Bad error */ + X509_STORE_CTX_init(ctx, store, cert, chain); + +=head1 BUGS + +The certificates and CRLs in a context are used internally and should B<not> +be freed up until after the associated B<X509_STORE_CTX> is freed. Copies +should be made or reference counts increased instead. + +=head1 RETURN VALUES + +X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an +error occurred. + +X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred. + +X509_STORE_CTX_get0_param() returns a pointer to an B<X509_VERIFY_PARAM> +structure or B<NULL> if an error occurred. + +X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_trusted_stack(), +X509_STORE_CTX_set_cert(), X509_STORE_CTX_set_chain(), +X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return +values. + +X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred. + +=head1 SEE ALSO + +L<X509_verify_cert(3)|X509_verify_cert(3)> +L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)> + +=head1 HISTORY + +X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod b/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod new file mode 100644 index 00000000000..b9787a6ca6f --- /dev/null +++ b/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod @@ -0,0 +1,161 @@ +=pod + +=head1 NAME + +X509_STORE_CTX_set_verify_cb - set verification callback + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); + +=head1 DESCRIPTION + +X509_STORE_CTX_set_verify_cb() sets the verification callback of B<ctx> to +B<verify_cb> overwriting any existing callback. + +The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes. + +However a verification callback is B<not> essential and the default operation +is often sufficient. + +The B<ok> parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then and error condition +is indicated. If it is 1 then no error occurred. If the flag +B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the +policy checking is complete. + +The B<ctx> parameter to the callback is the B<X509_STORE_CTX> structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling X509_STORE_CTX_get_current_cert(). Additional application data can +be passed to the callback via the B<ex_data> mechanism. + +=head1 WARNING + +In general a verification callback should B<NOT> unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because B<any> certificate (including untrusted generated ones) will be +accepted. + +=head1 NOTES + +The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +B<X509_STORE_CTX> structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated B<X509_STORE>. + +=head1 RETURN VALUES + +X509_STORE_CTX_set_verify_cb() does not return a value. + +=head1 EXAMPLES + +Default callback operation: + + int verify_callback(int ok, X509_STORE_CTX *ctx) + { + return ok; + } + +Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error: + + int verify_callback(int ok, X509_STORE_CTX *ctx) + { + /* Tolerate certificate expiration */ + if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) + return 1; + /* Otherwise don't override */ + return ok; + } + +More complex example, we don't wish to continue after B<any> certificate has +expired just one specific case: + + int verify_callback(int ok, X509_STORE_CTX *ctx) + { + int err = X509_STORE_CTX_get_error(ctx); + X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); + if (err == X509_V_ERR_CERT_HAS_EXPIRED) + { + if (check_is_acceptable_expired_cert(err_cert) + return 1; + } + return ok; + } + +Full featured logging callback. In this case the B<bio_err> is assumed to be +a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using +B<ex_data>. + + int verify_callback(int ok, X509_STORE_CTX *ctx) + { + X509 *err_cert; + int err,depth; + + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + BIO_printf(bio_err,"depth=%d ",depth); + if (err_cert) + { + X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), + 0, XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); + } + else + BIO_puts(bio_err, "<no cert>\n"); + if (!ok) + BIO_printf(bio_err,"verify error:num=%d:%s\n",err, + X509_verify_cert_error_string(err)); + switch (err) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + BIO_puts(bio_err,"issuer= "); + X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), + 0, XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + BIO_printf(bio_err,"notBefore="); + ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); + BIO_printf(bio_err,"\n"); + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + BIO_printf(bio_err,"notAfter="); + ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); + BIO_printf(bio_err,"\n"); + break; + case X509_V_ERR_NO_EXPLICIT_POLICY: + policies_print(bio_err, ctx); + break; + } + if (err == X509_V_OK && ok == 2) + /* print out policies */ + + BIO_printf(bio_err,"verify return:%d\n",ok); + return(ok); + } + +=head1 SEE ALSO + +L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> +L<X509_STORE_set_verify_cb_func(3)|X509_STORE_set_verify_cb_func(3)> +L<X509_STORE_CTX_get_ex_new_index(3)|X509_STORE_CTX_get_ex_new_index(3)> + +=head1 HISTORY + +X509_STORE_CTX_set_verify_cb() is available in all versions of SSLeay and +OpenSSL. + +=cut diff --git a/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod b/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod new file mode 100644 index 00000000000..29e3bbe3bce --- /dev/null +++ b/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod @@ -0,0 +1,54 @@ +=pod + +=head1 NAME + +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callback + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + void X509_STORE_set_verify_cb(X509_STORE *st, + int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); + + void X509_STORE_set_verify_cb_func(X509_STORE *st, + int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); + +=head1 DESCRIPTION + +X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to +B<verify_cb> overwriting any existing callback. + +X509_STORE_set_verify_cb_func() also sets the verification callback but it +is implemented as a macro. + +=head1 NOTES + +The verification callback from an B<X509_STORE> is inherited by +the corresponding B<X509_STORE_CTX> structure when it is initialized. This can +be used to set the verification callback when the B<X509_STORE_CTX> is +otherwise inaccessible (for example during S/MIME verification). + +=head1 BUGS + +The macro version of this function was the only one available before +OpenSSL 1.0.0. + +=head1 RETURN VALUES + +X509_STORE_set_verify_cb() and X509_STORE_set_verify_cb_func() do not return +a value. + +=head1 SEE ALSO + +L<X509_STORE_CTX_set_verify_cb(3)|X509_STORE_CTX_set_verify_cb(3)> +L<CMS_verify(3)|CMS_verify(3)> + +=head1 HISTORY + +X509_STORE_set_verify_cb_func() is available in all versions of SSLeay and +OpenSSL. + +X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod b/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod new file mode 100644 index 00000000000..b68eece0338 --- /dev/null +++ b/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod @@ -0,0 +1,171 @@ +=pod + +=head1 NAME + +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); + int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); + unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); + + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); + int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); + + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); + + int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); + int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + + void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); + +=head1 DESCRIPTION + +These functions manipulate the B<X509_VERIFY_PARAM> structure associated with +a certificate verification operation. + +The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring +it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete +description of values the B<flags> parameter can take. + +X509_VERIFY_PARAM_get_flags() returns the flags in B<param>. + +X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>. + +X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param> +to B<purpose>. This determines the acceptable purpose of the certificate +chain, for example SSL client or SSL server. + +X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to +B<trust>. + +X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to +B<t>. Normally the current time is used. + +X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +by default) and adds B<policy> to the acceptable policy set. + +X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled +by default) and sets the acceptable policy set to B<policies>. Any existing +policy set is cleared. The B<policies> parameter can be B<NULL> to clear +an existing policy set. + +X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>. +That is the maximum number of untrusted CA certificates that can appear in a +chain. + +=head1 RETURN VALUES + +X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), +X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(), +X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1 +for success and 0 for failure. + +X509_VERIFY_PARAM_get_flags() returns the current verification flags. + +X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return +values. + +X509_VERIFY_PARAM_get_depth() returns the current verification depth. + +=head1 VERIFICATION FLAGS + +The verification flags consists of zero or more of the following flags +ored together. + +B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf +certificate. An error occurs if a suitable CRL cannot be found. + +B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate +chain. + +B<X509_V_FLAG_IGNORE_CRITICAL> disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. B<WARNING> setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback. + +THe B<X509_V_FLAG_X509_STRICT> flag disables workarounds for some broken +certificates and makes the verification strictly apply B<X509> rules. + +B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification. + +B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default +no policy checking is peformed. Additional information is sent to the +verification callback relating to policy checking. + +B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and +B<X509_V_FLAG_INHIBIT_MAP> set the B<require explicit policy>, B<inhibit any +policy> and B<inhibit policy mapping> flags respectively as defined in +B<RFC3280>. Policy checking is automatically enabled if any of these flags +are set. + +If B<X509_V_FLAG_NOTIFY_POLICY> is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes. + +By default some addtional features such as indirect CRLs and CRLs signed by +different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set +they are enabled. + +If B<X509_V_FLAG_USE_DELTAS> ise set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored. + +B<X509_V_FLAG_CHECK_SS_SIGNATURE> enables checking of the root CA self signed +cerificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root CA +signature is that disabled or unsupported message digests on the root CA +are not treated as fatal errors. + +The B<X509_V_FLAG_CB_ISSUER_CHECK> flag enables debugging of certificate +issuer checks. It is B<not> needed unless you are logging certificate +verification. If this flag is set then additional status codes will be sent +to the verification callback and it B<must> be prepared to handle such cases +without assuming they are hard errors. + +=head1 NOTES + +The above functions should be used to manipulate verification parameters +instead of legacy functions which work in specific structures such as +X509_STORE_CTX_set_flags(). + +=head1 BUGS + +Delta CRL checking is currently primitive. Only a single delta can be used and +(partly due to limitations of B<X509_STORE>) constructed CRLs are not +maintained. + +If CRLs checking is enable CRLs are expected to be available in the +corresponding B<X509_STORE> structure. No attempt is made to download +CRLs from the CRL distribution points extension. + +=head1 EXAMPLE + +Enable CRL checking when performing certificate verification during SSL +connections associated with an B<SSL_CTX> structure B<ctx>: + + X509_VERIFY_PARAM *param; + param = X509_VERIFY_PARAM_new(); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); + SSL_CTX_set1_param(ctx, param); + X509_VERIFY_PARAM_free(param); + +=head1 SEE ALSO + +L<X509_verify_cert(3)|X509_verify_cert(3)> + +=head1 HISTORY + +TBA + +=cut diff --git a/lib/libcrypto/doc/X509_new.pod b/lib/libcrypto/doc/X509_new.pod index fd5fc65ce15..d38872335fd 100644 --- a/lib/libcrypto/doc/X509_new.pod +++ b/lib/libcrypto/doc/X509_new.pod @@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate ASN1 allocation functions =head1 SYNOPSIS + #include <openssl/x509.h> + X509 *X509_new(void); void X509_free(X509 *a); diff --git a/lib/libcrypto/doc/X509_verify_cert.pod b/lib/libcrypto/doc/X509_verify_cert.pod new file mode 100644 index 00000000000..5253bdcd707 --- /dev/null +++ b/lib/libcrypto/doc/X509_verify_cert.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +X509_verify_cert - discover and verify X509 certificte chain + +=head1 SYNOPSIS + + #include <openssl/x509.h> + + int X509_verify_cert(X509_STORE_CTX *ctx); + +=head1 DESCRIPTION + +The X509_verify_cert() function attempts to discover and validate a +certificate chain based on parameters in B<ctx>. A complete description of +the process is contained in the L<verify(1)|verify(1)> manual page. + +=head1 RETURN VALUES + +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. + +If the function fails additional error information can be obtained by +examining B<ctx> using, for example X509_STORE_CTX_get_error(). + +=head1 NOTES + +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +SSL/TLS code. + +The negative return value from X509_verify_cert() can only occur if no +certificate is set in B<ctx> (due to a programming error) or if a retry +operation is requested during internal lookups (which never happens with +standard lookup methods). It is however recommended that application check +for <= 0 return value on error. + +=head1 BUGS + +This function uses the header B<x509.h> as opposed to most chain verification +functiosn which use B<x509_vfy.h>. + +=head1 SEE ALSO + +L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> + +=head1 HISTORY + +X509_verify_cert() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libcrypto/doc/d2i_X509.pod b/lib/libcrypto/doc/d2i_X509.pod index 5bfa18afbb3..298ec54a4c3 100644 --- a/lib/libcrypto/doc/d2i_X509.pod +++ b/lib/libcrypto/doc/d2i_X509.pod @@ -15,8 +15,8 @@ i2d_X509_fp - X509 encode and decode functions X509 *d2i_X509_bio(BIO *bp, X509 **x); X509 *d2i_X509_fp(FILE *fp, X509 **x); - int i2d_X509_bio(X509 *x, BIO *bp); - int i2d_X509_fp(X509 *x, FILE *fp); + int i2d_X509_bio(BIO *bp, X509 *x); + int i2d_X509_fp(FILE *fp, X509 *x); =head1 DESCRIPTION @@ -212,11 +212,11 @@ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure or B<NULL> if an error occurs. The error code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. -i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes -successfully encoded or a negative value if an error occurs. The error code -can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +i2d_X509() returns the number of bytes successfully encoded or a negative +value if an error occurs. The error code can be obtained by +L<ERR_get_error(3)|ERR_get_error(3)>. -i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error +i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 SEE ALSO diff --git a/lib/libcrypto/doc/d2i_X509_CRL.pod b/lib/libcrypto/doc/d2i_X509_CRL.pod index e7295a5d615..224f9e082b7 100644 --- a/lib/libcrypto/doc/d2i_X509_CRL.pod +++ b/lib/libcrypto/doc/d2i_X509_CRL.pod @@ -15,8 +15,8 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions. X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x); X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x); - int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp); - int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp); + int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x); + int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x); =head1 DESCRIPTION diff --git a/lib/libcrypto/doc/d2i_X509_REQ.pod b/lib/libcrypto/doc/d2i_X509_REQ.pod index ae32a3891d6..91c0c1974b4 100644 --- a/lib/libcrypto/doc/d2i_X509_REQ.pod +++ b/lib/libcrypto/doc/d2i_X509_REQ.pod @@ -15,8 +15,8 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions. X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x); X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x); - int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp); - int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp); + int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x); + int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x); =head1 DESCRIPTION diff --git a/lib/libcrypto/doc/i2d_CMS_bio_stream.pod b/lib/libcrypto/doc/i2d_CMS_bio_stream.pod new file mode 100644 index 00000000000..558bdd0812c --- /dev/null +++ b/lib/libcrypto/doc/i2d_CMS_bio_stream.pod @@ -0,0 +1,44 @@ +=pod + +=head1 NAME + + i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); + +=head1 DESCRIPTION + +i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format. + +It is otherwise identical to the function SMIME_write_CMS(). + +=head1 NOTES + +This function is effectively a version of the i2d_CMS_bio() supporting +streaming. + +=head1 BUGS + +The prefix "i2d" is arguably wrong because the function outputs BER format. + +=head1 RETURN VALUES + +i2d_CMS_bio_stream() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<CMS_decrypt(3)|CMS_decrypt(3)>, +L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>, +L<PEM_write_bio_CMS_stream(3)|PEM_write_bio_CMS_stream(3)> + +=head1 HISTORY + +i2d_CMS_bio_stream() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod b/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod new file mode 100644 index 00000000000..dc4d884c597 --- /dev/null +++ b/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod @@ -0,0 +1,44 @@ +=pod + +=head1 NAME + +i2d_PKCS7_bio_stream - output PKCS7 structure in BER format. + +=head1 SYNOPSIS + + #include <openssl/pkcs7.h> + + int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); + +=head1 DESCRIPTION + +i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format. + +It is otherwise identical to the function SMIME_write_PKCS7(). + +=head1 NOTES + +This function is effectively a version of the d2i_PKCS7_bio() supporting +streaming. + +=head1 BUGS + +The prefix "d2i" is arguably wrong because the function outputs BER format. + +=head1 RETURN VALUES + +i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, +L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> +L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>, +L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>, +L<PEM_write_bio_PKCS7_stream(3)|PEM_write_bio_PKCS7_stream(3)> + +=head1 HISTORY + +i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libcrypto/dsa/dsa_ameth.c b/lib/libcrypto/dsa/dsa_ameth.c new file mode 100644 index 00000000000..6413aae46e2 --- /dev/null +++ b/lib/libcrypto/dsa/dsa_ameth.c @@ -0,0 +1,657 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/asn1.h> +#include <openssl/dsa.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_CMS +#include <openssl/cms.h> +#endif +#include "asn1_locl.h" + +static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DSA *dsa = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + + if (ptype == V_ASN1_SEQUENCE) + { + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) + { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); + goto err; + } + + } + else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) + { + if (!(dsa = DSA_new())) + { + DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); + goto err; + } + } + else + { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) + { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); + goto err; + } + + if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) + { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + + err: + if (public_key) + ASN1_INTEGER_free(public_key); + if (dsa) + DSA_free(dsa); + return 0; + + } + +static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + DSA *dsa; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL; + int penclen; + + dsa=pkey->pkey.dsa; + if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) + { + ASN1_STRING *str; + str = ASN1_STRING_new(); + str->length = i2d_DSAparams(dsa, &str->data); + if (str->length <= 0) + { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + pval = str; + ptype = V_ASN1_SEQUENCE; + } + else + ptype = V_ASN1_UNDEF; + + dsa->write_params=0; + + penclen = i2d_DSAPublicKey(dsa, &penc); + + if (penclen <= 0) + { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), + ptype, pval, penc, penclen)) + return 1; + + err: + if (penc) + OPENSSL_free(penc); + if (pval) + ASN1_STRING_free(pval); + + return 0; + } + +/* In PKCS#8 DSA: you just get a private key integer and parameters in the + * AlgorithmIdentifier the pubkey must be recalculated. + */ + +static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + BN_CTX *ctx = NULL; + + STACK_OF(ASN1_TYPE) *ndsa = NULL; + DSA *dsa = NULL; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + /* Check for broken DSA PKCS#8, UGH! */ + if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) + { + ASN1_TYPE *t1, *t2; + if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) + goto decerr; + if (sk_ASN1_TYPE_num(ndsa) != 2) + goto decerr; + /* Handle Two broken types: + * SEQUENCE {parameters, priv_key} + * SEQUENCE {pub_key, priv_key} + */ + + t1 = sk_ASN1_TYPE_value(ndsa, 0); + t2 = sk_ASN1_TYPE_value(ndsa, 1); + if (t1->type == V_ASN1_SEQUENCE) + { + p8->broken = PKCS8_EMBEDDED_PARAM; + pval = t1->value.ptr; + } + else if (ptype == V_ASN1_SEQUENCE) + p8->broken = PKCS8_NS_DB; + else + goto decerr; + + if (t2->type != V_ASN1_INTEGER) + goto decerr; + + privkey = t2->value.integer; + } + else + { + const unsigned char *q = p; + if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) + goto decerr; + if (privkey->type == V_ASN1_NEG_INTEGER) + { + p8->broken = PKCS8_NEG_PRIVKEY; + ASN1_INTEGER_free(privkey); + if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) + goto decerr; + } + if (ptype != V_ASN1_SEQUENCE) + goto decerr; + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) + goto decerr; + /* We have parameters now set private key */ + if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) + { + DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); + goto dsaerr; + } + /* Calculate public key */ + if (!(dsa->pub_key = BN_new())) + { + DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + if (!(ctx = BN_CTX_new())) + { + DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + + if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) + { + DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); + goto dsaerr; + } + + EVP_PKEY_assign_DSA(pkey, dsa); + BN_CTX_free (ctx); + if(ndsa) + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + else + ASN1_INTEGER_free(privkey); + + return 1; + + decerr: + DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); + dsaerr: + BN_CTX_free (ctx); + if (privkey) + ASN1_INTEGER_free(privkey); + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + DSA_free(dsa); + return 0; + } + +static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + params = ASN1_STRING_new(); + + if (!params) + { + DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); + if (params->length <= 0) + { + DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); + + if (!prkey) + { + DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) + goto err; + + return 1; + +err: + if (dp != NULL) + OPENSSL_free(dp); + if (params != NULL) + ASN1_STRING_free(params); + if (prkey != NULL) + ASN1_INTEGER_free(prkey); + return 0; +} + +static int int_dsa_size(const EVP_PKEY *pkey) + { + return(DSA_size(pkey->pkey.dsa)); + } + +static int dsa_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.dsa->p); + } + +static int dsa_missing_parameters(const EVP_PKEY *pkey) + { + DSA *dsa; + dsa=pkey->pkey.dsa; + if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + return 1; + return 0; + } + +static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { + BIGNUM *a; + + if ((a=BN_dup(from->pkey.dsa->p)) == NULL) + return 0; + if (to->pkey.dsa->p != NULL) + BN_free(to->pkey.dsa->p); + to->pkey.dsa->p=a; + + if ((a=BN_dup(from->pkey.dsa->q)) == NULL) + return 0; + if (to->pkey.dsa->q != NULL) + BN_free(to->pkey.dsa->q); + to->pkey.dsa->q=a; + + if ((a=BN_dup(from->pkey.dsa->g)) == NULL) + return 0; + if (to->pkey.dsa->g != NULL) + BN_free(to->pkey.dsa->g); + to->pkey.dsa->g=a; + return 1; + } + +static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || + BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || + BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) + return 0; + else + return 1; + } + +static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) + return 0; + else + return 1; + } + +static void int_dsa_free(EVP_PKEY *pkey) + { + DSA_free(pkey->pkey.dsa); + } + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + +static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) + { + unsigned char *m=NULL; + int ret=0; + size_t buf_len=0; + const char *ktype = NULL; + + const BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + if (ptype == 2) + ktype = "Private-Key"; + else if (ptype == 1) + ktype = "Public-Key"; + else + ktype = "DSA-Parameters"; + + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->g, &buf_len); + update_buflen(priv_key, &buf_len); + update_buflen(pub_key, &buf_len); + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (priv_key) + { + if(!BIO_indent(bp,off,128)) + goto err; + if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p)) + <= 0) goto err; + } + + if (!ASN1_bn_print(bp,"priv:",priv_key,m,off)) + goto err; + if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off)) + goto err; + if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err; + if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err; + if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err; + ret=1; +err: + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +static int dsa_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + DSA *dsa; + if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) + { + DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + } + +static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_DSAparams(pkey->pkey.dsa, pder); + } + +static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); + } + +static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); + } + + +static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); + } + +static int old_dsa_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + DSA *dsa; + if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) + { + DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + } + +static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); + } + +static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + switch (op) + { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) + { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 2; + + default: + return -2; + + } + + } + +/* NB these are sorted in pkey_id order, lowest first */ + +const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = + { + + { + EVP_PKEY_DSA2, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS + }, + + { + EVP_PKEY_DSA1, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS + }, + + { + EVP_PKEY_DSA4, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS + }, + + { + EVP_PKEY_DSA3, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS + }, + + { + EVP_PKEY_DSA, + EVP_PKEY_DSA, + 0, + + "DSA", + "OpenSSL DSA method", + + dsa_pub_decode, + dsa_pub_encode, + dsa_pub_cmp, + dsa_pub_print, + + dsa_priv_decode, + dsa_priv_encode, + dsa_priv_print, + + int_dsa_size, + dsa_bits, + + dsa_param_decode, + dsa_param_encode, + dsa_missing_parameters, + dsa_copy_parameters, + dsa_cmp_parameters, + dsa_param_print, + + int_dsa_free, + dsa_pkey_ctrl, + old_dsa_priv_decode, + old_dsa_priv_encode + } + }; + diff --git a/lib/libcrypto/dsa/dsa_locl.h b/lib/libcrypto/dsa/dsa_locl.h new file mode 100644 index 00000000000..2b8cfee3dbd --- /dev/null +++ b/lib/libcrypto/dsa/dsa_locl.h @@ -0,0 +1,59 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/dsa.h> + +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); diff --git a/lib/libcrypto/dsa/dsa_pmeth.c b/lib/libcrypto/dsa/dsa_pmeth.c new file mode 100644 index 00000000000..4ce91e20c64 --- /dev/null +++ b/lib/libcrypto/dsa/dsa_pmeth.c @@ -0,0 +1,315 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/evp.h> +#include <openssl/bn.h> +#include "evp_locl.h" +#include "dsa_locl.h" + +/* DSA pkey context structure */ + +typedef struct + { + /* Parameter gen parameters */ + int nbits; /* size of p in bits (default: 1024) */ + int qbits; /* size of q in bits (default: 160) */ + const EVP_MD *pmd; /* MD for parameter generation */ + /* Keygen callback info */ + int gentmp[2]; + /* message digest */ + const EVP_MD *md; /* MD for the signature */ + } DSA_PKEY_CTX; + +static int pkey_dsa_init(EVP_PKEY_CTX *ctx) + { + DSA_PKEY_CTX *dctx; + dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX)); + if (!dctx) + return 0; + dctx->nbits = 1024; + dctx->qbits = 160; + dctx->pmd = NULL; + dctx->md = NULL; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; + } + +static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + DSA_PKEY_CTX *dctx, *sctx; + if (!pkey_dsa_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->nbits = sctx->nbits; + dctx->qbits = sctx->qbits; + dctx->pmd = sctx->pmd; + dctx->md = sctx->md; + return 1; + } + +static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) + { + DSA_PKEY_CTX *dctx = ctx->data; + if (dctx) + OPENSSL_free(dctx); + } + +static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret, type; + unsigned int sltmp; + DSA_PKEY_CTX *dctx = ctx->data; + DSA *dsa = ctx->pkey->pkey.dsa; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); + + if (ret <= 0) + return ret; + *siglen = sltmp; + return 1; + } + +static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret, type; + DSA_PKEY_CTX *dctx = ctx->data; + DSA *dsa = ctx->pkey->pkey.dsa; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); + + return ret; + } + +static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + DSA_PKEY_CTX *dctx = ctx->data; + switch (type) + { + case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: + if (p1 < 256) + return -2; + dctx->nbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + if (p1 != 160 && p1 != 224 && p1 && p1 != 256) + return -2; + dctx->qbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) + { + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) + { + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + DSAerr(DSA_F_PKEY_DSA_CTRL, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + default: + return -2; + + } + } + +static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, "dsa_paramgen_bits")) + { + int nbits; + nbits = atoi(value); + return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); + } + if (!strcmp(type, "dsa_paramgen_q_bits")) + { + int qbits = atoi(value); + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); + } + if (!strcmp(type, "dsa_paramgen_md")) + { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, + (void *)EVP_get_digestbyname(value)); + } + return -2; + } + +static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DSA *dsa = NULL; + DSA_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + if (ctx->pkey_gencb) + { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } + else + pcb = NULL; + dsa = DSA_new(); + if (!dsa) + return 0; + ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + NULL, 0, NULL, NULL, pcb); + if (ret) + EVP_PKEY_assign_DSA(pkey, dsa); + else + DSA_free(dsa); + return ret; + } + +static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DSA *dsa = NULL; + if (ctx->pkey == NULL) + { + DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); + return 0; + } + dsa = DSA_new(); + if (!dsa) + return 0; + EVP_PKEY_assign_DSA(pkey, dsa); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DSA_generate_key(pkey->pkey.dsa); + } + +const EVP_PKEY_METHOD dsa_pkey_meth = + { + EVP_PKEY_DSA, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_dsa_init, + pkey_dsa_copy, + pkey_dsa_cleanup, + + 0, + pkey_dsa_paramgen, + + 0, + pkey_dsa_keygen, + + 0, + pkey_dsa_sign, + + 0, + pkey_dsa_verify, + + 0,0, + + 0,0,0,0, + + 0,0, + + 0,0, + + 0,0, + + pkey_dsa_ctrl, + pkey_dsa_ctrl_str + + + }; diff --git a/lib/libcrypto/dsa/dsa_prn.c b/lib/libcrypto/dsa/dsa_prn.c new file mode 100644 index 00000000000..6f29f5e2409 --- /dev/null +++ b/lib/libcrypto/dsa/dsa_prn.c @@ -0,0 +1,121 @@ +/* crypto/dsa/dsa_prn.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/dsa.h> + +#ifndef OPENSSL_NO_FP_API +int DSA_print_fp(FILE *fp, const DSA *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DSA_print(b,x,off); + BIO_free(b); + return(ret); + } + +int DSAparams_print_fp(FILE *fp, const DSA *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DSAparams_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +int DSA_print(BIO *bp, const DSA *x, int off) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; + } + +int DSAparams_print(BIO *bp, const DSA *x) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + return 0; + ret = EVP_PKEY_print_params(bp, pk, 4, NULL); + EVP_PKEY_free(pk); + return ret; + } + diff --git a/lib/libcrypto/dso/Makefile b/lib/libcrypto/dso/Makefile index 52f152888c4..fb2709ed63a 100644 --- a/lib/libcrypto/dso/Makefile +++ b/lib/libcrypto/dso/Makefile @@ -18,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \ - dso_openssl.c dso_win32.c dso_vms.c + dso_openssl.c dso_win32.c dso_vms.c dso_beos.c LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \ - dso_openssl.o dso_win32.o dso_vms.o + dso_openssl.o dso_win32.o dso_vms.o dso_beos.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -76,6 +76,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dso_beos.o: ../../e_os.h ../../include/openssl/bio.h +dso_beos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dso_beos.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +dso_beos.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dso_beos.o: ../../include/openssl/opensslconf.h +dso_beos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dso_beos.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dso_beos.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_beos.c dso_dl.o: ../../e_os.h ../../include/openssl/bio.h dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h diff --git a/lib/libcrypto/dso/dso_beos.c b/lib/libcrypto/dso/dso_beos.c new file mode 100644 index 00000000000..553966e6993 --- /dev/null +++ b/lib/libcrypto/dso/dso_beos.c @@ -0,0 +1,270 @@ +/* dso_beos.c */ +/* Written by Marcin Konicki (ahwayakchih@neoni.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <string.h> +#include "cryptlib.h" +#include <openssl/dso.h> + +#if !defined(OPENSSL_SYS_BEOS) +DSO_METHOD *DSO_METHOD_beos(void) + { + return NULL; + } +#else + +#include <kernel/image.h> + +static int beos_load(DSO *dso); +static int beos_unload(DSO *dso); +static void *beos_bind_var(DSO *dso, const char *symname); +static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname); +#if 0 +static int beos_unbind_var(DSO *dso, char *symname, void *symptr); +static int beos_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); +static int beos_init(DSO *dso); +static int beos_finish(DSO *dso); +static long beos_ctrl(DSO *dso, int cmd, long larg, void *parg); +#endif +static char *beos_name_converter(DSO *dso, const char *filename); + +static DSO_METHOD dso_meth_beos = { + "OpenSSL 'beos' shared library method", + beos_load, + beos_unload, + beos_bind_var, + beos_bind_func, +/* For now, "unbind" doesn't exist */ +#if 0 + NULL, /* unbind_var */ + NULL, /* unbind_func */ +#endif + NULL, /* ctrl */ + beos_name_converter, + NULL, /* init */ + NULL /* finish */ + }; + +DSO_METHOD *DSO_METHOD_beos(void) + { + return(&dso_meth_beos); + } + +/* For this DSO_METHOD, our meth_data STACK will contain; + * (i) a pointer to the handle (image_id) returned from + * load_add_on(). + */ + +static int beos_load(DSO *dso) + { + image_id id; + /* See applicable comments from dso_dl.c */ + char *filename = DSO_convert_filename(dso, NULL); + + if(filename == NULL) + { + DSOerr(DSO_F_BEOS_LOAD,DSO_R_NO_FILENAME); + goto err; + } + id = load_add_on(filename); + if(id < 1) + { + DSOerr(DSO_F_BEOS_LOAD,DSO_R_LOAD_FAILED); + ERR_add_error_data(3, "filename(", filename, ")"); + goto err; + } + if(!sk_push(dso->meth_data, (char *)id)) + { + DSOerr(DSO_F_BEOS_LOAD,DSO_R_STACK_ERROR); + goto err; + } + /* Success */ + dso->loaded_filename = filename; + return(1); +err: + /* Cleanup !*/ + if(filename != NULL) + OPENSSL_free(filename); + if(id > 0) + unload_add_on(id); + return(0); + } + +static int beos_unload(DSO *dso) + { + image_id id; + if(dso == NULL) + { + DSOerr(DSO_F_BEOS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + if(sk_num(dso->meth_data) < 1) + return(1); + id = (image_id)sk_pop(dso->meth_data); + if(id < 1) + { + DSOerr(DSO_F_BEOS_UNLOAD,DSO_R_NULL_HANDLE); + return(0); + } + if(unload_add_on(id) != B_OK) + { + DSOerr(DSO_F_BEOS_UNLOAD,DSO_R_UNLOAD_FAILED); + /* We should push the value back onto the stack in + * case of a retry. */ + sk_push(dso->meth_data, (char *)id); + return(0); + } + return(1); + } + +static void *beos_bind_var(DSO *dso, const char *symname) + { + image_id id; + void *sym; + + if((dso == NULL) || (symname == NULL)) + { + DSOerr(DSO_F_BEOS_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + if(sk_num(dso->meth_data) < 1) + { + DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_STACK_ERROR); + return(NULL); + } + id = (image_id)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + if(id < 1) + { + DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_NULL_HANDLE); + return(NULL); + } + if(get_image_symbol(id, symname, B_SYMBOL_TYPE_DATA, &sym) != B_OK) + { + DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_SYM_FAILURE); + ERR_add_error_data(3, "symname(", symname, ")"); + return(NULL); + } + return(sym); + } + +static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname) + { + image_id id; + void *sym; + + if((dso == NULL) || (symname == NULL)) + { + DSOerr(DSO_F_BEOS_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + if(sk_num(dso->meth_data) < 1) + { + DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_STACK_ERROR); + return(NULL); + } + id = (image_id)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + if(id < 1) + { + DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_NULL_HANDLE); + return(NULL); + } + if(get_image_symbol(id, symname, B_SYMBOL_TYPE_TEXT, &sym) != B_OK) + { + DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_SYM_FAILURE); + ERR_add_error_data(3, "symname(", symname, ")"); + return(NULL); + } + return((DSO_FUNC_TYPE)sym); + } + +/* This one is the same as the one in dlfcn */ +static char *beos_name_converter(DSO *dso, const char *filename) + { + char *translated; + int len, rsize, transform; + + len = strlen(filename); + rsize = len + 1; + transform = (strstr(filename, "/") == NULL); + if(transform) + { + /* We will convert this to "%s.so" or "lib%s.so" */ + rsize += 3; /* The length of ".so" */ + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + rsize += 3; /* The length of "lib" */ + } + translated = OPENSSL_malloc(rsize); + if(translated == NULL) + { + DSOerr(DSO_F_BEOS_NAME_CONVERTER, + DSO_R_NAME_TRANSLATION_FAILED); + return(NULL); + } + if(transform) + { + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + sprintf(translated, "lib%s.so", filename); + else + sprintf(translated, "%s.so", filename); + } + else + sprintf(translated, "%s", filename); + return(translated); + } + +#endif diff --git a/lib/libcrypto/dso/dso_openssl.c b/lib/libcrypto/dso/dso_openssl.c index a4395ebffec..b17e8e8e9e6 100644 --- a/lib/libcrypto/dso/dso_openssl.c +++ b/lib/libcrypto/dso/dso_openssl.c @@ -74,6 +74,8 @@ DSO_METHOD *DSO_METHOD_openssl(void) return(DSO_METHOD_win32()); #elif defined(DSO_VMS) return(DSO_METHOD_vms()); +#elif defined(DSO_BEOS) + return(DSO_METHOD_beos()); #else return(DSO_METHOD_null()); #endif diff --git a/lib/libcrypto/ec/Makefile b/lib/libcrypto/ec/Makefile index b5bbc9faa1a..db380ed16f8 100644 --- a/lib/libcrypto/ec/Makefile +++ b/lib/libcrypto/ec/Makefile @@ -19,11 +19,11 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\ ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\ - ec2_smpl.c ec2_smpt.c ec2_mult.c + ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\ ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\ - ec2_smpl.o ec2_mult.o + ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o SRC= $(LIBSRC) @@ -38,7 +38,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -94,8 +94,22 @@ ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h -ec2_smpt.o: ec2_smpt.c +ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec_lcl.h +ec_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +ec_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ec_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +ec_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ec_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ec_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ec_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ec_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ec_ameth.o: ../../include/openssl/opensslconf.h +ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +ec_ameth.o: ec_ameth.c ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -160,6 +174,20 @@ ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c +ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ec_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ec_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ec_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ec_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +ec_pmeth.o: ec_pmeth.c ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -167,6 +195,16 @@ ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c +eck_prn.o: ../../e_os.h ../../include/openssl/asn1.h +eck_prn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eck_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eck_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eck_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eck_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eck_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eck_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eck_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eck_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h eck_prn.c ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/lib/libcrypto/ec/ec2_mult.c b/lib/libcrypto/ec/ec2_mult.c index ff368fd7d7b..ab631a50a22 100644 --- a/lib/libcrypto/ec/ec2_mult.c +++ b/lib/libcrypto/ec/ec2_mult.c @@ -76,7 +76,7 @@ * coordinates. * Uses algorithm Mdouble in appendix of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). * modified to not require precomputation of c=b^{2^{m-1}}. */ static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx) @@ -107,8 +107,8 @@ static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx /* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery * projective coordinates. * Uses algorithm Madd in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). */ static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx) @@ -140,8 +140,8 @@ static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM /* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) * using Montgomery point multiplication algorithm Mxy() in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). * Returns: * 0 on error * 1 if return value should be the point at infinity @@ -209,15 +209,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG /* Computes scalar*point and stores the result in r. * point can not equal r. * Uses algorithm 2P of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) { BIGNUM *x1, *x2, *z1, *z2; - int ret = 0, i, j; - BN_ULONG mask; + int ret = 0, i; + BN_ULONG mask,word; if (r == point) { @@ -251,22 +251,24 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */ /* find top most bit and go one past it */ - i = scalar->top - 1; j = BN_BITS2 - 1; + i = scalar->top - 1; mask = BN_TBIT; - while (!(scalar->d[i] & mask)) { mask >>= 1; j--; } - mask >>= 1; j--; + word = scalar->d[i]; + while (!(word & mask)) mask >>= 1; + mask >>= 1; /* if top most bit was at word break, go to next word */ if (!mask) { - i--; j = BN_BITS2 - 1; + i--; mask = BN_TBIT; } for (; i >= 0; i--) { - for (; j >= 0; j--) + word = scalar->d[i]; + while (mask) { - if (scalar->d[i] & mask) + if (word & mask) { if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; @@ -278,7 +280,6 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, } mask >>= 1; } - j = BN_BITS2 - 1; mask = BN_TBIT; } diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c new file mode 100644 index 00000000000..c00f7d746c3 --- /dev/null +++ b/lib/libcrypto/ec/ec_ameth.c @@ -0,0 +1,659 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/ec.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_CMS +#include <openssl/cms.h> +#endif +#include "asn1_locl.h" + +static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) + { + const EC_GROUP *group; + int nid; + if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) + { + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS); + return 0; + } + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) + /* we have a 'named curve' => just set the OID */ + { + *ppval = OBJ_nid2obj(nid); + *pptype = V_ASN1_OBJECT; + } + else /* explicit parameters */ + { + ASN1_STRING *pstr = NULL; + pstr = ASN1_STRING_new(); + if (!pstr) + return 0; + pstr->length = i2d_ECParameters(ec_key, &pstr->data); + if (pstr->length < 0) + { + ASN1_STRING_free(pstr); + ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); + return 0; + } + *ppval = pstr; + *pptype = V_ASN1_SEQUENCE; + } + return 1; + } + +static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + EC_KEY *ec_key = pkey->pkey.ec; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL, *p; + int penclen; + + if (!eckey_param2type(&ptype, &pval, ec_key)) + { + ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB); + return 0; + } + penclen = i2o_ECPublicKey(ec_key, NULL); + if (penclen <= 0) + goto err; + penc = OPENSSL_malloc(penclen); + if (!penc) + goto err; + p = penc; + penclen = i2o_ECPublicKey(ec_key, &p); + if (penclen <= 0) + goto err; + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), + ptype, pval, penc, penclen)) + return 1; + err: + if (ptype == V_ASN1_OBJECT) + ASN1_OBJECT_free(pval); + else + ASN1_STRING_free(pval); + if (penc) + OPENSSL_free(penc); + return 0; + } + +static EC_KEY *eckey_type2param(int ptype, void *pval) + { + EC_KEY *eckey = NULL; + if (ptype == V_ASN1_SEQUENCE) + { + ASN1_STRING *pstr = pval; + const unsigned char *pm = NULL; + int pmlen; + pm = pstr->data; + pmlen = pstr->length; + if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) + { + ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); + goto ecerr; + } + } + else if (ptype == V_ASN1_OBJECT) + { + ASN1_OBJECT *poid = pval; + EC_GROUP *group; + + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + if ((eckey = EC_KEY_new()) == NULL) + { + ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); + goto ecerr; + } + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); + if (group == NULL) + goto ecerr; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(eckey, group) == 0) + goto ecerr; + EC_GROUP_free(group); + } + else + { + ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); + goto ecerr; + } + + return eckey; + + ecerr: + if (eckey) + EC_KEY_free(eckey); + return NULL; + } + +static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p = NULL; + void *pval; + int ptype, pklen; + EC_KEY *eckey = NULL; + X509_ALGOR *palg; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + eckey = eckey_type2param(ptype, pval); + + if (!eckey) + { + ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB); + return 0; + } + + /* We have parameters now set public key */ + if (!o2i_ECPublicKey(&eckey, &p, pklen)) + { + ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR); + goto ecerr; + } + + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; + + ecerr: + if (eckey) + EC_KEY_free(eckey); + return 0; + } + +static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + int r; + const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); + const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), + *pb = EC_KEY_get0_public_key(b->pkey.ec); + r = EC_POINT_cmp(group, pa, pb, NULL); + if (r == 0) + return 1; + if (r == 1) + return 0; + return -2; + } + +static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p = NULL; + void *pval; + int ptype, pklen; + EC_KEY *eckey = NULL; + X509_ALGOR *palg; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + eckey = eckey_type2param(ptype, pval); + + if (!eckey) + goto ecliberr; + + /* We have parameters now set private key */ + if (!d2i_ECPrivateKey(&eckey, &p, pklen)) + { + ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR); + goto ecerr; + } + + /* calculate public key (if necessary) */ + if (EC_KEY_get0_public_key(eckey) == NULL) + { + const BIGNUM *priv_key; + const EC_GROUP *group; + EC_POINT *pub_key; + /* the public key was not included in the SEC1 private + * key => calculate the public key */ + group = EC_KEY_get0_group(eckey); + pub_key = EC_POINT_new(group); + if (pub_key == NULL) + { + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + goto ecliberr; + } + if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) + { + EC_POINT_free(pub_key); + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + goto ecliberr; + } + priv_key = EC_KEY_get0_private_key(eckey); + if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) + { + EC_POINT_free(pub_key); + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + goto ecliberr; + } + if (EC_KEY_set_public_key(eckey, pub_key) == 0) + { + EC_POINT_free(pub_key); + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + goto ecliberr; + } + EC_POINT_free(pub_key); + } + + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; + + ecliberr: + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + ecerr: + if (eckey) + EC_KEY_free(eckey); + return 0; + } + +static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + EC_KEY *ec_key; + unsigned char *ep, *p; + int eplen, ptype; + void *pval; + unsigned int tmp_flags, old_flags; + + ec_key = pkey->pkey.ec; + + if (!eckey_param2type(&ptype, &pval, ec_key)) + { + ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); + return 0; + } + + /* set the private key */ + + /* do not include the parameters in the SEC1 private key + * see PKCS#11 12.11 */ + old_flags = EC_KEY_get_enc_flags(ec_key); + tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; + EC_KEY_set_enc_flags(ec_key, tmp_flags); + eplen = i2d_ECPrivateKey(ec_key, NULL); + if (!eplen) + { + EC_KEY_set_enc_flags(ec_key, old_flags); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); + return 0; + } + ep = (unsigned char *) OPENSSL_malloc(eplen); + if (!ep) + { + EC_KEY_set_enc_flags(ec_key, old_flags); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + return 0; + } + p = ep; + if (!i2d_ECPrivateKey(ec_key, &p)) + { + EC_KEY_set_enc_flags(ec_key, old_flags); + OPENSSL_free(ep); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); + } + /* restore old encoding flags */ + EC_KEY_set_enc_flags(ec_key, old_flags); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, + ptype, pval, ep, eplen)) + return 0; + + return 1; +} + +static int int_ec_size(const EVP_PKEY *pkey) + { + return ECDSA_size(pkey->pkey.ec); + } + +static int ec_bits(const EVP_PKEY *pkey) + { + BIGNUM *order = BN_new(); + const EC_GROUP *group; + int ret; + + if (!order) + { + ERR_clear_error(); + return 0; + } + group = EC_KEY_get0_group(pkey->pkey.ec); + if (!EC_GROUP_get_order(group, order, NULL)) + { + ERR_clear_error(); + return 0; + } + + ret = BN_num_bits(order); + BN_free(order); + return ret; + } + +static int ec_missing_parameters(const EVP_PKEY *pkey) + { + if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) + return 1; + return 0; + } + +static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { + EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); + if (group == NULL) + return 0; + if (EC_KEY_set_group(to->pkey.ec, group) == 0) + return 0; + EC_GROUP_free(group); + return 1; + } + +static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), + *group_b = EC_KEY_get0_group(b->pkey.ec); + if (EC_GROUP_cmp(group_a, group_b, NULL)) + return 0; + else + return 1; + } + +static void int_ec_free(EVP_PKEY *pkey) + { + EC_KEY_free(pkey->pkey.ec); + } + +static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) + { + unsigned char *buffer=NULL; + const char *ecstr; + size_t buf_len=0, i; + int ret=0, reason=ERR_R_BIO_LIB; + BIGNUM *pub_key=NULL, *order=NULL; + BN_CTX *ctx=NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + const BIGNUM *priv_key; + + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (ktype > 0) + { + public_key = EC_KEY_get0_public_key(x); + if ((pub_key = EC_POINT_point2bn(group, public_key, + EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + if (pub_key) + buf_len = (size_t)BN_num_bytes(pub_key); + } + + if (ktype == 2) + { + priv_key = EC_KEY_get0_private_key(x); + if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len) + buf_len = i; + } + else + priv_key = NULL; + + if (ktype > 0) + { + buf_len += 10; + if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + } + if (ktype == 2) + ecstr = "Private-Key"; + else if (ktype == 1) + ecstr = "Public-Key"; + else + ecstr = "ECDSA-Parameters"; + + if (!BIO_indent(bp, off, 128)) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if (!EC_GROUP_get_order(group, order, NULL)) + goto err; + if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, + BN_num_bits(order)) <= 0) goto err; + + if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, + buffer, off)) + goto err; + if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key, + buffer, off)) + goto err; + if (!ECPKParameters_print(bp, group, off)) + goto err; + ret=1; +err: + if (!ret) + ECerr(EC_F_DO_EC_KEY_PRINT, reason); + if (pub_key) + BN_free(pub_key); + if (order) + BN_free(order); + if (ctx) + BN_CTX_free(ctx); + if (buffer != NULL) + OPENSSL_free(buffer); + return(ret); + } + +static int eckey_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + EC_KEY *eckey; + if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) + { + ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB); + return 0; + } + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; + } + +static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_ECParameters(pkey->pkey.ec, pder); + } + +static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0); + } + +static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1); + } + + +static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2); + } + +static int old_ec_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + EC_KEY *ec; + if (!(ec = d2i_ECPrivateKey (NULL, pder, derlen))) + { + ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR); + return 0; + } + EVP_PKEY_assign_EC_KEY(pkey, ec); + return 1; + } + +static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_ECPrivateKey(pkey->pkey.ec, pder); + } + +static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + switch (op) + { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) + { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, + &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 2; + + default: + return -2; + + } + + } + +const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = + { + EVP_PKEY_EC, + EVP_PKEY_EC, + 0, + "EC", + "OpenSSL EC algorithm", + + eckey_pub_decode, + eckey_pub_encode, + eckey_pub_cmp, + eckey_pub_print, + + eckey_priv_decode, + eckey_priv_encode, + eckey_priv_print, + + int_ec_size, + ec_bits, + + eckey_param_decode, + eckey_param_encode, + ec_missing_parameters, + ec_copy_parameters, + ec_cmp_parameters, + eckey_param_print, + + int_ec_free, + ec_pkey_ctrl, + old_ec_priv_decode, + old_ec_priv_encode + }; diff --git a/lib/libcrypto/ec/ec_curve.c b/lib/libcrypto/ec/ec_curve.c index beac20969b7..23274e4031c 100644 --- a/lib/libcrypto/ec/ec_curve.c +++ b/lib/libcrypto/ec/ec_curve.c @@ -73,926 +73,1690 @@ #include <openssl/err.h> #include <openssl/obj_mac.h> -typedef struct ec_curve_data_st { - int field_type; /* either NID_X9_62_prime_field or +typedef struct { + int field_type, /* either NID_X9_62_prime_field or * NID_X9_62_characteristic_two_field */ - const char *p; /* either a prime number or a polynomial */ - const char *a; - const char *b; - const char *x; /* the x coordinate of the generator */ - const char *y; /* the y coordinate of the generator */ - const char *order; /* the order of the group generated by the - * generator */ - const BN_ULONG cofactor;/* the cofactor */ - const unsigned char *seed;/* the seed (optional) */ - size_t seed_len; - const char *comment; /* a short description of the curve */ + seed_len, + param_len; + unsigned int cofactor; /* promoted to BN_ULONG */ } EC_CURVE_DATA; /* the nist prime curves */ -static const unsigned char _EC_NIST_PRIME_192_SEED[] = { - 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57, - 0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5}; -static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", - "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1, - _EC_NIST_PRIME_192_SEED, 20, - "NIST/X9.62/SECG curve over a 192 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_NIST_PRIME_192 = { + { NID_X9_62_prime_field,20,24,1 }, + { 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57, /* seed */ + 0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFC, + 0x64,0x21,0x05,0x19,0xE5,0x9C,0x80,0xE7,0x0F,0xA7, /* b */ + 0xE9,0xAB,0x72,0x24,0x30,0x49,0xFE,0xB8,0xDE,0xEC, + 0xC1,0x46,0xB9,0xB1, + 0x18,0x8D,0xA8,0x0E,0xB0,0x30,0x90,0xF6,0x7C,0xBF, /* x */ + 0x20,0xEB,0x43,0xA1,0x88,0x00,0xF4,0xFF,0x0A,0xFD, + 0x82,0xFF,0x10,0x12, + 0x07,0x19,0x2b,0x95,0xff,0xc8,0xda,0x78,0x63,0x10, /* y */ + 0x11,0xed,0x6b,0x24,0xcd,0xd5,0x73,0xf9,0x77,0xa1, + 0x1e,0x79,0x48,0x11, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x99,0xDE,0xF8,0x36,0x14,0x6B,0xC9,0xB1, + 0xB4,0xD2,0x28,0x31 } }; -static const unsigned char _EC_NIST_PRIME_224_SEED[] = { - 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45, - 0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5}; -static const EC_CURVE_DATA _EC_NIST_PRIME_224 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1, - _EC_NIST_PRIME_224_SEED, 20, - "NIST/SECG curve over a 224 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+28*6]; } + _EC_NIST_PRIME_224 = { + { NID_X9_62_prime_field,20,28,1 }, + { 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45, /* seed */ + 0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41, /* b */ + 0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA, + 0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4, + 0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13, /* x */ + 0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22, + 0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21, + 0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22, /* y */ + 0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64, + 0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E, + 0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D } }; -static const unsigned char _EC_NIST_PRIME_384_SEED[] = { - 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, - 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73}; -static const EC_CURVE_DATA _EC_NIST_PRIME_384 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" - "FFF0000000000000000FFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" - "FFF0000000000000000FFFFFFFC", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563" - "98D8A2ED19D2A85C8EDD3EC2AEF", - "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F" - "25DBF55296C3A545E3872760AB7", - "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b" - "1ce1d7e819d7a431d7c90ea0e5f", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" - "DB248B0A77AECEC196ACCC52973",1, - _EC_NIST_PRIME_384_SEED, 20, - "NIST/SECG curve over a 384 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; } + _EC_NIST_PRIME_384 = { + { NID_X9_62_prime_field,20,48,1 }, + { 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, /* seed */ + 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC, + 0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E, /* b */ + 0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E, + 0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13, + 0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D, + 0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF, + 0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1, /* x */ + 0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62, + 0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54, + 0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C, + 0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7, + 0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e, /* y */ + 0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd, + 0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0, + 0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d, + 0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37, + 0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A, + 0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 } }; -static const unsigned char _EC_NIST_PRIME_521_SEED[] = { - 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, - 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA}; -static const EC_CURVE_DATA _EC_NIST_PRIME_521 = { - NID_X9_62_prime_field, - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", - "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156" - "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14" - "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", - "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9" - "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" - "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1, - _EC_NIST_PRIME_521_SEED, 20, - "NIST/SECG curve over a 521 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; } + _EC_NIST_PRIME_521 = { + { NID_X9_62_prime_field,20,66,1 }, + { 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, /* seed */ + 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA, + + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFC, + 0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F, /* b */ + 0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA, + 0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91, + 0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E, + 0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07, + 0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45, + 0x1F,0xD4,0x6B,0x50,0x3F,0x00, + 0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD, /* x */ + 0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64, + 0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60, + 0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7, + 0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE, + 0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E, + 0x7E,0x31,0xC2,0xE5,0xBD,0x66, + 0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04, /* y */ + 0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5, + 0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17, + 0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4, + 0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61, + 0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe, + 0x94,0x76,0x9f,0xd1,0x66,0x50, + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F, + 0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0, + 0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F, + 0xB7,0x1E,0x91,0x38,0x64,0x09 } }; + /* the x9.62 prime curves (minus the nist prime curves) */ -static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = { - 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B, - 0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", - "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", - "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", - "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1, - _EC_X9_62_PRIME_192V2_SEED, 20, - "X9.62 curve over a 192 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_PRIME_192V2 = { + { NID_X9_62_prime_field,20,24,1 }, + { 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B, /* seed */ + 0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFC, + 0xCC,0x22,0xD6,0xDF,0xB9,0x5C,0x6B,0x25,0xE4,0x9C, /* b */ + 0x0D,0x63,0x64,0xA4,0xE5,0x98,0x0C,0x39,0x3A,0xA2, + 0x16,0x68,0xD9,0x53, + 0xEE,0xA2,0xBA,0xE7,0xE1,0x49,0x78,0x42,0xF2,0xDE, /* x */ + 0x77,0x69,0xCF,0xE9,0xC9,0x89,0xC0,0x72,0xAD,0x69, + 0x6F,0x48,0x03,0x4A, + 0x65,0x74,0xd1,0x1d,0x69,0xb6,0xec,0x7a,0x67,0x2b, /* y */ + 0xb8,0x2a,0x08,0x3d,0xf2,0xf2,0xb0,0x84,0x7d,0xe9, + 0x70,0xb2,0xde,0x15, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFE,0x5F,0xB1,0xA7,0x24,0xDC,0x80,0x41,0x86, + 0x48,0xD8,0xDD,0x31 } }; -static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { - 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6, - 0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", - "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", - "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", - "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1, - _EC_X9_62_PRIME_192V3_SEED, 20, - "X9.62 curve over a 192 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_PRIME_192V3 = { + { NID_X9_62_prime_field,20,24,1 }, + { 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6, /* seed */ + 0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFC, + 0x22,0x12,0x3D,0xC2,0x39,0x5A,0x05,0xCA,0xA7,0x42, /* b */ + 0x3D,0xAE,0xCC,0xC9,0x47,0x60,0xA7,0xD4,0x62,0x25, + 0x6B,0xD5,0x69,0x16, + 0x7D,0x29,0x77,0x81,0x00,0xC6,0x5A,0x1D,0xA1,0x78, /* x */ + 0x37,0x16,0x58,0x8D,0xCE,0x2B,0x8B,0x4A,0xEE,0x8E, + 0x22,0x8F,0x18,0x96, + 0x38,0xa9,0x0f,0x22,0x63,0x73,0x37,0x33,0x4b,0x49, /* y */ + 0xdc,0xb6,0x6a,0x6d,0xc8,0xf9,0x97,0x8a,0xca,0x76, + 0x48,0xa9,0x43,0xb0, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x7A,0x62,0xD0,0x31,0xC8,0x3F,0x42,0x94, + 0xF6,0x40,0xEC,0x13 } }; -static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { - 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0, - 0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { - NID_X9_62_prime_field, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", - "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", - "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1, - _EC_X9_62_PRIME_239V1_SEED, 20, - "X9.62 curve over a 239 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_PRIME_239V1 = { + { NID_X9_62_prime_field,20,30,1 }, + { 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0, /* seed */ + 0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC, + + 0x6B,0x01,0x6C,0x3B,0xDC,0xF1,0x89,0x41,0xD0,0xD6, /* b */ + 0x54,0x92,0x14,0x75,0xCA,0x71,0xA9,0xDB,0x2F,0xB2, + 0x7D,0x1D,0x37,0x79,0x61,0x85,0xC2,0x94,0x2C,0x0A, + + 0x0F,0xFA,0x96,0x3C,0xDC,0xA8,0x81,0x6C,0xCC,0x33, /* x */ + 0xB8,0x64,0x2B,0xED,0xF9,0x05,0xC3,0xD3,0x58,0x57, + 0x3D,0x3F,0x27,0xFB,0xBD,0x3B,0x3C,0xB9,0xAA,0xAF, + + 0x7d,0xeb,0xe8,0xe4,0xe9,0x0a,0x5d,0xae,0x6e,0x40, /* y */ + 0x54,0xca,0x53,0x0b,0xa0,0x46,0x54,0xb3,0x68,0x18, + 0xce,0x22,0x6b,0x39,0xfc,0xcb,0x7b,0x02,0xf1,0xae, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0x9E,0x5E,0x9A,0x9F,0x5D, + 0x90,0x71,0xFB,0xD1,0x52,0x26,0x88,0x90,0x9D,0x0B } }; -static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { - 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B, - 0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { - NID_X9_62_prime_field, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", - "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", - "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", - "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1, - _EC_X9_62_PRIME_239V2_SEED, 20, - "X9.62 curve over a 239 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_PRIME_239V2 = { + { NID_X9_62_prime_field,20,30,1 }, + { 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B, /* seed */ + 0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC, + + 0x61,0x7F,0xAB,0x68,0x32,0x57,0x6C,0xBB,0xFE,0xD5, /* b */ + 0x0D,0x99,0xF0,0x24,0x9C,0x3F,0xEE,0x58,0xB9,0x4B, + 0xA0,0x03,0x8C,0x7A,0xE8,0x4C,0x8C,0x83,0x2F,0x2C, + + 0x38,0xAF,0x09,0xD9,0x87,0x27,0x70,0x51,0x20,0xC9, /* x */ + 0x21,0xBB,0x5E,0x9E,0x26,0x29,0x6A,0x3C,0xDC,0xF2, + 0xF3,0x57,0x57,0xA0,0xEA,0xFD,0x87,0xB8,0x30,0xE7, + + 0x5b,0x01,0x25,0xe4,0xdb,0xea,0x0e,0xc7,0x20,0x6d, /* y */ + 0xa0,0xfc,0x01,0xd9,0xb0,0x81,0x32,0x9f,0xb5,0x55, + 0xde,0x6e,0xf4,0x60,0x23,0x7d,0xff,0x8b,0xe4,0xba, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x80,0x00,0x00,0xCF,0xA7,0xE8,0x59,0x43, + 0x77,0xD4,0x14,0xC0,0x38,0x21,0xBC,0x58,0x20,0x63 } }; -static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { - 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A, - 0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { - NID_X9_62_prime_field, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", - "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", - "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1, - _EC_X9_62_PRIME_239V3_SEED, 20, - "X9.62 curve over a 239 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_PRIME_239V3 = { + { NID_X9_62_prime_field,20,30,1 }, + { 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A, /* seed */ + 0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC, + + 0x25,0x57,0x05,0xFA,0x2A,0x30,0x66,0x54,0xB1,0xF4, /* b */ + 0xCB,0x03,0xD6,0xA7,0x50,0xA3,0x0C,0x25,0x01,0x02, + 0xD4,0x98,0x87,0x17,0xD9,0xBA,0x15,0xAB,0x6D,0x3E, + + 0x67,0x68,0xAE,0x8E,0x18,0xBB,0x92,0xCF,0xCF,0x00, /* x */ + 0x5C,0x94,0x9A,0xA2,0xC6,0xD9,0x48,0x53,0xD0,0xE6, + 0x60,0xBB,0xF8,0x54,0xB1,0xC9,0x50,0x5F,0xE9,0x5A, + + 0x16,0x07,0xe6,0x89,0x8f,0x39,0x0c,0x06,0xbc,0x1d, /* y */ + 0x55,0x2b,0xad,0x22,0x6f,0x3b,0x6f,0xcf,0xe4,0x8b, + 0x6e,0x81,0x84,0x99,0xaf,0x18,0xe3,0xed,0x6c,0xf3, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0x97,0x5D,0xEB,0x41,0xB3, + 0xA6,0x05,0x7C,0x3C,0x43,0x21,0x46,0x52,0x65,0x51 } }; -static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { - 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, - 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { - NID_X9_62_prime_field, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", - "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1, - _EC_X9_62_PRIME_256V1_SEED, 20, - "X9.62/SECG curve over a 256 bit prime field" + +static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; } + _EC_X9_62_PRIME_256V1 = { + { NID_X9_62_prime_field,20,32,1 }, + { 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, /* seed */ + 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90, + + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFC, + 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB, /* b */ + 0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0, + 0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2, + 0x60,0x4B, + 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC, /* x */ + 0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81, + 0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98, + 0xC2,0x96, + 0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7, /* y */ + 0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57, + 0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf, + 0x51,0xf5, + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD, + 0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63, + 0x25,0x51 } }; + /* the secg prime curves (minus the nist and x9.62 prime curves) */ -static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { - 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68, - 0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1}; -static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = { - NID_X9_62_prime_field, - "DB7C2ABF62E35E668076BEAD208B", - "DB7C2ABF62E35E668076BEAD2088", - "659EF8BA043916EEDE8911702B22", - "09487239995A5EE76B55F9C2F098", - "a89ce5af8724c0a23e0e0ff77500", - "DB7C2ABF62E35E7628DFAC6561C5",1, - _EC_SECG_PRIME_112R1_SEED, 20, - "SECG/WTLS curve over a 112 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; } + _EC_SECG_PRIME_112R1 = { + { NID_X9_62_prime_field,20,14,1 }, + { 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68, /* seed */ + 0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1, + + 0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76, /* p */ + 0xBE,0xAD,0x20,0x8B, + 0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76, /* a */ + 0xBE,0xAD,0x20,0x88, + 0x65,0x9E,0xF8,0xBA,0x04,0x39,0x16,0xEE,0xDE,0x89, /* b */ + 0x11,0x70,0x2B,0x22, + 0x09,0x48,0x72,0x39,0x99,0x5A,0x5E,0xE7,0x6B,0x55, /* x */ + 0xF9,0xC2,0xF0,0x98, + 0xa8,0x9c,0xe5,0xaf,0x87,0x24,0xc0,0xa2,0x3e,0x0e, /* y */ + 0x0f,0xf7,0x75,0x00, + 0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x76,0x28,0xDF, /* order */ + 0xAC,0x65,0x61,0xC5 } }; -static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = { - 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68, - 0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4}; -static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = { - NID_X9_62_prime_field, - "DB7C2ABF62E35E668076BEAD208B", - "6127C24C05F38A0AAAF65C0EF02C", - "51DEF1815DB5ED74FCC34C85D709", - "4BA30AB5E892B4E1649DD0928643", - "adcd46f5882e3747def36e956e97", - "36DF0AAFD8B8D7597CA10520D04B",4, - _EC_SECG_PRIME_112R2_SEED, 20, - "SECG curve over a 112 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; } + _EC_SECG_PRIME_112R2 = { + { NID_X9_62_prime_field,20,14,4 }, + { 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68, /* seed */ + 0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4, + + 0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76, /* p */ + 0xBE,0xAD,0x20,0x8B, + 0x61,0x27,0xC2,0x4C,0x05,0xF3,0x8A,0x0A,0xAA,0xF6, /* a */ + 0x5C,0x0E,0xF0,0x2C, + 0x51,0xDE,0xF1,0x81,0x5D,0xB5,0xED,0x74,0xFC,0xC3, /* b */ + 0x4C,0x85,0xD7,0x09, + 0x4B,0xA3,0x0A,0xB5,0xE8,0x92,0xB4,0xE1,0x64,0x9D, /* x */ + 0xD0,0x92,0x86,0x43, + 0xad,0xcd,0x46,0xf5,0x88,0x2e,0x37,0x47,0xde,0xf3, /* y */ + 0x6e,0x95,0x6e,0x97, + 0x36,0xDF,0x0A,0xAF,0xD8,0xB8,0xD7,0x59,0x7C,0xA1, /* order */ + 0x05,0x20,0xD0,0x4B } }; -static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = { - 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, - 0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79}; -static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = { - NID_X9_62_prime_field, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", - "E87579C11079F43DD824993C2CEE5ED3", - "161FF7528B899B2D0C28607CA52C5B86", - "cf5ac8395bafeb13c02da292dded7a83", - "FFFFFFFE0000000075A30D1B9038A115",1, - _EC_SECG_PRIME_128R1_SEED, 20, - "SECG curve over a 128 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; } + _EC_SECG_PRIME_128R1 = { + { NID_X9_62_prime_field,20,16,1 }, + { 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, /* seed */ + 0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79, + + 0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFC, + 0xE8,0x75,0x79,0xC1,0x10,0x79,0xF4,0x3D,0xD8,0x24, /* b */ + 0x99,0x3C,0x2C,0xEE,0x5E,0xD3, + 0x16,0x1F,0xF7,0x52,0x8B,0x89,0x9B,0x2D,0x0C,0x28, /* x */ + 0x60,0x7C,0xA5,0x2C,0x5B,0x86, + 0xcf,0x5a,0xc8,0x39,0x5b,0xaf,0xeb,0x13,0xc0,0x2d, /* y */ + 0xa2,0x92,0xdd,0xed,0x7a,0x83, + 0xFF,0xFF,0xFF,0xFE,0x00,0x00,0x00,0x00,0x75,0xA3, /* order */ + 0x0D,0x1B,0x90,0x38,0xA1,0x15 } }; -static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = { - 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75, - 0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4}; -static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = { - NID_X9_62_prime_field, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "D6031998D1B3BBFEBF59CC9BBFF9AEE1", - "5EEEFCA380D02919DC2C6558BB6D8A5D", - "7B6AA5D85E572983E6FB32A7CDEBC140", - "27b6916a894d3aee7106fe805fc34b44", - "3FFFFFFF7FFFFFFFBE0024720613B5A3",4, - _EC_SECG_PRIME_128R2_SEED, 20, - "SECG curve over a 128 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; } + _EC_SECG_PRIME_128R2 = { + { NID_X9_62_prime_field,20,16,4 }, + { 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75, /* seed */ + 0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4, + + 0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xD6,0x03,0x19,0x98,0xD1,0xB3,0xBB,0xFE,0xBF,0x59, /* a */ + 0xCC,0x9B,0xBF,0xF9,0xAE,0xE1, + 0x5E,0xEE,0xFC,0xA3,0x80,0xD0,0x29,0x19,0xDC,0x2C, /* b */ + 0x65,0x58,0xBB,0x6D,0x8A,0x5D, + 0x7B,0x6A,0xA5,0xD8,0x5E,0x57,0x29,0x83,0xE6,0xFB, /* x */ + 0x32,0xA7,0xCD,0xEB,0xC1,0x40, + 0x27,0xb6,0x91,0x6a,0x89,0x4d,0x3a,0xee,0x71,0x06, /* y */ + 0xfe,0x80,0x5f,0xc3,0x4b,0x44, + 0x3F,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xBE,0x00, /* order */ + 0x24,0x72,0x06,0x13,0xB5,0xA3 } }; -static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "0", - "7", - "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", - "938cf935318fdced6bc28286531733c3f03c4fee", - "0100000000000000000001B8FA16DFAB9ACA16B6B3",1, - NULL, 0, - "SECG curve over a 160 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_SECG_PRIME_160K1 = { + { NID_X9_62_prime_field,0,21,1 }, + { /* no seed */ + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC, + 0x73, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x07, + 0x00,0x3B,0x4C,0x38,0x2C,0xE3,0x7A,0xA1,0x92,0xA4, /* x */ + 0x01,0x9E,0x76,0x30,0x36,0xF4,0xF5,0xDD,0x4D,0x7E, + 0xBB, + 0x00,0x93,0x8c,0xf9,0x35,0x31,0x8f,0xdc,0xed,0x6b, /* y */ + 0xc2,0x82,0x86,0x53,0x17,0x33,0xc3,0xf0,0x3c,0x4f, + 0xee, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x01,0xB8,0xFA,0x16,0xDF,0xAB,0x9A,0xCA,0x16,0xB6, + 0xB3 } }; -static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = { - 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45}; -static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", - "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", - "4A96B5688EF573284664698968C38BB913CBFC82", - "23a628553168947d59dcc912042351377ac5fb32", - "0100000000000000000001F4C8F927AED3CA752257",1, - _EC_SECG_PRIME_160R1_SEED, 20, - "SECG curve over a 160 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_SECG_PRIME_160R1 = { + { NID_X9_62_prime_field,20,21,1 }, + { 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45, + + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF, + 0xFF, + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF, + 0xFC, + 0x00,0x1C,0x97,0xBE,0xFC,0x54,0xBD,0x7A,0x8B,0x65, /* b */ + 0xAC,0xF8,0x9F,0x81,0xD4,0xD4,0xAD,0xC5,0x65,0xFA, + 0x45, + 0x00,0x4A,0x96,0xB5,0x68,0x8E,0xF5,0x73,0x28,0x46, /* x */ + 0x64,0x69,0x89,0x68,0xC3,0x8B,0xB9,0x13,0xCB,0xFC, + 0x82, + 0x00,0x23,0xa6,0x28,0x55,0x31,0x68,0x94,0x7d,0x59, /* y */ + 0xdc,0xc9,0x12,0x04,0x23,0x51,0x37,0x7a,0xc5,0xfb, + 0x32, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x01,0xF4,0xC8,0xF9,0x27,0xAE,0xD3,0xCA,0x75,0x22, + 0x57 } }; -static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = { - 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09, - 0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51}; -static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", - "B4E134D3FB59EB8BAB57274904664D5AF50388BA", - "52DCB034293A117E1F4FF11B30F7199D3144CE6D", - "feaffef2e331f296e071fa0df9982cfea7d43f2e", - "0100000000000000000000351EE786A818F3A1A16B",1, - _EC_SECG_PRIME_160R2_SEED, 20, - "SECG/WTLS curve over a 160 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_SECG_PRIME_160R2 = { + { NID_X9_62_prime_field,20,21,1 }, + { 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09, /* seed */ + 0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51, + + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC, + 0x73, + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC, + 0x70, + 0x00,0xB4,0xE1,0x34,0xD3,0xFB,0x59,0xEB,0x8B,0xAB, /* b */ + 0x57,0x27,0x49,0x04,0x66,0x4D,0x5A,0xF5,0x03,0x88, + 0xBA, + 0x00,0x52,0xDC,0xB0,0x34,0x29,0x3A,0x11,0x7E,0x1F, /* x */ + 0x4F,0xF1,0x1B,0x30,0xF7,0x19,0x9D,0x31,0x44,0xCE, + 0x6D, + 0x00,0xfe,0xaf,0xfe,0xf2,0xe3,0x31,0xf2,0x96,0xe0, /* y */ + 0x71,0xfa,0x0d,0xf9,0x98,0x2c,0xfe,0xa7,0xd4,0x3f, + 0x2e, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x35,0x1E,0xE7,0x86,0xA8,0x18,0xF3,0xA1,0xA1, + 0x6B } }; -static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", - "0", - "3", - "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", - "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1, - NULL, 20, - "SECG curve over a 192 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; } + _EC_SECG_PRIME_192K1 = { + { NID_X9_62_prime_field,0,24,1 }, + { /* no seed */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xFF,0xFF,0xEE,0x37, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x03, + 0xDB,0x4F,0xF1,0x0E,0xC0,0x57,0xE9,0xAE,0x26,0xB0, /* x */ + 0x7D,0x02,0x80,0xB7,0xF4,0x34,0x1D,0xA5,0xD1,0xB1, + 0xEA,0xE0,0x6C,0x7D, + 0x9b,0x2f,0x2f,0x6d,0x9c,0x56,0x28,0xa7,0x84,0x41, /* y */ + 0x63,0xd0,0x15,0xbe,0x86,0x34,0x40,0x82,0xaa,0x88, + 0xd9,0x5e,0x2f,0x9d, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFE,0x26,0xF2,0xFC,0x17,0x0F,0x69,0x46,0x6A, + 0x74,0xDE,0xFD,0x8D } }; -static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", - "0", - "5", - "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", - "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", - "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1, - NULL, 20, - "SECG curve over a 224 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+29*6]; } + _EC_SECG_PRIME_224K1 = { + { NID_X9_62_prime_field,0,29,1 }, + { /* no seed */ + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xE5,0x6D, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x05, + 0x00,0xA1,0x45,0x5B,0x33,0x4D,0xF0,0x99,0xDF,0x30, /* x */ + 0xFC,0x28,0xA1,0x69,0xA4,0x67,0xE9,0xE4,0x70,0x75, + 0xA9,0x0F,0x7E,0x65,0x0E,0xB6,0xB7,0xA4,0x5C, + 0x00,0x7e,0x08,0x9f,0xed,0x7f,0xba,0x34,0x42,0x82, /* y */ + 0xca,0xfb,0xd6,0xf7,0xe3,0x19,0xf7,0xc0,0xb0,0xbd, + 0x59,0xe2,0xca,0x4b,0xdb,0x55,0x6d,0x61,0xa5, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x01,0xDC,0xE8,0xD2,0xEC,0x61, + 0x84,0xCA,0xF0,0xA9,0x71,0x76,0x9F,0xB1,0xF7 } }; -static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", - "0", - "7", - "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1, - NULL, 20, - "SECG curve over a 256 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; } + _EC_SECG_PRIME_256K1 = { + { NID_X9_62_prime_field,0,32,1 }, + { /* no seed */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF, + 0xFC,0x2F, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x07, + 0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0, /* x */ + 0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB, + 0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8, + 0x17,0x98, + 0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4, /* y */ + 0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48, + 0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10, + 0xd4,0xb8, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6, + 0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36, + 0x41,0x41 } }; /* some wap/wtls curves */ -static const EC_CURVE_DATA _EC_WTLS_8 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", - "0", - "3", - "1", - "2", - "0100000000000001ECEA551AD837E9",1, - NULL, 20, - "WTLS curve over a 112 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; } + _EC_WTLS_8 = { + { NID_X9_62_prime_field,0,15,1 }, + { /* no seed */ + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFD,0xE7, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x03, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x */ + 0x00,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y */ + 0x00,0x00,0x00,0x00,0x02, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xEC,0xEA, /* order */ + 0x55,0x1A,0xD8,0x37,0xE9 } }; -static const EC_CURVE_DATA _EC_WTLS_9 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", - "0", - "3", - "1", - "2", - "0100000000000000000001CDC98AE0E2DE574ABF33",1, - NULL, 20, - "WTLS curve over a 160 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_WTLS_9 = { + { NID_X9_62_prime_field,0,21,1 }, + { /* no seed */ + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,0x80, + 0x8F, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x03, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x02, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x01,0xCD,0xC9,0x8A,0xE0,0xE2,0xDE,0x57,0x4A,0xBF, + 0x33 } }; -static const EC_CURVE_DATA _EC_WTLS_12 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, - NULL, 0, - "WTLS curvs over a 224 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; } + _EC_WTLS_12 = { + { NID_X9_62_prime_field,0,28,1 }, + { /* no seed */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41, /* b */ + 0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA, + 0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4, + 0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13, /* x */ + 0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22, + 0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21, + 0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22, /* y */ + 0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64, + 0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E, + 0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D } }; /* characteristic two curves */ -static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = { - 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87, - 0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000201", - "003088250CA6E7C7FE649CE85820F7", - "00E8BEE4D3E2260744188BE0E9C723", - "009D73616F35F4AB1407D73562C10F", - "00A52830277958EE84D1315ED31886", - "0100000000000000D9CCEC8A39E56F", 2, - _EC_SECG_CHAR2_113R1_SEED, 20, - "SECG curve over a 113 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; } + _EC_SECG_CHAR2_113R1 = { + { NID_X9_62_characteristic_two_field,20,15,2 }, + { 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87, /* seed */ + 0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x02,0x01, + 0x00,0x30,0x88,0x25,0x0C,0xA6,0xE7,0xC7,0xFE,0x64, /* a */ + 0x9C,0xE8,0x58,0x20,0xF7, + 0x00,0xE8,0xBE,0xE4,0xD3,0xE2,0x26,0x07,0x44,0x18, /* b */ + 0x8B,0xE0,0xE9,0xC7,0x23, + 0x00,0x9D,0x73,0x61,0x6F,0x35,0xF4,0xAB,0x14,0x07, /* x */ + 0xD7,0x35,0x62,0xC1,0x0F, + 0x00,0xA5,0x28,0x30,0x27,0x79,0x58,0xEE,0x84,0xD1, /* y */ + 0x31,0x5E,0xD3,0x18,0x86, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xD9,0xCC, /* order */ + 0xEC,0x8A,0x39,0xE5,0x6F } }; -static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = { - 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, - 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000201", - "00689918DBEC7E5A0DD6DFC0AA55C7", - "0095E9A9EC9B297BD4BF36E059184F", - "01A57A6A7B26CA5EF52FCDB8164797", - "00B3ADC94ED1FE674C06E695BABA1D", - "010000000000000108789B2496AF93", 2, - _EC_SECG_CHAR2_113R2_SEED, 20, - "SECG curve over a 113 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; } + _EC_SECG_CHAR2_113R2 = { + { NID_X9_62_characteristic_two_field,20,15,2 }, + { 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, /* seed */ + 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x02,0x01, + 0x00,0x68,0x99,0x18,0xDB,0xEC,0x7E,0x5A,0x0D,0xD6, /* a */ + 0xDF,0xC0,0xAA,0x55,0xC7, + 0x00,0x95,0xE9,0xA9,0xEC,0x9B,0x29,0x7B,0xD4,0xBF, /* b */ + 0x36,0xE0,0x59,0x18,0x4F, + 0x01,0xA5,0x7A,0x6A,0x7B,0x26,0xCA,0x5E,0xF5,0x2F, /* x */ + 0xCD,0xB8,0x16,0x47,0x97, + 0x00,0xB3,0xAD,0xC9,0x4E,0xD1,0xFE,0x67,0x4C,0x06, /* y */ + 0xE6,0x95,0xBA,0xBA,0x1D, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x08,0x78, /* order */ + 0x9B,0x24,0x96,0xAF,0x93 } }; -static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = { - 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98, - 0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000010D", - "07A11B09A76B562144418FF3FF8C2570B8", - "0217C05610884B63B9C6C7291678F9D341", - "0081BAF91FDF9833C40F9C181343638399", - "078C6E7EA38C001F73C8134B1B4EF9E150", - "0400000000000000023123953A9464B54D", 2, - _EC_SECG_CHAR2_131R1_SEED, 20, - "SECG/WTLS curve over a 131 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; } + _EC_SECG_CHAR2_131R1 = { + { NID_X9_62_characteristic_two_field,20,17,2 }, + { 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98, /* seed */ + 0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x01,0x0D, + 0x07,0xA1,0x1B,0x09,0xA7,0x6B,0x56,0x21,0x44,0x41, /* a */ + 0x8F,0xF3,0xFF,0x8C,0x25,0x70,0xB8, + 0x02,0x17,0xC0,0x56,0x10,0x88,0x4B,0x63,0xB9,0xC6, /* b */ + 0xC7,0x29,0x16,0x78,0xF9,0xD3,0x41, + 0x00,0x81,0xBA,0xF9,0x1F,0xDF,0x98,0x33,0xC4,0x0F, /* x */ + 0x9C,0x18,0x13,0x43,0x63,0x83,0x99, + 0x07,0x8C,0x6E,0x7E,0xA3,0x8C,0x00,0x1F,0x73,0xC8, /* y */ + 0x13,0x4B,0x1B,0x4E,0xF9,0xE1,0x50, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x31, /* order */ + 0x23,0x95,0x3A,0x94,0x64,0xB5,0x4D } }; -static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = { - 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000010D", - "03E5A88919D7CAFCBF415F07C2176573B2", - "04B8266A46C55657AC734CE38F018F2192", - "0356DCD8F2F95031AD652D23951BB366A8", - "0648F06D867940A5366D9E265DE9EB240F", - "0400000000000000016954A233049BA98F", 2, - _EC_SECG_CHAR2_131R2_SEED, 20, - "SECG curve over a 131 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; } + _EC_SECG_CHAR2_131R2 = { + { NID_X9_62_characteristic_two_field,20,17,2 }, + { 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x01,0x0D, + 0x03,0xE5,0xA8,0x89,0x19,0xD7,0xCA,0xFC,0xBF,0x41, /* a */ + 0x5F,0x07,0xC2,0x17,0x65,0x73,0xB2, + 0x04,0xB8,0x26,0x6A,0x46,0xC5,0x56,0x57,0xAC,0x73, /* b */ + 0x4C,0xE3,0x8F,0x01,0x8F,0x21,0x92, + 0x03,0x56,0xDC,0xD8,0xF2,0xF9,0x50,0x31,0xAD,0x65, /* x */ + 0x2D,0x23,0x95,0x1B,0xB3,0x66,0xA8, + 0x06,0x48,0xF0,0x6D,0x86,0x79,0x40,0xA5,0x36,0x6D, /* y */ + 0x9E,0x26,0x5D,0xE9,0xEB,0x24,0x0F, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x69, /* order */ + 0x54,0xA2,0x33,0x04,0x9B,0xA9,0x8F } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = { - NID_X9_62_characteristic_two_field, - "0800000000000000000000000000000000000000C9", - "1", - "1", - "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", - "0289070FB05D38FF58321F2E800536D538CCDAA3D9", - "04000000000000000000020108A2E0CC0D99F8A5EF", 2, - NULL, 0, - "NIST/SECG/WTLS curve over a 163 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_NIST_CHAR2_163K = { + { NID_X9_62_characteristic_two_field,0,21,2 }, + { /* no seed */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xC9, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x01, + 0x02,0xFE,0x13,0xC0,0x53,0x7B,0xBC,0x11,0xAC,0xAA, /* x */ + 0x07,0xD7,0x93,0xDE,0x4E,0x6D,0x5E,0x5C,0x94,0xEE, + 0xE8, + 0x02,0x89,0x07,0x0F,0xB0,0x5D,0x38,0xFF,0x58,0x32, /* y */ + 0x1F,0x2E,0x80,0x05,0x36,0xD5,0x38,0xCC,0xDA,0xA3, + 0xD9, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x02,0x01,0x08,0xA2,0xE0,0xCC,0x0D,0x99,0xF8,0xA5, + 0xEF } }; -static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = { - 0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67, - 0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = { - NID_X9_62_characteristic_two_field, - "0800000000000000000000000000000000000000C9", - "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", - "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", - "0369979697AB43897789566789567F787A7876A654", - "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", - "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2, +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_SECG_CHAR2_163R1 = { + { NID_X9_62_characteristic_two_field,0,21,2 }, + { /* no seed */ +#if 0 /* The algorithm used to derive the curve parameters from * the seed used here is slightly different than the - * algorithm described in X9.62 . - */ -#if 0 - _EC_SECG_CHAR2_163R1_SEED, 20, -#else - NULL, 0, + * algorithm described in X9.62 . */ + 0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67, + 0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C, #endif - "SECG curve over a 163 bit binary field" + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xC9, + 0x07,0xB6,0x88,0x2C,0xAA,0xEF,0xA8,0x4F,0x95,0x54, /* a */ + 0xFF,0x84,0x28,0xBD,0x88,0xE2,0x46,0xD2,0x78,0x2A, + 0xE2, + 0x07,0x13,0x61,0x2D,0xCD,0xDC,0xB4,0x0A,0xAB,0x94, /* b */ + 0x6B,0xDA,0x29,0xCA,0x91,0xF7,0x3A,0xF9,0x58,0xAF, + 0xD9, + 0x03,0x69,0x97,0x96,0x97,0xAB,0x43,0x89,0x77,0x89, /* x */ + 0x56,0x67,0x89,0x56,0x7F,0x78,0x7A,0x78,0x76,0xA6, + 0x54, + 0x00,0x43,0x5E,0xDB,0x42,0xEF,0xAF,0xB2,0x98,0x9D, /* y */ + 0x51,0xFE,0xFC,0xE3,0xC8,0x09,0x88,0xF4,0x1F,0xF8, + 0x83, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0x48,0xAA,0xB6,0x89,0xC2,0x9C,0xA7,0x10,0x27, + 0x9B } }; -static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = { - 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12, - 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={ - NID_X9_62_characteristic_two_field, - "0800000000000000000000000000000000000000C9", - "1", - "020A601907B8C953CA1481EB10512F78744A3205FD", - "03F0EBA16286A2D57EA0991168D4994637E8343E36", - "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - "040000000000000000000292FE77E70C12A4234C33", 2, -/* The seed here was used to created the curve parameters in normal - * basis representation (and not the polynomial representation used here) - */ +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_NIST_CHAR2_163B = { + { NID_X9_62_characteristic_two_field,0,21,2 }, + { /* no seed */ #if 0 - _EC_NIST_CHAR2_163B_SEED, 20, -#else - NULL, 0, +/* The seed here was used to created the curve parameters in normal + * basis representation (and not the polynomial representation used here) */ + 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12, + 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68, #endif - "NIST/SECG curve over a 163 bit binary field" + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xC9, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x01, + 0x02,0x0A,0x60,0x19,0x07,0xB8,0xC9,0x53,0xCA,0x14, /* b */ + 0x81,0xEB,0x10,0x51,0x2F,0x78,0x74,0x4A,0x32,0x05, + 0xFD, + 0x03,0xF0,0xEB,0xA1,0x62,0x86,0xA2,0xD5,0x7E,0xA0, /* x */ + 0x99,0x11,0x68,0xD4,0x99,0x46,0x37,0xE8,0x34,0x3E, + 0x36, + 0x00,0xD5,0x1F,0xBC,0x6C,0x71,0xA0,0x09,0x4F,0xA2, /* y */ + 0xCD,0xD5,0x45,0xB1,0x1C,0x5C,0x0C,0x79,0x73,0x24, + 0xF1, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x02,0x92,0xFE,0x77,0xE7,0x0C,0x12,0xA4,0x23,0x4C, + 0x33 } }; -static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = { - 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75, - 0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = { - NID_X9_62_characteristic_two_field, - "02000000000000000000000000000000000000000000008001", - "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", - "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", - "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", - "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", - "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, - _EC_SECG_CHAR2_193R1_SEED, 20, - "SECG curve over a 193 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; } + _EC_SECG_CHAR2_193R1 = { + { NID_X9_62_characteristic_two_field,20,25,2 }, + { 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75, /* seed */ + 0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x80,0x01, + 0x00,0x17,0x85,0x8F,0xEB,0x7A,0x98,0x97,0x51,0x69, /* a */ + 0xE1,0x71,0xF7,0x7B,0x40,0x87,0xDE,0x09,0x8A,0xC8, + 0xA9,0x11,0xDF,0x7B,0x01, + 0x00,0xFD,0xFB,0x49,0xBF,0xE6,0xC3,0xA8,0x9F,0xAC, /* b */ + 0xAD,0xAA,0x7A,0x1E,0x5B,0xBC,0x7C,0xC1,0xC2,0xE5, + 0xD8,0x31,0x47,0x88,0x14, + 0x01,0xF4,0x81,0xBC,0x5F,0x0F,0xF8,0x4A,0x74,0xAD, /* x */ + 0x6C,0xDF,0x6F,0xDE,0xF4,0xBF,0x61,0x79,0x62,0x53, + 0x72,0xD8,0xC0,0xC5,0xE1, + 0x00,0x25,0xE3,0x99,0xF2,0x90,0x37,0x12,0xCC,0xF3, /* y */ + 0xEA,0x9E,0x3A,0x1A,0xD1,0x7F,0xB0,0xB3,0x20,0x1B, + 0x6A,0xF7,0xCE,0x1B,0x05, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0xC7,0xF3,0x4A,0x77,0x8F,0x44,0x3A, + 0xCC,0x92,0x0E,0xBA,0x49 } }; -static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = { - 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15, - 0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = { - NID_X9_62_characteristic_two_field, - "02000000000000000000000000000000000000000000008001", - "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", - "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", - "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", - "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", - "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, - _EC_SECG_CHAR2_193R2_SEED, 20, - "SECG curve over a 193 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; } + _EC_SECG_CHAR2_193R2 = { + { NID_X9_62_characteristic_two_field,20,25,2 }, + { 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15, /* seed */ + 0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x80,0x01, + 0x01,0x63,0xF3,0x5A,0x51,0x37,0xC2,0xCE,0x3E,0xA6, /* a */ + 0xED,0x86,0x67,0x19,0x0B,0x0B,0xC4,0x3E,0xCD,0x69, + 0x97,0x77,0x02,0x70,0x9B, + 0x00,0xC9,0xBB,0x9E,0x89,0x27,0xD4,0xD6,0x4C,0x37, /* b */ + 0x7E,0x2A,0xB2,0x85,0x6A,0x5B,0x16,0xE3,0xEF,0xB7, + 0xF6,0x1D,0x43,0x16,0xAE, + 0x00,0xD9,0xB6,0x7D,0x19,0x2E,0x03,0x67,0xC8,0x03, /* x */ + 0xF3,0x9E,0x1A,0x7E,0x82,0xCA,0x14,0xA6,0x51,0x35, + 0x0A,0xAE,0x61,0x7E,0x8F, + 0x01,0xCE,0x94,0x33,0x56,0x07,0xC3,0x04,0xAC,0x29, /* y */ + 0xE7,0xDE,0xFB,0xD9,0xCA,0x01,0xF5,0x96,0xF9,0x27, + 0x22,0x4C,0xDE,0xCF,0x6C, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x01,0x5A,0xAB,0x56,0x1B,0x00,0x54,0x13, + 0xCC,0xD4,0xEE,0x99,0xD5 } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000000000000004000000000000000001", - "0", - "1", - "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", - "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", - "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, - NULL, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; } + _EC_NIST_CHAR2_233K = { + { NID_X9_62_characteristic_two_field,0,30,4 }, + { /* no seed */ + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x01,0x72,0x32,0xBA,0x85,0x3A,0x7E,0x73,0x1A,0xF1, /* x */ + 0x29,0xF2,0x2F,0xF4,0x14,0x95,0x63,0xA4,0x19,0xC2, + 0x6B,0xF5,0x0A,0x4C,0x9D,0x6E,0xEF,0xAD,0x61,0x26, + + 0x01,0xDB,0x53,0x7D,0xEC,0xE8,0x19,0xB7,0xF7,0x0F, /* y */ + 0x55,0x5A,0x67,0xC4,0x27,0xA8,0xCD,0x9B,0xF1,0x8A, + 0xEB,0x9B,0x56,0xE0,0xC1,0x10,0x56,0xFA,0xE6,0xA3, + + 0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x06,0x9D,0x5B,0xB9,0x15, + 0xBC,0xD4,0x6E,0xFB,0x1A,0xD5,0xF1,0x73,0xAB,0xDF } }; -static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = { - 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1, - 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000001", - "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", - "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", - "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", - "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, - _EC_NIST_CHAR2_233B_SEED, 20, - "NIST/SECG/WTLS curve over a 233 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_NIST_CHAR2_233B = { + { NID_X9_62_characteristic_two_field,20,30,2 }, + { 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1, /* seed */ + 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x66,0x64,0x7E,0xDE,0x6C,0x33,0x2C,0x7F,0x8C, /* b */ + 0x09,0x23,0xBB,0x58,0x21,0x3B,0x33,0x3B,0x20,0xE9, + 0xCE,0x42,0x81,0xFE,0x11,0x5F,0x7D,0x8F,0x90,0xAD, + + 0x00,0xFA,0xC9,0xDF,0xCB,0xAC,0x83,0x13,0xBB,0x21, /* x */ + 0x39,0xF1,0xBB,0x75,0x5F,0xEF,0x65,0xBC,0x39,0x1F, + 0x8B,0x36,0xF8,0xF8,0xEB,0x73,0x71,0xFD,0x55,0x8B, + + 0x01,0x00,0x6A,0x08,0xA4,0x19,0x03,0x35,0x06,0x78, /* y */ + 0xE5,0x85,0x28,0xBE,0xBF,0x8A,0x0B,0xEF,0xF8,0x67, + 0xA7,0xCA,0x36,0x71,0x6F,0x7E,0x01,0xF8,0x10,0x52, + + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x13,0xE9,0x74,0xE7,0x2F, + 0x8A,0x69,0x22,0x03,0x1D,0x26,0x03,0xCF,0xE0,0xD7 } }; -static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000004000000000000000000000000000000000000001", - "0", - "1", - "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", - "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", - "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, - NULL, 0, - "SECG curve over a 239 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; } + _EC_SECG_CHAR2_239K1 = { + { NID_X9_62_characteristic_two_field,0,30,4 }, + { /* no seed */ + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x29,0xA0,0xB6,0xA8,0x87,0xA9,0x83,0xE9,0x73,0x09, /* x */ + 0x88,0xA6,0x87,0x27,0xA8,0xB2,0xD1,0x26,0xC4,0x4C, + 0xC2,0xCC,0x7B,0x2A,0x65,0x55,0x19,0x30,0x35,0xDC, + + 0x76,0x31,0x08,0x04,0xF1,0x2E,0x54,0x9B,0xDB,0x01, /* y */ + 0x1C,0x10,0x30,0x89,0xE7,0x35,0x10,0xAC,0xB2,0x75, + 0xFC,0x31,0x2A,0x5D,0xC6,0xB7,0x65,0x53,0xF0,0xCA, + + 0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x5A,0x79,0xFE,0xC6,0x7C, + 0xB6,0xE9,0x1F,0x1C,0x1D,0xA8,0x00,0xE4,0x78,0xA5 } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000000000000000000000000000000001" - "0A1", - "0", - "1", - "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492" - "836", - "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2" - "259", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" - "C61", 4, - NULL, 20, - "NIST/SECG curve over a 283 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+36*6]; } + _EC_NIST_CHAR2_283K = { + { NID_X9_62_characteristic_two_field,0,36,4 }, + { /* no seed */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x10,0xA1, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x01, + 0x05,0x03,0x21,0x3F,0x78,0xCA,0x44,0x88,0x3F,0x1A, /* x */ + 0x3B,0x81,0x62,0xF1,0x88,0xE5,0x53,0xCD,0x26,0x5F, + 0x23,0xC1,0x56,0x7A,0x16,0x87,0x69,0x13,0xB0,0xC2, + 0xAC,0x24,0x58,0x49,0x28,0x36, + 0x01,0xCC,0xDA,0x38,0x0F,0x1C,0x9E,0x31,0x8D,0x90, /* y */ + 0xF9,0x5D,0x07,0xE5,0x42,0x6F,0xE8,0x7E,0x45,0xC0, + 0xE8,0x18,0x46,0x98,0xE4,0x59,0x62,0x36,0x4E,0x34, + 0x11,0x61,0x77,0xDD,0x22,0x59, + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE9,0xAE, + 0x2E,0xD0,0x75,0x77,0x26,0x5D,0xFF,0x7F,0x94,0x45, + 0x1E,0x06,0x1E,0x16,0x3C,0x61 } }; -static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = { - 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D, - 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000000000000000000000000000000001" - "0A1", - "000000000000000000000000000000000000000000000000000000000000000000000" - "001", - "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A" - "2F5", - "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12" - "053", - "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811" - "2F4", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" - "307", 2, - _EC_NIST_CHAR2_283B_SEED, 20, - "NIST/SECG curve over a 283 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+36*6]; } + _EC_NIST_CHAR2_283B = { + { NID_X9_62_characteristic_two_field,20,36,2 }, + { 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D, /* no seed */ + 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x10,0xA1, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x01, + 0x02,0x7B,0x68,0x0A,0xC8,0xB8,0x59,0x6D,0xA5,0xA4, /* b */ + 0xAF,0x8A,0x19,0xA0,0x30,0x3F,0xCA,0x97,0xFD,0x76, + 0x45,0x30,0x9F,0xA2,0xA5,0x81,0x48,0x5A,0xF6,0x26, + 0x3E,0x31,0x3B,0x79,0xA2,0xF5, + 0x05,0xF9,0x39,0x25,0x8D,0xB7,0xDD,0x90,0xE1,0x93, /* x */ + 0x4F,0x8C,0x70,0xB0,0xDF,0xEC,0x2E,0xED,0x25,0xB8, + 0x55,0x7E,0xAC,0x9C,0x80,0xE2,0xE1,0x98,0xF8,0xCD, + 0xBE,0xCD,0x86,0xB1,0x20,0x53, + 0x03,0x67,0x68,0x54,0xFE,0x24,0x14,0x1C,0xB9,0x8F, /* y */ + 0xE6,0xD4,0xB2,0x0D,0x02,0xB4,0x51,0x6F,0xF7,0x02, + 0x35,0x0E,0xDD,0xB0,0x82,0x67,0x79,0xC8,0x13,0xF0, + 0xDF,0x45,0xBE,0x81,0x12,0xF4, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xEF,0x90, + 0x39,0x96,0x60,0xFC,0x93,0x8A,0x90,0x16,0x5B,0x04, + 0x2A,0x7C,0xEF,0xAD,0xB3,0x07 } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000000000000000000000000000000000000000000" - "00000000000008000000000000000000001", - "0", - "1", - "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601" - "89EB5AAAA62EE222EB1B35540CFE9023746", - "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6" - "C42E9C55215AA9CA27A5863EC48D8E0286B", - "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" - "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, - NULL, 0, - "NIST/SECG curve over a 409 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+52*6]; } + _EC_NIST_CHAR2_409K = { + { NID_X9_62_characteristic_two_field,0,52,4 }, + { /* no seed */ + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x00,0x60,0xF0,0x5F,0x65,0x8F,0x49,0xC1,0xAD,0x3A, /* x */ + 0xB1,0x89,0x0F,0x71,0x84,0x21,0x0E,0xFD,0x09,0x87, + 0xE3,0x07,0xC8,0x4C,0x27,0xAC,0xCF,0xB8,0xF9,0xF6, + 0x7C,0xC2,0xC4,0x60,0x18,0x9E,0xB5,0xAA,0xAA,0x62, + 0xEE,0x22,0x2E,0xB1,0xB3,0x55,0x40,0xCF,0xE9,0x02, + 0x37,0x46, + 0x01,0xE3,0x69,0x05,0x0B,0x7C,0x4E,0x42,0xAC,0xBA, /* y */ + 0x1D,0xAC,0xBF,0x04,0x29,0x9C,0x34,0x60,0x78,0x2F, + 0x91,0x8E,0xA4,0x27,0xE6,0x32,0x51,0x65,0xE9,0xEA, + 0x10,0xE3,0xDA,0x5F,0x6C,0x42,0xE9,0xC5,0x52,0x15, + 0xAA,0x9C,0xA2,0x7A,0x58,0x63,0xEC,0x48,0xD8,0xE0, + 0x28,0x6B, + 0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0x5F,0x83,0xB2, + 0xD4,0xEA,0x20,0x40,0x0E,0xC4,0x55,0x7D,0x5E,0xD3, + 0xE3,0xE7,0xCA,0x5B,0x4B,0x5C,0x83,0xB8,0xE0,0x1E, + 0x5F,0xCF } }; -static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = { - 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21, - 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000000000000000000000000000000000000000000" - "00000000000008000000000000000000001", - "000000000000000000000000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19" - "7B272822F6CD57A55AA4F50AE317B13545F", - "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255" - "A868A1180515603AEAB60794E54BB7996A7", - "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514" - "F1FDF4B4F40D2181B3681C364BA0273C706", - "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" - "7BE5FA47C3C9E052F838164CD37D9A21173", 2, - _EC_NIST_CHAR2_409B_SEED, 20, - "NIST/SECG curve over a 409 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+52*6]; } + _EC_NIST_CHAR2_409B = { + { NID_X9_62_characteristic_two_field,20,52,2 }, + { 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21, /* seed */ + 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x00,0x21,0xA5,0xC2,0xC8,0xEE,0x9F,0xEB,0x5C,0x4B, /* b */ + 0x9A,0x75,0x3B,0x7B,0x47,0x6B,0x7F,0xD6,0x42,0x2E, + 0xF1,0xF3,0xDD,0x67,0x47,0x61,0xFA,0x99,0xD6,0xAC, + 0x27,0xC8,0xA9,0xA1,0x97,0xB2,0x72,0x82,0x2F,0x6C, + 0xD5,0x7A,0x55,0xAA,0x4F,0x50,0xAE,0x31,0x7B,0x13, + 0x54,0x5F, + 0x01,0x5D,0x48,0x60,0xD0,0x88,0xDD,0xB3,0x49,0x6B, /* x */ + 0x0C,0x60,0x64,0x75,0x62,0x60,0x44,0x1C,0xDE,0x4A, + 0xF1,0x77,0x1D,0x4D,0xB0,0x1F,0xFE,0x5B,0x34,0xE5, + 0x97,0x03,0xDC,0x25,0x5A,0x86,0x8A,0x11,0x80,0x51, + 0x56,0x03,0xAE,0xAB,0x60,0x79,0x4E,0x54,0xBB,0x79, + 0x96,0xA7, + 0x00,0x61,0xB1,0xCF,0xAB,0x6B,0xE5,0xF3,0x2B,0xBF, /* y */ + 0xA7,0x83,0x24,0xED,0x10,0x6A,0x76,0x36,0xB9,0xC5, + 0xA7,0xBD,0x19,0x8D,0x01,0x58,0xAA,0x4F,0x54,0x88, + 0xD0,0x8F,0x38,0x51,0x4F,0x1F,0xDF,0x4B,0x4F,0x40, + 0xD2,0x18,0x1B,0x36,0x81,0xC3,0x64,0xBA,0x02,0x73, + 0xC7,0x06, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xE2,0xAA,0xD6, + 0xA6,0x12,0xF3,0x33,0x07,0xBE,0x5F,0xA4,0x7C,0x3C, + 0x9E,0x05,0x2F,0x83,0x81,0x64,0xCD,0x37,0xD9,0xA2, + 0x11,0x73 } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000000000000000000000000" - "000000000000000000000000000000000000000000000000000000000000000000000" - "00425", - "0", - "1", - "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709" - "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0" - "1C8972", - "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497" - "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E" - "F1C7A3", - "020000000000000000000000000000000000000000000000000000000000000000000" - "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" - "7C1001", 4, - NULL, 0, - "NIST/SECG curve over a 571 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+72*6]; } + _EC_NIST_CHAR2_571K = { + { NID_X9_62_characteristic_two_field,0,72,4 }, + { /* no seed */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x25, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x02,0x6E,0xB7,0xA8,0x59,0x92,0x3F,0xBC,0x82,0x18, /* x */ + 0x96,0x31,0xF8,0x10,0x3F,0xE4,0xAC,0x9C,0xA2,0x97, + 0x00,0x12,0xD5,0xD4,0x60,0x24,0x80,0x48,0x01,0x84, + 0x1C,0xA4,0x43,0x70,0x95,0x84,0x93,0xB2,0x05,0xE6, + 0x47,0xDA,0x30,0x4D,0xB4,0xCE,0xB0,0x8C,0xBB,0xD1, + 0xBA,0x39,0x49,0x47,0x76,0xFB,0x98,0x8B,0x47,0x17, + 0x4D,0xCA,0x88,0xC7,0xE2,0x94,0x52,0x83,0xA0,0x1C, + 0x89,0x72, + 0x03,0x49,0xDC,0x80,0x7F,0x4F,0xBF,0x37,0x4F,0x4A, /* y */ + 0xEA,0xDE,0x3B,0xCA,0x95,0x31,0x4D,0xD5,0x8C,0xEC, + 0x9F,0x30,0x7A,0x54,0xFF,0xC6,0x1E,0xFC,0x00,0x6D, + 0x8A,0x2C,0x9D,0x49,0x79,0xC0,0xAC,0x44,0xAE,0xA7, + 0x4F,0xBE,0xBB,0xB9,0xF7,0x72,0xAE,0xDC,0xB6,0x20, + 0xB0,0x1A,0x7B,0xA7,0xAF,0x1B,0x32,0x04,0x30,0xC8, + 0x59,0x19,0x84,0xF6,0x01,0xCD,0x4C,0x14,0x3E,0xF1, + 0xC7,0xA3, + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x13,0x18,0x50,0xE1, + 0xF1,0x9A,0x63,0xE4,0xB3,0x91,0xA8,0xDB,0x91,0x7F, + 0x41,0x38,0xB6,0x30,0xD8,0x4B,0xE5,0xD6,0x39,0x38, + 0x1E,0x91,0xDE,0xB4,0x5C,0xFE,0x77,0x8F,0x63,0x7C, + 0x10,0x01 } }; -static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = { - 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B, - 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000000000000000000000000" - "000000000000000000000000000000000000000000000000000000000000000000000" - "00425", - "000000000000000000000000000000000000000000000000000000000000000000000" - "000000000000000000000000000000000000000000000000000000000000000000000" - "000001", - "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA" - "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29" - "55727A", - "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53" - "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E" - "EC2D19", - "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423" - "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B" - "8AC15B", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" - "E84E47", 2, - _EC_NIST_CHAR2_571B_SEED, 20, - "NIST/SECG curve over a 571 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+72*6]; } + _EC_NIST_CHAR2_571B = { + { NID_X9_62_characteristic_two_field,20,72,2 }, + { 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B, /* seed */ + 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x25, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x02,0xF4,0x0E,0x7E,0x22,0x21,0xF2,0x95,0xDE,0x29, /* b */ + 0x71,0x17,0xB7,0xF3,0xD6,0x2F,0x5C,0x6A,0x97,0xFF, + 0xCB,0x8C,0xEF,0xF1,0xCD,0x6B,0xA8,0xCE,0x4A,0x9A, + 0x18,0xAD,0x84,0xFF,0xAB,0xBD,0x8E,0xFA,0x59,0x33, + 0x2B,0xE7,0xAD,0x67,0x56,0xA6,0x6E,0x29,0x4A,0xFD, + 0x18,0x5A,0x78,0xFF,0x12,0xAA,0x52,0x0E,0x4D,0xE7, + 0x39,0xBA,0xCA,0x0C,0x7F,0xFE,0xFF,0x7F,0x29,0x55, + 0x72,0x7A, + 0x03,0x03,0x00,0x1D,0x34,0xB8,0x56,0x29,0x6C,0x16, /* x */ + 0xC0,0xD4,0x0D,0x3C,0xD7,0x75,0x0A,0x93,0xD1,0xD2, + 0x95,0x5F,0xA8,0x0A,0xA5,0xF4,0x0F,0xC8,0xDB,0x7B, + 0x2A,0xBD,0xBD,0xE5,0x39,0x50,0xF4,0xC0,0xD2,0x93, + 0xCD,0xD7,0x11,0xA3,0x5B,0x67,0xFB,0x14,0x99,0xAE, + 0x60,0x03,0x86,0x14,0xF1,0x39,0x4A,0xBF,0xA3,0xB4, + 0xC8,0x50,0xD9,0x27,0xE1,0xE7,0x76,0x9C,0x8E,0xEC, + 0x2D,0x19, + 0x03,0x7B,0xF2,0x73,0x42,0xDA,0x63,0x9B,0x6D,0xCC, /* y */ + 0xFF,0xFE,0xB7,0x3D,0x69,0xD7,0x8C,0x6C,0x27,0xA6, + 0x00,0x9C,0xBB,0xCA,0x19,0x80,0xF8,0x53,0x39,0x21, + 0xE8,0xA6,0x84,0x42,0x3E,0x43,0xBA,0xB0,0x8A,0x57, + 0x62,0x91,0xAF,0x8F,0x46,0x1B,0xB2,0xA8,0xB3,0x53, + 0x1D,0x2F,0x04,0x85,0xC1,0x9B,0x16,0xE2,0xF1,0x51, + 0x6E,0x23,0xDD,0x3C,0x1A,0x48,0x27,0xAF,0x1B,0x8A, + 0xC1,0x5B, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE6,0x61,0xCE,0x18, + 0xFF,0x55,0x98,0x73,0x08,0x05,0x9B,0x18,0x68,0x23, + 0x85,0x1E,0xC7,0xDD,0x9C,0xA1,0x16,0x1D,0xE9,0x3D, + 0x51,0x74,0xD6,0x6E,0x83,0x82,0xE9,0xBB,0x2F,0xE8, + 0x4E,0x47 } }; -static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = { - 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, - 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000107", - "072546B5435234A422E0789675F432C89435DE5242", - "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", - "07AF69989546103D79329FCC3D74880F33BBE803CB", - "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", - "0400000000000000000001E60FC8821CC74DAEAFC1", 2, - _EC_X9_62_CHAR2_163V1_SEED, 20, - "X9.62 curve over a 163 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_X9_62_CHAR2_163V1 = { + { NID_X9_62_characteristic_two_field,20,21,2 }, + { 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, + 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54, /* seed */ + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x07, + 0x07,0x25,0x46,0xB5,0x43,0x52,0x34,0xA4,0x22,0xE0, /* a */ + 0x78,0x96,0x75,0xF4,0x32,0xC8,0x94,0x35,0xDE,0x52, + 0x42, + 0x00,0xC9,0x51,0x7D,0x06,0xD5,0x24,0x0D,0x3C,0xFF, /* b */ + 0x38,0xC7,0x4B,0x20,0xB6,0xCD,0x4D,0x6F,0x9D,0xD4, + 0xD9, + 0x07,0xAF,0x69,0x98,0x95,0x46,0x10,0x3D,0x79,0x32, /* x */ + 0x9F,0xCC,0x3D,0x74,0x88,0x0F,0x33,0xBB,0xE8,0x03, + 0xCB, + 0x01,0xEC,0x23,0x21,0x1B,0x59,0x66,0xAD,0xEA,0x1D, /* y */ + 0x3F,0x87,0xF7,0xEA,0x58,0x48,0xAE,0xF0,0xB7,0xCA, + 0x9F, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x01,0xE6,0x0F,0xC8,0x82,0x1C,0xC7,0x4D,0xAE,0xAF, + 0xC1 } }; -static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { - 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000107", - "0108B39E77C4B108BED981ED0E890E117C511CF072", - "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", - "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", - "079F684DDF6684C5CD258B3890021B2386DFD19FC5", - "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, - _EC_X9_62_CHAR2_163V2_SEED, 20, - "X9.62 curve over a 163 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_X9_62_CHAR2_163V2 = { + { NID_X9_62_characteristic_two_field,20,21,2 }, + { 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x07, + 0x01,0x08,0xB3,0x9E,0x77,0xC4,0xB1,0x08,0xBE,0xD9, /* a */ + 0x81,0xED,0x0E,0x89,0x0E,0x11,0x7C,0x51,0x1C,0xF0, + 0x72, + 0x06,0x67,0xAC,0xEB,0x38,0xAF,0x4E,0x48,0x8C,0x40, /* b */ + 0x74,0x33,0xFF,0xAE,0x4F,0x1C,0x81,0x16,0x38,0xDF, + 0x20, + 0x00,0x24,0x26,0x6E,0x4E,0xB5,0x10,0x6D,0x0A,0x96, /* x */ + 0x4D,0x92,0xC4,0x86,0x0E,0x26,0x71,0xDB,0x9B,0x6C, + 0xC5, + 0x07,0x9F,0x68,0x4D,0xDF,0x66,0x84,0xC5,0xCD,0x25, /* y */ + 0x8B,0x38,0x90,0x02,0x1B,0x23,0x86,0xDF,0xD1,0x9F, + 0xC5, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFD,0xF6,0x4D,0xE1,0x15,0x1A,0xDB,0xB7,0x8F,0x10, + 0xA7 } }; -static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { - 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67, - 0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000107", - "07A526C63D3E25A256A007699F5447E32AE456B50E", - "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", - "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", - "05B935590C155E17EA48EB3FF3718B893DF59A05D0", - "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, - _EC_X9_62_CHAR2_163V3_SEED, 20, - "X9.62 curve over a 163 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_X9_62_CHAR2_163V3 = { + { NID_X9_62_characteristic_two_field,20,21,2 }, + { 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67, /* seed */ + 0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x07, + 0x07,0xA5,0x26,0xC6,0x3D,0x3E,0x25,0xA2,0x56,0xA0, /* a */ + 0x07,0x69,0x9F,0x54,0x47,0xE3,0x2A,0xE4,0x56,0xB5, + 0x0E, + 0x03,0xF7,0x06,0x17,0x98,0xEB,0x99,0xE2,0x38,0xFD, /* b */ + 0x6F,0x1B,0xF9,0x5B,0x48,0xFE,0xEB,0x48,0x54,0x25, + 0x2B, + 0x02,0xF9,0xF8,0x7B,0x7C,0x57,0x4D,0x0B,0xDE,0xCF, /* x */ + 0x8A,0x22,0xE6,0x52,0x47,0x75,0xF9,0x8C,0xDE,0xBD, + 0xCB, + 0x05,0xB9,0x35,0x59,0x0C,0x15,0x5E,0x17,0xEA,0x48, /* y */ + 0xEB,0x3F,0xF3,0x71,0x8B,0x89,0x3D,0xF5,0x9A,0x05, + 0xD0, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFE,0x1A,0xEE,0x14,0x0F,0x11,0x0A,0xFF,0x96,0x13, + 0x09 } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { - NID_X9_62_characteristic_two_field, - "0100000000000000000000000000000000080000000007", - "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", - "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", - "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", - "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", - "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, - NULL, 0, - "X9.62 curve over a 176 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+23*6]; } + _EC_X9_62_CHAR2_176V1 = { + { NID_X9_62_characteristic_two_field,0,23,0xFF6E }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00, + 0x00,0x00,0x07, + 0x00,0xE4,0xE6,0xDB,0x29,0x95,0x06,0x5C,0x40,0x7D, /* a */ + 0x9D,0x39,0xB8,0xD0,0x96,0x7B,0x96,0x70,0x4B,0xA8, + 0xE9,0xC9,0x0B, + 0x00,0x5D,0xDA,0x47,0x0A,0xBE,0x64,0x14,0xDE,0x8E, /* b */ + 0xC1,0x33,0xAE,0x28,0xE9,0xBB,0xD7,0xFC,0xEC,0x0A, + 0xE0,0xFF,0xF2, + 0x00,0x8D,0x16,0xC2,0x86,0x67,0x98,0xB6,0x00,0xF9, /* x */ + 0xF0,0x8B,0xB4,0xA8,0xE8,0x60,0xF3,0x29,0x8C,0xE0, + 0x4A,0x57,0x98, + 0x00,0x6F,0xA4,0x53,0x9C,0x2D,0xAD,0xDD,0xD6,0xBA, /* y */ + 0xB5,0x16,0x7D,0x61,0xB4,0x36,0xE1,0xD9,0x2B,0xB1, + 0x6A,0x56,0x2C, + 0x00,0x00,0x01,0x00,0x92,0x53,0x73,0x97,0xEC,0xA4, /* order */ + 0xF6,0x14,0x57,0x99,0xD6,0x2B,0x0A,0x19,0xCE,0x06, + 0xFE,0x26,0xAD } }; -static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { - 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000201", - "2866537B676752636A68F56554E12640276B649EF7526267", - "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", - "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", - "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", - "40000000000000000000000004A20E90C39067C893BBB9A5", 2, - _EC_X9_62_CHAR2_191V1_SEED, 20, - "X9.62 curve over a 191 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_CHAR2_191V1 = { + { NID_X9_62_characteristic_two_field,20,24,2 }, + { 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x02,0x01, + 0x28,0x66,0x53,0x7B,0x67,0x67,0x52,0x63,0x6A,0x68, /* a */ + 0xF5,0x65,0x54,0xE1,0x26,0x40,0x27,0x6B,0x64,0x9E, + 0xF7,0x52,0x62,0x67, + 0x2E,0x45,0xEF,0x57,0x1F,0x00,0x78,0x6F,0x67,0xB0, /* b */ + 0x08,0x1B,0x94,0x95,0xA3,0xD9,0x54,0x62,0xF5,0xDE, + 0x0A,0xA1,0x85,0xEC, + 0x36,0xB3,0xDA,0xF8,0xA2,0x32,0x06,0xF9,0xC4,0xF2, /* x */ + 0x99,0xD7,0xB2,0x1A,0x9C,0x36,0x91,0x37,0xF2,0xC8, + 0x4A,0xE1,0xAA,0x0D, + 0x76,0x5B,0xE7,0x34,0x33,0xB3,0xF9,0x5E,0x33,0x29, /* y */ + 0x32,0xE7,0x0E,0xA2,0x45,0xCA,0x24,0x18,0xEA,0x0E, + 0xF9,0x80,0x18,0xFB, + 0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x04,0xA2,0x0E,0x90,0xC3,0x90,0x67,0xC8, + 0x93,0xBB,0xB9,0xA5 } }; -static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { - 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000201", - "401028774D7777C7B7666D1366EA432071274F89FF01E718", - "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", - "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", - "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", - "20000000000000000000000050508CB89F652824E06B8173", 4, - _EC_X9_62_CHAR2_191V2_SEED, 20, - "X9.62 curve over a 191 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_CHAR2_191V2 = { + { NID_X9_62_characteristic_two_field,20,24,4 }, + { 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x02,0x01, + 0x40,0x10,0x28,0x77,0x4D,0x77,0x77,0xC7,0xB7,0x66, /* a */ + 0x6D,0x13,0x66,0xEA,0x43,0x20,0x71,0x27,0x4F,0x89, + 0xFF,0x01,0xE7,0x18, + 0x06,0x20,0x04,0x8D,0x28,0xBC,0xBD,0x03,0xB6,0x24, /* b */ + 0x9C,0x99,0x18,0x2B,0x7C,0x8C,0xD1,0x97,0x00,0xC3, + 0x62,0xC4,0x6A,0x01, + 0x38,0x09,0xB2,0xB7,0xCC,0x1B,0x28,0xCC,0x5A,0x87, /* x */ + 0x92,0x6A,0xAD,0x83,0xFD,0x28,0x78,0x9E,0x81,0xE2, + 0xC9,0xE3,0xBF,0x10, + 0x17,0x43,0x43,0x86,0x62,0x6D,0x14,0xF3,0xDB,0xF0, /* y */ + 0x17,0x60,0xD9,0x21,0x3A,0x3E,0x1C,0xF3,0x7A,0xEC, + 0x43,0x7D,0x66,0x8A, + 0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x50,0x50,0x8C,0xB8,0x9F,0x65,0x28,0x24, + 0xE0,0x6B,0x81,0x73 } }; -static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { - 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000201", - "6C01074756099122221056911C77D77E77A777E7E7E77FCB", - "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", - "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", - "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", - "155555555555555555555555610C0B196812BFB6288A3EA3", 6, - _EC_X9_62_CHAR2_191V3_SEED, 20, - "X9.62 curve over a 191 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_CHAR2_191V3 = { + { NID_X9_62_characteristic_two_field,20,24,6 }, + { 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x02,0x01, + 0x6C,0x01,0x07,0x47,0x56,0x09,0x91,0x22,0x22,0x10, /* a */ + 0x56,0x91,0x1C,0x77,0xD7,0x7E,0x77,0xA7,0x77,0xE7, + 0xE7,0xE7,0x7F,0xCB, + 0x71,0xFE,0x1A,0xF9,0x26,0xCF,0x84,0x79,0x89,0xEF, /* b */ + 0xEF,0x8D,0xB4,0x59,0xF6,0x63,0x94,0xD9,0x0F,0x32, + 0xAD,0x3F,0x15,0xE8, + 0x37,0x5D,0x4C,0xE2,0x4F,0xDE,0x43,0x44,0x89,0xDE, /* x */ + 0x87,0x46,0xE7,0x17,0x86,0x01,0x50,0x09,0xE6,0x6E, + 0x38,0xA9,0x26,0xDD, + 0x54,0x5A,0x39,0x17,0x61,0x96,0x57,0x5D,0x98,0x59, /* y */ + 0x99,0x36,0x6E,0x6A,0xD3,0x4C,0xE0,0xA7,0x7C,0xD7, + 0x12,0x7B,0x06,0xBE, + 0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55, /* order */ + 0x55,0x55,0x61,0x0C,0x0B,0x19,0x68,0x12,0xBF,0xB6, + 0x28,0x8A,0x3E,0xA3 } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { - NID_X9_62_characteristic_two_field, - "010000000000000000000000000000000800000000000000000007", - "0000000000000000000000000000000000000000000000000000", - "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", - "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", - "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", - "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, - NULL, 0, - "X9.62 curve over a 208 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+27*6]; } + _EC_X9_62_CHAR2_208W1 = { + { NID_X9_62_characteristic_two_field,0,27,0xFE48 }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x07, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0xC8,0x61,0x9E,0xD4,0x5A,0x62,0xE6,0x21,0x2E, /* b */ + 0x11,0x60,0x34,0x9E,0x2B,0xFA,0x84,0x44,0x39,0xFA, + 0xFC,0x2A,0x3F,0xD1,0x63,0x8F,0x9E, + 0x00,0x89,0xFD,0xFB,0xE4,0xAB,0xE1,0x93,0xDF,0x95, /* x */ + 0x59,0xEC,0xF0,0x7A,0xC0,0xCE,0x78,0x55,0x4E,0x27, + 0x84,0xEB,0x8C,0x1E,0xD1,0xA5,0x7A, + 0x00,0x0F,0x55,0xB5,0x1A,0x06,0xE7,0x8E,0x9A,0xC3, /* y */ + 0x8A,0x03,0x5F,0xF5,0x20,0xD8,0xB0,0x17,0x81,0xBE, + 0xB1,0xA6,0xBB,0x08,0x61,0x7D,0xE3, + 0x00,0x00,0x01,0x01,0xBA,0xF9,0x5C,0x97,0x23,0xC5, /* order */ + 0x7B,0x6C,0x21,0xDA,0x2E,0xFF,0x2D,0x5E,0xD5,0x88, + 0xBD,0xD5,0x71,0x7E,0x21,0x2F,0x9D } }; -static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { - 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, - 0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000001000000001", - "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", - "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", - "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", - "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", - "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, - _EC_X9_62_CHAR2_239V1_SEED, 20, - "X9.62 curve over a 239 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_CHAR2_239V1 = { + { NID_X9_62_characteristic_two_field,20,30,4 }, + { 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, /* seed */ + 0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01, + + 0x32,0x01,0x08,0x57,0x07,0x7C,0x54,0x31,0x12,0x3A, /* a */ + 0x46,0xB8,0x08,0x90,0x67,0x56,0xF5,0x43,0x42,0x3E, + 0x8D,0x27,0x87,0x75,0x78,0x12,0x57,0x78,0xAC,0x76, + + 0x79,0x04,0x08,0xF2,0xEE,0xDA,0xF3,0x92,0xB0,0x12, /* b */ + 0xED,0xEF,0xB3,0x39,0x2F,0x30,0xF4,0x32,0x7C,0x0C, + 0xA3,0xF3,0x1F,0xC3,0x83,0xC4,0x22,0xAA,0x8C,0x16, + + 0x57,0x92,0x70,0x98,0xFA,0x93,0x2E,0x7C,0x0A,0x96, /* x */ + 0xD3,0xFD,0x5B,0x70,0x6E,0xF7,0xE5,0xF5,0xC1,0x56, + 0xE1,0x6B,0x7E,0x7C,0x86,0x03,0x85,0x52,0xE9,0x1D, + + 0x61,0xD8,0xEE,0x50,0x77,0xC3,0x3F,0xEC,0xF6,0xF1, /* y */ + 0xA1,0x6B,0x26,0x8D,0xE4,0x69,0xC3,0xC7,0x74,0x4E, + 0xA9,0xA9,0x71,0x64,0x9F,0xC7,0xA9,0x61,0x63,0x05, + + 0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x0F,0x4D,0x42,0xFF,0xE1, + 0x49,0x2A,0x49,0x93,0xF1,0xCA,0xD6,0x66,0xE4,0x47 } }; -static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { - 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000001000000001", - "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", - "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", - "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", - "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", - "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, - _EC_X9_62_CHAR2_239V2_SEED, 20, - "X9.62 curve over a 239 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_CHAR2_239V2 = { + { NID_X9_62_characteristic_two_field,20,30,6 }, + { 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01, + + 0x42,0x30,0x01,0x77,0x57,0xA7,0x67,0xFA,0xE4,0x23, /* a */ + 0x98,0x56,0x9B,0x74,0x63,0x25,0xD4,0x53,0x13,0xAF, + 0x07,0x66,0x26,0x64,0x79,0xB7,0x56,0x54,0xE6,0x5F, + + 0x50,0x37,0xEA,0x65,0x41,0x96,0xCF,0xF0,0xCD,0x82, /* b */ + 0xB2,0xC1,0x4A,0x2F,0xCF,0x2E,0x3F,0xF8,0x77,0x52, + 0x85,0xB5,0x45,0x72,0x2F,0x03,0xEA,0xCD,0xB7,0x4B, + + 0x28,0xF9,0xD0,0x4E,0x90,0x00,0x69,0xC8,0xDC,0x47, /* x */ + 0xA0,0x85,0x34,0xFE,0x76,0xD2,0xB9,0x00,0xB7,0xD7, + 0xEF,0x31,0xF5,0x70,0x9F,0x20,0x0C,0x4C,0xA2,0x05, + + 0x56,0x67,0x33,0x4C,0x45,0xAF,0xF3,0xB5,0xA0,0x3B, /* y */ + 0xAD,0x9D,0xD7,0x5E,0x2C,0x71,0xA9,0x93,0x62,0x56, + 0x7D,0x54,0x53,0xF7,0xFA,0x6E,0x22,0x7E,0xC8,0x33, + + 0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55, /* order */ + 0x55,0x55,0x55,0x55,0x55,0x3C,0x6F,0x28,0x85,0x25, + 0x9C,0x31,0xE3,0xFC,0xDF,0x15,0x46,0x24,0x52,0x2D } }; -static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { - 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, - 0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000001000000001", - "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", - "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", - "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", - "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", - "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, - _EC_X9_62_CHAR2_239V3_SEED, 20, - "X9.62 curve over a 239 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_CHAR2_239V3 = { + { NID_X9_62_characteristic_two_field,20,30,0xA }, + { 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, /* seed */ + 0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01, + + 0x01,0x23,0x87,0x74,0x66,0x6A,0x67,0x76,0x6D,0x66, /* a */ + 0x76,0xF7,0x78,0xE6,0x76,0xB6,0x69,0x99,0x17,0x66, + 0x66,0xE6,0x87,0x66,0x6D,0x87,0x66,0xC6,0x6A,0x9F, + + 0x6A,0x94,0x19,0x77,0xBA,0x9F,0x6A,0x43,0x51,0x99, /* b */ + 0xAC,0xFC,0x51,0x06,0x7E,0xD5,0x87,0xF5,0x19,0xC5, + 0xEC,0xB5,0x41,0xB8,0xE4,0x41,0x11,0xDE,0x1D,0x40, + + 0x70,0xF6,0xE9,0xD0,0x4D,0x28,0x9C,0x4E,0x89,0x91, /* x */ + 0x3C,0xE3,0x53,0x0B,0xFD,0xE9,0x03,0x97,0x7D,0x42, + 0xB1,0x46,0xD5,0x39,0xBF,0x1B,0xDE,0x4E,0x9C,0x92, + + 0x2E,0x5A,0x0E,0xAF,0x6E,0x5E,0x13,0x05,0xB9,0x00, /* y */ + 0x4D,0xCE,0x5C,0x0E,0xD7,0xFE,0x59,0xA3,0x56,0x08, + 0xF3,0x38,0x37,0xC8,0x16,0xD8,0x0B,0x79,0xF4,0x61, + + 0x0C,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC, /* order */ + 0xCC,0xCC,0xCC,0xCC,0xCC,0xAC,0x49,0x12,0xD2,0xD9, + 0xDF,0x90,0x3E,0xF9,0x88,0x8B,0x8A,0x0E,0x4C,0xFF } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { - NID_X9_62_characteristic_two_field, - "010000000000000000000000000000000000000000000000000000010000000000000" - "B", - "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", - "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", - "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", - "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", - "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", - 0xFF06, - NULL, 0, - "X9.62 curve over a 272 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+35*6]; } + _EC_X9_62_CHAR2_272W1 = { + { NID_X9_62_characteristic_two_field,0,35,0xFF06 }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, + 0x00,0x00,0x00,0x00,0x0B, + 0x00,0x91,0xA0,0x91,0xF0,0x3B,0x5F,0xBA,0x4A,0xB2, /* a */ + 0xCC,0xF4,0x9C,0x4E,0xDD,0x22,0x0F,0xB0,0x28,0x71, + 0x2D,0x42,0xBE,0x75,0x2B,0x2C,0x40,0x09,0x4D,0xBA, + 0xCD,0xB5,0x86,0xFB,0x20, + 0x00,0x71,0x67,0xEF,0xC9,0x2B,0xB2,0xE3,0xCE,0x7C, /* b */ + 0x8A,0xAA,0xFF,0x34,0xE1,0x2A,0x9C,0x55,0x70,0x03, + 0xD7,0xC7,0x3A,0x6F,0xAF,0x00,0x3F,0x99,0xF6,0xCC, + 0x84,0x82,0xE5,0x40,0xF7, + 0x00,0x61,0x08,0xBA,0xBB,0x2C,0xEE,0xBC,0xF7,0x87, /* x */ + 0x05,0x8A,0x05,0x6C,0xBE,0x0C,0xFE,0x62,0x2D,0x77, + 0x23,0xA2,0x89,0xE0,0x8A,0x07,0xAE,0x13,0xEF,0x0D, + 0x10,0xD1,0x71,0xDD,0x8D, + 0x00,0x10,0xC7,0x69,0x57,0x16,0x85,0x1E,0xEF,0x6B, /* y */ + 0xA7,0xF6,0x87,0x2E,0x61,0x42,0xFB,0xD2,0x41,0xB8, + 0x30,0xFF,0x5E,0xFC,0xAC,0xEC,0xCA,0xB0,0x5E,0x02, + 0x00,0x5D,0xDE,0x9D,0x23, + 0x00,0x00,0x01,0x00,0xFA,0xF5,0x13,0x54,0xE0,0xE3, /* order */ + 0x9E,0x48,0x92,0xDF,0x6E,0x31,0x9C,0x72,0xC8,0x16, + 0x16,0x03,0xFA,0x45,0xAA,0x7B,0x99,0x8A,0x16,0x7B, + 0x8F,0x1E,0x62,0x95,0x21 } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { - NID_X9_62_characteristic_two_field, - "010000000000000000000000000000000000000000000000000000000000000000000" - "000000807", - "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039" - "6C8E681", - "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558" - "27340BE", - "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7" - "40A2614", - "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1" - "B92C03B", - "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" - "443051D", 0xFE2E, - NULL, 0, - "X9.62 curve over a 304 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+39*6]; } + _EC_X9_62_CHAR2_304W1 = { + { NID_X9_62_characteristic_two_field,0,39,0xFE2E }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x07, + 0x00,0xFD,0x0D,0x69,0x31,0x49,0xA1,0x18,0xF6,0x51, /* a */ + 0xE6,0xDC,0xE6,0x80,0x20,0x85,0x37,0x7E,0x5F,0x88, + 0x2D,0x1B,0x51,0x0B,0x44,0x16,0x00,0x74,0xC1,0x28, + 0x80,0x78,0x36,0x5A,0x03,0x96,0xC8,0xE6,0x81, + 0x00,0xBD,0xDB,0x97,0xE5,0x55,0xA5,0x0A,0x90,0x8E, /* b */ + 0x43,0xB0,0x1C,0x79,0x8E,0xA5,0xDA,0xA6,0x78,0x8F, + 0x1E,0xA2,0x79,0x4E,0xFC,0xF5,0x71,0x66,0xB8,0xC1, + 0x40,0x39,0x60,0x1E,0x55,0x82,0x73,0x40,0xBE, + 0x00,0x19,0x7B,0x07,0x84,0x5E,0x9B,0xE2,0xD9,0x6A, /* x */ + 0xDB,0x0F,0x5F,0x3C,0x7F,0x2C,0xFF,0xBD,0x7A,0x3E, + 0xB8,0xB6,0xFE,0xC3,0x5C,0x7F,0xD6,0x7F,0x26,0xDD, + 0xF6,0x28,0x5A,0x64,0x4F,0x74,0x0A,0x26,0x14, + 0x00,0xE1,0x9F,0xBE,0xB7,0x6E,0x0D,0xA1,0x71,0x51, /* y */ + 0x7E,0xCF,0x40,0x1B,0x50,0x28,0x9B,0xF0,0x14,0x10, + 0x32,0x88,0x52,0x7A,0x9B,0x41,0x6A,0x10,0x5E,0x80, + 0x26,0x0B,0x54,0x9F,0xDC,0x1B,0x92,0xC0,0x3B, + 0x00,0x00,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC, /* order */ + 0x80,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC,0x80, + 0x01,0x02,0x2D,0x5C,0x91,0xDD,0x17,0x3F,0x8F,0xB5, + 0x61,0xDA,0x68,0x99,0x16,0x44,0x43,0x05,0x1D } }; -static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { - 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000000000000000000000000" - "000100000000000000001", - "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05" - "656FB549016A96656A557", - "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968" - "7742B6329E70680231988", - "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9" - "8E8E707C07A2239B1B097", - "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E" - "4AE2DE211305A407104BD", - "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" - "64FE7719E74F490758D3B", 0x4C, - _EC_X9_62_CHAR2_359V1_SEED, 20, - "X9.62 curve over a 359 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+45*6]; } + _EC_X9_62_CHAR2_359V1 = { + { NID_X9_62_characteristic_two_field,20,45,0x4C }, + { 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x01, + 0x56,0x67,0x67,0x6A,0x65,0x4B,0x20,0x75,0x4F,0x35, /* a */ + 0x6E,0xA9,0x20,0x17,0xD9,0x46,0x56,0x7C,0x46,0x67, + 0x55,0x56,0xF1,0x95,0x56,0xA0,0x46,0x16,0xB5,0x67, + 0xD2,0x23,0xA5,0xE0,0x56,0x56,0xFB,0x54,0x90,0x16, + 0xA9,0x66,0x56,0xA5,0x57, + 0x24,0x72,0xE2,0xD0,0x19,0x7C,0x49,0x36,0x3F,0x1F, /* b */ + 0xE7,0xF5,0xB6,0xDB,0x07,0x5D,0x52,0xB6,0x94,0x7D, + 0x13,0x5D,0x8C,0xA4,0x45,0x80,0x5D,0x39,0xBC,0x34, + 0x56,0x26,0x08,0x96,0x87,0x74,0x2B,0x63,0x29,0xE7, + 0x06,0x80,0x23,0x19,0x88, + 0x3C,0x25,0x8E,0xF3,0x04,0x77,0x67,0xE7,0xED,0xE0, /* x */ + 0xF1,0xFD,0xAA,0x79,0xDA,0xEE,0x38,0x41,0x36,0x6A, + 0x13,0x2E,0x16,0x3A,0xCE,0xD4,0xED,0x24,0x01,0xDF, + 0x9C,0x6B,0xDC,0xDE,0x98,0xE8,0xE7,0x07,0xC0,0x7A, + 0x22,0x39,0xB1,0xB0,0x97, + 0x53,0xD7,0xE0,0x85,0x29,0x54,0x70,0x48,0x12,0x1E, /* y */ + 0x9C,0x95,0xF3,0x79,0x1D,0xD8,0x04,0x96,0x39,0x48, + 0xF3,0x4F,0xAE,0x7B,0xF4,0x4E,0xA8,0x23,0x65,0xDC, + 0x78,0x68,0xFE,0x57,0xE4,0xAE,0x2D,0xE2,0x11,0x30, + 0x5A,0x40,0x71,0x04,0xBD, + 0x01,0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1, /* order */ + 0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1,0xAF, + 0x28,0x6B,0xC9,0xFB,0x8F,0x6B,0x85,0xC5,0x56,0x89, + 0x2C,0x20,0xA7,0xEB,0x96,0x4F,0xE7,0x71,0x9E,0x74, + 0xF4,0x90,0x75,0x8D,0x3B } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { - NID_X9_62_characteristic_two_field, - "010000000000000000000000000000000000000000000000000000000000000000000" - "0002000000000000000000007", - "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62" - "F0AB7519CCD2A1A906AE30D", - "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112" - "D84D164F444F8F74786046A", - "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78" - "9E927BE216F02E1FB136A5F", - "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855" - "ADAA81E2A0750B80FDA2310", - "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" - "9AE40A6F131E9CFCE5BD967", 0xFF70, - NULL, 0, - "X9.62 curve over a 368 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+47*6]; } + _EC_X9_62_CHAR2_368W1 = { + { NID_X9_62_characteristic_two_field,0,47,0xFF70 }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x07, + 0x00,0xE0,0xD2,0xEE,0x25,0x09,0x52,0x06,0xF5,0xE2, /* a */ + 0xA4,0xF9,0xED,0x22,0x9F,0x1F,0x25,0x6E,0x79,0xA0, + 0xE2,0xB4,0x55,0x97,0x0D,0x8D,0x0D,0x86,0x5B,0xD9, + 0x47,0x78,0xC5,0x76,0xD6,0x2F,0x0A,0xB7,0x51,0x9C, + 0xCD,0x2A,0x1A,0x90,0x6A,0xE3,0x0D, + 0x00,0xFC,0x12,0x17,0xD4,0x32,0x0A,0x90,0x45,0x2C, /* b */ + 0x76,0x0A,0x58,0xED,0xCD,0x30,0xC8,0xDD,0x06,0x9B, + 0x3C,0x34,0x45,0x38,0x37,0xA3,0x4E,0xD5,0x0C,0xB5, + 0x49,0x17,0xE1,0xC2,0x11,0x2D,0x84,0xD1,0x64,0xF4, + 0x44,0xF8,0xF7,0x47,0x86,0x04,0x6A, + 0x00,0x10,0x85,0xE2,0x75,0x53,0x81,0xDC,0xCC,0xE3, /* x */ + 0xC1,0x55,0x7A,0xFA,0x10,0xC2,0xF0,0xC0,0xC2,0x82, + 0x56,0x46,0xC5,0xB3,0x4A,0x39,0x4C,0xBC,0xFA,0x8B, + 0xC1,0x6B,0x22,0xE7,0xE7,0x89,0xE9,0x27,0xBE,0x21, + 0x6F,0x02,0xE1,0xFB,0x13,0x6A,0x5F, + 0x00,0x7B,0x3E,0xB1,0xBD,0xDC,0xBA,0x62,0xD5,0xD8, /* y */ + 0xB2,0x05,0x9B,0x52,0x57,0x97,0xFC,0x73,0x82,0x2C, + 0x59,0x05,0x9C,0x62,0x3A,0x45,0xFF,0x38,0x43,0xCE, + 0xE8,0xF8,0x7C,0xD1,0x85,0x5A,0xDA,0xA8,0x1E,0x2A, + 0x07,0x50,0xB8,0x0F,0xDA,0x23,0x10, + 0x00,0x00,0x01,0x00,0x90,0x51,0x2D,0xA9,0xAF,0x72, /* order */ + 0xB0,0x83,0x49,0xD9,0x8A,0x5D,0xD4,0xC7,0xB0,0x53, + 0x2E,0xCA,0x51,0xCE,0x03,0xE2,0xD1,0x0F,0x3B,0x7A, + 0xC5,0x79,0xBD,0x87,0xE9,0x09,0xAE,0x40,0xA6,0xF1, + 0x31,0xE9,0xCF,0xCE,0x5B,0xD9,0x67 } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000000000000000000000000" - "000000001000000000000000000000000000001", - "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E" - "B9906D0957F6C6FEACD615468DF104DE296CD8F", - "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6" - "26D4E50A8DD731B107A9962381FB5D807BF2618", - "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2" - "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", - "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6" - "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", - "0340340340340340340340340340340340340340340340340340340323C313FAB5058" - "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, - NULL, 0, - "X9.62 curve over a 431 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+54*6]; } + _EC_X9_62_CHAR2_431R1 = { + { NID_X9_62_characteristic_two_field,0,54,0x2760 }, + { /* no seed */ + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x01, + 0x1A,0x82,0x7E,0xF0,0x0D,0xD6,0xFC,0x0E,0x23,0x4C, /* a */ + 0xAF,0x04,0x6C,0x6A,0x5D,0x8A,0x85,0x39,0x5B,0x23, + 0x6C,0xC4,0xAD,0x2C,0xF3,0x2A,0x0C,0xAD,0xBD,0xC9, + 0xDD,0xF6,0x20,0xB0,0xEB,0x99,0x06,0xD0,0x95,0x7F, + 0x6C,0x6F,0xEA,0xCD,0x61,0x54,0x68,0xDF,0x10,0x4D, + 0xE2,0x96,0xCD,0x8F, + 0x10,0xD9,0xB4,0xA3,0xD9,0x04,0x7D,0x8B,0x15,0x43, /* b */ + 0x59,0xAB,0xFB,0x1B,0x7F,0x54,0x85,0xB0,0x4C,0xEB, + 0x86,0x82,0x37,0xDD,0xC9,0xDE,0xDA,0x98,0x2A,0x67, + 0x9A,0x5A,0x91,0x9B,0x62,0x6D,0x4E,0x50,0xA8,0xDD, + 0x73,0x1B,0x10,0x7A,0x99,0x62,0x38,0x1F,0xB5,0xD8, + 0x07,0xBF,0x26,0x18, + 0x12,0x0F,0xC0,0x5D,0x3C,0x67,0xA9,0x9D,0xE1,0x61, /* x */ + 0xD2,0xF4,0x09,0x26,0x22,0xFE,0xCA,0x70,0x1B,0xE4, + 0xF5,0x0F,0x47,0x58,0x71,0x4E,0x8A,0x87,0xBB,0xF2, + 0xA6,0x58,0xEF,0x8C,0x21,0xE7,0xC5,0xEF,0xE9,0x65, + 0x36,0x1F,0x6C,0x29,0x99,0xC0,0xC2,0x47,0xB0,0xDB, + 0xD7,0x0C,0xE6,0xB7, + 0x20,0xD0,0xAF,0x89,0x03,0xA9,0x6F,0x8D,0x5F,0xA2, /* y */ + 0xC2,0x55,0x74,0x5D,0x3C,0x45,0x1B,0x30,0x2C,0x93, + 0x46,0xD9,0xB7,0xE4,0x85,0xE7,0xBC,0xE4,0x1F,0x6B, + 0x59,0x1F,0x3E,0x8F,0x6A,0xDD,0xCB,0xB0,0xBC,0x4C, + 0x2F,0x94,0x7A,0x7D,0xE1,0xA8,0x9B,0x62,0x5D,0x6A, + 0x59,0x8B,0x37,0x60, + 0x00,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34, /* order */ + 0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03, + 0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x23, + 0xC3,0x13,0xFA,0xB5,0x05,0x89,0x70,0x3B,0x5E,0xC6, + 0x8D,0x35,0x87,0xFE,0xC6,0x0D,0x16,0x1C,0xC1,0x49, + 0xC1,0xAD,0x4A,0x91 } }; -static const EC_CURVE_DATA _EC_WTLS_1 = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000201", - "1", - "1", - "01667979A40BA497E5D5C270780617", - "00F44B4AF1ECC2630E08785CEBCC15", - "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, - NULL, 0, - "WTLS curve over a 113 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; } + _EC_WTLS_1 = { + { NID_X9_62_characteristic_two_field,0,15,2 }, + { /* no seed */ + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x02,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x01, + 0x01,0x66,0x79,0x79,0xA4,0x0B,0xA4,0x97,0xE5,0xD5, /* x */ + 0xC2,0x70,0x78,0x06,0x17, + 0x00,0xF4,0x4B,0x4A,0xF1,0xEC,0xC2,0x63,0x0E,0x08, /* y */ + 0x78,0x5C,0xEB,0xCC,0x15, + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFD,0xBF, /* order */ + 0x91,0xAF,0x6D,0xEA,0x73 } }; /* IPSec curves */ @@ -1001,17 +1765,27 @@ static const EC_CURVE_DATA _EC_WTLS_1 = { * As the group order is not a prime this curve is not suitable * for ECDSA. */ -static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { - NID_X9_62_characteristic_two_field, - "0800000000000000000000004000000000000001", - "0", - "07338f", - "7b", - "1c8", - "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3, - NULL, 0, - "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" - "\tNot suitable for ECDSA.\n\tQuestionable extension field!" +static const struct { EC_CURVE_DATA h; unsigned char data[0+20*6]; } + _EC_IPSEC_155_ID3 = { + { NID_X9_62_characteristic_two_field,0,20,3 }, + { /* no seed */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x07,0x33,0x8f, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7b, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xc8, + + 0x02,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA, /* order */ + 0xC7,0xF3,0xC7,0x88,0x1B,0xD0,0x86,0x8F,0xA8,0x6C } }; /* NOTE: The of curves over a extension field of non prime degree @@ -1019,106 +1793,118 @@ static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { * As the group order is not a prime this curve is not suitable * for ECDSA. */ -static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000200000000000000001", - "0", - "1ee9", - "18", - "0d", - "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2, - NULL, 0, - "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" - "\tNot suitable for ECDSA.\n\tQuestionable extension field!" +static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; } + _EC_IPSEC_185_ID4 = { + { NID_X9_62_characteristic_two_field,0,24,2 }, + { /* no seed */ + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x1e,0xe9, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x18, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x0d, + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xED,0xF9,0x7C,0x44,0xDB,0x9F,0x24,0x20, + 0xBA,0xFC,0xA7,0x5E } }; typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; + const char *comment; } ec_list_element; static const ec_list_element curve_list[] = { /* prime field curves */ /* secg curves */ - { NID_secp112r1, &_EC_SECG_PRIME_112R1}, - { NID_secp112r2, &_EC_SECG_PRIME_112R2}, - { NID_secp128r1, &_EC_SECG_PRIME_128R1}, - { NID_secp128r2, &_EC_SECG_PRIME_128R2}, - { NID_secp160k1, &_EC_SECG_PRIME_160K1}, - { NID_secp160r1, &_EC_SECG_PRIME_160R1}, - { NID_secp160r2, &_EC_SECG_PRIME_160R2}, + { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"}, + { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, "SECG curve over a 112 bit prime field"}, + { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, "SECG curve over a 128 bit prime field"}, + { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, "SECG curve over a 128 bit prime field"}, + { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, "SECG curve over a 160 bit prime field"}, + { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, "SECG curve over a 160 bit prime field"}, + { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"}, /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ - { NID_secp192k1, &_EC_SECG_PRIME_192K1}, - { NID_secp224k1, &_EC_SECG_PRIME_224K1}, - { NID_secp224r1, &_EC_NIST_PRIME_224}, - { NID_secp256k1, &_EC_SECG_PRIME_256K1}, + { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, "SECG curve over a 192 bit prime field"}, + { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, "SECG curve over a 224 bit prime field"}, + { NID_secp224r1, &_EC_NIST_PRIME_224.h, "NIST/SECG curve over a 224 bit prime field"}, + { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, "SECG curve over a 256 bit prime field"}, /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - { NID_secp384r1, &_EC_NIST_PRIME_384}, - { NID_secp521r1, &_EC_NIST_PRIME_521}, + { NID_secp384r1, &_EC_NIST_PRIME_384.h, "NIST/SECG curve over a 384 bit prime field"}, + { NID_secp521r1, &_EC_NIST_PRIME_521.h, "NIST/SECG curve over a 521 bit prime field"}, /* X9.62 curves */ - { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, - { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, - { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, - { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, - { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2}, - { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, - { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, + { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, "NIST/X9.62/SECG curve over a 192 bit prime field"}, + { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, "X9.62 curve over a 192 bit prime field"}, + { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, "X9.62 curve over a 192 bit prime field"}, + { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, "X9.62 curve over a 239 bit prime field"}, + { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, "X9.62 curve over a 239 bit prime field"}, + { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, "X9.62 curve over a 239 bit prime field"}, + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, "X9.62/SECG curve over a 256 bit prime field"}, /* characteristic two field curves */ /* NIST/SECG curves */ - { NID_sect113r1, &_EC_SECG_CHAR2_113R1}, - { NID_sect113r2, &_EC_SECG_CHAR2_113R2}, - { NID_sect131r1, &_EC_SECG_CHAR2_131R1}, - { NID_sect131r2, &_EC_SECG_CHAR2_131R2}, - { NID_sect163k1, &_EC_NIST_CHAR2_163K }, - { NID_sect163r1, &_EC_SECG_CHAR2_163R1}, - { NID_sect163r2, &_EC_NIST_CHAR2_163B }, - { NID_sect193r1, &_EC_SECG_CHAR2_193R1}, - { NID_sect193r2, &_EC_SECG_CHAR2_193R2}, - { NID_sect233k1, &_EC_NIST_CHAR2_233K }, - { NID_sect233r1, &_EC_NIST_CHAR2_233B }, - { NID_sect239k1, &_EC_SECG_CHAR2_239K1}, - { NID_sect283k1, &_EC_NIST_CHAR2_283K }, - { NID_sect283r1, &_EC_NIST_CHAR2_283B }, - { NID_sect409k1, &_EC_NIST_CHAR2_409K }, - { NID_sect409r1, &_EC_NIST_CHAR2_409B }, - { NID_sect571k1, &_EC_NIST_CHAR2_571K }, - { NID_sect571r1, &_EC_NIST_CHAR2_571B }, + { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"}, + { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, "SECG curve over a 113 bit binary field"}, + { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, "SECG/WTLS curve over a 131 bit binary field"}, + { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, "SECG curve over a 131 bit binary field"}, + { NID_sect163k1, &_EC_NIST_CHAR2_163K.h, "NIST/SECG/WTLS curve over a 163 bit binary field" }, + { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, "SECG curve over a 163 bit binary field"}, + { NID_sect163r2, &_EC_NIST_CHAR2_163B.h, "NIST/SECG curve over a 163 bit binary field" }, + { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, "SECG curve over a 193 bit binary field"}, + { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, "SECG curve over a 193 bit binary field"}, + { NID_sect233k1, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect233r1, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, "SECG curve over a 239 bit binary field"}, + { NID_sect283k1, &_EC_NIST_CHAR2_283K.h, "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect283r1, &_EC_NIST_CHAR2_283B.h, "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect409k1, &_EC_NIST_CHAR2_409K.h, "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect409r1, &_EC_NIST_CHAR2_409B.h, "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect571k1, &_EC_NIST_CHAR2_571K.h, "NIST/SECG curve over a 571 bit binary field" }, + { NID_sect571r1, &_EC_NIST_CHAR2_571B.h, "NIST/SECG curve over a 571 bit binary field" }, /* X9.62 curves */ - { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, - { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, - { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3}, - { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1}, - { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1}, - { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2}, - { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3}, - { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1}, - { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1}, - { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2}, - { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3}, - { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1}, - { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1}, - { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, - { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, - { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, + { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"}, + { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, "X9.62 curve over a 163 bit binary field"}, + { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, "X9.62 curve over a 163 bit binary field"}, + { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, "X9.62 curve over a 176 bit binary field"}, + { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, "X9.62 curve over a 191 bit binary field"}, + { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, "X9.62 curve over a 191 bit binary field"}, + { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, "X9.62 curve over a 191 bit binary field"}, + { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, "X9.62 curve over a 208 bit binary field"}, + { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, "X9.62 curve over a 239 bit binary field"}, + { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, "X9.62 curve over a 239 bit binary field"}, + { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, "X9.62 curve over a 239 bit binary field"}, + { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, "X9.62 curve over a 272 bit binary field"}, + { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, "X9.62 curve over a 304 bit binary field"}, + { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, "X9.62 curve over a 359 bit binary field"}, + { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, "X9.62 curve over a 368 bit binary field"}, + { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, "X9.62 curve over a 431 bit binary field"}, /* the WAP/WTLS curves * [unlike SECG, spec has its own OIDs for curves from X9.62] */ - { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, - { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, - { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, - { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, - { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, - { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, - { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, - { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 }, - { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, - { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, - { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, + { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, "WTLS curve over a 113 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, "NIST/SECG/WTLS curve over a 163 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"}, + { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"}, + { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, "WTLS curve over a 112 bit prime field"}, + { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, "WTLS curve over a 160 bit prime field" }, + { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, "WTLS curvs over a 224 bit prime field"}, /* IPSec curves */ - { NID_ipsec3, &_EC_IPSEC_155_ID3}, - { NID_ipsec4, &_EC_IPSEC_185_ID4}, + { NID_ipsec3, &_EC_IPSEC_155_ID3.h, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, + { NID_ipsec4, &_EC_IPSEC_185_ID4.h, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, }; -static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element); +#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element)) static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) { @@ -1127,22 +1913,23 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) BN_CTX *ctx=NULL; BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL; int ok=0; + int seed_len,param_len; + const unsigned char *params; if ((ctx = BN_CTX_new()) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); goto err; } - if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || - (b = BN_new()) == NULL || (x = BN_new()) == NULL || - (y = BN_new()) == NULL || (order = BN_new()) == NULL) - { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a) - || !BN_hex2bn(&b, data->b)) + + seed_len = data->seed_len; + param_len = data->param_len; + params = (const unsigned char *)(data+1); /* skip header */ + params += seed_len; /* skip seed */ + + if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL)) + || !(a = BN_bin2bn(params+1*param_len, param_len, NULL)) + || !(b = BN_bin2bn(params+2*param_len, param_len, NULL))) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; @@ -1156,8 +1943,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) goto err; } } - else - { /* field_type == NID_X9_62_characteristic_two_field */ + else /* field_type == NID_X9_62_characteristic_two_field */ + { if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); @@ -1171,7 +1958,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) goto err; } - if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) + if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL)) + || !(y = BN_bin2bn(params+4*param_len, param_len, NULL))) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; @@ -1181,7 +1969,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } - if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) + if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL)) + || !BN_set_word(x, (BN_ULONG)data->cofactor)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; @@ -1191,9 +1980,9 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } - if (data->seed) + if (seed_len) { - if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) + if (!EC_GROUP_set_seed(group, params-seed_len, seed_len)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -1263,7 +2052,7 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) for (i = 0; i < min; i++) { r[i].nid = curve_list[i].nid; - r[i].comment = curve_list[i].data->comment; + r[i].comment = curve_list[i].comment; } return curve_list_length; diff --git a/lib/libcrypto/ec/ec_pmeth.c b/lib/libcrypto/ec/ec_pmeth.c new file mode 100644 index 00000000000..f433076ca12 --- /dev/null +++ b/lib/libcrypto/ec/ec_pmeth.c @@ -0,0 +1,340 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/ec.h> +#include <openssl/ecdsa.h> +#include <openssl/evp.h> +#include "evp_locl.h" + +/* EC pkey context structure */ + +typedef struct + { + /* Key and paramgen group */ + EC_GROUP *gen_group; + /* message digest */ + const EVP_MD *md; + } EC_PKEY_CTX; + +static int pkey_ec_init(EVP_PKEY_CTX *ctx) + { + EC_PKEY_CTX *dctx; + dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX)); + if (!dctx) + return 0; + dctx->gen_group = NULL; + dctx->md = NULL; + + ctx->data = dctx; + + return 1; + } + +static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + EC_PKEY_CTX *dctx, *sctx; + if (!pkey_ec_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + if (sctx->gen_group) + { + dctx->gen_group = EC_GROUP_dup(sctx->gen_group); + if (!dctx->gen_group) + return 0; + } + dctx->md = sctx->md; + return 1; + } + +static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) + { + EC_PKEY_CTX *dctx = ctx->data; + if (dctx) + { + if (dctx->gen_group) + EC_GROUP_free(dctx->gen_group); + OPENSSL_free(dctx); + } + } + +static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret, type; + unsigned int sltmp; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + + if (!sig) + { + *siglen = ECDSA_size(ec); + return 1; + } + else if(*siglen < (size_t)ECDSA_size(ec)) + { + ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); + return 0; + } + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + + ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); + + if (ret <= 0) + return ret; + *siglen = (size_t)sltmp; + return 1; + } + +static int pkey_ec_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret, type; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); + + return ret; + } + +static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) + { + int ret; + size_t outlen; + const EC_POINT *pubkey = NULL; + if (!ctx->pkey || !ctx->peerkey) + { + ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET); + return 0; + } + + if (!key) + { + const EC_GROUP *group; + group = EC_KEY_get0_group(ctx->pkey->pkey.ec); + *keylen = (EC_GROUP_get_degree(group) + 7)/8; + return 1; + } + + pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); + + /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is + * not an error, the result is truncated. + */ + + outlen = *keylen; + + ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0); + if (ret < 0) + return ret; + *keylen = ret; + return 1; + } + +static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + EC_PKEY_CTX *dctx = ctx->data; + EC_GROUP *group; + switch (type) + { + case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: + group = EC_GROUP_new_by_curve_name(p1); + if (group == NULL) + { + ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE); + return 0; + } + if (dctx->gen_group) + EC_GROUP_free(dctx->gen_group); + dctx->gen_group = group; + return 1; + + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) + { + ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: + return 1; + + default: + return -2; + + } + } + +static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, "ec_paramgen_curve")) + { + int nid; + nid = OBJ_sn2nid(value); + if (nid == NID_undef) + nid = OBJ_ln2nid(value); + if (nid == NID_undef) + { + ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE); + return 0; + } + return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); + } + return -2; + } + +static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + EC_KEY *ec = NULL; + EC_PKEY_CTX *dctx = ctx->data; + int ret = 0; + if (dctx->gen_group == NULL) + { + ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET); + return 0; + } + ec = EC_KEY_new(); + if (!ec) + return 0; + ret = EC_KEY_set_group(ec, dctx->gen_group); + if (ret) + EVP_PKEY_assign_EC_KEY(pkey, ec); + else + EC_KEY_free(ec); + return ret; + } + +static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + EC_KEY *ec = NULL; + if (ctx->pkey == NULL) + { + ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET); + return 0; + } + ec = EC_KEY_new(); + if (!ec) + return 0; + EVP_PKEY_assign_EC_KEY(pkey, ec); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return EC_KEY_generate_key(pkey->pkey.ec); + } + +const EVP_PKEY_METHOD ec_pkey_meth = + { + EVP_PKEY_EC, + 0, + pkey_ec_init, + pkey_ec_copy, + pkey_ec_cleanup, + + 0, + pkey_ec_paramgen, + + 0, + pkey_ec_keygen, + + 0, + pkey_ec_sign, + + 0, + pkey_ec_verify, + + 0,0, + + 0,0,0,0, + + 0,0, + + 0,0, + + 0, + pkey_ec_derive, + + pkey_ec_ctrl, + pkey_ec_ctrl_str + + }; diff --git a/lib/libcrypto/ec/eck_prn.c b/lib/libcrypto/ec/eck_prn.c new file mode 100644 index 00000000000..7d3e175ae75 --- /dev/null +++ b/lib/libcrypto/ec/eck_prn.c @@ -0,0 +1,391 @@ +/* crypto/ec/eck_prn.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions originally developed by SUN MICROSYSTEMS, INC., and + * contributed to the OpenSSL project. + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/ec.h> +#include <openssl/bn.h> + +#ifndef OPENSSL_NO_FP_API +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECPKParameters_print(b, x, off); + BIO_free(b); + return(ret); + } + +int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = EC_KEY_print(b, x, off); + BIO_free(b); + return(ret); + } + +int ECParameters_print_fp(FILE *fp, const EC_KEY *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECParameters_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; + } + +int ECParameters_print(BIO *bp, const EC_KEY *x) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x)) + return 0; + ret = EVP_PKEY_print_params(bp, pk, 4, NULL); + EVP_PKEY_free(pk); + return ret; + } + +static int print_bin(BIO *fp, const char *str, const unsigned char *num, + size_t len, int off); + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) + { + unsigned char *buffer=NULL; + size_t buf_len=0, i; + int ret=0, reason=ERR_R_BIO_LIB; + BN_CTX *ctx=NULL; + const EC_POINT *point=NULL; + BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, + *order=NULL, *cofactor=NULL; + const unsigned char *seed; + size_t seed_len=0; + + static const char *gen_compressed = "Generator (compressed):"; + static const char *gen_uncompressed = "Generator (uncompressed):"; + static const char *gen_hybrid = "Generator (hybrid):"; + + if (!x) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (EC_GROUP_get_asn1_flag(x)) + { + /* the curve parameter are given by an asn1 OID */ + int nid; + + if (!BIO_indent(bp, off, 128)) + goto err; + + nid = EC_GROUP_get_curve_name(x); + if (nid == 0) + goto err; + + if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) + goto err; + if (BIO_printf(bp, "\n") <= 0) + goto err; + } + else + { + /* explicit parameters */ + int is_char_two = 0; + point_conversion_form_t form; + int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); + + if (tmp_nid == NID_X9_62_characteristic_two_field) + is_char_two = 1; + + if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || + (b = BN_new()) == NULL || (order = BN_new()) == NULL || + (cofactor = BN_new()) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (is_char_two) + { + if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + else /* prime field */ + { + if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + + if ((point = EC_GROUP_get0_generator(x)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + if (!EC_GROUP_get_order(x, order, NULL) || + !EC_GROUP_get_cofactor(x, cofactor, NULL)) + { + reason = ERR_R_EC_LIB; + goto err; + } + + form = EC_GROUP_get_point_conversion_form(x); + + if ((gen = EC_POINT_point2bn(x, point, + form, NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + + buf_len = (size_t)BN_num_bytes(p); + if (buf_len < (i = (size_t)BN_num_bytes(a))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(b))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(gen))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(order))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) + buf_len = i; + + if ((seed = EC_GROUP_get0_seed(x)) != NULL) + seed_len = EC_GROUP_get_seed_len(x); + + buf_len += 10; + if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (!BIO_indent(bp, off, 128)) + goto err; + + /* print the 'short name' of the field type */ + if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) + <= 0) + goto err; + + if (is_char_two) + { + /* print the 'short name' of the base type OID */ + int basis_type = EC_GROUP_get_basis_type(x); + if (basis_type == 0) + goto err; + + if (!BIO_indent(bp, off, 128)) + goto err; + + if (BIO_printf(bp, "Basis Type: %s\n", + OBJ_nid2sn(basis_type)) <= 0) + goto err; + + /* print the polynomial */ + if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer, + off)) + goto err; + } + else + { + if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer,off)) + goto err; + } + if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, buffer, off)) + goto err; + if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, buffer, off)) + goto err; + if (form == POINT_CONVERSION_COMPRESSED) + { + if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen, + buffer, off)) + goto err; + } + else if (form == POINT_CONVERSION_UNCOMPRESSED) + { + if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen, + buffer, off)) + goto err; + } + else /* form == POINT_CONVERSION_HYBRID */ + { + if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen, + buffer, off)) + goto err; + } + if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, + buffer, off)) goto err; + if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, + buffer, off)) goto err; + if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) + goto err; + } + ret=1; +err: + if (!ret) + ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); + if (p) + BN_free(p); + if (a) + BN_free(a); + if (b) + BN_free(b); + if (gen) + BN_free(gen); + if (order) + BN_free(order); + if (cofactor) + BN_free(cofactor); + if (ctx) + BN_CTX_free(ctx); + if (buffer != NULL) + OPENSSL_free(buffer); + return(ret); + } + +static int print_bin(BIO *fp, const char *name, const unsigned char *buf, + size_t len, int off) + { + size_t i; + char str[128]; + + if (buf == NULL) + return 1; + if (off) + { + if (off > 128) + off=128; + memset(str,' ',off); + if (BIO_write(fp, str, off) <= 0) + return 0; + } + + if (BIO_printf(fp,"%s", name) <= 0) + return 0; + + for (i=0; i<len; i++) + { + if ((i%15) == 0) + { + str[0]='\n'; + memset(&(str[1]),' ',off+4); + if (BIO_write(fp, str, off+1+4) <= 0) + return 0; + } + if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0) + return 0; + } + if (BIO_write(fp,"\n",1) <= 0) + return 0; + + return 1; + } diff --git a/lib/libcrypto/ecdh/ecdhtest.c b/lib/libcrypto/ecdh/ecdhtest.c index 1575006b516..212a87efa4e 100644 --- a/lib/libcrypto/ecdh/ecdhtest.c +++ b/lib/libcrypto/ecdh/ecdhtest.c @@ -343,7 +343,7 @@ err: if (ctx) BN_CTX_free(ctx); BIO_free(out); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); EXIT(ret); return(ret); diff --git a/lib/libcrypto/ecdh/ech_err.c b/lib/libcrypto/ecdh/ech_err.c index 4d2ede75bd3..6f4b0c99536 100644 --- a/lib/libcrypto/ecdh/ech_err.c +++ b/lib/libcrypto/ecdh/ech_err.c @@ -1,6 +1,6 @@ /* crypto/ecdh/ech_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,7 +71,7 @@ static ERR_STRING_DATA ECDH_str_functs[]= { {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, -{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"}, +{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"}, {0,NULL} }; diff --git a/lib/libcrypto/ecdsa/ecdsa.h b/lib/libcrypto/ecdsa/ecdsa.h index f20c8ee7381..e61c539812a 100644 --- a/lib/libcrypto/ecdsa/ecdsa.h +++ b/lib/libcrypto/ecdsa/ecdsa.h @@ -4,7 +4,7 @@ * \author Written by Nils Larsch for the OpenSSL project */ /* ==================================================================== - * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -81,156 +81,143 @@ typedef struct ECDSA_SIG_st BIGNUM *s; } ECDSA_SIG; -/** ECDSA_SIG *ECDSA_SIG_new(void) - * allocates and initialize a ECDSA_SIG structure - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_SIG_new(void); -/** ECDSA_SIG_free - * frees a ECDSA_SIG structure - * \param a pointer to the ECDSA_SIG structure +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure */ -void ECDSA_SIG_free(ECDSA_SIG *a); +void ECDSA_SIG_free(ECDSA_SIG *sig); -/** i2d_ECDSA_SIG - * DER encode content of ECDSA_SIG object (note: this function modifies *pp - * (*pp += length of the DER encoded signature)). - * \param a pointer to the ECDSA_SIG object - * \param pp pointer to a unsigned char pointer for the output or NULL - * \return the length of the DER encoded ECDSA_SIG object or 0 +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 */ -int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); -/** d2i_ECDSA_SIG - * decodes a DER encoded ECDSA signature (note: this function changes *pp - * (*pp += len)). - * \param v pointer to ECDSA_SIG pointer (may be NULL) - * \param pp buffer with the DER encoded signature - * \param len bufferlength - * \return pointer to the decoded ECDSA_SIG structure (or NULL) +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) */ -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len); +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); -/** ECDSA_do_sign - * computes the ECDSA signature of the given hash value using - * the supplied private key and returns the created signature. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); -/** ECDSA_do_sign_ex - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param kinv optional pointer to a pre-computed inverse k - * \param rp optional pointer to the pre-computed rp value (see - * ECDSA_sign_setup - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -/** ECDSA_do_verify - * verifies that the supplied signature is a valid ECDSA - * signature of the supplied hash value using the supplied public key. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param sig pointer to the ECDSA_SIG structure - * \param eckey pointer to the EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error */ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY* eckey); const ECDSA_METHOD *ECDSA_OpenSSL(void); -/** ECDSA_set_default_method - * sets the default ECDSA method - * \param meth the new default ECDSA_METHOD +/** Sets the default ECDSA method + * \param meth new default ECDSA_METHOD */ void ECDSA_set_default_method(const ECDSA_METHOD *meth); -/** ECDSA_get_default_method - * returns the default ECDSA method - * \return pointer to ECDSA_METHOD structure containing the default method +/** Returns the default ECDSA method + * \return pointer to ECDSA_METHOD structure containing the default method */ const ECDSA_METHOD *ECDSA_get_default_method(void); -/** ECDSA_set_method - * sets method to be used for the ECDSA operations - * \param eckey pointer to the EC_KEY object - * \param meth pointer to the new method - * \return 1 on success and 0 otherwise +/** Sets method to be used for the ECDSA operations + * \param eckey EC_KEY object + * \param meth new method + * \return 1 on success and 0 otherwise */ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); -/** ECDSA_size - * returns the maximum length of the DER encoded signature - * \param eckey pointer to a EC_KEY object - * \return numbers of bytes required for the DER encoded signature +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature */ int ECDSA_size(const EC_KEY *eckey); -/** ECDSA_sign_setup - * precompute parts of the signing operation. - * \param eckey pointer to the EC_KEY object containing a private EC key - * \param ctx pointer to a BN_CTX object (may be NULL) - * \param kinv pointer to a BIGNUM pointer for the inverse of k - * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator - * \return 1 on success and 0 otherwise +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise */ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -/** ECDSA_sign - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise */ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -/** ECDSA_sign_ex - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param kinv optional pointer to a pre-computed inverse k - * \param rp optional pointer to the pre-computed rp value (see - * ECDSA_sign_setup - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise */ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -/** ECDSA_verify - * verifies that the given signature is valid ECDSA signature - * of the supplied hash value using the specified public key. - * \param type this parameter is ignored - * \param dgst pointer to the hash value - * \param dgstlen length of the hash value - * \param sig pointer to the DER encoded signature - * \param siglen length of the DER encoded signature - * \param eckey pointer to the EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error */ int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *eckey); diff --git a/lib/libcrypto/ecdsa/ecdsatest.c b/lib/libcrypto/ecdsa/ecdsatest.c index b07e31252b9..aa4e1481a8f 100644 --- a/lib/libcrypto/ecdsa/ecdsatest.c +++ b/lib/libcrypto/ecdsa/ecdsatest.c @@ -490,7 +490,7 @@ err: if (ret) ERR_print_errors(out); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(out); if (out != NULL) diff --git a/lib/libcrypto/ecdsa/ecs_err.c b/lib/libcrypto/ecdsa/ecs_err.c index d2a53730ea5..98e38d537f2 100644 --- a/lib/libcrypto/ecdsa/ecs_err.c +++ b/lib/libcrypto/ecdsa/ecs_err.c @@ -1,6 +1,6 @@ /* crypto/ecdsa/ecs_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libcrypto/ecdsa/ecs_ossl.c b/lib/libcrypto/ecdsa/ecs_ossl.c index 3ead1af94e7..551cf5068fa 100644 --- a/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/lib/libcrypto/ecdsa/ecs_ossl.c @@ -212,7 +212,7 @@ err: static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) { - int ok = 0; + int ok = 0, i; BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; const BIGNUM *ckinv; BN_CTX *ctx = NULL; @@ -251,22 +251,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } - if (8 * dgst_len > BN_num_bits(order)) + i = BN_num_bits(order); + /* Need to truncate digest if it is too long: first truncate whole + * bytes. + */ + if (8 * dgst_len > i) + dgst_len = (i + 7)/8; + if (!BN_bin2bn(dgst, dgst_len, m)) { - /* XXX - * - * Should provide for optional hash truncation: - * Keep the BN_num_bits(order) leftmost bits of dgst - * (see March 2006 FIPS 186-3 draft, which has a few - * confusing errors in this part though) - */ - - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, - ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - - if (!BN_bin2bn(dgst, dgst_len, m)) + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; @@ -346,7 +343,7 @@ err: static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { - int ret = -1; + int ret = -1, i; BN_CTX *ctx; BIGNUM *order, *u1, *u2, *m, *X; EC_POINT *point = NULL; @@ -384,21 +381,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); goto err; } - if (8 * dgst_len > BN_num_bits(order)) - { - /* XXX - * - * Should provide for optional hash truncation: - * Keep the BN_num_bits(order) leftmost bits of dgst - * (see March 2006 FIPS 186-3 draft, which has a few - * confusing errors in this part though) - */ - - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, - ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - ret = 0; - goto err; - } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || @@ -415,11 +397,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, goto err; } /* digest -> m */ + i = BN_num_bits(order); + /* Need to truncate digest if it is too long: first truncate whole + * bytes. + */ + if (8 * dgst_len > i) + dgst_len = (i + 7)/8; if (!BN_bin2bn(dgst, dgst_len, m)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } /* u1 = m * tmp mod order */ if (!BN_mod_mul(u1, m, u2, order, ctx)) { diff --git a/lib/libcrypto/ecdsa/ecs_sign.c b/lib/libcrypto/ecdsa/ecs_sign.c index 74b1fe8caff..353d5af5146 100644 --- a/lib/libcrypto/ecdsa/ecs_sign.c +++ b/lib/libcrypto/ecdsa/ecs_sign.c @@ -57,6 +57,7 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#include <openssl/rand.h> ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { @@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char EC_KEY *eckey) { ECDSA_SIG *s; + RAND_seed(dgst, dlen); s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); if (s == NULL) { diff --git a/lib/libcrypto/engine/eng_cryptodev.c b/lib/libcrypto/engine/eng_cryptodev.c index ab38cd52f09..52f4ca39019 100644 --- a/lib/libcrypto/engine/eng_cryptodev.c +++ b/lib/libcrypto/engine/eng_cryptodev.c @@ -32,7 +32,7 @@ #include <openssl/bn.h> #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD_version)) + (defined(OpenBSD) || defined(__FreeBSD__)) #include <sys/param.h> # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV @@ -55,6 +55,10 @@ ENGINE_load_cryptodev(void) #include <sys/types.h> #include <crypto/cryptodev.h> +#include <crypto/dh/dh.h> +#include <crypto/dsa/dsa.h> +#include <crypto/err/err.h> +#include <crypto/rsa/rsa.h> #include <sys/ioctl.h> #include <errno.h> #include <stdio.h> @@ -68,6 +72,16 @@ ENGINE_load_cryptodev(void) struct dev_crypto_state { struct session_op d_sess; int d_fd; + +#ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; + + unsigned char digest_res[HASH_MAX_LEN]; + char *mac_data; + int mac_len; + + int copy; +#endif }; static u_int32_t cryptodev_asymfeat = 0; @@ -75,15 +89,14 @@ static u_int32_t cryptodev_asymfeat = 0; static int get_asym_dev_crypto(void); static int open_dev_crypto(void); static int get_dev_crypto(void); -static int cryptodev_max_iv(int cipher); -static int cryptodev_key_length_valid(int cipher, int len); -static int cipher_nid_to_cryptodev(int nid); static int get_cryptodev_ciphers(const int **cnids); +#ifdef USE_CRYPTODEV_DIGESTS static int get_cryptodev_digests(const int **cnids); +#endif static int cryptodev_usable_ciphers(const int **nids); static int cryptodev_usable_digests(const int **nids); static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); + const unsigned char *in, size_t inl); static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); @@ -100,7 +113,7 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa); + RSA *rsa, BN_CTX *ctx); static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -117,7 +130,7 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f)()); + void (*f)(void)); void ENGINE_load_cryptodev(void); static const ENGINE_CMD_DEFN cryptodev_defns[] = { @@ -130,27 +143,34 @@ static struct { int ivmax; int keylen; } ciphers[] = { + { CRYPTO_ARC4, NID_rc4, 0, 16, }, { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, { 0, NID_undef, 0, 0, }, }; +#ifdef USE_CRYPTODEV_DIGESTS static struct { int id; int nid; + int keylen; } digests[] = { - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, - { CRYPTO_MD5_KPDK, NID_undef, }, - { CRYPTO_SHA1_KPDK, NID_undef, }, - { CRYPTO_MD5, NID_md5, }, - { CRYPTO_SHA1, NID_undef, }, - { 0, NID_undef, }, + { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, + { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, + { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, + { CRYPTO_MD5_KPDK, NID_undef, 0}, + { CRYPTO_SHA1_KPDK, NID_undef, 0}, + { CRYPTO_MD5, NID_md5, 16}, + { CRYPTO_SHA1, NID_sha1, 20}, + { 0, NID_undef, 0}, }; +#endif /* * Return a fd if /dev/crypto seems usable, 0 otherwise. @@ -203,50 +223,6 @@ get_asym_dev_crypto(void) } /* - * XXXX this needs to be set for each alg - and determined from - * a running card. - */ -static int -cryptodev_max_iv(int cipher) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].ivmax); - return (0); -} - -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. For now, fake it out - but most of these - * for real devices should return 1 for the supported key - * sizes the device can handle. - */ -static int -cryptodev_key_length_valid(int cipher, int len) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].keylen == len); - return (0); -} - -/* convert libcrypto nids to cryptodev */ -static int -cipher_nid_to_cryptodev(int nid) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].nid == nid) - return (ciphers[i].id); - return (0); -} - -/* * Find out what ciphers /dev/crypto will let us have a session for. * XXX note, that some of these openssl doesn't deal with yet! * returning them here is harmless, as long as we return NULL @@ -264,7 +240,7 @@ get_cryptodev_ciphers(const int **cnids) return (0); } memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t)"123456781234567812345678"; + sess.key = (caddr_t)"123456789abcdefghijklmno"; for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { if (ciphers[i].nid == NID_undef) @@ -285,6 +261,7 @@ get_cryptodev_ciphers(const int **cnids) return (count); } +#ifdef USE_CRYPTODEV_DIGESTS /* * Find out what digests /dev/crypto will let us have a session for. * XXX note, that some of these openssl doesn't deal with yet! @@ -303,10 +280,12 @@ get_cryptodev_digests(const int **cnids) return (0); } memset(&sess, 0, sizeof(sess)); + sess.mackey = (caddr_t)"123456789abcdefghijklmno"; for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { if (digests[i].nid == NID_undef) continue; sess.mac = digests[i].id; + sess.mackeylen = digests[i].keylen; sess.cipher = 0; if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ioctl(fd, CIOCFSESSION, &sess.ses) != -1) @@ -320,6 +299,7 @@ get_cryptodev_digests(const int **cnids) *cnids = NULL; return (count); } +#endif /* 0 */ /* * Find the useable ciphers|digests from dev/crypto - this is the first @@ -351,6 +331,9 @@ cryptodev_usable_ciphers(const int **nids) static int cryptodev_usable_digests(const int **nids) { +#ifdef USE_CRYPTODEV_DIGESTS + return (get_cryptodev_digests(nids)); +#else /* * XXXX just disable all digests for now, because it sucks. * we need a better way to decide this - i.e. I may not @@ -365,16 +348,17 @@ cryptodev_usable_digests(const int **nids) */ *nids = NULL; return (0); +#endif } static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { struct crypt_op cryp; struct dev_crypto_state *state = ctx->cipher_data; struct session_op *sess = &state->d_sess; - void *iiv; + const void *iiv; unsigned char save_iv[EVP_MAX_IV_LENGTH]; if (state->d_fd < 0) @@ -398,7 +382,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ctx->cipher->iv_len) { cryp.iv = (caddr_t) ctx->iv; if (!ctx->encrypt) { - iiv = (void *) in + inl - ctx->cipher->iv_len; + iiv = in + inl - ctx->cipher->iv_len; memcpy(save_iv, iiv, ctx->cipher->iv_len); } } else @@ -413,7 +397,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ctx->cipher->iv_len) { if (ctx->encrypt) - iiv = (void *) out + inl - ctx->cipher->iv_len; + iiv = out + inl - ctx->cipher->iv_len; else iiv = save_iv; memcpy(ctx->iv, iiv, ctx->cipher->iv_len); @@ -427,23 +411,27 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, { struct dev_crypto_state *state = ctx->cipher_data; struct session_op *sess = &state->d_sess; - int cipher; + int cipher = -1, i; - if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) - return (0); - - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) - return (0); + for (i = 0; ciphers[i].id; i++) + if (ctx->cipher->nid == ciphers[i].nid && + ctx->cipher->iv_len <= ciphers[i].ivmax && + ctx->key_len == ciphers[i].keylen) { + cipher = ciphers[i].id; + break; + } - if (!cryptodev_key_length_valid(cipher, ctx->key_len)) + if (!ciphers[i].id) { + state->d_fd = -1; return (0); + } memset(sess, 0, sizeof(struct session_op)); if ((state->d_fd = get_dev_crypto()) < 0) return (0); - sess->key = (unsigned char *)key; + sess->key = (caddr_t)key; sess->keylen = ctx->key_len; sess->cipher = cipher; @@ -496,6 +484,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) * gets called when libcrypto requests a cipher NID. */ +/* RC4 */ +const EVP_CIPHER cryptodev_rc4 = { + NID_rc4, + 1, 16, 0, + EVP_CIPH_VARIABLE_LENGTH, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + NULL, + NULL, + NULL +}; + /* DES CBC EVP */ const EVP_CIPHER cryptodev_des_cbc = { NID_des_cbc, @@ -563,6 +565,32 @@ const EVP_CIPHER cryptodev_aes_cbc = { NULL }; +const EVP_CIPHER cryptodev_aes_192_cbc = { + NID_aes_192_cbc, + 16, 24, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_aes_256_cbc = { + NID_aes_256_cbc, + 16, 32, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + /* * Registered by the ENGINE when used to find out how to deal with * a particular NID in the ENGINE. this says what we'll do at the @@ -576,6 +604,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return (cryptodev_usable_ciphers(nids)); switch (nid) { + case NID_rc4: + *cipher = &cryptodev_rc4; + break; case NID_des_ede3_cbc: *cipher = &cryptodev_3des_cbc; break; @@ -591,6 +622,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, case NID_aes_128_cbc: *cipher = &cryptodev_aes_cbc; break; + case NID_aes_192_cbc: + *cipher = &cryptodev_aes_192_cbc; + break; + case NID_aes_256_cbc: + *cipher = &cryptodev_aes_256_cbc; + break; default: *cipher = NULL; break; @@ -598,6 +635,234 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return (*cipher != NULL); } + +#ifdef USE_CRYPTODEV_DIGESTS + +/* convert digest type to cryptodev */ +static int +digest_nid_to_cryptodev(int nid) +{ + int i; + + for (i = 0; digests[i].id; i++) + if (digests[i].nid == nid) + return (digests[i].id); + return (0); +} + + +static int +digest_key_length(int nid) +{ + int i; + + for (i = 0; digests[i].id; i++) + if (digests[i].nid == nid) + return digests[i].keylen; + return (0); +} + + +static int cryptodev_digest_init(EVP_MD_CTX *ctx) +{ + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + int digest; + + if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ + printf("cryptodev_digest_init: Can't get digest \n"); + return (0); + } + + memset(state, 0, sizeof(struct dev_crypto_state)); + + if ((state->d_fd = get_dev_crypto()) < 0) { + printf("cryptodev_digest_init: Can't get Dev \n"); + return (0); + } + + sess->mackey = state->dummy_mac_key; + sess->mackeylen = digest_key_length(ctx->digest->type); + sess->mac = digest; + + if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { + close(state->d_fd); + state->d_fd = -1; + printf("cryptodev_digest_init: Open session failed\n"); + return (0); + } + + return (1); +} + +static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, + size_t count) +{ + struct crypt_op cryp; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + if (!data || state->d_fd < 0) { + printf("cryptodev_digest_update: illegal inputs \n"); + return (0); + } + + if (!count) { + return (0); + } + + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { + /* if application doesn't support one buffer */ + state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); + + if (!state->mac_data) { + printf("cryptodev_digest_update: realloc failed\n"); + return (0); + } + + memcpy(state->mac_data + state->mac_len, data, count); + state->mac_len += count; + + return (1); + } + + memset(&cryp, 0, sizeof(cryp)); + + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = count; + cryp.src = (caddr_t) data; + cryp.dst = NULL; + cryp.mac = (caddr_t) state->digest_res; + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { + printf("cryptodev_digest_update: digest failed\n"); + return (0); + } + return (1); +} + + +static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) +{ + struct crypt_op cryp; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + int ret = 1; + + if (!md || state->d_fd < 0) { + printf("cryptodev_digest_final: illegal input\n"); + return(0); + } + + if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { + /* if application doesn't support one buffer */ + memset(&cryp, 0, sizeof(cryp)); + + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = state->mac_len; + cryp.src = state->mac_data; + cryp.dst = NULL; + cryp.mac = (caddr_t)md; + + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { + printf("cryptodev_digest_final: digest failed\n"); + return (0); + } + + return 1; + } + + memcpy(md, state->digest_res, ctx->digest->md_size); + + return (ret); +} + + +static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) +{ + int ret = 1; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + if (state->d_fd < 0) { + printf("cryptodev_digest_cleanup: illegal input\n"); + return (0); + } + + if (state->mac_data) { + OPENSSL_free(state->mac_data); + state->mac_data = NULL; + state->mac_len = 0; + } + + if (state->copy) + return 1; + + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { + printf("cryptodev_digest_cleanup: failed to close session\n"); + ret = 0; + } else { + ret = 1; + } + close(state->d_fd); + state->d_fd = -1; + + return (ret); +} + +static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) +{ + struct dev_crypto_state *fstate = from->md_data; + struct dev_crypto_state *dstate = to->md_data; + + memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); + + if (fstate->mac_len != 0) { + dstate->mac_data = OPENSSL_malloc(fstate->mac_len); + memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); + } + + dstate->copy = 1; + + return 1; +} + + +const EVP_MD cryptodev_sha1 = { + NID_sha1, + NID_undef, + SHA_DIGEST_LENGTH, + EVP_MD_FLAG_ONESHOT, + cryptodev_digest_init, + cryptodev_digest_update, + cryptodev_digest_final, + cryptodev_digest_copy, + cryptodev_digest_cleanup, + EVP_PKEY_NULL_method, + SHA_CBLOCK, + sizeof(struct dev_crypto_state), +}; + +const EVP_MD cryptodev_md5 = { + NID_md5, + NID_undef, + 16 /* MD5_DIGEST_LENGTH */, + EVP_MD_FLAG_ONESHOT, + cryptodev_digest_init, + cryptodev_digest_update, + cryptodev_digest_final, + cryptodev_digest_copy, + cryptodev_digest_cleanup, + EVP_PKEY_NULL_method, + 64 /* MD5_CBLOCK */, + sizeof(struct dev_crypto_state), +}; + +#endif /* USE_CRYPTODEV_DIGESTS */ + + static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) @@ -606,10 +871,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, return (cryptodev_usable_digests(nids)); switch (nid) { +#ifdef USE_CRYPTODEV_DIGESTS case NID_md5: - *digest = NULL; /* need to make a clean md5 critter */ + *digest = &cryptodev_md5; break; + case NID_sha1: + *digest = &cryptodev_sha1; + break; default: +#endif /* USE_CRYPTODEV_DIGESTS */ *digest = NULL; break; } @@ -625,7 +895,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp) { int i, j, k; - ssize_t words, bytes, bits; + ssize_t bytes, bits; u_char *b; crp->crp_p = NULL; @@ -637,8 +907,9 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) b = malloc(bytes); if (b == NULL) return (1); + memset(b, 0, bytes); - crp->crp_p = b; + crp->crp_p = (caddr_t) b; crp->crp_nbits = bits; for (i = 0, j = 0; i < a->top; i++) { @@ -681,7 +952,7 @@ zapparams(struct crypt_kop *kop) { int i; - for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { + for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { if (kop->crk_param[i].crp_p) free(kop->crk_param[i].crp_p); kop->crk_param[i].crp_p = NULL; @@ -746,21 +1017,27 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; kop.crk_iparams = 3; - if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { + if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF asym process failed, Running in software\n"); + ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); + + } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF hardware operation cancelled. Running in Software\n"); ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); } + /* else cryptodev operation worked ok ==> ret = 1*/ + err: zapparams(&kop); return (ret); } static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { int r; - BN_CTX *ctx; - ctx = BN_CTX_new(); r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); BN_CTX_free(ctx); @@ -795,10 +1072,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) goto err; kop.crk_iparams = 6; - if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { + if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF asym process failed, running in Software\n"); + ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); + + } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF hardware operation cancelled. Running in Software\n"); ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); } + /* else cryptodev operation worked ok ==> ret = 1*/ + err: zapparams(&kop); return (ret); @@ -934,7 +1219,8 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, kop.crk_iparams = 7; if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { - dsaret = kop.crk_status; +/*OCF success value is 0, if not zero, change dsaret to fail*/ + if(0 != kop.crk_status) dsaret = 0; } else { const DSA_METHOD *meth = DSA_OpenSSL(); @@ -994,7 +1280,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; kop.crk_iparams = 3; - kop.crk_param[3].crp_p = key; + kop.crk_param[3].crp_p = (caddr_t) key; kop.crk_param[3].crp_nbits = keylen * 8; kop.crk_oparams = 1; @@ -1025,7 +1311,7 @@ static DH_METHOD cryptodev_dh = { * but I expect we'll want some options soon. */ static int -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { #ifdef HAVE_SYSLOG_R struct syslog_data sd = SYSLOG_DATA_INIT; diff --git a/lib/libcrypto/engine/tb_asnmth.c b/lib/libcrypto/engine/tb_asnmth.c new file mode 100644 index 00000000000..75090339f7a --- /dev/null +++ b/lib/libcrypto/engine/tb_asnmth.c @@ -0,0 +1,246 @@ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" +#include "asn1_locl.h" +#include <openssl/evp.h> + +/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the + * function that is used by EVP to hook in pkey_asn1_meth code and cache + * defaults (etc), will display brief debugging summaries to stderr with the + * 'nid'. */ +/* #define ENGINE_PKEY_ASN1_METH_DEBUG */ + +static ENGINE_TABLE *pkey_asn1_meth_table = NULL; + +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e) + { + engine_table_unregister(&pkey_asn1_meth_table, e); + } + +static void engine_unregister_all_pkey_asn1_meths(void) + { + engine_table_cleanup(&pkey_asn1_meth_table); + } + +int ENGINE_register_pkey_asn1_meths(ENGINE *e) + { + if(e->pkey_asn1_meths) + { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 0); + } + return 1; + } + +void ENGINE_register_all_pkey_asn1_meths(void) + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_pkey_asn1_meths(e); + } + +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e) + { + if(e->pkey_asn1_meths) + { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 1); + } + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_asn1_meth 'nid' */ +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid) + { + return engine_table_select(&pkey_asn1_meth_table, nid); + } + +/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid) + { + EVP_PKEY_ASN1_METHOD *ret; + ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e); + if(!fn || !fn(e, &ret, NULL, nid)) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, + ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; + } + +/* Gets the pkey_asn1_meth callback from an ENGINE structure */ +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e) + { + return e->pkey_asn1_meths; + } + +/* Sets the pkey_asn1_meth callback in an ENGINE structure */ +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) + { + e->pkey_asn1_meths = f; + return 1; + } + +/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an + * ENGINE is destroyed + */ + +void engine_pkey_asn1_meths_free(ENGINE *e) + { + int i; + EVP_PKEY_ASN1_METHOD *pkm; + if (e->pkey_asn1_meths) + { + const int *pknids; + int npknids; + npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) + { + if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) + { + EVP_PKEY_asn1_free(pkm); + } + } + } + } + +/* Find a method based on a string. This does a linear search through + * all implemented algorithms. This is OK in practice because only + * a small number of algorithms are likely to be implemented in an engine + * and it is not used for speed critical operations. + */ + +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, int len) + { + int i, nidcount; + const int *nids; + EVP_PKEY_ASN1_METHOD *ameth; + if (!e->pkey_asn1_meths) + return NULL; + if (len == -1) + len = strlen(str); + nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); + for (i = 0; i < nidcount; i++) + { + e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); + if (((int)strlen(ameth->pem_str) == len) && + !strncasecmp(ameth->pem_str, str, len)) + return ameth; + } + return NULL; + } + +typedef struct + { + ENGINE *e; + const EVP_PKEY_ASN1_METHOD *ameth; + const char *str; + int len; + } ENGINE_FIND_STR; + +static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) + { + ENGINE_FIND_STR *lk = arg; + int i; + if (lk->ameth) + return; + for (i = 0; i < sk_ENGINE_num(sk); i++) + { + ENGINE *e = sk_ENGINE_value(sk, i); + EVP_PKEY_ASN1_METHOD *ameth; + e->pkey_asn1_meths(e, &ameth, NULL, nid); + if (((int)strlen(ameth->pem_str) == lk->len) && + !strncasecmp(ameth->pem_str, lk->str, lk->len)) + { + lk->e = e; + lk->ameth = ameth; + return; + } + } + } + +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len) + { + ENGINE_FIND_STR fstr; + fstr.e = NULL; + fstr.ameth = NULL; + fstr.str = str; + fstr.len = len; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr); + /* If found obtain a structural reference to engine */ + if (fstr.e) + { + fstr.e->struct_ref++; + engine_ref_debug(fstr.e, 0, 1) + } + *pe = fstr.e; + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return fstr.ameth; + } diff --git a/lib/libcrypto/engine/tb_pkmeth.c b/lib/libcrypto/engine/tb_pkmeth.c new file mode 100644 index 00000000000..1cdb967f253 --- /dev/null +++ b/lib/libcrypto/engine/tb_pkmeth.c @@ -0,0 +1,167 @@ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" +#include <openssl/evp.h> + +/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function + * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_PKEY_METH_DEBUG */ + +static ENGINE_TABLE *pkey_meth_table = NULL; + +void ENGINE_unregister_pkey_meths(ENGINE *e) + { + engine_table_unregister(&pkey_meth_table, e); + } + +static void engine_unregister_all_pkey_meths(void) + { + engine_table_cleanup(&pkey_meth_table); + } + +int ENGINE_register_pkey_meths(ENGINE *e) + { + if(e->pkey_meths) + { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 0); + } + return 1; + } + +void ENGINE_register_all_pkey_meths() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_pkey_meths(e); + } + +int ENGINE_set_default_pkey_meths(ENGINE *e) + { + if(e->pkey_meths) + { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 1); + } + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_meth 'nid' */ +ENGINE *ENGINE_get_pkey_meth_engine(int nid) + { + return engine_table_select(&pkey_meth_table, nid); + } + +/* Obtains a pkey_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid) + { + EVP_PKEY_METHOD *ret; + ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e); + if(!fn || !fn(e, &ret, NULL, nid)) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH, + ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; + } + +/* Gets the pkey_meth callback from an ENGINE structure */ +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e) + { + return e->pkey_meths; + } + +/* Sets the pkey_meth callback in an ENGINE structure */ +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f) + { + e->pkey_meths = f; + return 1; + } + +/* Internal function to free up EVP_PKEY_METHOD structures before an + * ENGINE is destroyed + */ + +void engine_pkey_meths_free(ENGINE *e) + { + int i; + EVP_PKEY_METHOD *pkm; + if (e->pkey_meths) + { + const int *pknids; + int npknids; + npknids = e->pkey_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) + { + if (e->pkey_meths(e, &pkm, NULL, pknids[i])) + { + EVP_PKEY_meth_free(pkm); + } + } + } + } diff --git a/lib/libcrypto/err/Makefile b/lib/libcrypto/err/Makefile index 91d1379d410..862b23ba176 100644 --- a/lib/libcrypto/err/Makefile +++ b/lib/libcrypto/err/Makefile @@ -17,8 +17,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=err.c err_def.c err_all.c err_prn.c err_str.c err_bio.c -LIBOBJ=err.o err_def.o err_all.o err_prn.o err_str.o err_bio.o +LIBSRC=err.c err_all.c err_prn.c +LIBOBJ=err.o err_all.o err_prn.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -83,37 +83,24 @@ err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h err.o: ../cryptlib.h err.c err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -err_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h +err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h err_all.o: ../../include/openssl/x509v3.h err_all.c -err_bio.o: ../../e_os.h ../../include/openssl/bio.h -err_bio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_bio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_bio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_bio.o: ../../include/openssl/symhacks.h ../cryptlib.h err_bio.c -err_def.o: ../../e_os.h ../../include/openssl/bio.h -err_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_def.o: ../../include/openssl/symhacks.h ../cryptlib.h err_def.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -121,10 +108,3 @@ err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c -err_str.o: ../../e_os.h ../../include/openssl/bio.h -err_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_str.o: ../../include/openssl/symhacks.h ../cryptlib.h err_str.c diff --git a/lib/libcrypto/evp/e_camellia.c b/lib/libcrypto/evp/e_camellia.c index 365d3971645..a7b40d1c600 100644 --- a/lib/libcrypto/evp/e_camellia.c +++ b/lib/libcrypto/evp/e_camellia.c @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, EVP_CIPHER_get_asn1_iv, NULL) -#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0) +#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) diff --git a/lib/libcrypto/evp/e_seed.c b/lib/libcrypto/evp/e_seed.c index 8c1ec0d43a6..2d1759d2766 100644 --- a/lib/libcrypto/evp/e_seed.c +++ b/lib/libcrypto/evp/e_seed.c @@ -54,11 +54,11 @@ */ #include <openssl/opensslconf.h> +#ifndef OPENSSL_NO_SEED #include <openssl/evp.h> #include <openssl/err.h> #include <string.h> #include <assert.h> -#ifndef OPENSSL_NO_SEED #include <openssl/seed.h> #include "evp_locl.h" diff --git a/lib/libcrypto/evp/m_ecdsa.c b/lib/libcrypto/evp/m_ecdsa.c index fad270faca2..8d87a49ebe9 100644 --- a/lib/libcrypto/evp/m_ecdsa.c +++ b/lib/libcrypto/evp/m_ecdsa.c @@ -130,7 +130,7 @@ static const EVP_MD ecdsa_md= NID_ecdsa_with_SHA1, NID_ecdsa_with_SHA1, SHA_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_DIGEST, init, update, final, diff --git a/lib/libcrypto/evp/m_sigver.c b/lib/libcrypto/evp/m_sigver.c new file mode 100644 index 00000000000..f0b7f95059e --- /dev/null +++ b/lib/libcrypto/evp/m_sigver.c @@ -0,0 +1,200 @@ +/* m_sigver.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#include "evp_locl.h" + +static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, + int ver) + { + if (ctx->pctx == NULL) + ctx->pctx = EVP_PKEY_CTX_new(pkey, e); + if (ctx->pctx == NULL) + return 0; + + if (type == NULL) + { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) + type = EVP_get_digestbynid(def_nid); + } + + if (type == NULL) + { + EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST); + return 0; + } + + if (ver) + { + if (ctx->pctx->pmeth->verifyctx_init) + { + if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <=0) + return 0; + ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; + } + else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) + return 0; + } + else + { + if (ctx->pctx->pmeth->signctx_init) + { + if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) + return 0; + ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; + } + else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) + return 0; + } + if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) + return 0; + if (pctx) + *pctx = ctx->pctx; + if (!EVP_DigestInit_ex(ctx, type, e)) + return 0; + return 1; + } + +int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) + { + return do_sigver_init(ctx, pctx, type, e, pkey, 0); + } + +int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) + { + return do_sigver_init(ctx, pctx, type, e, pkey, 1); + } + +int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) + { + int sctx, r = 0; + if (ctx->pctx->pmeth->signctx) + sctx = 1; + else + sctx = 0; + if (sigret) + { + MS_STATIC EVP_MD_CTX tmp_ctx; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen; + EVP_MD_CTX_init(&tmp_ctx); + if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx)) + return 0; + if (sctx) + r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, + sigret, siglen, &tmp_ctx); + else + r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen); + EVP_MD_CTX_cleanup(&tmp_ctx); + if (sctx || !r) + return r; + if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) + return 0; + } + else + { + if (sctx) + { + if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0) + return 0; + } + else + { + int s = EVP_MD_size(ctx->digest); + if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0) + return 0; + } + } + return 1; + } + +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen) + { + MS_STATIC EVP_MD_CTX tmp_ctx; + unsigned char md[EVP_MAX_MD_SIZE]; + int r; + unsigned int mdlen; + int vctx; + + if (ctx->pctx->pmeth->verifyctx) + vctx = 1; + else + vctx = 0; + EVP_MD_CTX_init(&tmp_ctx); + if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx)) + return -1; + if (vctx) + { + r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, + sig, siglen, &tmp_ctx); + } + else + r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen); + EVP_MD_CTX_cleanup(&tmp_ctx); + if (vctx || !r) + return r; + return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); + } diff --git a/lib/libcrypto/evp/m_wp.c b/lib/libcrypto/evp/m_wp.c new file mode 100644 index 00000000000..1ce47c040bc --- /dev/null +++ b/lib/libcrypto/evp/m_wp.c @@ -0,0 +1,42 @@ +/* crypto/evp/m_wp.c */ + +#include <stdio.h> +#include "cryptlib.h" + +#ifndef OPENSSL_NO_WHIRLPOOL + +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#include <openssl/whrlpool.h> + +static int init(EVP_MD_CTX *ctx) + { return WHIRLPOOL_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) + { return WHIRLPOOL_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return WHIRLPOOL_Final(md,ctx->md_data); } + +static const EVP_MD whirlpool_md= + { + NID_whirlpool, + 0, + WHIRLPOOL_DIGEST_LENGTH, + 0, + init, + update, + final, + NULL, + NULL, + EVP_PKEY_NULL_method, + WHIRLPOOL_BBLOCK/8, + sizeof(EVP_MD *)+sizeof(WHIRLPOOL_CTX), + }; + +const EVP_MD *EVP_whirlpool(void) + { + return(&whirlpool_md); + } +#endif diff --git a/lib/libcrypto/evp/pmeth_fn.c b/lib/libcrypto/evp/pmeth_fn.c new file mode 100644 index 00000000000..c4676f2f8df --- /dev/null +++ b/lib/libcrypto/evp/pmeth_fn.c @@ -0,0 +1,368 @@ +/* pmeth_fn.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/evp.h> +#include "evp_locl.h" + +#define M_check_autoarg(ctx, arg, arglen, err) \ + if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ + { \ + size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ + if (!arg) \ + { \ + *arglen = pksize; \ + return 1; \ + } \ + else if (*arglen < pksize) \ + { \ + EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\ + return 0; \ + } \ + } + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) + { + EVPerr(EVP_F_EVP_PKEY_SIGN_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_SIGN; + if (!ctx->pmeth->sign_init) + return 1; + ret = ctx->pmeth->sign_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) + { + EVPerr(EVP_F_EVP_PKEY_SIGN, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_SIGN) + { + EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) + return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); + } + +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_VERIFY; + if (!ctx->pmeth->verify_init) + return 1; + ret = ctx->pmeth->verify_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_VERIFY) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); + } + +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_VERIFYRECOVER; + if (!ctx->pmeth->verify_recover_init) + return 1; + ret = ctx->pmeth->verify_recover_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) + return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); + } + +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) + { + EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_ENCRYPT; + if (!ctx->pmeth->encrypt_init) + return 1; + ret = ctx->pmeth->encrypt_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) + { + EVPerr(EVP_F_EVP_PKEY_ENCRYPT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_ENCRYPT) + { + EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) + return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); + } + +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) + { + EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_DECRYPT; + if (!ctx->pmeth->decrypt_init) + return 1; + ret = ctx->pmeth->decrypt_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) + { + EVPerr(EVP_F_EVP_PKEY_DECRYPT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DECRYPT) + { + EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) + return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); + } + + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_DERIVE; + if (!ctx->pmeth->derive_init) + return 1; + ret = ctx->pmeth->derive_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) + { + int ret; + if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive||ctx->pmeth->encrypt||ctx->pmeth->decrypt) || !ctx->pmeth->ctrl) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DERIVE && ctx->operation != EVP_PKEY_OP_ENCRYPT && ctx->operation != EVP_PKEY_OP_DECRYPT) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); + + if (ret <= 0) + return ret; + + if (ret == 2) + return 1; + + if (!ctx->pkey) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET); + return -1; + } + + if (ctx->pkey->type != peer->type) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_DIFFERENT_KEY_TYPES); + return -1; + } + + /* ran@cryptocom.ru: For clarity. The error is if parameters in peer are + * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return + * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 + * (different key types) is impossible here because it is checked earlier. + * -2 is OK for us here, as well as 1, so we can check for 0 only. */ + if (!EVP_PKEY_missing_parameters(peer) && + !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_DIFFERENT_PARAMETERS); + return -1; + } + + if (ctx->peerkey) + EVP_PKEY_free(ctx->peerkey); + ctx->peerkey = peer; + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); + + if (ret <= 0) + { + ctx->peerkey = NULL; + return ret; + } + + CRYPTO_add(&peer->references,1,CRYPTO_LOCK_EVP_PKEY); + return 1; + } + + +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DERIVE) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) + return ctx->pmeth->derive(ctx, key, pkeylen); + } + diff --git a/lib/libcrypto/evp/pmeth_gn.c b/lib/libcrypto/evp/pmeth_gn.c new file mode 100644 index 00000000000..5d74161a09a --- /dev/null +++ b/lib/libcrypto/evp/pmeth_gn.c @@ -0,0 +1,220 @@ +/* pmeth_gn.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/evp.h> +#include <openssl/bn.h> +#include "evp_locl.h" + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) + { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_PARAMGEN; + if (!ctx->pmeth->paramgen_init) + return 1; + ret = ctx->pmeth->paramgen_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) + { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->operation != EVP_PKEY_OP_PARAMGEN) + { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (!ppkey) + return -1; + + if (!*ppkey) + *ppkey = EVP_PKEY_new(); + + ret = ctx->pmeth->paramgen(ctx, *ppkey); + if (ret <= 0) + { + EVP_PKEY_free(*ppkey); + *ppkey = NULL; + } + return ret; + } + +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) + { + EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_KEYGEN; + if (!ctx->pmeth->keygen_init) + return 1; + ret = ctx->pmeth->keygen_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) + { + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) + { + EVPerr(EVP_F_EVP_PKEY_KEYGEN, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_KEYGEN) + { + EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (!ppkey) + return -1; + + if (!*ppkey) + *ppkey = EVP_PKEY_new(); + + ret = ctx->pmeth->keygen(ctx, *ppkey); + if (ret <= 0) + { + EVP_PKEY_free(*ppkey); + *ppkey = NULL; + } + return ret; + } + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb) + { + ctx->pkey_gencb = cb; + } + +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) + { + return ctx->pkey_gencb; + } + +/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB + * style callbacks. + */ + +static int trans_cb(int a, int b, BN_GENCB *gcb) + { + EVP_PKEY_CTX *ctx = gcb->arg; + ctx->keygen_info[0] = a; + ctx->keygen_info[1] = b; + return ctx->pkey_gencb(ctx); + } + +void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) + { + BN_GENCB_set(cb, trans_cb, ctx) + } + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) + { + if (idx == -1) + return ctx->keygen_info_count; + if (idx < 0 || idx > ctx->keygen_info_count) + return 0; + return ctx->keygen_info[idx]; + } + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + unsigned char *key, int keylen) + { + EVP_PKEY_CTX *mac_ctx = NULL; + EVP_PKEY *mac_key = NULL; + mac_ctx = EVP_PKEY_CTX_new_id(type, e); + if (!mac_ctx) + return NULL; + if (EVP_PKEY_keygen_init(mac_ctx) <= 0) + goto merr; + if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key) <= 0) + goto merr; + if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) + goto merr; + merr: + if (mac_ctx) + EVP_PKEY_CTX_free(mac_ctx); + return mac_key; + } diff --git a/lib/libcrypto/evp/pmeth_lib.c b/lib/libcrypto/evp/pmeth_lib.c new file mode 100644 index 00000000000..b2d8de3a8de --- /dev/null +++ b/lib/libcrypto/evp/pmeth_lib.c @@ -0,0 +1,538 @@ +/* pmeth_lib.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif +#include "asn1_locl.h" +#include "evp_locl.h" + +typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); + +DECLARE_STACK_OF(EVP_PKEY_METHOD) +STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; + +extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; +extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth; + +static const EVP_PKEY_METHOD *standard_methods[] = + { +#ifndef OPENSSL_NO_RSA + &rsa_pkey_meth, +#endif +#ifndef OPENSSL_NO_DH + &dh_pkey_meth, +#endif +#ifndef OPENSSL_NO_DSA + &dsa_pkey_meth, +#endif +#ifndef OPENSSL_NO_EC + &ec_pkey_meth, +#endif + &hmac_pkey_meth, + }; + +DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, + pmeth); + +static int pmeth_cmp(const EVP_PKEY_METHOD * const *a, + const EVP_PKEY_METHOD * const *b) + { + return ((*a)->pkey_id - (*b)->pkey_id); + } + +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, + pmeth); + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) + { + EVP_PKEY_METHOD tmp; + const EVP_PKEY_METHOD *t = &tmp, **ret; + tmp.pkey_id = type; + if (app_pkey_methods) + { + int idx; + idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp); + if (idx >= 0) + return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); + } + ret = OBJ_bsearch_pmeth(&t, standard_methods, + sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *)); + if (!ret || !*ret) + return NULL; + return *ret; + } + +static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) + { + EVP_PKEY_CTX *ret; + const EVP_PKEY_METHOD *pmeth; + if (id == -1) + { + if (!pkey || !pkey->ameth) + return NULL; + id = pkey->ameth->pkey_id; + } +#ifndef OPENSSL_NO_ENGINE + /* Try to find an ENGINE which implements this method */ + if (e) + { + if (!ENGINE_init(e)) + { + EVPerr(EVP_F_INT_CTX_NEW,ERR_R_ENGINE_LIB); + return NULL; + } + } + else + e = ENGINE_get_pkey_meth_engine(id); + + /* If an ENGINE handled this method look it up. Othewise + * use internal tables. + */ + + if (e) + pmeth = ENGINE_get_pkey_meth(e, id); + else +#endif + pmeth = EVP_PKEY_meth_find(id); + + if (pmeth == NULL) + { + EVPerr(EVP_F_INT_CTX_NEW,EVP_R_UNSUPPORTED_ALGORITHM); + return NULL; + } + + ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + if (!ret) + { +#ifndef OPENSSL_NO_ENGINE + if (e) + ENGINE_finish(e); +#endif + EVPerr(EVP_F_INT_CTX_NEW,ERR_R_MALLOC_FAILURE); + return NULL; + } + ret->engine = e; + ret->pmeth = pmeth; + ret->operation = EVP_PKEY_OP_UNDEFINED; + ret->pkey = pkey; + ret->peerkey = NULL; + ret->pkey_gencb = 0; + if (pkey) + CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); + ret->data = NULL; + + if (pmeth->init) + { + if (pmeth->init(ret) <= 0) + { + EVP_PKEY_CTX_free(ret); + return NULL; + } + } + + return ret; + } + +EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags) + { + EVP_PKEY_METHOD *pmeth; + pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); + if (!pmeth) + return NULL; + + pmeth->pkey_id = id; + pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; + + pmeth->init = 0; + pmeth->copy = 0; + pmeth->cleanup = 0; + pmeth->paramgen_init = 0; + pmeth->paramgen = 0; + pmeth->keygen_init = 0; + pmeth->keygen = 0; + pmeth->sign_init = 0; + pmeth->sign = 0; + pmeth->verify_init = 0; + pmeth->verify = 0; + pmeth->verify_recover_init = 0; + pmeth->verify_recover = 0; + pmeth->signctx_init = 0; + pmeth->signctx = 0; + pmeth->verifyctx_init = 0; + pmeth->verifyctx = 0; + pmeth->encrypt_init = 0; + pmeth->encrypt = 0; + pmeth->decrypt_init = 0; + pmeth->decrypt = 0; + pmeth->derive_init = 0; + pmeth->derive = 0; + pmeth->ctrl = 0; + pmeth->ctrl_str = 0; + + return pmeth; + } + +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) + { + if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) + OPENSSL_free(pmeth); + } + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) + { + return int_ctx_new(pkey, e, -1); + } + +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) + { + return int_ctx_new(NULL, e, id); + } + +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) + { + EVP_PKEY_CTX *rctx; + if (!pctx->pmeth || !pctx->pmeth->copy) + return NULL; +#ifndef OPENSSL_NO_ENGINE + /* Make sure it's safe to copy a pkey context using an ENGINE */ + if (pctx->engine && !ENGINE_init(pctx->engine)) + { + EVPerr(EVP_F_EVP_PKEY_CTX_DUP,ERR_R_ENGINE_LIB); + return 0; + } +#endif + rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + if (!rctx) + return NULL; + + rctx->pmeth = pctx->pmeth; +#ifndef OPENSSL_NO_ENGINE + rctx->engine = pctx->engine; +#endif + + if (pctx->pkey) + CRYPTO_add(&pctx->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); + + rctx->pkey = pctx->pkey; + + if (pctx->peerkey) + CRYPTO_add(&pctx->peerkey->references,1,CRYPTO_LOCK_EVP_PKEY); + + rctx->peerkey = pctx->peerkey; + + rctx->data = NULL; + rctx->app_data = NULL; + rctx->operation = pctx->operation; + + if (pctx->pmeth->copy(rctx, pctx) > 0) + return rctx; + + EVP_PKEY_CTX_free(rctx); + return NULL; + + } + +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) + { + if (app_pkey_methods == NULL) + { + app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); + if (!app_pkey_methods) + return 0; + } + if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) + return 0; + sk_EVP_PKEY_METHOD_sort(app_pkey_methods); + return 1; + } + +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) + { + if (ctx == NULL) + return; + if (ctx->pmeth && ctx->pmeth->cleanup) + ctx->pmeth->cleanup(ctx); + if (ctx->pkey) + EVP_PKEY_free(ctx->pkey); + if (ctx->peerkey) + EVP_PKEY_free(ctx->peerkey); +#ifndef OPENSSL_NO_ENGINE + if(ctx->engine) + /* The EVP_PKEY_CTX we used belongs to an ENGINE, release the + * functional reference we held for this reason. */ + ENGINE_finish(ctx->engine); +#endif + OPENSSL_free(ctx); + } + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) + return -1; + + if (ctx->operation == EVP_PKEY_OP_UNDEFINED) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET); + return -1; + } + + if ((optype != -1) && !(ctx->operation & optype)) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION); + return -1; + } + + ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); + + if (ret == -2) + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); + + return ret; + + } + +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, + const char *name, const char *value) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, + EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + if (!strcmp(name, "digest")) + { + const EVP_MD *md; + if (!value || !(md = EVP_get_digestbyname(value))) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, + EVP_R_INVALID_DIGEST); + return 0; + } + return EVP_PKEY_CTX_set_signature_md(ctx, md); + } + return ctx->pmeth->ctrl_str(ctx, name, value); + } + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) + { + return ctx->operation; + } + +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) + { + ctx->keygen_info = dat; + ctx->keygen_info_count = datlen; + } + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) + { + ctx->data = data; + } + +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx) + { + return ctx->data; + } + +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) + { + return ctx->pkey; + } + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) + { + return ctx->peerkey; + } + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) + { + ctx->app_data = data; + } + +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) + { + return ctx->app_data; + } + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init)(EVP_PKEY_CTX *ctx)) + { + pmeth->init = init; + } + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)) + { + pmeth->copy = copy; + } + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup)(EVP_PKEY_CTX *ctx)) + { + pmeth->cleanup = cleanup; + } + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init)(EVP_PKEY_CTX *ctx), + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) + { + pmeth->paramgen_init = paramgen_init; + pmeth->paramgen = paramgen; + } + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init)(EVP_PKEY_CTX *ctx), + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) + { + pmeth->keygen_init = keygen_init; + pmeth->keygen = keygen; + } + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init)(EVP_PKEY_CTX *ctx), + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) + { + pmeth->sign_init = sign_init; + pmeth->sign = sign; + } + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init)(EVP_PKEY_CTX *ctx), + int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)) + { + pmeth->verify_init = verify_init; + pmeth->verify = verify; + } + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init)(EVP_PKEY_CTX *ctx), + int (*verify_recover)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) + { + pmeth->verify_recover_init = verify_recover_init; + pmeth->verify_recover = verify_recover; + } + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)) + { + pmeth->signctx_init = signctx_init; + pmeth->signctx = signctx; + } + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen, + EVP_MD_CTX *mctx)) + { + pmeth->verifyctx_init = verifyctx_init; + pmeth->verifyctx = verifyctx; + } + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init)(EVP_PKEY_CTX *ctx), + int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)) + { + pmeth->encrypt_init = encrypt_init; + pmeth->encrypt = encryptfn; + } + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init)(EVP_PKEY_CTX *ctx), + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)) + { + pmeth->decrypt_init = decrypt_init; + pmeth->decrypt = decrypt; + } + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init)(EVP_PKEY_CTX *ctx), + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)) + { + pmeth->derive_init = derive_init; + pmeth->derive = derive; + } + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)) + { + pmeth->ctrl = ctrl; + pmeth->ctrl_str = ctrl_str; + } diff --git a/lib/libcrypto/hmac/Makefile b/lib/libcrypto/hmac/Makefile index 5cfa37d99c2..0e91709f64c 100644 --- a/lib/libcrypto/hmac/Makefile +++ b/lib/libcrypto/hmac/Makefile @@ -17,8 +17,8 @@ TEST=hmactest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=hmac.c -LIBOBJ=hmac.o +LIBSRC=hmac.c hm_ameth.c hm_pmeth.c +LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,13 +74,37 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +hm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +hm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +hm_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +hm_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h +hm_ameth.o: hm_ameth.c +hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +hm_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +hm_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +hm_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hm_pmeth.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +hm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hm_pmeth.o: ../../include/openssl/opensslconf.h +hm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +hm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h hm_pmeth.c hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -hmac.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hmac.o: ../cryptlib.h hmac.c +hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c diff --git a/lib/libcrypto/hmac/hm_ameth.c b/lib/libcrypto/hmac/hm_ameth.c new file mode 100644 index 00000000000..6d8a89149ee --- /dev/null +++ b/lib/libcrypto/hmac/hm_ameth.c @@ -0,0 +1,167 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include "asn1_locl.h" + +#define HMAC_TEST_PRIVATE_KEY_FORMAT + +/* HMAC "ASN1" method. This is just here to indicate the + * maximum HMAC output length and to free up an HMAC + * key. + */ + +static int hmac_size(const EVP_PKEY *pkey) + { + return EVP_MAX_MD_SIZE; + } + +static void hmac_key_free(EVP_PKEY *pkey) + { + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + if (os) + { + if (os->data) + OPENSSL_cleanse(os->data, os->length); + ASN1_OCTET_STRING_free(os); + } + } + + +static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + switch (op) + { + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 1; + + default: + return -2; + } + } + +#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT +/* A bogus private key format for test purposes. This is simply the + * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the + * genpkey utility can be used to "generate" HMAC keys. + */ + +static int old_hmac_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + ASN1_OCTET_STRING *os; + os = ASN1_OCTET_STRING_new(); + if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os); + return 1; + } + +static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + int inc; + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + if (pder) + { + if (!*pder) + { + *pder = OPENSSL_malloc(os->length); + inc = 0; + } + else inc = 1; + + memcpy(*pder, os->data, os->length); + + if (inc) + *pder += os->length; + } + + return os->length; + } + +#endif + +const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = + { + EVP_PKEY_HMAC, + EVP_PKEY_HMAC, + 0, + + "HMAC", + "OpenSSL HMAC method", + + 0,0,0,0, + + 0,0,0, + + hmac_size, + 0, + 0,0,0,0,0,0, + + hmac_key_free, + hmac_pkey_ctrl, +#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT + old_hmac_decode, + old_hmac_encode +#else + 0,0 +#endif + }; + diff --git a/lib/libcrypto/hmac/hm_pmeth.c b/lib/libcrypto/hmac/hm_pmeth.c new file mode 100644 index 00000000000..985921ca1ae --- /dev/null +++ b/lib/libcrypto/hmac/hm_pmeth.c @@ -0,0 +1,265 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include "evp_locl.h" + +/* HMAC pkey context structure */ + +typedef struct + { + const EVP_MD *md; /* MD for HMAC use */ + ASN1_OCTET_STRING ktmp; /* Temp storage for key */ + HMAC_CTX ctx; + } HMAC_PKEY_CTX; + +static int pkey_hmac_init(EVP_PKEY_CTX *ctx) + { + HMAC_PKEY_CTX *hctx; + hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); + if (!hctx) + return 0; + hctx->md = NULL; + hctx->ktmp.data = NULL; + hctx->ktmp.length = 0; + hctx->ktmp.flags = 0; + hctx->ktmp.type = V_ASN1_OCTET_STRING; + HMAC_CTX_init(&hctx->ctx); + + ctx->data = hctx; + ctx->keygen_info_count = 0; + + return 1; + } + +static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + HMAC_PKEY_CTX *sctx, *dctx; + if (!pkey_hmac_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->md = sctx->md; + HMAC_CTX_init(&dctx->ctx); + HMAC_CTX_copy(&dctx->ctx, &sctx->ctx); + if (sctx->ktmp.data) + { + if (!ASN1_OCTET_STRING_set(&dctx->ktmp, + sctx->ktmp.data, sctx->ktmp.length)) + return 0; + } + return 1; + } + +static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) + { + HMAC_PKEY_CTX *hctx = ctx->data; + HMAC_CTX_cleanup(&hctx->ctx); + if (hctx->ktmp.data) + { + if (hctx->ktmp.length) + OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); + OPENSSL_free(hctx->ktmp.data); + hctx->ktmp.data = NULL; + } + OPENSSL_free(hctx); + } + +static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + ASN1_OCTET_STRING *hkey = NULL; + HMAC_PKEY_CTX *hctx = ctx->data; + if (!hctx->ktmp.data) + return 0; + hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); + if (!hkey) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); + + return 1; + } + +static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count) + { + HMAC_PKEY_CTX *hctx = ctx->pctx->data; + HMAC_Update(&hctx->ctx, data, count); + return 1; + } + +static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) + { + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); + mctx->update = int_update; + return 1; + } + +static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx) + { + unsigned int hlen; + HMAC_PKEY_CTX *hctx = ctx->data; + int l = EVP_MD_CTX_size(mctx); + + if (l < 0) + return 0; + *siglen = l; + if (!sig) + return 1; + + HMAC_Final(&hctx->ctx, sig, &hlen); + *siglen = (size_t)hlen; + return 1; + } + +static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + HMAC_PKEY_CTX *hctx = ctx->data; + ASN1_OCTET_STRING *key; + switch (type) + { + + case EVP_PKEY_CTRL_SET_MAC_KEY: + if ((!p2 && p1 > 0) || (p1 < -1)) + return 0; + if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) + return 0; + break; + + case EVP_PKEY_CTRL_MD: + hctx->md = p2; + break; + + case EVP_PKEY_CTRL_DIGESTINIT: + key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; + HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, + ctx->engine); + break; + + default: + return -2; + + } + return 1; + } + +static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!value) + { + return 0; + } + if (!strcmp(type, "key")) + { + void *p = (void *)value; + return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, + -1, p); + } + if (!strcmp(type, "hexkey")) + { + unsigned char *key; + int r; + long keylen; + key = string_to_hex(value, &keylen); + if (!key) + return 0; + r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); + OPENSSL_free(key); + return r; + } + return -2; + } + +const EVP_PKEY_METHOD hmac_pkey_meth = + { + EVP_PKEY_HMAC, + 0, + pkey_hmac_init, + pkey_hmac_copy, + pkey_hmac_cleanup, + + 0, 0, + + 0, + pkey_hmac_keygen, + + 0, 0, + + 0, 0, + + 0,0, + + hmac_signctx_init, + hmac_signctx, + + 0,0, + + 0,0, + + 0,0, + + 0,0, + + pkey_hmac_ctrl, + pkey_hmac_ctrl_str + + }; diff --git a/lib/libcrypto/ia64cpuid.S b/lib/libcrypto/ia64cpuid.S index 04fbb3439eb..d705fff7ee7 100644 --- a/lib/libcrypto/ia64cpuid.S +++ b/lib/libcrypto/ia64cpuid.S @@ -1,6 +1,13 @@ // Works on all IA-64 platforms: Linux, HP-UX, Win64i... // On Win64i compile with ias.exe. .text + +.global OPENSSL_cpuid_setup# +.proc OPENSSL_cpuid_setup# +OPENSSL_cpuid_setup: +{ .mib; br.ret.sptk.many b0 };; +.endp OPENSSL_cpuid_setup# + .global OPENSSL_rdtsc# .proc OPENSSL_rdtsc# OPENSSL_rdtsc: @@ -119,3 +126,42 @@ OPENSSL_wipe_cpu: mov ar.lc=r3 br.ret.sptk b0 };; .endp OPENSSL_wipe_cpu# + +.global OPENSSL_cleanse# +.proc OPENSSL_cleanse# +OPENSSL_cleanse: +{ .mib; cmp.eq p6,p0=0,r33 // len==0 +#if defined(_HPUX_SOURCE) && !defined(_LP64) + addp4 r32=0,r32 +#endif +(p6) br.ret.spnt b0 };; +{ .mib; and r2=7,r32 + cmp.leu p6,p0=15,r33 // len>=15 +(p6) br.cond.dptk .Lot };; + +.Little: +{ .mib; st1 [r32]=r0,1 + cmp.ltu p6,p7=1,r33 } // len>1 +{ .mbb; add r33=-1,r33 // len-- +(p6) br.cond.dptk .Little +(p7) br.ret.sptk.many b0 };; + +.Lot: +{ .mib; cmp.eq p6,p0=0,r2 +(p6) br.cond.dptk .Laligned };; +{ .mmi; st1 [r32]=r0,1;; + and r2=7,r32 } +{ .mib; add r33=-1,r33 + br .Lot };; + +.Laligned: +{ .mmi; st8 [r32]=r0,8 + and r2=-8,r33 // len&~7 + add r33=-8,r33 };; // len-=8 +{ .mib; cmp.ltu p6,p0=8,r2 // ((len+8)&~7)>8 +(p6) br.cond.dptk .Laligned };; + +{ .mbb; cmp.eq p6,p7=r0,r33 +(p7) br.cond.dpnt .Little +(p6) br.ret.sptk.many b0 };; +.endp OPENSSL_cleanse# diff --git a/lib/libcrypto/idea/Makefile b/lib/libcrypto/idea/Makefile index 55c0d4dbff4..b2e7add666a 100644 --- a/lib/libcrypto/idea/Makefile +++ b/lib/libcrypto/idea/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -82,9 +82,5 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_ofb64.o: i_ofb64.c idea_lcl.h -i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h -i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_skey.o: i_skey.c idea_lcl.h diff --git a/lib/libcrypto/jpake/Makefile b/lib/libcrypto/jpake/Makefile index a4a1402f2ec..110c49ce0b4 100644 --- a/lib/libcrypto/jpake/Makefile +++ b/lib/libcrypto/jpake/Makefile @@ -16,7 +16,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libcrypto/jpake/jpake.c b/lib/libcrypto/jpake/jpake.c index 577b7ef375c..086d9f47e06 100644 --- a/lib/libcrypto/jpake/jpake.c +++ b/lib/libcrypto/jpake/jpake.c @@ -4,7 +4,6 @@ #include <openssl/sha.h> #include <openssl/err.h> #include <memory.h> -#include <assert.h> /* * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or @@ -134,7 +133,7 @@ static void hashlength(SHA_CTX *sha, size_t l) { unsigned char b[2]; - assert(l <= 0xffff); + OPENSSL_assert(l <= 0xffff); b[0] = l >> 8; b[1] = l&0xff; SHA1_Update(sha, b, 2); @@ -172,7 +171,7 @@ static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, */ SHA1_Init(&sha); hashbn(&sha, zkpg); - assert(!BN_is_zero(p->zkpx.gr)); + OPENSSL_assert(!BN_is_zero(p->zkpx.gr)); hashbn(&sha, p->zkpx.gr); hashbn(&sha, p->gx); hashstring(&sha, proof_name); diff --git a/lib/libcrypto/jpake/jpaketest.c b/lib/libcrypto/jpake/jpaketest.c index 792fc49eb46..eaba75ed8ab 100644 --- a/lib/libcrypto/jpake/jpaketest.c +++ b/lib/libcrypto/jpake/jpaketest.c @@ -182,7 +182,7 @@ int main(int argc, char **argv) BN_free(p); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(bio_err); diff --git a/lib/libcrypto/krb5/Makefile b/lib/libcrypto/krb5/Makefile index 8efb9e8910a..14077390d69 100644 --- a/lib/libcrypto/krb5/Makefile +++ b/lib/libcrypto/krb5/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libcrypto/lhash/Makefile b/lib/libcrypto/lhash/Makefile index 35f09329715..82bddac4745 100644 --- a/lib/libcrypto/lhash/Makefile +++ b/lib/libcrypto/lhash/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libcrypto/md2/Makefile b/lib/libcrypto/md2/Makefile index 7f43321ab2f..17f878aeb7d 100644 --- a/lib/libcrypto/md2/Makefile +++ b/lib/libcrypto/md2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,9 +74,7 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h diff --git a/lib/libcrypto/md4/Makefile b/lib/libcrypto/md4/Makefile index 0bc48965851..c94a1398ed0 100644 --- a/lib/libcrypto/md4/Makefile +++ b/lib/libcrypto/md4/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -69,19 +69,16 @@ depend: dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) + rm -f ../../include/openssl/$(EXHEADER) ../../test/$(TEST) ../../apps/$(APPS) clean: rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h -md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c +md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h +md4_dgst.o: ../../include/openssl/opensslconf.h +md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c md4_dgst.o: md4_locl.h md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h diff --git a/lib/libcrypto/md5/Makefile b/lib/libcrypto/md5/Makefile index 3c450fcfc09..9858d53d31e 100644 --- a/lib/libcrypto/md5/Makefile +++ b/lib/libcrypto/md5/Makefile @@ -38,21 +38,19 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@) -# COFF -mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@) -# a.out -mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@) +md5-586.s: asm/md5-586.pl ../perlasm/x86asm.pl + $(PERL) asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -md5-x86_64.s: asm/md5-x86_64.pl; $(PERL) asm/md5-x86_64.pl $@ +md5-x86_64.s: asm/md5-x86_64.pl + $(PERL) asm/md5-x86_64.pl $(PERLASM_SCHEME) > $@ + +md5-ia64.s: asm/md5-ia64.S + $(CC) $(CFLAGS) -E asm/md5-ia64.S | \ + $(PERL) -ne 's/;\s+/;\n/g; print;' > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -91,13 +89,9 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h -md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c +md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h +md5_dgst.o: ../../include/openssl/opensslconf.h +md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c md5_dgst.o: md5_locl.h md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h diff --git a/lib/libcrypto/md5/asm/md5-ia64.S b/lib/libcrypto/md5/asm/md5-ia64.S new file mode 100644 index 00000000000..e7de08d46a2 --- /dev/null +++ b/lib/libcrypto/md5/asm/md5-ia64.S @@ -0,0 +1,992 @@ +/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P. + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + +// Common registers are assigned as follows: +// +// COMMON +// +// t0 Const Tbl Ptr TPtr +// t1 Round Constant TRound +// t4 Block residual LenResid +// t5 Residual Data DTmp +// +// {in,out}0 Block 0 Cycle RotateM0 +// {in,out}1 Block Value 12 M12 +// {in,out}2 Block Value 8 M8 +// {in,out}3 Block Value 4 M4 +// {in,out}4 Block Value 0 M0 +// {in,out}5 Block 1 Cycle RotateM1 +// {in,out}6 Block Value 13 M13 +// {in,out}7 Block Value 9 M9 +// {in,out}8 Block Value 5 M5 +// {in,out}9 Block Value 1 M1 +// {in,out}10 Block 2 Cycle RotateM2 +// {in,out}11 Block Value 14 M14 +// {in,out}12 Block Value 10 M10 +// {in,out}13 Block Value 6 M6 +// {in,out}14 Block Value 2 M2 +// {in,out}15 Block 3 Cycle RotateM3 +// {in,out}16 Block Value 15 M15 +// {in,out}17 Block Value 11 M11 +// {in,out}18 Block Value 7 M7 +// {in,out}19 Block Value 3 M3 +// {in,out}20 Scratch Z +// {in,out}21 Scratch Y +// {in,out}22 Scratch X +// {in,out}23 Scratch W +// {in,out}24 Digest A A +// {in,out}25 Digest B B +// {in,out}26 Digest C C +// {in,out}27 Digest D D +// {in,out}28 Active Data Ptr DPtr +// in28 Dummy Value - +// out28 Dummy Value - +// bt0 Coroutine Link QUICK_RTN +// +/// These predicates are used for computing the padding block(s) and +/// are shared between the driver and digest co-routines +// +// pt0 Extra Pad Block pExtra +// pt1 Load next word pLoad +// pt2 Skip next word pSkip +// pt3 Search for Pad pNoPad +// pt4 Pad Word 0 pPad0 +// pt5 Pad Word 1 pPad1 +// pt6 Pad Word 2 pPad2 +// pt7 Pad Word 3 pPad3 + +#define DTmp r19 +#define LenResid r18 +#define QUICK_RTN b6 +#define TPtr r14 +#define TRound r15 +#define pExtra p6 +#define pLoad p7 +#define pNoPad p9 +#define pPad0 p10 +#define pPad1 p11 +#define pPad2 p12 +#define pPad3 p13 +#define pSkip p8 + +#define A_ out24 +#define B_ out25 +#define C_ out26 +#define D_ out27 +#define DPtr_ out28 +#define M0_ out4 +#define M1_ out9 +#define M10_ out12 +#define M11_ out17 +#define M12_ out1 +#define M13_ out6 +#define M14_ out11 +#define M15_ out16 +#define M2_ out14 +#define M3_ out19 +#define M4_ out3 +#define M5_ out8 +#define M6_ out13 +#define M7_ out18 +#define M8_ out2 +#define M9_ out7 +#define RotateM0_ out0 +#define RotateM1_ out5 +#define RotateM2_ out10 +#define RotateM3_ out15 +#define W_ out23 +#define X_ out22 +#define Y_ out21 +#define Z_ out20 + +#define A in24 +#define B in25 +#define C in26 +#define D in27 +#define DPtr in28 +#define M0 in4 +#define M1 in9 +#define M10 in12 +#define M11 in17 +#define M12 in1 +#define M13 in6 +#define M14 in11 +#define M15 in16 +#define M2 in14 +#define M3 in19 +#define M4 in3 +#define M5 in8 +#define M6 in13 +#define M7 in18 +#define M8 in2 +#define M9 in7 +#define RotateM0 in0 +#define RotateM1 in5 +#define RotateM2 in10 +#define RotateM3 in15 +#define W in23 +#define X in22 +#define Y in21 +#define Z in20 + +/* register stack configuration for md5_block_asm_data_order(): */ +#define MD5_NINP 3 +#define MD5_NLOC 0 +#define MD5_NOUT 29 +#define MD5_NROT 0 + +/* register stack configuration for helpers: */ +#define _NINPUTS MD5_NOUT +#define _NLOCALS 0 +#define _NOUTPUT 0 +#define _NROTATE 24 /* this must be <= _NINPUTS */ + +#if defined(_HPUX_SOURCE) && !defined(_LP64) +#define ADDP addp4 +#else +#define ADDP add +#endif + +#if defined(_HPUX_SOURCE) || defined(B_ENDIAN) +#define HOST_IS_BIG_ENDIAN +#endif + +// Macros for getting the left and right portions of little-endian words + +#define GETLW(dst, src, align) dep.z dst = src, 32 - 8 * align, 8 * align +#define GETRW(dst, src, align) extr.u dst = src, 8 * align, 32 - 8 * align + +// MD5 driver +// +// Reads an input block, then calls the digest block +// subroutine and adds the results to the accumulated +// digest. It allocates 32 outs which the subroutine +// uses as it's inputs and rotating +// registers. Initializes the round constant pointer and +// takes care of saving/restoring ar.lc +// +/// INPUT +// +// in0 Context Ptr CtxPtr0 +// in1 Input Data Ptr DPtrIn +// in2 Integral Blocks BlockCount +// rp Return Address - +// +/// CODE +// +// v2 Input Align InAlign +// t0 Shared w/digest - +// t1 Shared w/digest - +// t2 Shared w/digest - +// t3 Shared w/digest - +// t4 Shared w/digest - +// t5 Shared w/digest - +// t6 PFS Save PFSSave +// t7 ar.lc Save LCSave +// t8 Saved PR PRSave +// t9 2nd CtxPtr CtxPtr1 +// t10 Table Base CTable +// t11 Table[0] CTable0 +// t13 Accumulator A AccumA +// t14 Accumulator B AccumB +// t15 Accumulator C AccumC +// t16 Accumulator D AccumD +// pt0 Shared w/digest - +// pt1 Shared w/digest - +// pt2 Shared w/digest - +// pt3 Shared w/digest - +// pt4 Shared w/digest - +// pt5 Shared w/digest - +// pt6 Shared w/digest - +// pt7 Shared w/digest - +// pt8 Not Aligned pOff +// pt8 Blocks Left pAgain + +#define AccumA r27 +#define AccumB r28 +#define AccumC r29 +#define AccumD r30 +#define CTable r24 +#define CTable0 r25 +#define CtxPtr0 in0 +#define CtxPtr1 r23 +#define DPtrIn in1 +#define BlockCount in2 +#define InAlign r10 +#define LCSave r21 +#define PFSSave r20 +#define PRSave r22 +#define pAgain p63 +#define pOff p63 + + .text + +/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num) + + where: + c: a pointer to a structure of this type: + + typedef struct MD5state_st + { + MD5_LONG A,B,C,D; + MD5_LONG Nl,Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; + } + MD5_CTX; + + data: a pointer to the input data (may be misaligned) + num: the number of 16-byte blocks to hash (i.e., the length + of DATA is 16*NUM. + + */ + + .type md5_block_asm_data_order, @function + .global md5_block_asm_data_order + .align 32 + .proc md5_block_asm_data_order +md5_block_asm_data_order: +.md5_block: + .prologue +{ .mmi + .save ar.pfs, PFSSave + alloc PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT + ADDP CtxPtr1 = 8, CtxPtr0 + mov CTable = ip +} +{ .mmi + ADDP DPtrIn = 0, DPtrIn + ADDP CtxPtr0 = 0, CtxPtr0 + .save ar.lc, LCSave + mov LCSave = ar.lc +} +;; +{ .mmi + add CTable = .md5_tbl_data_order#-.md5_block#, CTable + and InAlign = 0x3, DPtrIn +} + +{ .mmi + ld4 AccumA = [CtxPtr0], 4 + ld4 AccumC = [CtxPtr1], 4 + .save pr, PRSave + mov PRSave = pr + .body +} +;; +{ .mmi + ld4 AccumB = [CtxPtr0] + ld4 AccumD = [CtxPtr1] + dep DPtr_ = 0, DPtrIn, 0, 2 +} ;; +#ifdef HOST_IS_BIG_ENDIAN + rum psr.be;; // switch to little-endian +#endif +{ .mmb + ld4 CTable0 = [CTable], 4 + cmp.ne pOff, p0 = 0, InAlign +(pOff) br.cond.spnt.many .md5_unaligned +} ;; + +// The FF load/compute loop rotates values three times, so that +// loading into M12 here produces the M0 value, M13 -> M1, etc. + +.md5_block_loop0: +{ .mmi + ld4 M12_ = [DPtr_], 4 + mov TPtr = CTable + mov TRound = CTable0 +} ;; +{ .mmi + ld4 M13_ = [DPtr_], 4 + mov A_ = AccumA + mov B_ = AccumB +} ;; +{ .mmi + ld4 M14_ = [DPtr_], 4 + mov C_ = AccumC + mov D_ = AccumD +} ;; +{ .mmb + ld4 M15_ = [DPtr_], 4 + add BlockCount = -1, BlockCount + br.call.sptk.many QUICK_RTN = md5_digest_block0 +} ;; + +// Now, we add the new digest values and do some clean-up +// before checking if there's another full block to process + +{ .mmi + add AccumA = AccumA, A_ + add AccumB = AccumB, B_ + cmp.ne pAgain, p0 = 0, BlockCount +} +{ .mib + add AccumC = AccumC, C_ + add AccumD = AccumD, D_ +(pAgain) br.cond.dptk.many .md5_block_loop0 +} ;; + +.md5_exit: +#ifdef HOST_IS_BIG_ENDIAN + sum psr.be;; // switch back to big-endian mode +#endif +{ .mmi + st4 [CtxPtr0] = AccumB, -4 + st4 [CtxPtr1] = AccumD, -4 + mov pr = PRSave, 0x1ffff ;; +} +{ .mmi + st4 [CtxPtr0] = AccumA + st4 [CtxPtr1] = AccumC + mov ar.lc = LCSave +} ;; +{ .mib + mov ar.pfs = PFSSave + br.ret.sptk.few rp +} ;; + +#define MD5UNALIGNED(offset) \ +.md5_process##offset: \ +{ .mib ; \ + nop 0x0 ; \ + GETRW(DTmp, DTmp, offset) ; \ +} ;; \ +.md5_block_loop##offset: \ +{ .mmi ; \ + ld4 Y_ = [DPtr_], 4 ; \ + mov TPtr = CTable ; \ + mov TRound = CTable0 ; \ +} ;; \ +{ .mmi ; \ + ld4 M13_ = [DPtr_], 4 ; \ + mov A_ = AccumA ; \ + mov B_ = AccumB ; \ +} ;; \ +{ .mii ; \ + ld4 M14_ = [DPtr_], 4 ; \ + GETLW(W_, Y_, offset) ; \ + mov C_ = AccumC ; \ +} \ +{ .mmi ; \ + mov D_ = AccumD ;; \ + or M12_ = W_, DTmp ; \ + GETRW(DTmp, Y_, offset) ; \ +} \ +{ .mib ; \ + ld4 M15_ = [DPtr_], 4 ; \ + add BlockCount = -1, BlockCount ; \ + br.call.sptk.many QUICK_RTN = md5_digest_block##offset; \ +} ;; \ +{ .mmi ; \ + add AccumA = AccumA, A_ ; \ + add AccumB = AccumB, B_ ; \ + cmp.ne pAgain, p0 = 0, BlockCount ; \ +} \ +{ .mib ; \ + add AccumC = AccumC, C_ ; \ + add AccumD = AccumD, D_ ; \ +(pAgain) br.cond.dptk.many .md5_block_loop##offset ; \ +} ;; \ +{ .mib ; \ + nop 0x0 ; \ + nop 0x0 ; \ + br.cond.sptk.many .md5_exit ; \ +} ;; + + .align 32 +.md5_unaligned: +// +// Because variable shifts are expensive, we special case each of +// the four alignements. In practice, this won't hurt too much +// since only one working set of code will be loaded. +// +{ .mib + ld4 DTmp = [DPtr_], 4 + cmp.eq pOff, p0 = 1, InAlign +(pOff) br.cond.dpnt.many .md5_process1 +} ;; +{ .mib + cmp.eq pOff, p0 = 2, InAlign + nop 0x0 +(pOff) br.cond.dpnt.many .md5_process2 +} ;; + MD5UNALIGNED(3) + MD5UNALIGNED(1) + MD5UNALIGNED(2) + + .endp md5_block_asm_data_order + + +// MD5 Perform the F function and load +// +// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values, +// computes the FF() round of functions, then branches to the common +// digest code to finish up with GG(), HH, and II(). +// +// INPUT +// +// rp Return Address - +// +// CODE +// +// v0 PFS bit bucket PFS +// v1 Loop Trip Count LTrip +// pt0 Load next word pMore + +/* For F round: */ +#define LTrip r9 +#define PFS r8 +#define pMore p6 + +/* For GHI rounds: */ +#define T r9 +#define U r10 +#define V r11 + +#define COMPUTE(a, b, s, M, R) \ +{ \ + .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + dep.z Y = Z, 32, 32 ;; \ + shrp Z = Z, Y, 64 - s ; \ +} ;; \ +{ \ + .mmi ; \ + add a = Z, b ; \ + mov R = M ; \ + nop 0x0 ; \ +} ;; + +#define LOOP(a, b, s, M, R, label) \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + dep.z Y = Z, 32, 32 ;; \ + shrp Z = Z, Y, 64 - s ; \ +} ;; \ +{ .mib ; \ + add a = Z, b ; \ + mov R = M ; \ + br.ctop.sptk.many label ; \ +} ;; + +// G(B, C, D) = (B & D) | (C & ~D) + +#define G(a, b, c, d, M) \ +{ .mmi ; \ + add Z = M, TRound ; \ + and Y = b, d ; \ + andcm X = c, d ; \ +} ;; \ +{ .mii ; \ + add Z = Z, a ; \ + or Y = Y, X ;; \ + add Z = Z, Y ; \ +} ;; + +// H(B, C, D) = B ^ C ^ D + +#define H(a, b, c, d, M) \ +{ .mmi ; \ + add Z = M, TRound ; \ + xor Y = b, c ; \ + nop 0x0 ; \ +} ;; \ +{ .mii ; \ + add Z = Z, a ; \ + xor Y = Y, d ;; \ + add Z = Z, Y ; \ +} ;; + +// I(B, C, D) = C ^ (B | ~D) +// +// However, since we have an andcm operator, we use the fact that +// +// Y ^ Z == ~Y ^ ~Z +// +// to rewrite the expression as +// +// I(B, C, D) = ~C ^ (~B & D) + +#define I(a, b, c, d, M) \ +{ .mmi ; \ + add Z = M, TRound ; \ + andcm Y = d, b ; \ + andcm X = -1, c ; \ +} ;; \ +{ .mii ; \ + add Z = Z, a ; \ + xor Y = Y, X ;; \ + add Z = Z, Y ; \ +} ;; + +#define GG4(label) \ + G(A, B, C, D, M0) \ + COMPUTE(A, B, 5, M0, RotateM0) \ + G(D, A, B, C, M1) \ + COMPUTE(D, A, 9, M1, RotateM1) \ + G(C, D, A, B, M2) \ + COMPUTE(C, D, 14, M2, RotateM2) \ + G(B, C, D, A, M3) \ + LOOP(B, C, 20, M3, RotateM3, label) + +#define HH4(label) \ + H(A, B, C, D, M0) \ + COMPUTE(A, B, 4, M0, RotateM0) \ + H(D, A, B, C, M1) \ + COMPUTE(D, A, 11, M1, RotateM1) \ + H(C, D, A, B, M2) \ + COMPUTE(C, D, 16, M2, RotateM2) \ + H(B, C, D, A, M3) \ + LOOP(B, C, 23, M3, RotateM3, label) + +#define II4(label) \ + I(A, B, C, D, M0) \ + COMPUTE(A, B, 6, M0, RotateM0) \ + I(D, A, B, C, M1) \ + COMPUTE(D, A, 10, M1, RotateM1) \ + I(C, D, A, B, M2) \ + COMPUTE(C, D, 15, M2, RotateM2) \ + I(B, C, D, A, M3) \ + LOOP(B, C, 21, M3, RotateM3, label) + +#define FFLOAD(a, b, c, d, M, N, s) \ +{ .mii ; \ +(pMore) ld4 N = [DPtr], 4 ; \ + add Z = M, TRound ; \ + and Y = c, b ; \ +} \ +{ .mmi ; \ + andcm X = d, b ;; \ + add Z = Z, a ; \ + or Y = Y, X ; \ +} ;; \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + add Z = Z, Y ;; \ + dep.z Y = Z, 32, 32 ; \ +} ;; \ +{ .mii ; \ + nop 0x0 ; \ + shrp Z = Z, Y, 64 - s ;; \ + add a = Z, b ; \ +} ;; + +#define FFLOOP(a, b, c, d, M, N, s, dest) \ +{ .mii ; \ +(pMore) ld4 N = [DPtr], 4 ; \ + add Z = M, TRound ; \ + and Y = c, b ; \ +} \ +{ .mmi ; \ + andcm X = d, b ;; \ + add Z = Z, a ; \ + or Y = Y, X ; \ +} ;; \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + add Z = Z, Y ;; \ + dep.z Y = Z, 32, 32 ; \ +} ;; \ +{ .mii ; \ + nop 0x0 ; \ + shrp Z = Z, Y, 64 - s ;; \ + add a = Z, b ; \ +} \ +{ .mib ; \ + cmp.ne pMore, p0 = 0, LTrip ; \ + add LTrip = -1, LTrip ; \ + br.ctop.dptk.many dest ; \ +} ;; + + .type md5_digest_block0, @function + .align 32 + + .proc md5_digest_block0 + .prologue +md5_digest_block0: + .altrp QUICK_RTN + .body +{ .mmi + alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE + mov LTrip = 2 + mov ar.lc = 3 +} ;; +{ .mii + cmp.eq pMore, p0 = r0, r0 + mov ar.ec = 0 + nop 0x0 +} ;; + +.md5_FF_round0: + FFLOAD(A, B, C, D, M12, RotateM0, 7) + FFLOAD(D, A, B, C, M13, RotateM1, 12) + FFLOAD(C, D, A, B, M14, RotateM2, 17) + FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0) + // + // !!! Fall through to md5_digest_GHI + // + .endp md5_digest_block0 + + .type md5_digest_GHI, @function + .align 32 + + .proc md5_digest_GHI + .prologue + .regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE +md5_digest_GHI: + .altrp QUICK_RTN + .body +// +// The following sequence shuffles the block counstants round for the +// next round: +// +// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 +// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12 +// +{ .mmi + mov Z = M0 + mov Y = M15 + mov ar.lc = 3 +} +{ .mmi + mov X = M2 + mov W = M9 + mov V = M4 +} ;; + +{ .mmi + mov M0 = M1 + mov M15 = M12 + mov ar.ec = 1 +} +{ .mmi + mov M2 = M11 + mov M9 = M14 + mov M4 = M5 +} ;; + +{ .mmi + mov M1 = M6 + mov M12 = M13 + mov U = M3 +} +{ .mmi + mov M11 = M8 + mov M14 = M7 + mov M5 = M10 +} ;; + +{ .mmi + mov M6 = Y + mov M13 = X + mov M3 = Z +} +{ .mmi + mov M8 = W + mov M7 = V + mov M10 = U +} ;; + +.md5_GG_round: + GG4(.md5_GG_round) + +// The following sequence shuffles the block constants round for the +// next round: +// +// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12 +// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2 + +{ .mmi + mov Z = M0 + mov Y = M1 + mov ar.lc = 3 +} +{ .mmi + mov X = M3 + mov W = M5 + mov V = M6 +} ;; + +{ .mmi + mov M0 = M4 + mov M1 = M11 + mov ar.ec = 1 +} +{ .mmi + mov M3 = M9 + mov U = M8 + mov T = M13 +} ;; + +{ .mmi + mov M4 = Z + mov M11 = Y + mov M5 = M7 +} +{ .mmi + mov M6 = M14 + mov M8 = M12 + mov M13 = M15 +} ;; + +{ .mmi + mov M7 = W + mov M14 = V + nop 0x0 +} +{ .mmi + mov M9 = X + mov M12 = U + mov M15 = T +} ;; + +.md5_HH_round: + HH4(.md5_HH_round) + +// The following sequence shuffles the block constants round for the +// next round: +// +// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2 +// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9 + +{ .mmi + mov Z = M0 + mov Y = M15 + mov ar.lc = 3 +} +{ .mmi + mov X = M10 + mov W = M1 + mov V = M4 +} ;; + +{ .mmi + mov M0 = M9 + mov M15 = M12 + mov ar.ec = 1 +} +{ .mmi + mov M10 = M11 + mov M1 = M6 + mov M4 = M13 +} ;; + +{ .mmi + mov M9 = M14 + mov M12 = M5 + mov U = M3 +} +{ .mmi + mov M11 = M8 + mov M6 = M7 + mov M13 = M2 +} ;; + +{ .mmi + mov M14 = Y + mov M5 = X + mov M3 = Z +} +{ .mmi + mov M8 = W + mov M7 = V + mov M2 = U +} ;; + +.md5_II_round: + II4(.md5_II_round) + +{ .mib + nop 0x0 + nop 0x0 + br.ret.sptk.many QUICK_RTN +} ;; + + .endp md5_digest_GHI + +#define FFLOADU(a, b, c, d, M, P, N, s, offset) \ +{ .mii ; \ +(pMore) ld4 N = [DPtr], 4 ; \ + add Z = M, TRound ; \ + and Y = c, b ; \ +} \ +{ .mmi ; \ + andcm X = d, b ;; \ + add Z = Z, a ; \ + or Y = Y, X ; \ +} ;; \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + GETLW(W, P, offset) ; \ + add Z = Z, Y ; \ +} ;; \ +{ .mii ; \ + or W = W, DTmp ; \ + dep.z Y = Z, 32, 32 ;; \ + shrp Z = Z, Y, 64 - s ; \ +} ;; \ +{ .mii ; \ + add a = Z, b ; \ + GETRW(DTmp, P, offset) ; \ + mov P = W ; \ +} ;; + +#define FFLOOPU(a, b, c, d, M, P, N, s, offset) \ +{ .mii ; \ +(pMore) ld4 N = [DPtr], 4 ; \ + add Z = M, TRound ; \ + and Y = c, b ; \ +} \ +{ .mmi ; \ + andcm X = d, b ;; \ + add Z = Z, a ; \ + or Y = Y, X ; \ +} ;; \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ +(pMore) GETLW(W, P, offset) ; \ + add Z = Z, Y ; \ +} ;; \ +{ .mii ; \ +(pMore) or W = W, DTmp ; \ + dep.z Y = Z, 32, 32 ;; \ + shrp Z = Z, Y, 64 - s ; \ +} ;; \ +{ .mii ; \ + add a = Z, b ; \ +(pMore) GETRW(DTmp, P, offset) ; \ +(pMore) mov P = W ; \ +} \ +{ .mib ; \ + cmp.ne pMore, p0 = 0, LTrip ; \ + add LTrip = -1, LTrip ; \ + br.ctop.sptk.many .md5_FF_round##offset ; \ +} ;; + +#define MD5FBLOCK(offset) \ + .type md5_digest_block##offset, @function ; \ + \ + .align 32 ; \ + .proc md5_digest_block##offset ; \ + .prologue ; \ + .altrp QUICK_RTN ; \ + .body ; \ +md5_digest_block##offset: \ +{ .mmi ; \ + alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ; \ + mov LTrip = 2 ; \ + mov ar.lc = 3 ; \ +} ;; \ +{ .mii ; \ + cmp.eq pMore, p0 = r0, r0 ; \ + mov ar.ec = 0 ; \ + nop 0x0 ; \ +} ;; \ + \ + .pred.rel "mutex", pLoad, pSkip ; \ +.md5_FF_round##offset: \ + FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset) \ + FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset) \ + FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset) \ + FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset) \ + \ +{ .mib ; \ + nop 0x0 ; \ + nop 0x0 ; \ + br.cond.sptk.many md5_digest_GHI ; \ +} ;; \ + .endp md5_digest_block##offset + +MD5FBLOCK(1) +MD5FBLOCK(2) +MD5FBLOCK(3) + + .align 64 + .type md5_constants, @object +md5_constants: +.md5_tbl_data_order: // To ensure little-endian data + // order, code as bytes. + data1 0x78, 0xa4, 0x6a, 0xd7 // 0 + data1 0x56, 0xb7, 0xc7, 0xe8 // 1 + data1 0xdb, 0x70, 0x20, 0x24 // 2 + data1 0xee, 0xce, 0xbd, 0xc1 // 3 + data1 0xaf, 0x0f, 0x7c, 0xf5 // 4 + data1 0x2a, 0xc6, 0x87, 0x47 // 5 + data1 0x13, 0x46, 0x30, 0xa8 // 6 + data1 0x01, 0x95, 0x46, 0xfd // 7 + data1 0xd8, 0x98, 0x80, 0x69 // 8 + data1 0xaf, 0xf7, 0x44, 0x8b // 9 + data1 0xb1, 0x5b, 0xff, 0xff // 10 + data1 0xbe, 0xd7, 0x5c, 0x89 // 11 + data1 0x22, 0x11, 0x90, 0x6b // 12 + data1 0x93, 0x71, 0x98, 0xfd // 13 + data1 0x8e, 0x43, 0x79, 0xa6 // 14 + data1 0x21, 0x08, 0xb4, 0x49 // 15 + data1 0x62, 0x25, 0x1e, 0xf6 // 16 + data1 0x40, 0xb3, 0x40, 0xc0 // 17 + data1 0x51, 0x5a, 0x5e, 0x26 // 18 + data1 0xaa, 0xc7, 0xb6, 0xe9 // 19 + data1 0x5d, 0x10, 0x2f, 0xd6 // 20 + data1 0x53, 0x14, 0x44, 0x02 // 21 + data1 0x81, 0xe6, 0xa1, 0xd8 // 22 + data1 0xc8, 0xfb, 0xd3, 0xe7 // 23 + data1 0xe6, 0xcd, 0xe1, 0x21 // 24 + data1 0xd6, 0x07, 0x37, 0xc3 // 25 + data1 0x87, 0x0d, 0xd5, 0xf4 // 26 + data1 0xed, 0x14, 0x5a, 0x45 // 27 + data1 0x05, 0xe9, 0xe3, 0xa9 // 28 + data1 0xf8, 0xa3, 0xef, 0xfc // 29 + data1 0xd9, 0x02, 0x6f, 0x67 // 30 + data1 0x8a, 0x4c, 0x2a, 0x8d // 31 + data1 0x42, 0x39, 0xfa, 0xff // 32 + data1 0x81, 0xf6, 0x71, 0x87 // 33 + data1 0x22, 0x61, 0x9d, 0x6d // 34 + data1 0x0c, 0x38, 0xe5, 0xfd // 35 + data1 0x44, 0xea, 0xbe, 0xa4 // 36 + data1 0xa9, 0xcf, 0xde, 0x4b // 37 + data1 0x60, 0x4b, 0xbb, 0xf6 // 38 + data1 0x70, 0xbc, 0xbf, 0xbe // 39 + data1 0xc6, 0x7e, 0x9b, 0x28 // 40 + data1 0xfa, 0x27, 0xa1, 0xea // 41 + data1 0x85, 0x30, 0xef, 0xd4 // 42 + data1 0x05, 0x1d, 0x88, 0x04 // 43 + data1 0x39, 0xd0, 0xd4, 0xd9 // 44 + data1 0xe5, 0x99, 0xdb, 0xe6 // 45 + data1 0xf8, 0x7c, 0xa2, 0x1f // 46 + data1 0x65, 0x56, 0xac, 0xc4 // 47 + data1 0x44, 0x22, 0x29, 0xf4 // 48 + data1 0x97, 0xff, 0x2a, 0x43 // 49 + data1 0xa7, 0x23, 0x94, 0xab // 50 + data1 0x39, 0xa0, 0x93, 0xfc // 51 + data1 0xc3, 0x59, 0x5b, 0x65 // 52 + data1 0x92, 0xcc, 0x0c, 0x8f // 53 + data1 0x7d, 0xf4, 0xef, 0xff // 54 + data1 0xd1, 0x5d, 0x84, 0x85 // 55 + data1 0x4f, 0x7e, 0xa8, 0x6f // 56 + data1 0xe0, 0xe6, 0x2c, 0xfe // 57 + data1 0x14, 0x43, 0x01, 0xa3 // 58 + data1 0xa1, 0x11, 0x08, 0x4e // 59 + data1 0x82, 0x7e, 0x53, 0xf7 // 60 + data1 0x35, 0xf2, 0x3a, 0xbd // 61 + data1 0xbb, 0xd2, 0xd7, 0x2a // 62 + data1 0x91, 0xd3, 0x86, 0xeb // 63 +.size md5_constants#,64*4 diff --git a/lib/libcrypto/md5/asm/md5-x86_64.pl b/lib/libcrypto/md5/asm/md5-x86_64.pl index 9a6fa67224e..867885435e2 100755 --- a/lib/libcrypto/md5/asm/md5-x86_64.pl +++ b/lib/libcrypto/md5/asm/md5-x86_64.pl @@ -15,7 +15,7 @@ my $code; # dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s) # %r10d = X[k_next] # %r11d = z' (copy of z for the next step) -# Each round1_step() takes about 5.71 clocks (9 instructions, 1.58 IPC) +# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC) sub round1_step { my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; @@ -37,22 +37,26 @@ EOF # round2_step() does: # dst = x + ((dst + G(x,y,z) + X[k] + T_i) <<< s) # %r10d = X[k_next] -# %r11d = y' (copy of y for the next step) -# Each round2_step() takes about 6.22 clocks (9 instructions, 1.45 IPC) +# %r11d = z' (copy of z for the next step) +# %r12d = z' (copy of z for the next step) +# Each round2_step() takes about 5.4 clocks (11 instructions, 2.0 IPC) sub round2_step { my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; $code .= " mov 1*4(%rsi), %r10d /* (NEXT STEP) X[1] */\n" if ($pos == -1); - $code .= " mov %ecx, %r11d /* (NEXT STEP) y' = %ecx */\n" if ($pos == -1); + $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); + $code .= " mov %edx, %r12d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); $code .= <<EOF; - xor $x, %r11d /* x ^ ... */ + not %r11d /* not z */ lea $T_i($dst,%r10d),$dst /* Const + dst + ... */ - and $z, %r11d /* z & ... */ - xor $y, %r11d /* y ^ ... */ + and $x, %r12d /* x & z */ + and $y, %r11d /* y & (not z) */ mov $k_next*4(%rsi),%r10d /* (NEXT STEP) X[$k_next] */ - add %r11d, $dst /* dst += ... */ + or %r11d, %r12d /* (y & (not z)) | (x & z) */ + mov $y, %r11d /* (NEXT STEP) z' = $y */ + add %r12d, $dst /* dst += ... */ + mov $y, %r12d /* (NEXT STEP) z' = $y */ rol \$$s, $dst /* dst <<< s */ - mov $x, %r11d /* (NEXT STEP) y' = $x */ add $x, $dst /* dst += x */ EOF } @@ -61,7 +65,7 @@ EOF # dst = x + ((dst + H(x,y,z) + X[k] + T_i) <<< s) # %r10d = X[k_next] # %r11d = y' (copy of y for the next step) -# Each round3_step() takes about 4.26 clocks (8 instructions, 1.88 IPC) +# Each round3_step() takes about 4.2 clocks (8 instructions, 1.9 IPC) sub round3_step { my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; @@ -83,7 +87,7 @@ EOF # dst = x + ((dst + I(x,y,z) + X[k] + T_i) <<< s) # %r10d = X[k_next] # %r11d = not z' (copy of not z for the next step) -# Each round4_step() takes about 5.27 clocks (9 instructions, 1.71 IPC) +# Each round4_step() takes about 5.2 clocks (9 instructions, 1.7 IPC) sub round4_step { my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; @@ -104,8 +108,19 @@ sub round4_step EOF } -my $output = shift; -open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output"; +my $flavour = shift; +my $output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +no warnings qw(uninitialized); +open STDOUT,"| $^X $xlate $flavour $output"; $code .= <<EOF; .text @@ -116,8 +131,10 @@ $code .= <<EOF; md5_block_asm_data_order: push %rbp push %rbx + push %r12 push %r14 push %r15 +.Lprologue: # rdi = arg #1 (ctx, MD5_CTX pointer) # rsi = arg #2 (ptr, data pointer) @@ -232,13 +249,120 @@ $code .= <<EOF; mov %ecx, 2*4(%rbp) # ctx->C = C mov %edx, 3*4(%rbp) # ctx->D = D + mov (%rsp),%r15 + mov 8(%rsp),%r14 + mov 16(%rsp),%r12 + mov 24(%rsp),%rbx + mov 32(%rsp),%rbp + add \$40,%rsp +.Lepilogue: + ret +.size md5_block_asm_data_order,.-md5_block_asm_data_order +EOF + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +my $rec="%rcx"; +my $frame="%rdx"; +my $context="%r8"; +my $disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + lea 40(%rax),%rax + + mov -8(%rax),%rbp + mov -16(%rax),%rbx + mov -24(%rax),%r12 + mov -32(%rax),%r14 + mov -40(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq pop %r15 pop %r14 - pop %rbx + pop %r13 + pop %r12 pop %rbp + pop %rbx + pop %rdi + pop %rsi ret -.size md5_block_asm_data_order,.-md5_block_asm_data_order -EOF +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_md5_block_asm_data_order + .rva .LSEH_end_md5_block_asm_data_order + .rva .LSEH_info_md5_block_asm_data_order + +.section .xdata +.align 8 +.LSEH_info_md5_block_asm_data_order: + .byte 9,0,0,0 + .rva se_handler +___ +} print $code; diff --git a/lib/libcrypto/mdc2/mdc2_one.c b/lib/libcrypto/mdc2/mdc2_one.c new file mode 100644 index 00000000000..72647f67ede --- /dev/null +++ b/lib/libcrypto/mdc2/mdc2_one.c @@ -0,0 +1,76 @@ +/* crypto/mdc2/mdc2_one.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/mdc2.h> + +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md) + { + MDC2_CTX c; + static unsigned char m[MDC2_DIGEST_LENGTH]; + + if (md == NULL) md=m; + if (!MDC2_Init(&c)) + return NULL; + MDC2_Update(&c,d,n); + MDC2_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ + return(md); + } + diff --git a/lib/libcrypto/mdc2/mdc2dgst.c b/lib/libcrypto/mdc2/mdc2dgst.c new file mode 100644 index 00000000000..4aa406edc3b --- /dev/null +++ b/lib/libcrypto/mdc2/mdc2dgst.c @@ -0,0 +1,199 @@ +/* crypto/mdc2/mdc2dgst.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <openssl/des.h> +#include <openssl/mdc2.h> + +#undef c2l +#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ + l|=((DES_LONG)(*((c)++)))<< 8L, \ + l|=((DES_LONG)(*((c)++)))<<16L, \ + l|=((DES_LONG)(*((c)++)))<<24L) + +#undef l2c +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + +static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); +int MDC2_Init(MDC2_CTX *c) + { + c->num=0; + c->pad_type=1; + memset(&(c->h[0]),0x52,MDC2_BLOCK); + memset(&(c->hh[0]),0x25,MDC2_BLOCK); + return 1; + } + +int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) + { + size_t i,j; + + i=c->num; + if (i != 0) + { + if (i+len < MDC2_BLOCK) + { + /* partial block */ + memcpy(&(c->data[i]),in,len); + c->num+=(int)len; + return 1; + } + else + { + /* filled one */ + j=MDC2_BLOCK-i; + memcpy(&(c->data[i]),in,j); + len-=j; + in+=j; + c->num=0; + mdc2_body(c,&(c->data[0]),MDC2_BLOCK); + } + } + i=len&~((size_t)MDC2_BLOCK-1); + if (i > 0) mdc2_body(c,in,i); + j=len-i; + if (j > 0) + { + memcpy(&(c->data[0]),&(in[i]),j); + c->num=(int)j; + } + return 1; + } + +static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len) + { + register DES_LONG tin0,tin1; + register DES_LONG ttin0,ttin1; + DES_LONG d[2],dd[2]; + DES_key_schedule k; + unsigned char *p; + size_t i; + + for (i=0; i<len; i+=8) + { + c2l(in,tin0); d[0]=dd[0]=tin0; + c2l(in,tin1); d[1]=dd[1]=tin1; + c->h[0]=(c->h[0]&0x9f)|0x40; + c->hh[0]=(c->hh[0]&0x9f)|0x20; + + DES_set_odd_parity(&c->h); + DES_set_key_unchecked(&c->h,&k); + DES_encrypt1(d,&k,1); + + DES_set_odd_parity(&c->hh); + DES_set_key_unchecked(&c->hh,&k); + DES_encrypt1(dd,&k,1); + + ttin0=tin0^dd[0]; + ttin1=tin1^dd[1]; + tin0^=d[0]; + tin1^=d[1]; + + p=c->h; + l2c(tin0,p); + l2c(ttin1,p); + p=c->hh; + l2c(ttin0,p); + l2c(tin1,p); + } + } + +int MDC2_Final(unsigned char *md, MDC2_CTX *c) + { + unsigned int i; + int j; + + i=c->num; + j=c->pad_type; + if ((i > 0) || (j == 2)) + { + if (j == 2) + c->data[i++]=0x80; + memset(&(c->data[i]),0,MDC2_BLOCK-i); + mdc2_body(c,c->data,MDC2_BLOCK); + } + memcpy(md,(char *)c->h,MDC2_BLOCK); + memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK); + return 1; + } + +#undef TEST + +#ifdef TEST +main() + { + unsigned char md[MDC2_DIGEST_LENGTH]; + int i; + MDC2_CTX c; + static char *text="Now is the time for all "; + + MDC2_Init(&c); + MDC2_Update(&c,text,strlen(text)); + MDC2_Final(&(md[0]),&c); + + for (i=0; i<MDC2_DIGEST_LENGTH; i++) + printf("%02X",md[i]); + printf("\n"); + } + +#endif diff --git a/lib/libcrypto/modes/Makefile b/lib/libcrypto/modes/Makefile new file mode 100644 index 00000000000..6c85861b6c5 --- /dev/null +++ b/lib/libcrypto/modes/Makefile @@ -0,0 +1,82 @@ +# +# OpenSSL/crypto/modes/Makefile +# + +DIR= modes +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c +LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o + +SRC= $(LIBSRC) + +#EXHEADER= store.h str_compat.h +EXHEADER= modes.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +cbc128.o: cbc128.c modes.h +cfb128.o: cfb128.c modes.h +ctr128.o: ctr128.c modes.h +cts128.o: cts128.c modes.h +ofb128.o: modes.h ofb128.c diff --git a/lib/libcrypto/modes/cbc128.c b/lib/libcrypto/modes/cbc128.c new file mode 100644 index 00000000000..8f8bd563b96 --- /dev/null +++ b/lib/libcrypto/modes/cbc128.c @@ -0,0 +1,206 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +#define STRICT_ALIGNMENT 1 +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +# define STRICT_ALIGNMENT 0 +#endif + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ + size_t n; + const unsigned char *iv = ivec; + + assert(in && out && key && ivec); + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (STRICT_ALIGNMENT && + ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { + while (len>=16) { + for(n=0; n<16; ++n) + out[n] = in[n] ^ iv[n]; + (*block)(out, out, key); + iv = out; + len -= 16; + in += 16; + out += 16; + } + } else { + while (len>=16) { + for(n=0; n<16; n+=sizeof(size_t)) + *(size_t*)(out+n) = + *(size_t*)(in+n) ^ *(size_t*)(iv+n); + (*block)(out, out, key); + iv = out; + len -= 16; + in += 16; + out += 16; + } + } +#endif + while (len) { + for(n=0; n<16 && n<len; ++n) + out[n] = in[n] ^ iv[n]; + for(; n<16; ++n) + out[n] = iv[n]; + (*block)(out, out, key); + iv = out; + if (len<=16) break; + len -= 16; + in += 16; + out += 16; + } + memcpy(ivec,iv,16); +} + +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ + size_t n; + union { size_t align; unsigned char c[16]; } tmp; + + assert(in && out && key && ivec); + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (in != out) { + const unsigned char *iv = ivec; + + if (STRICT_ALIGNMENT && + ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { + while (len>=16) { + (*block)(in, out, key); + for(n=0; n<16; ++n) + out[n] ^= iv[n]; + iv = in; + len -= 16; + in += 16; + out += 16; + } + } + else { + while (len>=16) { + (*block)(in, out, key); + for(n=0; n<16; n+=sizeof(size_t)) + *(size_t *)(out+n) ^= *(size_t *)(iv+n); + iv = in; + len -= 16; + in += 16; + out += 16; + } + } + memcpy(ivec,iv,16); + } else { + if (STRICT_ALIGNMENT && + ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { + unsigned char c; + while (len>=16) { + (*block)(in, tmp.c, key); + for(n=0; n<16; ++n) { + c = in[n]; + out[n] = tmp.c[n] ^ ivec[n]; + ivec[n] = c; + } + len -= 16; + in += 16; + out += 16; + } + } + else { + size_t c; + while (len>=16) { + (*block)(in, tmp.c, key); + for(n=0; n<16; n+=sizeof(size_t)) { + c = *(size_t *)(in+n); + *(size_t *)(out+n) = + *(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n); + *(size_t *)(ivec+n) = c; + } + len -= 16; + in += 16; + out += 16; + } + } + } +#endif + while (len) { + unsigned char c; + (*block)(in, tmp.c, key); + for(n=0; n<16 && n<len; ++n) { + c = in[n]; + out[n] = tmp.c[n] ^ ivec[n]; + ivec[n] = c; + } + if (len<=16) { + for (; n<16; ++n) + ivec[n] = in[n]; + break; + } + len -= 16; + in += 16; + out += 16; + } +} diff --git a/lib/libcrypto/modes/cfb128.c b/lib/libcrypto/modes/cfb128.c new file mode 100644 index 00000000000..e5938c6137c --- /dev/null +++ b/lib/libcrypto/modes/cfb128.c @@ -0,0 +1,249 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +#define STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +#endif + +/* The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + unsigned int n; + size_t l = 0; + + assert(in && out && key && ivec && num); + + n = *num; + + if (enc) { +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = ivec[n] ^= *(in++); + --len; + n = (n+1) % 16; + } +#if defined(STRICT_ALIGNMENT) + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) { + *(size_t*)(out+n) = + *(size_t*)(ivec+n) ^= *(size_t*)(in+n); + } + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + out[n] = ivec[n] ^= in[n]; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l<len) { + if (n == 0) { + (*block)(ivec, ivec, key); + } + out[l] = ivec[n] ^= in[l]; + ++l; + n = (n+1) % 16; + } + *num = n; + } else { +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + unsigned char c; + *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c; + --len; + n = (n+1) % 16; + } +#if defined(STRICT_ALIGNMENT) + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) { + size_t t = *(size_t*)(in+n); + *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t; + *(size_t*)(ivec+n) = t; + } + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + unsigned char c; + out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l<len) { + unsigned char c; + if (n == 0) { + (*block)(ivec, ivec, key); + } + out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; + ++l; + n = (n+1) % 16; + } + *num=n; + } +} + +/* This expects a single block of size nbits for both in and out. Note that + it corrupts any extra bits in the last byte of out */ +static void cfbr_encrypt_block(const unsigned char *in,unsigned char *out, + int nbits,const void *key, + unsigned char ivec[16],int enc, + block128_f block) +{ + int n,rem,num; + unsigned char ovec[16*2 + 1]; /* +1 because we dererefence (but don't use) one byte off the end */ + + if (nbits<=0 || nbits>128) return; + + /* fill in the first half of the new IV with the current IV */ + memcpy(ovec,ivec,16); + /* construct the new IV */ + (*block)(ivec,ivec,key); + num = (nbits+7)/8; + if (enc) /* encrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[16+n] = in[n] ^ ivec[n]); + else /* decrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[16+n] = in[n]) ^ ivec[n]; + /* shift ovec left... */ + rem = nbits%8; + num = nbits/8; + if(rem==0) + memcpy(ivec,ovec+num,16); + else + for(n=0 ; n < 16 ; ++n) + ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem); + + /* it is not necessary to cleanse ovec, since the IV is not secret */ +} + +/* N.B. This expects the input to be packed, MS bit first */ +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + size_t n; + unsigned char c[1],d[1]; + + assert(in && out && key && ivec && num); + assert(*num == 0); + + for(n=0 ; n<bits ; ++n) + { + c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; + cfbr_encrypt_block(c,d,1,key,ivec,enc,block); + out[n/8]=(out[n/8]&~(1 << (unsigned int)(7-n%8))) | + ((d[0]&0x80) >> (unsigned int)(n%8)); + } +} + +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + size_t n; + + assert(in && out && key && ivec && num); + assert(*num == 0); + + for(n=0 ; n<length ; ++n) + cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc,block); +} + diff --git a/lib/libcrypto/modes/ctr128.c b/lib/libcrypto/modes/ctr128.c new file mode 100644 index 00000000000..932037f5514 --- /dev/null +++ b/lib/libcrypto/modes/ctr128.c @@ -0,0 +1,184 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +typedef unsigned int u32; +typedef unsigned char u8; + +#define STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +#endif + +/* NOTE: the IV/counter CTR mode is big-endian. The code itself + * is endian-neutral. */ + +/* increment counter (128-bit int) by 1 */ +static void ctr128_inc(unsigned char *counter) { + u32 n=16; + u8 c; + + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) return; + } while (n); +} + +#if !defined(OPENSSL_SMALL_FOOTPRINT) +static void ctr128_inc_aligned(unsigned char *counter) { + size_t *data,c,n; + const union { long one; char little; } is_endian = {1}; + + if (is_endian.little) { + ctr128_inc(counter); + return; + } + + data = (size_t *)counter; + n = 16/sizeof(size_t); + do { + --n; + c = data[n]; + ++c; + data[n] = c; + if (c) return; + } while (n); +} +#endif + +/* The input encrypted as though 128bit counter mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num, and the + * encrypted counter is kept in ecount_buf. Both *num and + * ecount_buf must be initialised with zeros before the first + * call to CRYPTO_ctr128_encrypt(). + * + * This algorithm assumes that the counter is in the x lower bits + * of the IV (ivec), and that the application has full control over + * overflow and the rest of the IV. This implementation takes NO + * responsability for checking that the counter doesn't overflow + * into the rest of the IV when incremented. + */ +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, block128_f block) +{ + unsigned int n; + size_t l=0; + + assert(in && out && key && ecount_buf && num); + assert(*num < 16); + + n = *num; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = *(in++) ^ ecount_buf[n]; + --len; + n = (n+1) % 16; + } + +#if defined(STRICT_ALIGNMENT) + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ecount_buf, key); + ctr128_inc_aligned(ivec); + for (; n<16; n+=sizeof(size_t)) + *(size_t *)(out+n) = + *(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n); + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ecount_buf, key); + ctr128_inc_aligned(ivec); + while (len--) { + out[n] = in[n] ^ ecount_buf[n]; + ++n; + } + } + *num = n; + return; + } while(0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l<len) { + if (n==0) { + (*block)(ivec, ecount_buf, key); + ctr128_inc(ivec); + } + out[l] = in[l] ^ ecount_buf[n]; + ++l; + n = (n+1) % 16; + } + + *num=n; +} diff --git a/lib/libcrypto/modes/cts128.c b/lib/libcrypto/modes/cts128.c new file mode 100644 index 00000000000..e0430f9fdcb --- /dev/null +++ b/lib/libcrypto/modes/cts128.c @@ -0,0 +1,259 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +/* + * Trouble with Ciphertext Stealing, CTS, mode is that there is no + * common official specification, but couple of cipher/application + * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to + * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which + * deviates from mentioned RFCs. Most notably it allows input to be + * of block length and it doesn't flip the order of the last two + * blocks. CTS is being discussed even in ECB context, but it's not + * adopted for any known application. This implementation complies + * with mentioned RFCs and [as such] extends CBC mode. + */ + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ size_t residue, n; + + assert (in && out && key && ivec); + + if (len <= 16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= residue; + + CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block); + + in += len; + out += len; + + for (n=0; n<residue; ++n) + ivec[n] ^= in[n]; + (*block)(ivec,ivec,key); + memcpy(out,out-16,residue); + memcpy(out-16,ivec,16); + + return len+residue; +} + +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc) +{ size_t residue; + union { size_t align; unsigned char c[16]; } tmp; + + assert (in && out && key && ivec); + + if (len <= 16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= residue; + + (*cbc)(in,out,len,key,ivec,1); + + in += len; + out += len; + +#if defined(CBC_HANDLES_TRUNCATED_IO) + memcpy(tmp.c,out-16,16); + (*cbc)(in,out-16,residue,key,ivec,1); + memcpy(out,tmp.c,residue); +#else + { + size_t n; + for (n=0; n<16; n+=sizeof(size_t)) + *(size_t *)(tmp.c+n) = 0; + memcpy(tmp.c,in,residue); + } + memcpy(out,out-16,residue); + (*cbc)(tmp.c,out-16,16,key,ivec,1); +#endif + return len+residue; +} + +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ size_t residue, n; + union { size_t align; unsigned char c[32]; } tmp; + + assert (in && out && key && ivec); + + if (len<=16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= 16+residue; + + if (len) { + CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block); + in += len; + out += len; + } + + (*block)(in,tmp.c+16,key); + + for (n=0; n<16; n+=sizeof(size_t)) + *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n); + memcpy(tmp.c,in+16,residue); + (*block)(tmp.c,tmp.c,key); + + for(n=0; n<16; ++n) { + unsigned char c = in[n]; + out[n] = tmp.c[n] ^ ivec[n]; + ivec[n] = c; + } + for(residue+=16; n<residue; ++n) + out[n] = tmp.c[n] ^ in[n]; + + return len+residue-16; +} + +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc) +{ size_t residue, n; + union { size_t align; unsigned char c[32]; } tmp; + + assert (in && out && key && ivec); + + if (len<=16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= 16+residue; + + if (len) { + (*cbc)(in,out,len,key,ivec,0); + in += len; + out += len; + } + + for (n=16; n<32; n+=sizeof(size_t)) + *(size_t *)(tmp.c+n) = 0; + /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ + (*cbc)(in,tmp.c,16,key,tmp.c+16,0); + + memcpy(tmp.c,in+16,residue); +#if defined(CBC_HANDLES_TRUNCATED_IO) + (*cbc)(tmp.c,out,16+residue,key,ivec,0); +#else + (*cbc)(tmp.c,tmp.c,32,key,ivec,0); + memcpy(out,tmp.c,16+residue); +#endif + return len+residue; +} + +#if defined(SELFTEST) +#include <stdio.h> +#include <openssl/aes.h> + +/* test vectors from RFC 3962 */ +static const unsigned char test_key[16] = "chicken teriyaki"; +static const unsigned char test_input[64] = + "I would like the" " General Gau's C" + "hicken, please, " "and wonton soup."; +static const unsigned char test_iv[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + +static const unsigned char vector_17[17] = +{0xc6,0x35,0x35,0x68,0xf2,0xbf,0x8c,0xb4, 0xd8,0xa5,0x80,0x36,0x2d,0xa7,0xff,0x7f, + 0x97}; +static const unsigned char vector_31[31] = +{0xfc,0x00,0x78,0x3e,0x0e,0xfd,0xb2,0xc1, 0xd4,0x45,0xd4,0xc8,0xef,0xf7,0xed,0x22, + 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5}; +static const unsigned char vector_32[32] = +{0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8, + 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84}; +static const unsigned char vector_47[47] = +{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, + 0xb3,0xff,0xfd,0x94,0x0c,0x16,0xa1,0x8c, 0x1b,0x55,0x49,0xd2,0xf8,0x38,0x02,0x9e, + 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5}; +static const unsigned char vector_48[48] = +{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, + 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8, + 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8}; +static const unsigned char vector_64[64] = +{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, + 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8, + 0x48,0x07,0xef,0xe8,0x36,0xee,0x89,0xa5, 0x26,0x73,0x0d,0xbc,0x2f,0x7b,0xc8,0x40, + 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8}; + +static AES_KEY encks, decks; + +void test_vector(const unsigned char *vector,size_t len) +{ unsigned char cleartext[64]; + unsigned char iv[sizeof(test_iv)]; + unsigned char ciphertext[64]; + size_t tail; + + printf("vector_%d\n",len); fflush(stdout); + + if ((tail=len%16) == 0) tail = 16; + tail += 16; + + /* test block-based encryption */ + memcpy(iv,test_iv,sizeof(test_iv)); + CRYPTO_cts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt); + if (memcmp(ciphertext,vector,len)) + fprintf(stderr,"output_%d mismatch\n",len), exit(1); + if (memcmp(iv,vector+len-tail,sizeof(iv))) + fprintf(stderr,"iv_%d mismatch\n",len), exit(1); + + /* test block-based decryption */ + memcpy(iv,test_iv,sizeof(test_iv)); + CRYPTO_cts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt); + if (memcmp(cleartext,test_input,len)) + fprintf(stderr,"input_%d mismatch\n",len), exit(2); + if (memcmp(iv,vector+len-tail,sizeof(iv))) + fprintf(stderr,"iv_%d mismatch\n",len), exit(2); + + /* test streamed encryption */ + memcpy(iv,test_iv,sizeof(test_iv)); + CRYPTO_cts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt); + if (memcmp(ciphertext,vector,len)) + fprintf(stderr,"output_%d mismatch\n",len), exit(3); + if (memcmp(iv,vector+len-tail,sizeof(iv))) + fprintf(stderr,"iv_%d mismatch\n",len), exit(3); + + /* test streamed decryption */ + memcpy(iv,test_iv,sizeof(test_iv)); + CRYPTO_cts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt); + if (memcmp(cleartext,test_input,len)) + fprintf(stderr,"input_%d mismatch\n",len), exit(4); + if (memcmp(iv,vector+len-tail,sizeof(iv))) + fprintf(stderr,"iv_%d mismatch\n",len), exit(4); +} + +main() +{ + AES_set_encrypt_key(test_key,128,&encks); + AES_set_decrypt_key(test_key,128,&decks); + + test_vector(vector_17,sizeof(vector_17)); + test_vector(vector_31,sizeof(vector_31)); + test_vector(vector_32,sizeof(vector_32)); + test_vector(vector_47,sizeof(vector_47)); + test_vector(vector_48,sizeof(vector_48)); + test_vector(vector_64,sizeof(vector_64)); + exit(0); +} +#endif diff --git a/lib/libcrypto/modes/modes.h b/lib/libcrypto/modes/modes.h new file mode 100644 index 00000000000..af8d97d7958 --- /dev/null +++ b/lib/libcrypto/modes/modes.h @@ -0,0 +1,59 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include <stddef.h> + +typedef void (*block128_f)(const unsigned char in[16], + unsigned char out[16], + const void *key); + +typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, block128_f block); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); diff --git a/lib/libcrypto/modes/ofb128.c b/lib/libcrypto/modes/ofb128.c new file mode 100644 index 00000000000..c732e2ec58e --- /dev/null +++ b/lib/libcrypto/modes/ofb128.c @@ -0,0 +1,128 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +#define STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +#endif + +/* The input and output encrypted as though 128bit ofb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block) +{ + unsigned int n; + size_t l=0; + + assert(in && out && key && ivec && num); + + n = *num; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = *(in++) ^ ivec[n]; + --len; + n = (n+1) % 16; + } +#if defined(STRICT_ALIGNMENT) + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) + *(size_t*)(out+n) = + *(size_t*)(in+n) ^ *(size_t*)(ivec+n); + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + out[n] = in[n] ^ ivec[n]; + ++n; + } + } + *num = n; + return; + } while(0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l<len) { + if (n==0) { + (*block)(ivec, ivec, key); + } + out[l] = in[l] ^ ivec[n]; + ++l; + n = (n+1) % 16; + } + + *num=n; +} diff --git a/lib/libcrypto/o_str.c b/lib/libcrypto/o_str.c index 59cc25094b5..56104a6c34b 100644 --- a/lib/libcrypto/o_str.c +++ b/lib/libcrypto/o_str.c @@ -60,7 +60,9 @@ #include <e_os.h> #include "o_str.h" -#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32) +#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \ + !defined(OPENSSL_SYSNAME_WIN32) && \ + !defined(NETWARE_CLIB) # include <strings.h> #endif diff --git a/lib/libcrypto/o_time.h b/lib/libcrypto/o_time.h index e66044626d1..e391da75087 100644 --- a/lib/libcrypto/o_time.h +++ b/lib/libcrypto/o_time.h @@ -62,5 +62,6 @@ #include <time.h> struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); #endif diff --git a/lib/libcrypto/objects/Makefile b/lib/libcrypto/objects/Makefile index 25e8b23b5d0..a8aedbd4228 100644 --- a/lib/libcrypto/objects/Makefile +++ b/lib/libcrypto/objects/Makefile @@ -18,23 +18,23 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c -LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o +LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c +LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o SRC= $(LIBSRC) EXHEADER= objects.h obj_mac.h -HEADER= $(EXHEADER) obj_dat.h +HEADER= $(EXHEADER) obj_dat.h obj_xref.h ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) -all: obj_dat.h lib +all: obj_dat.h obj_xref.h lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -46,6 +46,10 @@ obj_mac.h: objects.pl objects.txt obj_mac.num $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h @sleep 1; touch obj_mac.h; sleep 1 +obj_xref.h: objxref.pl obj_xref.txt obj_mac.num + $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h + @sleep 1; touch obj_xref.h; sleep 1 + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -117,3 +121,10 @@ obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h obj_lib.o: ../cryptlib.h obj_lib.c +obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +obj_xref.o: ../../include/openssl/opensslconf.h +obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h diff --git a/lib/libcrypto/objects/obj_xref.c b/lib/libcrypto/objects/obj_xref.c new file mode 100644 index 00000000000..152eca5c671 --- /dev/null +++ b/lib/libcrypto/objects/obj_xref.c @@ -0,0 +1,231 @@ +/* crypto/objects/obj_xref.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/objects.h> +#include "obj_xref.h" + +DECLARE_STACK_OF(nid_triple) +STACK_OF(nid_triple) *sig_app, *sigx_app; + +static int sig_cmp(const nid_triple *a, const nid_triple *b) + { + return a->sign_id - b->sign_id; + } + +DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig); + +static int sig_sk_cmp(const nid_triple * const *a, const nid_triple * const *b) + { + return (*a)->sign_id - (*b)->sign_id; + } + +DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx); + +static int sigx_cmp(const nid_triple * const *a, const nid_triple * const *b) + { + int ret; + ret = (*a)->hash_id - (*b)->hash_id; + if (ret) + return ret; + return (*a)->pkey_id - (*b)->pkey_id; + } + +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) + { + nid_triple tmp; + const nid_triple *rv = NULL; + tmp.sign_id = signid; + + if (sig_app) + { + int idx = sk_nid_triple_find(sig_app, &tmp); + if (idx >= 0) + rv = sk_nid_triple_value(sig_app, idx); + } + +#ifndef OBJ_XREF_TEST2 + if (rv == NULL) + { + rv = OBJ_bsearch_sig(&tmp, sigoid_srt, + sizeof(sigoid_srt) / sizeof(nid_triple)); + } +#endif + if (rv == NULL) + return 0; + *pdig_nid = rv->hash_id; + *ppkey_nid = rv->pkey_id; + return 1; + } + +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) + { + nid_triple tmp; + const nid_triple *t=&tmp; + const nid_triple **rv = NULL; + + tmp.hash_id = dig_nid; + tmp.pkey_id = pkey_nid; + + if (sigx_app) + { + int idx = sk_nid_triple_find(sigx_app, &tmp); + if (idx >= 0) + { + t = sk_nid_triple_value(sigx_app, idx); + rv = &t; + } + } + +#ifndef OBJ_XREF_TEST2 + if (rv == NULL) + { + rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, + sizeof(sigoid_srt_xref) / sizeof(nid_triple *) + ); + } +#endif + if (rv == NULL) + return 0; + *psignid = (*rv)->sign_id; + return 1; + } + +int OBJ_add_sigid(int signid, int dig_id, int pkey_id) + { + nid_triple *ntr; + if (!sig_app) + sig_app = sk_nid_triple_new(sig_sk_cmp); + if (!sig_app) + return 0; + if (!sigx_app) + sigx_app = sk_nid_triple_new(sigx_cmp); + if (!sigx_app) + return 0; + ntr = OPENSSL_malloc(sizeof(int) * 3); + if (!ntr) + return 0; + ntr->sign_id = signid; + ntr->hash_id = dig_id; + ntr->pkey_id = pkey_id; + + if (!sk_nid_triple_push(sig_app, ntr)) + { + OPENSSL_free(ntr); + return 0; + } + + if (!sk_nid_triple_push(sigx_app, ntr)) + return 0; + + sk_nid_triple_sort(sig_app); + sk_nid_triple_sort(sigx_app); + + return 1; + } + +static void sid_free(nid_triple *tt) + { + OPENSSL_free(tt); + } + +void OBJ_sigid_free(void) + { + if (sig_app) + { + sk_nid_triple_pop_free(sig_app, sid_free); + sig_app = NULL; + } + if (sigx_app) + { + sk_nid_triple_free(sigx_app); + sigx_app = NULL; + } + } + +#ifdef OBJ_XREF_TEST + +main() + { + int n1, n2, n3; + + int i, rv; +#ifdef OBJ_XREF_TEST2 + for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) + { + OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], + sigoid_srt[i][2]); + } +#endif + + for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) + { + n1 = sigoid_srt[i][0]; + rv = OBJ_find_sigid_algs(n1, &n2, &n3); + printf("Forward: %d, %s %s %s\n", rv, + OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); + n1=0; + rv = OBJ_find_sigid_by_algs(&n1, n2, n3); + printf("Reverse: %d, %s %s %s\n", rv, + OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); + } + } + +#endif diff --git a/lib/libcrypto/objects/obj_xref.h b/lib/libcrypto/objects/obj_xref.h new file mode 100644 index 00000000000..d5b9b8e1983 --- /dev/null +++ b/lib/libcrypto/objects/obj_xref.h @@ -0,0 +1,75 @@ +/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ + +typedef struct + { + int sign_id; + int hash_id; + int pkey_id; + } nid_triple; + +static const nid_triple sigoid_srt[] = + { + {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, + {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, + {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, + {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, + {NID_dsaWithSHA, NID_sha, NID_dsa}, + {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, + {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, + {NID_md5WithRSA, NID_md5, NID_rsa}, + {NID_dsaWithSHA1, NID_sha1, NID_dsa}, + {NID_sha1WithRSA, NID_sha1, NID_rsa}, + {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, + {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, + {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, + {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, + {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, + {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, + {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, + {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, + {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, + {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, + {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001}, + {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94}, + {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc}, + {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc}, + }; + +static const nid_triple * const sigoid_srt_xref[] = + { + &sigoid_srt[17], + &sigoid_srt[18], + &sigoid_srt[0], + &sigoid_srt[1], + &sigoid_srt[7], + &sigoid_srt[2], + &sigoid_srt[4], + &sigoid_srt[3], + &sigoid_srt[9], + &sigoid_srt[5], + &sigoid_srt[8], + &sigoid_srt[12], + &sigoid_srt[6], + &sigoid_srt[10], + &sigoid_srt[11], + &sigoid_srt[13], + &sigoid_srt[24], + &sigoid_srt[20], + &sigoid_srt[14], + &sigoid_srt[21], + &sigoid_srt[15], + &sigoid_srt[22], + &sigoid_srt[16], + &sigoid_srt[23], + &sigoid_srt[19], + &sigoid_srt[25], + &sigoid_srt[26], + &sigoid_srt[27], + &sigoid_srt[28], + }; + diff --git a/lib/libcrypto/objects/obj_xref.txt b/lib/libcrypto/objects/obj_xref.txt new file mode 100644 index 00000000000..e45b3d34b9b --- /dev/null +++ b/lib/libcrypto/objects/obj_xref.txt @@ -0,0 +1,42 @@ +# OID cross reference table. +# Links signatures OIDs to their corresponding public key algorithms +# and digests. + +md2WithRSAEncryption md2 rsaEncryption +md5WithRSAEncryption md5 rsaEncryption +shaWithRSAEncryption sha rsaEncryption +sha1WithRSAEncryption sha1 rsaEncryption +md4WithRSAEncryption md4 rsaEncryption +sha256WithRSAEncryption sha256 rsaEncryption +sha384WithRSAEncryption sha384 rsaEncryption +sha512WithRSAEncryption sha512 rsaEncryption +sha224WithRSAEncryption sha224 rsaEncryption +mdc2WithRSA mdc2 rsaEncryption +ripemd160WithRSA ripemd160 rsaEncryption + +# Alternative deprecated OIDs. By using the older "rsa" OID this +# type will be recognized by not normally used. + +md5WithRSA md5 rsa +sha1WithRSA sha1 rsa + +dsaWithSHA sha dsa +dsaWithSHA1 sha1 dsa + +dsaWithSHA1_2 sha1 dsa_2 + +ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey +ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey +ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey +ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey +ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey +ecdsa_with_Recommended undef X9_62_id_ecPublicKey +ecdsa_with_Specified undef X9_62_id_ecPublicKey + +dsa_with_SHA224 sha224 dsa +dsa_with_SHA256 sha256 dsa + +id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001 +id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94 +id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc +id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc diff --git a/lib/libcrypto/objects/objxref.pl b/lib/libcrypto/objects/objxref.pl new file mode 100644 index 00000000000..731d3ae22c2 --- /dev/null +++ b/lib/libcrypto/objects/objxref.pl @@ -0,0 +1,107 @@ +#!/usr/local/bin/perl + +use strict; + +my %xref_tbl; +my %oid_tbl; + +my ($mac_file, $xref_file) = @ARGV; + +open(IN, $mac_file) || die "Can't open $mac_file"; + +# Read in OID nid values for a lookup table. + +while (<IN>) + { + chomp; + my ($name, $num) = /^(\S+)\s+(\S+)$/; + $oid_tbl{$name} = $num; + } +close IN; + +open(IN, $xref_file) || die "Can't open $xref_file"; + +my $ln = 1; + +while (<IN>) + { + chomp; + s/#.*$//; + next if (/^\S*$/); + my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/; + check_oid($xr); + check_oid($p1); + check_oid($p2); + $xref_tbl{$xr} = [$p1, $p2, $ln]; + } + +my @xrkeys = keys %xref_tbl; + +my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys; + +for(my $i = 0; $i <= $#srt1; $i++) + { + $xref_tbl{$srt1[$i]}[2] = $i; + } + +my @srt2 = sort + { + my$ap1 = $oid_tbl{$xref_tbl{$a}[0]}; + my$bp1 = $oid_tbl{$xref_tbl{$b}[0]}; + return $ap1 - $bp1 if ($ap1 != $bp1); + my$ap2 = $oid_tbl{$xref_tbl{$a}[1]}; + my$bp2 = $oid_tbl{$xref_tbl{$b}[1]}; + + return $ap2 - $bp2; + } @xrkeys; + +my $pname = $0; + +$pname =~ s|^.[^/]/||; + +print <<EOF; +/* AUTOGENERATED BY $pname, DO NOT EDIT */ + +typedef struct + { + int sign_id; + int hash_id; + int pkey_id; + } nid_triple; + +static const nid_triple sigoid_srt[] = + { +EOF + +foreach (@srt1) + { + my $xr = $_; + my ($p1, $p2) = @{$xref_tbl{$_}}; + print "\t{NID_$xr, NID_$p1, NID_$p2},\n"; + } + +print "\t};"; +print <<EOF; + + +static const nid_triple * const sigoid_srt_xref[] = + { +EOF + +foreach (@srt2) + { + my $x = $xref_tbl{$_}[2]; + print "\t\&sigoid_srt\[$x\],\n"; + } + +print "\t};\n\n"; + +sub check_oid + { + my ($chk) = @_; + if (!exists $oid_tbl{$chk}) + { + die "Not Found \"$chk\"\n"; + } + } + diff --git a/lib/libcrypto/ocsp/Makefile b/lib/libcrypto/ocsp/Makefile index 30a00b33726..60c414cf4da 100644 --- a/lib/libcrypto/ocsp/Makefile +++ b/lib/libcrypto/ocsp/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -82,10 +82,9 @@ ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_asn.o: ../../include/openssl/opensslconf.h +ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -98,25 +97,24 @@ ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_cl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c +ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_cl.o: ../cryptlib.h ocsp_cl.c ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_err.o: ../../include/openssl/opensslconf.h +ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -129,9 +127,9 @@ ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h +ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_ext.o: ../../include/openssl/opensslconf.h ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -144,22 +142,21 @@ ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ht.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_ht.o: ocsp_ht.c +ocsp_ht.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_ht.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_ht.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ocsp_ht.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h -ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ocsp_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ocsp_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ocsp_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -174,10 +171,9 @@ ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_prn.o: ../../include/openssl/opensslconf.h +ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -191,9 +187,9 @@ ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_srv.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h +ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_srv.o: ../../include/openssl/opensslconf.h ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -206,10 +202,9 @@ ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_vfy.o: ../../include/openssl/opensslconf.h +ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libcrypto/pem/Makefile b/lib/libcrypto/pem/Makefile index 669f36612c4..2cc7801529e 100644 --- a/lib/libcrypto/pem/Makefile +++ b/lib/libcrypto/pem/Makefile @@ -18,10 +18,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \ - pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c + pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \ - pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o + pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o SRC= $(LIBSRC) @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -83,39 +83,36 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_all.o: ../cryptlib.h pem_all.c +pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_err.o: pem_err.c +pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c pem_info.o: ../../e_os.h ../../include/openssl/asn1.h pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_info.o: ../../include/openssl/opensslconf.h +pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h @@ -128,8 +125,8 @@ pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -139,43 +136,43 @@ pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c +pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pem_lib.o: pem_lib.c pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_oth.o: ../cryptlib.h pem_oth.c +pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c +pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h +pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_pk8.o: ../cryptlib.h pem_pk8.c pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -184,15 +181,16 @@ pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c +pem_pkey.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pem_pkey.o: pem_pkey.c pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_seal.o: ../../include/openssl/opensslconf.h pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -205,9 +203,9 @@ pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_sign.o: ../../include/openssl/opensslconf.h pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -220,9 +218,9 @@ pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_x509.o: ../../include/openssl/opensslconf.h pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -234,12 +232,27 @@ pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_xaux.o: ../../include/openssl/opensslconf.h pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c +pvkfmt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +pvkfmt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +pvkfmt.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +pvkfmt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pvkfmt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pvkfmt.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pvkfmt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pvkfmt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pvkfmt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pvkfmt.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +pvkfmt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +pvkfmt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pvkfmt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pvkfmt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pvkfmt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pvkfmt.c diff --git a/lib/libcrypto/pem/pvkfmt.c b/lib/libcrypto/pem/pvkfmt.c new file mode 100644 index 00000000000..d998a67fa52 --- /dev/null +++ b/lib/libcrypto/pem/pvkfmt.c @@ -0,0 +1,942 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB + * and PRIVATEKEYBLOB). + */ + +#include "cryptlib.h" +#include <openssl/pem.h> +#include <openssl/rand.h> +#include <openssl/bn.h> +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) +#include <openssl/dsa.h> +#include <openssl/rsa.h> + +/* Utility function: read a DWORD (4 byte unsigned integer) in little endian + * format + */ + +static unsigned int read_ledword(const unsigned char **in) + { + const unsigned char *p = *in; + unsigned int ret; + ret = *p++; + ret |= (*p++ << 8); + ret |= (*p++ << 16); + ret |= (*p++ << 24); + *in = p; + return ret; + } + +/* Read a BIGNUM in little endian format. The docs say that this should take up + * bitlen/8 bytes. + */ + +static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) + { + const unsigned char *p; + unsigned char *tmpbuf, *q; + unsigned int i; + p = *in + nbyte - 1; + tmpbuf = OPENSSL_malloc(nbyte); + if (!tmpbuf) + return 0; + q = tmpbuf; + for (i = 0; i < nbyte; i++) + *q++ = *p--; + *r = BN_bin2bn(tmpbuf, nbyte, NULL); + OPENSSL_free(tmpbuf); + if (*r) + { + *in += nbyte; + return 1; + } + else + return 0; + } + + +/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ + +#define MS_PUBLICKEYBLOB 0x6 +#define MS_PRIVATEKEYBLOB 0x7 +#define MS_RSA1MAGIC 0x31415352L +#define MS_RSA2MAGIC 0x32415352L +#define MS_DSS1MAGIC 0x31535344L +#define MS_DSS2MAGIC 0x32535344L + +#define MS_KEYALG_RSA_KEYX 0xa400 +#define MS_KEYALG_DSS_SIGN 0x2200 + +#define MS_KEYTYPE_KEYX 0x1 +#define MS_KEYTYPE_SIGN 0x2 + +/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ +#define MS_PVKMAGIC 0xb0b5f11eL +/* Salt length for PVK files */ +#define PVK_SALTLEN 0x10 + +static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); +static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); + +static int do_blob_header(const unsigned char **in, unsigned int length, + unsigned int *pmagic, unsigned int *pbitlen, + int *pisdss, int *pispub) + { + const unsigned char *p = *in; + if (length < 16) + return 0; + /* bType */ + if (*p == MS_PUBLICKEYBLOB) + { + if (*pispub == 0) + { + PEMerr(PEM_F_DO_BLOB_HEADER, + PEM_R_EXPECTING_PRIVATE_KEY_BLOB); + return 0; + } + *pispub = 1; + } + else if (*p == MS_PRIVATEKEYBLOB) + { + if (*pispub == 1) + { + PEMerr(PEM_F_DO_BLOB_HEADER, + PEM_R_EXPECTING_PUBLIC_KEY_BLOB); + return 0; + } + *pispub = 0; + } + else + return 0; + p++; + /* Version */ + if (*p++ != 0x2) + { + PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER); + return 0; + } + /* Ignore reserved, aiKeyAlg */ + p+= 6; + *pmagic = read_ledword(&p); + *pbitlen = read_ledword(&p); + *pisdss = 0; + switch (*pmagic) + { + + case MS_DSS1MAGIC: + *pisdss = 1; + case MS_RSA1MAGIC: + if (*pispub == 0) + { + PEMerr(PEM_F_DO_BLOB_HEADER, + PEM_R_EXPECTING_PRIVATE_KEY_BLOB); + return 0; + } + break; + + case MS_DSS2MAGIC: + *pisdss = 1; + case MS_RSA2MAGIC: + if (*pispub == 1) + { + PEMerr(PEM_F_DO_BLOB_HEADER, + PEM_R_EXPECTING_PUBLIC_KEY_BLOB); + return 0; + } + break; + + default: + PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER); + return -1; + } + *in = p; + return 1; + } + +static unsigned int blob_length(unsigned bitlen, int isdss, int ispub) + { + unsigned int nbyte, hnbyte; + nbyte = (bitlen + 7) >> 3; + hnbyte = (bitlen + 15) >> 4; + if (isdss) + { + + /* Expected length: 20 for q + 3 components bitlen each + 24 + * for seed structure. + */ + if (ispub) + return 44 + 3 * nbyte; + /* Expected length: 20 for q, priv, 2 bitlen components + 24 + * for seed structure. + */ + else + return 64 + 2 * nbyte; + } + else + { + /* Expected length: 4 for 'e' + 'n' */ + if (ispub) + return 4 + nbyte; + else + /* Expected length: 4 for 'e' and 7 other components. + * 2 components are bitlen size, 5 are bitlen/2 + */ + return 4 + 2*nbyte + 5*hnbyte; + } + + } + +static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, + int ispub) + { + const unsigned char *p = *in; + unsigned int bitlen, magic; + int isdss; + if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) + { + PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); + return NULL; + } + length -= 16; + if (length < blob_length(bitlen, isdss, ispub)) + { + PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT); + return NULL; + } + if (isdss) + return b2i_dss(&p, length, bitlen, ispub); + else + return b2i_rsa(&p, length, bitlen, ispub); + } + +static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) + { + const unsigned char *p; + unsigned char hdr_buf[16], *buf = NULL; + unsigned int bitlen, magic, length; + int isdss; + EVP_PKEY *ret = NULL; + if (BIO_read(in, hdr_buf, 16) != 16) + { + PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); + return NULL; + } + p = hdr_buf; + if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) + return NULL; + + length = blob_length(bitlen, isdss, ispub); + buf = OPENSSL_malloc(length); + if (!buf) + { + PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } + p = buf; + if (BIO_read(in, buf, length) != (int)length) + { + PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); + goto err; + } + + if (isdss) + ret = b2i_dss(&p, length, bitlen, ispub); + else + ret = b2i_rsa(&p, length, bitlen, ispub); + + err: + if (buf) + OPENSSL_free(buf); + return ret; + } + +static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub) + { + const unsigned char *p = *in; + EVP_PKEY *ret = NULL; + DSA *dsa = NULL; + BN_CTX *ctx = NULL; + unsigned int nbyte; + nbyte = (bitlen + 7) >> 3; + + dsa = DSA_new(); + ret = EVP_PKEY_new(); + if (!dsa || !ret) + goto memerr; + if (!read_lebn(&p, nbyte, &dsa->p)) + goto memerr; + if (!read_lebn(&p, 20, &dsa->q)) + goto memerr; + if (!read_lebn(&p, nbyte, &dsa->g)) + goto memerr; + if (ispub) + { + if (!read_lebn(&p, nbyte, &dsa->pub_key)) + goto memerr; + } + else + { + if (!read_lebn(&p, 20, &dsa->priv_key)) + goto memerr; + /* Calculate public key */ + if (!(dsa->pub_key = BN_new())) + goto memerr; + if (!(ctx = BN_CTX_new())) + goto memerr; + + if (!BN_mod_exp(dsa->pub_key, dsa->g, + dsa->priv_key, dsa->p, ctx)) + + goto memerr; + BN_CTX_free(ctx); + } + + EVP_PKEY_set1_DSA(ret, dsa); + DSA_free(dsa); + *in = p; + return ret; + + memerr: + PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); + if (dsa) + DSA_free(dsa); + if (ret) + EVP_PKEY_free(ret); + if (ctx) + BN_CTX_free(ctx); + return NULL; + } + +static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub) + + { + const unsigned char *p = *in; + EVP_PKEY *ret = NULL; + RSA *rsa = NULL; + unsigned int nbyte, hnbyte; + nbyte = (bitlen + 7) >> 3; + hnbyte = (bitlen + 15) >> 4; + rsa = RSA_new(); + ret = EVP_PKEY_new(); + if (!rsa || !ret) + goto memerr; + rsa->e = BN_new(); + if (!rsa->e) + goto memerr; + if (!BN_set_word(rsa->e, read_ledword(&p))) + goto memerr; + if (!read_lebn(&p, nbyte, &rsa->n)) + goto memerr; + if (!ispub) + { + if (!read_lebn(&p, hnbyte, &rsa->p)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->q)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->dmp1)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->dmq1)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->iqmp)) + goto memerr; + if (!read_lebn(&p, nbyte, &rsa->d)) + goto memerr; + } + + EVP_PKEY_set1_RSA(ret, rsa); + RSA_free(rsa); + *in = p; + return ret; + memerr: + PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); + if (rsa) + RSA_free(rsa); + if (ret) + EVP_PKEY_free(ret); + return NULL; + } + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length) + { + return do_b2i(in, length, 0); + } + +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length) + { + return do_b2i(in, length, 1); + } + + +EVP_PKEY *b2i_PrivateKey_bio(BIO *in) + { + return do_b2i_bio(in, 0); + } + +EVP_PKEY *b2i_PublicKey_bio(BIO *in) + { + return do_b2i_bio(in, 1); + } + +static void write_ledword(unsigned char **out, unsigned int dw) + { + unsigned char *p = *out; + *p++ = dw & 0xff; + *p++ = (dw>>8) & 0xff; + *p++ = (dw>>16) & 0xff; + *p++ = (dw>>24) & 0xff; + *out = p; + } + +static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) + { + int nb, i; + unsigned char *p = *out, *q, c; + nb = BN_num_bytes(bn); + BN_bn2bin(bn, p); + q = p + nb - 1; + /* In place byte order reversal */ + for (i = 0; i < nb/2; i++) + { + c = *p; + *p++ = *q; + *q-- = c; + } + *out += nb; + /* Pad with zeroes if we have to */ + if (len > 0) + { + len -= nb; + if (len > 0) + { + memset(*out, 0, len); + *out += len; + } + } + } + + +static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); +static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic); + +static void write_rsa(unsigned char **out, RSA *rsa, int ispub); +static void write_dsa(unsigned char **out, DSA *dsa, int ispub); + +static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) + { + unsigned char *p; + unsigned int bitlen, magic = 0, keyalg; + int outlen, noinc = 0; + if (pk->type == EVP_PKEY_DSA) + { + bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); + keyalg = MS_KEYALG_DSS_SIGN; + } + else if (pk->type == EVP_PKEY_RSA) + { + bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); + keyalg = MS_KEYALG_RSA_KEYX; + } + else + return -1; + if (bitlen == 0) + return -1; + outlen = 16 + blob_length(bitlen, + keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub); + if (out == NULL) + return outlen; + if (*out) + p = *out; + else + { + p = OPENSSL_malloc(outlen); + if (!p) + return -1; + *out = p; + noinc = 1; + } + if (ispub) + *p++ = MS_PUBLICKEYBLOB; + else + *p++ = MS_PRIVATEKEYBLOB; + *p++ = 0x2; + *p++ = 0; + *p++ = 0; + write_ledword(&p, keyalg); + write_ledword(&p, magic); + write_ledword(&p, bitlen); + if (keyalg == MS_KEYALG_DSS_SIGN) + write_dsa(&p, pk->pkey.dsa, ispub); + else + write_rsa(&p, pk->pkey.rsa, ispub); + if (!noinc) + *out += outlen; + return outlen; + } + +static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) + { + unsigned char *tmp = NULL; + int outlen, wrlen; + outlen = do_i2b(&tmp, pk, ispub); + if (outlen < 0) + return -1; + wrlen = BIO_write(out, tmp, outlen); + OPENSSL_free(tmp); + if (wrlen == outlen) + return outlen; + return -1; + } + +static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) + { + int bitlen; + bitlen = BN_num_bits(dsa->p); + if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) + || (BN_num_bits(dsa->g) > bitlen)) + goto badkey; + if (ispub) + { + if (BN_num_bits(dsa->pub_key) > bitlen) + goto badkey; + *pmagic = MS_DSS1MAGIC; + } + else + { + if (BN_num_bits(dsa->priv_key) > 160) + goto badkey; + *pmagic = MS_DSS2MAGIC; + } + + return bitlen; + badkey: + PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); + return 0; + } + +static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) + { + int nbyte, hnbyte, bitlen; + if (BN_num_bits(rsa->e) > 32) + goto badkey; + bitlen = BN_num_bits(rsa->n); + nbyte = BN_num_bytes(rsa->n); + hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; + if (ispub) + { + *pmagic = MS_RSA1MAGIC; + return bitlen; + } + else + { + *pmagic = MS_RSA2MAGIC; + /* For private key each component must fit within nbyte or + * hnbyte. + */ + if (BN_num_bytes(rsa->d) > nbyte) + goto badkey; + if ((BN_num_bytes(rsa->iqmp) > hnbyte) + || (BN_num_bytes(rsa->p) > hnbyte) + || (BN_num_bytes(rsa->q) > hnbyte) + || (BN_num_bytes(rsa->dmp1) > hnbyte) + || (BN_num_bytes(rsa->dmq1) > hnbyte)) + goto badkey; + } + return bitlen; + badkey: + PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); + return 0; + } + + +static void write_rsa(unsigned char **out, RSA *rsa, int ispub) + { + int nbyte, hnbyte; + nbyte = BN_num_bytes(rsa->n); + hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; + write_lebn(out, rsa->e, 4); + write_lebn(out, rsa->n, -1); + if (ispub) + return; + write_lebn(out, rsa->p, hnbyte); + write_lebn(out, rsa->q, hnbyte); + write_lebn(out, rsa->dmp1, hnbyte); + write_lebn(out, rsa->dmq1, hnbyte); + write_lebn(out, rsa->iqmp, hnbyte); + write_lebn(out, rsa->d, nbyte); + } + + +static void write_dsa(unsigned char **out, DSA *dsa, int ispub) + { + int nbyte; + nbyte = BN_num_bytes(dsa->p); + write_lebn(out, dsa->p, nbyte); + write_lebn(out, dsa->q, 20); + write_lebn(out, dsa->g, nbyte); + if (ispub) + write_lebn(out, dsa->pub_key, nbyte); + else + write_lebn(out, dsa->priv_key, 20); + /* Set "invalid" for seed structure values */ + memset(*out, 0xff, 24); + *out += 24; + return; + } + + +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk) + { + return do_i2b_bio(out, pk, 0); + } + +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk) + { + return do_i2b_bio(out, pk, 1); + } + +#ifndef OPENSSL_NO_RC4 + +static int do_PVK_header(const unsigned char **in, unsigned int length, + int skip_magic, + unsigned int *psaltlen, unsigned int *pkeylen) + + { + const unsigned char *p = *in; + unsigned int pvk_magic, keytype, is_encrypted; + if (skip_magic) + { + if (length < 20) + { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); + return 0; + } + length -= 20; + } + else + { + if (length < 24) + { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); + return 0; + } + length -= 24; + pvk_magic = read_ledword(&p); + if (pvk_magic != MS_PVKMAGIC) + { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); + return 0; + } + } + /* Skip reserved */ + p += 4; + keytype = read_ledword(&p); + is_encrypted = read_ledword(&p); + *psaltlen = read_ledword(&p); + *pkeylen = read_ledword(&p); + + if (is_encrypted && !*psaltlen) + { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); + return 0; + } + + *in = p; + return 1; + } + +static int derive_pvk_key(unsigned char *key, + const unsigned char *salt, unsigned int saltlen, + const unsigned char *pass, int passlen) + { + EVP_MD_CTX mctx; + EVP_MD_CTX_init(&mctx); + EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL); + EVP_DigestUpdate(&mctx, salt, saltlen); + EVP_DigestUpdate(&mctx, pass, passlen); + EVP_DigestFinal_ex(&mctx, key, NULL); + EVP_MD_CTX_cleanup(&mctx); + return 1; + } + + +static EVP_PKEY *do_PVK_body(const unsigned char **in, + unsigned int saltlen, unsigned int keylen, + pem_password_cb *cb, void *u) + { + EVP_PKEY *ret = NULL; + const unsigned char *p = *in; + unsigned int magic; + unsigned char *enctmp = NULL, *q; + if (saltlen) + { + char psbuf[PEM_BUFSIZE]; + unsigned char keybuf[20]; + EVP_CIPHER_CTX cctx; + int enctmplen, inlen; + if (cb) + inlen=cb(psbuf,PEM_BUFSIZE,0,u); + else + inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); + if (inlen <= 0) + { + PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ); + return NULL; + } + enctmp = OPENSSL_malloc(keylen + 8); + if (!enctmp) + { + PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!derive_pvk_key(keybuf, p, saltlen, + (unsigned char *)psbuf, inlen)) + return NULL; + p += saltlen; + /* Copy BLOBHEADER across, decrypt rest */ + memcpy(enctmp, p, 8); + p += 8; + inlen = keylen - 8; + q = enctmp + 8; + EVP_CIPHER_CTX_init(&cctx); + EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); + EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); + EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen); + magic = read_ledword((const unsigned char **)&q); + if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) + { + q = enctmp + 8; + memset(keybuf + 5, 0, 11); + EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, + NULL); + OPENSSL_cleanse(keybuf, 20); + EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); + EVP_DecryptFinal_ex(&cctx, q + enctmplen, + &enctmplen); + magic = read_ledword((const unsigned char **)&q); + if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) + { + EVP_CIPHER_CTX_cleanup(&cctx); + PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); + goto err; + } + } + else + OPENSSL_cleanse(keybuf, 20); + EVP_CIPHER_CTX_cleanup(&cctx); + p = enctmp; + } + + ret = b2i_PrivateKey(&p, keylen); + err: + if (enctmp && saltlen) + OPENSSL_free(enctmp); + return ret; + } + + +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) + { + unsigned char pvk_hdr[24], *buf = NULL; + const unsigned char *p; + int buflen; + EVP_PKEY *ret = NULL; + unsigned int saltlen, keylen; + if (BIO_read(in, pvk_hdr, 24) != 24) + { + PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); + return NULL; + } + p = pvk_hdr; + + if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) + return 0; + buflen = (int) keylen + saltlen; + buf = OPENSSL_malloc(buflen); + if (!buf) + { + PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); + return 0; + } + p = buf; + if (BIO_read(in, buf, buflen) != buflen) + { + PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); + goto err; + } + ret = do_PVK_body(&p, saltlen, keylen, cb, u); + + err: + if (buf) + { + OPENSSL_cleanse(buf, buflen); + OPENSSL_free(buf); + } + return ret; + } + + + +static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, + pem_password_cb *cb, void *u) + { + int outlen = 24, noinc, pklen; + unsigned char *p, *salt = NULL; + if (enclevel) + outlen += PVK_SALTLEN; + pklen = do_i2b(NULL, pk, 0); + if (pklen < 0) + return -1; + outlen += pklen; + if (!out) + return outlen; + if (*out) + { + p = *out; + noinc = 0; + } + else + { + p = OPENSSL_malloc(outlen); + if (!p) + { + PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE); + return -1; + } + *out = p; + noinc = 1; + } + + write_ledword(&p, MS_PVKMAGIC); + write_ledword(&p, 0); + if (pk->type == EVP_PKEY_DSA) + write_ledword(&p, MS_KEYTYPE_SIGN); + else + write_ledword(&p, MS_KEYTYPE_KEYX); + write_ledword(&p, enclevel ? 1 : 0); + write_ledword(&p, enclevel ? PVK_SALTLEN: 0); + write_ledword(&p, pklen); + if (enclevel) + { + if (RAND_bytes(p, PVK_SALTLEN) <= 0) + goto error; + salt = p; + p += PVK_SALTLEN; + } + do_i2b(&p, pk, 0); + if (enclevel == 0) + return outlen; + else + { + char psbuf[PEM_BUFSIZE]; + unsigned char keybuf[20]; + EVP_CIPHER_CTX cctx; + int enctmplen, inlen; + if (cb) + inlen=cb(psbuf,PEM_BUFSIZE,1,u); + else + inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u); + if (inlen <= 0) + { + PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ); + goto error; + } + if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, + (unsigned char *)psbuf, inlen)) + goto error; + if (enclevel == 1) + memset(keybuf + 5, 0, 11); + p = salt + PVK_SALTLEN + 8; + EVP_CIPHER_CTX_init(&cctx); + EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); + OPENSSL_cleanse(keybuf, 20); + EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8); + EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen); + EVP_CIPHER_CTX_cleanup(&cctx); + } + return outlen; + + error: + return -1; + } + +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u) + { + unsigned char *tmp = NULL; + int outlen, wrlen; + outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); + if (outlen < 0) + return -1; + wrlen = BIO_write(out, tmp, outlen); + OPENSSL_free(tmp); + if (wrlen == outlen) + { + PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); + return outlen; + } + return -1; + } + +#endif + +#endif diff --git a/lib/libcrypto/perlasm/ppc-xlate.pl b/lib/libcrypto/perlasm/ppc-xlate.pl new file mode 100755 index 00000000000..4579671c970 --- /dev/null +++ b/lib/libcrypto/perlasm/ppc-xlate.pl @@ -0,0 +1,152 @@ +#!/usr/bin/env perl + +# PowerPC assembler distiller by <appro>. + +my $flavour = shift; +my $output = shift; +open STDOUT,">$output" || die "can't open $output: $!"; + +my %GLOBALS; +my $dotinlocallabels=($flavour=~/linux/)?1:0; + +################################################################ +# directives which need special treatment on different platforms +################################################################ +my $globl = sub { + my $junk = shift; + my $name = shift; + my $global = \$GLOBALS{$name}; + my $ret; + + $name =~ s|^[\.\_]||; + + SWITCH: for ($flavour) { + /aix/ && do { $name = ".$name"; + last; + }; + /osx/ && do { $name = "_$name"; + last; + }; + /linux.*32/ && do { $ret .= ".globl $name\n"; + $ret .= ".type $name,\@function"; + last; + }; + /linux.*64/ && do { $ret .= ".globl .$name\n"; + $ret .= ".type .$name,\@function\n"; + $ret .= ".section \".opd\",\"aw\"\n"; + $ret .= ".globl $name\n"; + $ret .= ".align 3\n"; + $ret .= "$name:\n"; + $ret .= ".quad .$name,.TOC.\@tocbase,0\n"; + $ret .= ".size $name,24\n"; + $ret .= ".previous\n"; + + $name = ".$name"; + last; + }; + } + + $ret = ".globl $name" if (!$ret); + $$global = $name; + $ret; +}; +my $text = sub { + ($flavour =~ /aix/) ? ".csect" : ".text"; +}; +my $machine = sub { + my $junk = shift; + my $arch = shift; + if ($flavour =~ /osx/) + { $arch =~ s/\"//g; + $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any"); + } + ".machine $arch"; +}; +my $asciz = sub { + shift; + my $line = join(",",@_); + if ($line =~ /^"(.*)"$/) + { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } + else + { ""; } +}; + +################################################################ +# simplified mnemonics not handled by at least one assembler +################################################################ +my $cmplw = sub { + my $f = shift; + my $cr = 0; $cr = shift if ($#_>1); + # Some out-of-date 32-bit GNU assembler just can't handle cmplw... + ($flavour =~ /linux.*32/) ? + " .long ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 : + " cmplw ".join(',',$cr,@_); +}; +my $bdnz = sub { + my $f = shift; + my $bo = $f=~/[\+\-]/ ? 16+9 : 16; # optional "to be taken" hint + " bc $bo,0,".shift; +} if ($flavour!~/linux/); +my $bltlr = sub { + my $f = shift; + my $bo = $f=~/\-/ ? 12+2 : 12; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%x",19<<26|$bo<<21|16<<1 : + " bclr $bo,0"; +}; +my $bnelr = sub { + my $f = shift; + my $bo = $f=~/\-/ ? 4+2 : 4; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 : + " bclr $bo,2"; +}; +my $beqlr = sub { + my $f = shift; + my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 : + " bclr $bo,2"; +}; +# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two +# arguments is 64, with "operand out of range" error. +my $extrdi = sub { + my ($f,$ra,$rs,$n,$b) = @_; + $b = ($b+$n)&63; $n = 64-$n; + " rldicl $ra,$rs,$b,$n"; +}; + +while($line=<>) { + + $line =~ s|[#!;].*$||; # get rid of asm-style comments... + $line =~ s|/\*.*\*/||; # ... and C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|\s+$||; # ... and at the end + + { + $line =~ s|\b\.L(\w+)|L$1|g; # common denominator for Locallabel + $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels); + } + + { + $line =~ s|(^[\.\w]+)\:\s*||; + my $label = $1; + printf "%s:",($GLOBALS{$label} or $label) if ($label); + } + + { + $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||; + my $c = $1; $c = "\t" if ($c eq ""); + my $mnemonic = $2; + my $f = $3; + my $opcode = eval("\$$mnemonic"); + $line =~ s|\bc?[rf]([0-9]+)\b|$1|g if ($c ne "." and $flavour !~ /osx/); + if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); } + elsif ($mnemonic) { $line = $c.$mnemonic.$f."\t".$line; } + } + + print $line if ($line); + print "\n"; +} + +close STDOUT; diff --git a/lib/libcrypto/perlasm/x86gas.pl b/lib/libcrypto/perlasm/x86gas.pl new file mode 100644 index 00000000000..6eab727fd4e --- /dev/null +++ b/lib/libcrypto/perlasm/x86gas.pl @@ -0,0 +1,247 @@ +#!/usr/bin/env perl + +package x86gas; + +*out=\@::out; + +$::lbdecor=$::aout?"L":".L"; # local label decoration +$nmdecor=($::aout or $::coff)?"_":""; # external name decoration + +$initseg=""; + +$align=16; +$align=log($align)/log(2) if ($::aout); +$com_start="#" if ($::aout or $::coff); + +sub opsize() +{ my $reg=shift; + if ($reg =~ m/^%e/o) { "l"; } + elsif ($reg =~ m/^%[a-d][hl]$/o) { "b"; } + elsif ($reg =~ m/^%[xm]/o) { undef; } + else { "w"; } +} + +# swap arguments; +# expand opcode with size suffix; +# prefix numeric constants with $; +sub ::generic +{ my($opcode,@arg)=@_; + my($suffix,$dst,$src); + + @arg=reverse(@arg); + + for (@arg) + { s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o; # gp registers + s/^([xy]?mm[0-7])$/%$1/o; # xmm/mmx registers + s/^(\-?[0-9]+)$/\$$1/o; # constants + s/^(\-?0x[0-9a-f]+)$/\$$1/o; # constants + } + + $dst = $arg[$#arg] if ($#arg>=0); + $src = $arg[$#arg-1] if ($#arg>=1); + if ($dst =~ m/^%/o) { $suffix=&opsize($dst); } + elsif ($src =~ m/^%/o) { $suffix=&opsize($src); } + else { $suffix="l"; } + undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o); + + if ($#_==0) { &::emit($opcode); } + elsif ($opcode =~ m/^j/o && $#_==1) { &::emit($opcode,@arg); } + elsif ($opcode eq "call" && $#_==1) { &::emit($opcode,@arg); } + elsif ($opcode =~ m/^set/&& $#_==1) { &::emit($opcode,@arg); } + else { &::emit($opcode.$suffix,@arg);} + + 1; +} +# +# opcodes not covered by ::generic above, mostly inconsistent namings... +# +sub ::movzx { &::movzb(@_); } +sub ::pushfd { &::pushfl; } +sub ::popfd { &::popfl; } +sub ::cpuid { &::emit(".byte\t0x0f,0xa2"); } +sub ::rdtsc { &::emit(".byte\t0x0f,0x31"); } + +sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } +sub ::call_ptr { &::generic("call","*$_[0]"); } +sub ::jmp_ptr { &::generic("jmp","*$_[0]"); } + +*::bswap = sub { &::emit("bswap","%$_[0]"); } if (!$::i386); + +sub ::DWP +{ my($addr,$reg1,$reg2,$idx)=@_; + my $ret=""; + + $addr =~ s/^\s+//; + # prepend global references with optional underscore + $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige; + + $reg1 = "%$reg1" if ($reg1); + $reg2 = "%$reg2" if ($reg2); + + $ret .= $addr if (($addr ne "") && ($addr ne 0)); + + if ($reg2) + { $idx!= 0 or $idx=1; + $ret .= "($reg1,$reg2,$idx)"; + } + elsif ($reg1) + { $ret .= "($reg1)"; } + + $ret; +} +sub ::QWP { &::DWP(@_); } +sub ::BP { &::DWP(@_); } +sub ::BC { @_; } +sub ::DWC { @_; } + +sub ::file +{ push(@out,".file\t\"$_[0].s\"\n.text\n"); } + +sub ::function_begin_B +{ my $func=shift; + my $global=($func !~ /^_/); + my $begin="${::lbdecor}_${func}_begin"; + + &::LABEL($func,$global?"$begin":"$nmdecor$func"); + $func=$nmdecor.$func; + + push(@out,".globl\t$func\n") if ($global); + if ($::coff) + { push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); } + elsif (($::aout and !$::pic) or $::macosx) + { } + else + { push(@out,".type $func,\@function\n"); } + push(@out,".align\t$align\n"); + push(@out,"$func:\n"); + push(@out,"$begin:\n") if ($global); + $::stack=4; +} + +sub ::function_end_B +{ my $func=shift; + push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf); + $::stack=0; + &::wipe_labels(); +} + +sub ::comment + { + if (!defined($com_start) or $::elf) + { # Regarding $::elf above... + # GNU and SVR4 as'es use different comment delimiters, + push(@out,"\n"); # so we just skip ELF comments... + return; + } + foreach (@_) + { + if (/^\s*$/) + { push(@out,"\n"); } + else + { push(@out,"\t$com_start $_ $com_end\n"); } + } + } + +sub ::external_label +{ foreach(@_) { &::LABEL($_,$nmdecor.$_); } } + +sub ::public_label +{ push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } + +sub ::file_end +{ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) { + my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,4"; + if ($::elf) { push (@out,"$tmp,4\n"); } + else { push (@out,"$tmp\n"); } + } + if ($::macosx) + { if (%non_lazy_ptr) + { push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n"); + foreach $i (keys %non_lazy_ptr) + { push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n"); } + } + } + push(@out,$initseg) if ($initseg); +} + +sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); } +sub ::data_word { push(@out,".long\t".join(',',@_)."\n"); } + +sub ::align +{ my $val=$_[0],$p2,$i; + if ($::aout) + { for ($p2=0;$val!=0;$val>>=1) { $p2++; } + $val=$p2-1; + $val.=",0x90"; + } + push(@out,".align\t$val\n"); +} + +sub ::picmeup +{ my($dst,$sym,$base,$reflabel)=@_; + + if ($::pic && ($::elf || $::aout)) + { if (!defined($base)) + { &::call(&::label("PIC_me_up")); + &::set_label("PIC_me_up"); + &::blindpop($dst); + $base=$dst; + $reflabel=&::label("PIC_me_up"); + } + if ($::macosx) + { my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr"); + &::mov($dst,&::DWP("$indirect-$reflabel",$base)); + $non_lazy_ptr{"$nmdecor$sym"}=$indirect; + } + else + { &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]", + $base)); + &::mov($dst,&::DWP("$sym\@GOT",$dst)); + } + } + else + { &::lea($dst,&::DWP($sym)); } +} + +sub ::initseg +{ my $f=$nmdecor.shift; + + if ($::elf) + { $initseg.=<<___; +.section .init + call $f + jmp .Linitalign +.align $align +.Linitalign: +___ + } + elsif ($::coff) + { $initseg.=<<___; # applies to both Cygwin and Mingw +.section .ctors +.long $f +___ + } + elsif ($::macosx) + { $initseg.=<<___; +.mod_init_func +.align 2 +.long $f +___ + } + elsif ($::aout) + { my $ctor="${nmdecor}_GLOBAL_\$I\$$f"; + $initseg.=".text\n"; + $initseg.=".type $ctor,\@function\n" if ($::pic); + $initseg.=<<___; # OpenBSD way... +.globl $ctor +.align 2 +$ctor: + jmp $f +___ + } +} + +sub ::dataseg +{ push(@out,".data\n"); } + +1; diff --git a/lib/libcrypto/perlasm/x86masm.pl b/lib/libcrypto/perlasm/x86masm.pl new file mode 100644 index 00000000000..3d50e4a7865 --- /dev/null +++ b/lib/libcrypto/perlasm/x86masm.pl @@ -0,0 +1,184 @@ +#!/usr/bin/env perl + +package x86masm; + +*out=\@::out; + +$::lbdecor="\$L"; # local label decoration +$nmdecor="_"; # external name decoration + +$initseg=""; +$segment=""; + +sub ::generic +{ my ($opcode,@arg)=@_; + + # fix hexadecimal constants + for (@arg) { s/0x([0-9a-f]+)/0$1h/oi; } + + if ($opcode !~ /movq/) + { # fix xmm references + $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i); + $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); + } + + &::emit($opcode,@arg); + 1; +} +# +# opcodes not covered by ::generic above, mostly inconsistent namings... +# +sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } +sub ::call_ptr { &::emit("call",@_); } +sub ::jmp_ptr { &::emit("jmp",@_); } + +sub get_mem +{ my($size,$addr,$reg1,$reg2,$idx)=@_; + my($post,$ret); + + $ret .= "$size PTR " if ($size ne ""); + + $addr =~ s/^\s+//; + # prepend global references with optional underscore + $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige; + # put address arithmetic expression in parenthesis + $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/); + + if (($addr ne "") && ($addr ne 0)) + { if ($addr !~ /^-/) { $ret .= "$addr"; } + else { $post=$addr; } + } + $ret .= "["; + + if ($reg2 ne "") + { $idx!=0 or $idx=1; + $ret .= "$reg2*$idx"; + $ret .= "+$reg1" if ($reg1 ne ""); + } + else + { $ret .= "$reg1"; } + + $ret .= "$post]"; + $ret =~ s/\+\]/]/; # in case $addr was the only argument + $ret =~ s/\[\s*\]//; + + $ret; +} +sub ::BP { &get_mem("BYTE",@_); } +sub ::DWP { &get_mem("DWORD",@_); } +sub ::QWP { &get_mem("QWORD",@_); } +sub ::BC { "@_"; } +sub ::DWC { "@_"; } + +sub ::file +{ my $tmp=<<___; +TITLE $_[0].asm +IF \@Version LT 800 +ECHO MASM version 8.00 or later is strongly recommended. +ENDIF +.486 +.MODEL FLAT +OPTION DOTNAME +IF \@Version LT 800 +.text\$ SEGMENT PAGE 'CODE' +ELSE +.text\$ SEGMENT ALIGN(64) 'CODE' +ENDIF +___ + push(@out,$tmp); + $segment = ".text\$"; +} + +sub ::function_begin_B +{ my $func=shift; + my $global=($func !~ /^_/); + my $begin="${::lbdecor}_${func}_begin"; + + &::LABEL($func,$global?"$begin":"$nmdecor$func"); + $func="ALIGN\t16\n".$nmdecor.$func."\tPROC"; + + if ($global) { $func.=" PUBLIC\n${begin}::\n"; } + else { $func.=" PRIVATE\n"; } + push(@out,$func); + $::stack=4; +} +sub ::function_end_B +{ my $func=shift; + + push(@out,"$nmdecor$func ENDP\n"); + $::stack=0; + &::wipe_labels(); +} + +sub ::file_end +{ my $xmmheader=<<___; +.686 +.XMM +IF \@Version LT 800 +XMMWORD STRUCT 16 +DQ 2 dup (?) +XMMWORD ENDS +ENDIF +___ + if (grep {/\b[x]?mm[0-7]\b/i} @out) { + grep {s/\.[3-7]86/$xmmheader/} @out; + } + + push(@out,"$segment ENDS\n"); + + if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) + { my $comm=<<___; +.bss SEGMENT 'BSS' +COMM ${nmdecor}OPENSSL_ia32cap_P:DWORD +.bss ENDS +___ + # comment out OPENSSL_ia32cap_P declarations + grep {s/(^EXTERN\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; + push (@out,$comm); + } + push (@out,$initseg) if ($initseg); + push (@out,"END\n"); +} + +sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } } + +*::set_label_B = sub +{ my $l=shift; push(@out,$l.($l=~/^\Q${::lbdecor}\E[0-9]{3}/?":\n":"::\n")); }; + +sub ::external_label +{ foreach(@_) + { push(@out, "EXTERN\t".&::LABEL($_,$nmdecor.$_).":NEAR\n"); } +} + +sub ::public_label +{ push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } + +sub ::data_byte +{ push(@out,("DB\t").join(',',@_)."\n"); } + +sub ::data_word +{ push(@out,("DD\t").join(',',@_)."\n"); } + +sub ::align +{ push(@out,"ALIGN\t$_[0]\n"); } + +sub ::picmeup +{ my($dst,$sym)=@_; + &::lea($dst,&::DWP($sym)); +} + +sub ::initseg +{ my $f=$nmdecor.shift; + + $initseg.=<<___; +.CRT\$XCU SEGMENT DWORD PUBLIC 'DATA' +EXTERN $f:NEAR +DD $f +.CRT\$XCU ENDS +___ +} + +sub ::dataseg +{ push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA"; } + +1; diff --git a/lib/libcrypto/pkcs12/Makefile b/lib/libcrypto/pkcs12/Makefile index eed226b30d3..3a7498fe7ad 100644 --- a/lib/libcrypto/pkcs12/Makefile +++ b/lib/libcrypto/pkcs12/Makefile @@ -39,7 +39,7 @@ test: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -85,37 +85,36 @@ p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_add.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_add.o: ../cryptlib.h p12_add.c +p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_asn.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c +p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_asn.o: ../cryptlib.h p12_asn.c p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_attr.o: ../../include/openssl/opensslconf.h p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -127,9 +126,9 @@ p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_crpt.o: ../../include/openssl/opensslconf.h p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -141,23 +140,22 @@ p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_crt.o: ../cryptlib.h p12_crt.c +p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_decr.o: ../../include/openssl/opensslconf.h p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -169,9 +167,9 @@ p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_init.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_init.o: ../../include/openssl/opensslconf.h p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -184,22 +182,22 @@ p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c +p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_key.o: ../cryptlib.h p12_key.c p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_kiss.o: ../../include/openssl/opensslconf.h p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -211,10 +209,9 @@ p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_mutl.o: ../../include/openssl/opensslconf.h +p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -226,9 +223,8 @@ p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_npas.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_npas.o: ../../include/openssl/opensslconf.h +p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h @@ -241,53 +237,50 @@ p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8d.o: ../cryptlib.h p12_p8d.c +p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8e.o: ../cryptlib.h p12_p8e.c +p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_utl.o: ../cryptlib.h p12_utl.c +p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk12err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c +pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk12err.o: pk12err.c diff --git a/lib/libcrypto/pkcs7/Makefile b/lib/libcrypto/pkcs7/Makefile index 790d8edf36e..56dc6823d12 100644 --- a/lib/libcrypto/pkcs7/Makefile +++ b/lib/libcrypto/pkcs7/Makefile @@ -21,9 +21,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \ - pk7_mime.c + pk7_mime.c bio_pk7.c LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \ - pk7_mime.o + pk7_mime.o bio_pk7.o SRC= $(LIBSRC) @@ -54,7 +54,7 @@ verify: verify.o example.o lib $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -95,26 +95,31 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +bio_pk7.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_pk7.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bio_pk7.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_pk7.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +bio_pk7.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_pk7.o: ../../include/openssl/symhacks.h bio_pk7.c pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_asn1.o: ../../include/openssl/opensslconf.h +pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c -pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_attr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pk7_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pk7_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_attr.o: ../../include/openssl/opensslconf.h pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -129,9 +134,8 @@ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_doit.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_doit.o: ../../include/openssl/opensslconf.h +pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -143,22 +147,22 @@ pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c +pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_lib.o: ../asn1/asn1_locl.h ../cryptlib.h pk7_lib.c pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_mime.o: ../../include/openssl/opensslconf.h pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -171,8 +175,8 @@ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_smime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_smime.o: ../../include/openssl/objects.h pk7_smime.o: ../../include/openssl/opensslconf.h pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h diff --git a/lib/libcrypto/pkcs7/bio_pk7.c b/lib/libcrypto/pkcs7/bio_pk7.c new file mode 100644 index 00000000000..c8d06d6cdc8 --- /dev/null +++ b/lib/libcrypto/pkcs7/bio_pk7.c @@ -0,0 +1,69 @@ +/* bio_pk7.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include <openssl/asn1.h> +#include <openssl/pkcs7.h> +#include <openssl/bio.h> + +#ifndef OPENSSL_SYSNAME_NETWARE +#include <memory.h> +#endif +#include <stdio.h> + +/* Streaming encode support for PKCS#7 */ + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) + { + return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); + } diff --git a/lib/libcrypto/ppccpuid.pl b/lib/libcrypto/ppccpuid.pl index fe44ff07bc6..369e1d0df93 100755 --- a/lib/libcrypto/ppccpuid.pl +++ b/lib/libcrypto/ppccpuid.pl @@ -67,6 +67,8 @@ Loop: lwarx r5,0,r3 $CMPLI r4,7 li r0,0 bge Lot + $CMPLI r4,0 + beqlr- Little: mtctr r4 stb r0,0(r3) addi r3,r3,1 diff --git a/lib/libcrypto/pqueue/Makefile b/lib/libcrypto/pqueue/Makefile index 36bfc349aab..fb36a0c876e 100644 --- a/lib/libcrypto/pqueue/Makefile +++ b/lib/libcrypto/pqueue/Makefile @@ -22,7 +22,7 @@ LIBOBJ=pqueue.o SRC= $(LIBSRC) -EXHEADER= pqueue.h pq_compat.h +EXHEADER= pqueue.h HEADER= $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -79,6 +79,5 @@ pqueue.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pqueue.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pqueue.o: ../../include/openssl/pq_compat.h ../../include/openssl/safestack.h -pqueue.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pqueue.o: ../cryptlib.h pqueue.c pqueue.h +pqueue.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +pqueue.o: ../../include/openssl/symhacks.h ../cryptlib.h pqueue.c pqueue.h diff --git a/lib/libcrypto/pqueue/pqueue.c b/lib/libcrypto/pqueue/pqueue.c index 5cc18527f8d..99a6fb874dc 100644 --- a/lib/libcrypto/pqueue/pqueue.c +++ b/lib/libcrypto/pqueue/pqueue.c @@ -68,13 +68,12 @@ typedef struct _pqueue } pqueue_s; pitem * -pitem_new(PQ_64BIT priority, void *data) +pitem_new(unsigned char *prio64be, void *data) { pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem)); if (item == NULL) return NULL; - pq_64bit_init(&(item->priority)); - pq_64bit_assign(&item->priority, &priority); + memcpy(item->priority,prio64be,sizeof(item->priority)); item->data = data; item->next = NULL; @@ -87,7 +86,6 @@ pitem_free(pitem *item) { if (item == NULL) return; - pq_64bit_free(&(item->priority)); OPENSSL_free(item); } @@ -124,7 +122,10 @@ pqueue_insert(pqueue_s *pq, pitem *item) next != NULL; curr = next, next = next->next) { - if (pq_64bit_gt(&(next->priority), &(item->priority))) + /* we can compare 64-bit value in big-endian encoding + * with memcmp:-) */ + int cmp = memcmp(next->priority, item->priority,8); + if (cmp > 0) /* next > item */ { item->next = next; @@ -135,8 +136,8 @@ pqueue_insert(pqueue_s *pq, pitem *item) return item; } - /* duplicates not allowed */ - if (pq_64bit_eq(&(item->priority), &(next->priority))) + + else if (cmp == 0) /* duplicates not allowed */ return NULL; } @@ -164,7 +165,7 @@ pqueue_pop(pqueue_s *pq) } pitem * -pqueue_find(pqueue_s *pq, PQ_64BIT priority) +pqueue_find(pqueue_s *pq, unsigned char *prio64be) { pitem *next, *prev = NULL; pitem *found = NULL; @@ -175,7 +176,7 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority) for ( next = pq->items; next->next != NULL; prev = next, next = next->next) { - if ( pq_64bit_eq(&(next->priority), &priority)) + if ( memcmp(next->priority, prio64be,8) == 0) { found = next; break; @@ -183,7 +184,7 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority) } /* check the one last node */ - if ( pq_64bit_eq(&(next->priority), &priority)) + if ( memcmp(next->priority, prio64be,8) ==0) found = next; if ( ! found) @@ -199,7 +200,6 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority) return found; } -#if PQ_64BIT_IS_INTEGER void pqueue_print(pqueue_s *pq) { @@ -207,11 +207,14 @@ pqueue_print(pqueue_s *pq) while(item != NULL) { - printf("item\t" PQ_64BIT_PRINT "\n", item->priority); + printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n", + item->priority[0],item->priority[1], + item->priority[2],item->priority[3], + item->priority[4],item->priority[5], + item->priority[6],item->priority[7]); item = item->next; } } -#endif pitem * pqueue_iterator(pqueue_s *pq) @@ -234,3 +237,17 @@ pqueue_next(pitem **item) return ret; } + +int +pqueue_size(pqueue_s *pq) +{ + pitem *item = pq->items; + int count = 0; + + while(item != NULL) + { + count++; + item = item->next; + } + return count; +} diff --git a/lib/libcrypto/pqueue/pqueue.h b/lib/libcrypto/pqueue/pqueue.h index 02386d130e9..87fc9037c8f 100644 --- a/lib/libcrypto/pqueue/pqueue.h +++ b/lib/libcrypto/pqueue/pqueue.h @@ -64,20 +64,18 @@ #include <stdlib.h> #include <string.h> -#include <openssl/pq_compat.h> - typedef struct _pqueue *pqueue; typedef struct _pitem { - PQ_64BIT priority; + unsigned char priority[8]; /* 64-bit value in big-endian encoding */ void *data; struct _pitem *next; } pitem; typedef struct _pitem *piterator; -pitem *pitem_new(PQ_64BIT priority, void *data); +pitem *pitem_new(unsigned char *prio64be, void *data); void pitem_free(pitem *item); pqueue pqueue_new(void); @@ -86,10 +84,11 @@ void pqueue_free(pqueue pq); pitem *pqueue_insert(pqueue pq, pitem *item); pitem *pqueue_peek(pqueue pq); pitem *pqueue_pop(pqueue pq); -pitem *pqueue_find(pqueue pq, PQ_64BIT priority); +pitem *pqueue_find(pqueue pq, unsigned char *prio64be); pitem *pqueue_iterator(pqueue pq); pitem *pqueue_next(piterator *iter); void pqueue_print(pqueue pq); +int pqueue_size(pqueue pq); #endif /* ! HEADER_PQUEUE_H */ diff --git a/lib/libcrypto/rand/rand_os2.c b/lib/libcrypto/rand/rand_os2.c index c3e36d4e5e3..fc1e78b1794 100644 --- a/lib/libcrypto/rand/rand_os2.c +++ b/lib/libcrypto/rand/rand_os2.c @@ -78,8 +78,10 @@ typedef struct _CPUUTIL { ULONG ulIntrHigh; /* High 32 bits of interrupt time */ } CPUUTIL; +#ifndef __KLIBC__ APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL; APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL; +#endif HMODULE hDoscalls = 0; int RAND_poll(void) @@ -91,6 +93,7 @@ int RAND_poll(void) if (hDoscalls == 0) { ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls); +#ifndef __KLIBC__ if (rc == 0) { rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall); @@ -102,6 +105,7 @@ int RAND_poll(void) if (rc) DosQuerySysState = NULL; } +#endif } /* Sample the hi-res timer, runs at around 1.1 MHz */ @@ -122,7 +126,9 @@ int RAND_poll(void) RAND_add(&util, sizeof(util), 10); } else { +#ifndef __KLIBC__ DosPerfSysCall = NULL; +#endif } } diff --git a/lib/libcrypto/rc2/Makefile b/lib/libcrypto/rc2/Makefile index 4b6292b65f5..73eac347e7f 100644 --- a/lib/libcrypto/rc2/Makefile +++ b/lib/libcrypto/rc2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -78,11 +78,7 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2_cbc.o: rc2_cbc.c rc2_locl.h rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h -rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h -rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2_skey.o: rc2_locl.h rc2_skey.c rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2cfb64.o: rc2_locl.h rc2cfb64.c diff --git a/lib/libcrypto/rc4/Makefile b/lib/libcrypto/rc4/Makefile index f0bd7678fc9..264451a213f 100644 --- a/lib/libcrypto/rc4/Makefile +++ b/lib/libcrypto/rc4/Makefile @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=rc4_skey.c rc4_enc.c rc4_fblk.c -LIBOBJ=$(RC4_ENC) rc4_fblk.o +LIBSRC=rc4_skey.c rc4_enc.c +LIBOBJ=$(RC4_ENC) SRC= $(LIBSRC) @@ -37,26 +37,26 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@) -# COFF -rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@) -# a.out -rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@) +rc4-586.s: asm/rc4-586.pl ../perlasm/x86asm.pl + $(PERL) asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -rc4-x86_64.s: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@ +rc4-x86_64.s: asm/rc4-x86_64.pl + $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) > $@ -rc4-ia64.s: asm/rc4-ia64.S +rc4-ia64.S: asm/rc4-ia64.pl + $(PERL) asm/rc4-ia64.pl $(CFLAGS) > $@ + +rc4-s390x.s: asm/rc4-s390x.pl + $(PERL) asm/rc4-s390x.pl > $@ + +rc4-ia64.s: rc4-ia64.S @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \ - int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \ - char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \ + int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E rc4-ia64.S > $@ ;; \ + char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E rc4-ia64.S > $@ ;; \ *) exit 1 ;; \ esac @@ -105,20 +105,10 @@ rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h -rc4_fblk.o: ../../e_os.h ../../include/openssl/bio.h -rc4_fblk.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rc4_fblk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rc4_fblk.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rc4_fblk.o: ../../include/openssl/opensslconf.h -rc4_fblk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rc4_fblk.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h -rc4_fblk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rc4_fblk.o: ../cryptlib.h rc4_fblk.c rc4_locl.h rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rc4_skey.o: ../../include/openssl/opensslconf.h +rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --git a/lib/libcrypto/rc4/asm/rc4-ia64.pl b/lib/libcrypto/rc4/asm/rc4-ia64.pl new file mode 100644 index 00000000000..49cd5b5e694 --- /dev/null +++ b/lib/libcrypto/rc4/asm/rc4-ia64.pl @@ -0,0 +1,755 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by David Mosberger <David.Mosberger@acm.org> based on the +# Itanium optimized Crypto code which was released by HP Labs at +# http://www.hpl.hp.com/research/linux/crypto/. +# +# Copyright (c) 2005 Hewlett-Packard Development Company, L.P. +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + + + +# This is a little helper program which generates a software-pipelined +# for RC4 encryption. The basic algorithm looks like this: +# +# for (counter = 0; counter < len; ++counter) +# { +# in = inp[counter]; +# SI = S[I]; +# J = (SI + J) & 0xff; +# SJ = S[J]; +# T = (SI + SJ) & 0xff; +# S[I] = SJ, S[J] = SI; +# ST = S[T]; +# outp[counter] = in ^ ST; +# I = (I + 1) & 0xff; +# } +# +# Pipelining this loop isn't easy, because the stores to the S[] array +# need to be observed in the right order. The loop generated by the +# code below has the following pipeline diagram: +# +# cycle +# | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 | +# iter +# 1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx +# 2: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx +# 3: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx +# +# where: +# LDI = load of S[I] +# LDJ = load of S[J] +# SWP = swap of S[I] and S[J] +# LDT = load of S[T] +# +# Note that in the above diagram, the major trouble-spot is that LDI +# of the 2nd iteration is performed BEFORE the SWP of the first +# iteration. Fortunately, this is easy to detect (I of the 1st +# iteration will be equal to J of the 2nd iteration) and when this +# happens, we simply forward the proper value from the 1st iteration +# to the 2nd one. The proper value in this case is simply the value +# of S[I] from the first iteration (thanks to the fact that SWP +# simply swaps the contents of S[I] and S[J]). +# +# Another potential trouble-spot is in cycle 7, where SWP of the 1st +# iteration issues at the same time as the LDI of the 3rd iteration. +# However, thanks to IA-64 execution semantics, this can be taken +# care of simply by placing LDI later in the instruction-group than +# SWP. IA-64 CPUs will automatically forward the value if they +# detect that the SWP and LDI are accessing the same memory-location. + +# The core-loop that can be pipelined then looks like this (annotated +# with McKinley/Madison issue port & latency numbers, assuming L1 +# cache hits for the most part): + +# operation: instruction: issue-ports: latency +# ------------------ ----------------------------- ------------- ------- + +# Data = *inp++ ld1 data = [inp], 1 M0-M1 1 cyc c0 +# shladd Iptr = I, KeyTable, 3 M0-M3, I0, I1 1 cyc +# I = (I + 1) & 0xff padd1 nextI = I, one M0-M3, I0, I1 3 cyc +# ;; +# SI = S[I] ld8 SI = [Iptr] M0-M1 1 cyc c1 * after SWAP! +# ;; +# cmp.eq.unc pBypass = I, J * after J is valid! +# J = SI + J add J = J, SI M0-M3, I0, I1 1 cyc c2 +# (pBypass) br.cond.spnt Bypass +# ;; +# --------------------------------------------------------------------------------------- +# J = J & 0xff zxt1 J = J I0, I1, 1 cyc c3 +# ;; +# shladd Jptr = J, KeyTable, 3 M0-M3, I0, I1 1 cyc c4 +# ;; +# SJ = S[J] ld8 SJ = [Jptr] M0-M1 1 cyc c5 +# ;; +# --------------------------------------------------------------------------------------- +# T = (SI + SJ) add T = SI, SJ M0-M3, I0, I1 1 cyc c6 +# ;; +# T = T & 0xff zxt1 T = T I0, I1 1 cyc +# S[I] = SJ st8 [Iptr] = SJ M2-M3 c7 +# S[J] = SI st8 [Jptr] = SI M2-M3 +# ;; +# shladd Tptr = T, KeyTable, 3 M0-M3, I0, I1 1 cyc c8 +# ;; +# --------------------------------------------------------------------------------------- +# T = S[T] ld8 T = [Tptr] M0-M1 1 cyc c9 +# ;; +# data ^= T xor data = data, T M0-M3, I0, I1 1 cyc c10 +# ;; +# *out++ = Data ^ T dep word = word, data, 8, POS I0, I1 1 cyc c11 +# ;; +# --------------------------------------------------------------------------------------- + +# There are several points worth making here: + +# - Note that due to the bypass/forwarding-path, the first two +# phases of the loop are strangly mingled together. In +# particular, note that the first stage of the pipeline is +# using the value of "J", as calculated by the second stage. +# - Each bundle-pair will have exactly 6 instructions. +# - Pipelined, the loop can execute in 3 cycles/iteration and +# 4 stages. However, McKinley/Madison can issue "st1" to +# the same bank at a rate of at most one per 4 cycles. Thus, +# instead of storing each byte, we accumulate them in a word +# and then write them back at once with a single "st8" (this +# implies that the setup code needs to ensure that the output +# buffer is properly aligned, if need be, by encoding the +# first few bytes separately). +# - There is no space for a "br.ctop" instruction. For this +# reason we can't use module-loop support in IA-64 and have +# to do a traditional, purely software-pipelined loop. +# - We can't replace any of the remaining "add/zxt1" pairs with +# "padd1" because the latency for that instruction is too high +# and would push the loop to the point where more bypasses +# would be needed, which we don't have space for. +# - The above loop runs at around 3.26 cycles/byte, or roughly +# 440 MByte/sec on a 1.5GHz Madison. This is well below the +# system bus bandwidth and hence with judicious use of +# "lfetch" this loop can run at (almost) peak speed even when +# the input and output data reside in memory. The +# max. latency that can be tolerated is (PREFETCH_DISTANCE * +# L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at +# least) 1-ahead prefetching of 128 byte cache-lines. Note +# that we do NOT prefetch into L1, since that would only +# interfere with the S[] table values stored there. This is +# acceptable because there is a 10 cycle latency between +# load and first use of the input data. +# - We use a branch to out-of-line bypass-code of cycle-pressure: +# we calculate the next J, check for the need to activate the +# bypass path, and activate the bypass path ALL IN THE SAME +# CYCLE. If we didn't have these constraints, we could do +# the bypass with a simple conditional move instruction. +# Fortunately, the bypass paths get activated relatively +# infrequently, so the extra branches don't cost all that much +# (about 0.04 cycles/byte, measured on a 16396 byte file with +# random input data). +# + +$phases = 4; # number of stages/phases in the pipelined-loop +$unroll_count = 6; # number of times we unrolled it +$pComI = (1 << 0); +$pComJ = (1 << 1); +$pComT = (1 << 2); +$pOut = (1 << 3); + +$NData = 4; +$NIP = 3; +$NJP = 2; +$NI = 2; +$NSI = 3; +$NSJ = 2; +$NT = 2; +$NOutWord = 2; + +# +# $threshold is the minimum length before we attempt to use the +# big software-pipelined loop. It MUST be greater-or-equal +# to: +# PHASES * (UNROLL_COUNT + 1) + 7 +# +# The "+ 7" comes from the fact we may have to encode up to +# 7 bytes separately before the output pointer is aligned. +# +$threshold = (3 * ($phases * ($unroll_count + 1)) + 7); + +sub I { + local *code = shift; + local $format = shift; + $code .= sprintf ("\t\t".$format."\n", @_); +} + +sub P { + local *code = shift; + local $format = shift; + $code .= sprintf ($format."\n", @_); +} + +sub STOP { + local *code = shift; + $code .=<<___; + ;; +___ +} + +sub emit_body { + local *c = shift; + local *bypass = shift; + local ($iteration, $p) = @_; + + local $i0 = $iteration; + local $i1 = $iteration - 1; + local $i2 = $iteration - 2; + local $i3 = $iteration - 3; + local $iw0 = ($iteration - 3) / 8; + local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1; + local $byte_num = ($iteration - 3) % 8; + local $label = $iteration + 1; + local $pAny = ($p & 0xf) == 0xf; + local $pByp = (($p & $pComI) && ($iteration > 0)); + + $c.=<<___; +////////////////////////////////////////////////// +___ + + if (($p & 0xf) == 0) { + $c.="#ifdef HOST_IS_BIG_ENDIAN\n"; + &I(\$c,"shr.u OutWord[%u] = OutWord[%u], 32;;", + $iw1 % $NOutWord, $iw1 % $NOutWord); + $c.="#endif\n"; + &I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord); + return; + } + + # Cycle 0 + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "ld1 Data[%u] = [InPtr], 1", $i0 % $NData) if ($p & $pComI); + &I(\$c, "padd1 I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI); + &I(\$c, "zxt1 J = J") if ($p & $pComJ); + &I(\$c, "}") if ($pAny); + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "LKEY T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT) if ($p & $pOut); + &I(\$c, "add T[%u] = SI[%u], SJ[%u]", + $i0 % $NT, $i2 % $NSI, $i1 % $NSJ) if ($p & $pComT); + &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI); + &I(\$c, "}") if ($pAny); + &STOP(\$c); + + # Cycle 1 + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "SKEY [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT); + &I(\$c, "SKEY [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT); + &I(\$c, "zxt1 T[%u] = T[%u]", $i0 % $NT, $i0 % $NT) if ($p & $pComT); + &I(\$c, "}") if ($pAny); + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "LKEY SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI); + &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP) if ($p & $pComJ); + &I(\$c, "xor Data[%u] = Data[%u], T[%u]", + $i3 % $NData, $i3 % $NData, $i1 % $NT) if ($p & $pOut); + &I(\$c, "}") if ($pAny); + &STOP(\$c); + + # Cycle 2 + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "LKEY SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ); + &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI) if ($pByp); + &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8", + $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut); + &I(\$c, "}") if ($pAny); + &I(\$c, "{ .mmb") if ($pAny); + &I(\$c, "add J = J, SI[%u]", $i0 % $NSI) if ($p & $pComI); + &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT) if ($p & $pComT); + &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp); + &I(\$c, "}") if ($pAny); + &STOP(\$c); + + &P(\$c, ".rc4Resume%u:", $label) if ($pByp); + if ($byte_num == 0 && $iteration >= $phases) { + &I(\$c, "st8 [OutPtr] = OutWord[%u], 8", + $iw1 % $NOutWord) if ($p & $pOut); + if ($iteration == (1 + $unroll_count) * $phases - 1) { + if ($unroll_count == 6) { + &I(\$c, "mov OutWord[%u] = OutWord[%u]", + $iw1 % $NOutWord, $iw0 % $NOutWord); + } + &I(\$c, "lfetch.nt1 [InPrefetch], %u", + $unroll_count * $phases); + &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u", + $unroll_count * $phases); + &I(\$c, "br.cloop.sptk.few .rc4Loop"); + } + } + + if ($pByp) { + &P(\$bypass, ".rc4Bypass%u:", $label); + &I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI); + &I(\$bypass, "nop 0"); + &I(\$bypass, "nop 0"); + &I(\$bypass, ";;"); + &I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI); + &I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI); + &I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label); + &I(\$bypass, ";;"); + } +} + +$code=<<___; +.ident \"rc4-ia64.s, version 3.0\" +.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\" + +#define LCSave r8 +#define PRSave r9 + +/* Inputs become invalid once rotation begins! */ + +#define StateTable in0 +#define DataLen in1 +#define InputBuffer in2 +#define OutputBuffer in3 + +#define KTable r14 +#define J r15 +#define InPtr r16 +#define OutPtr r17 +#define InPrefetch r18 +#define OutPrefetch r19 +#define One r20 +#define LoopCount r21 +#define Remainder r22 +#define IFinal r23 +#define EndPtr r24 + +#define tmp0 r25 +#define tmp1 r26 + +#define pBypass p6 +#define pDone p7 +#define pSmall p8 +#define pAligned p9 +#define pUnaligned p10 + +#define pComputeI pPhase[0] +#define pComputeJ pPhase[1] +#define pComputeT pPhase[2] +#define pOutput pPhase[3] + +#define RetVal r8 +#define L_OK p7 +#define L_NOK p8 + +#define _NINPUTS 4 +#define _NOUTPUT 0 + +#define _NROTATE 24 +#define _NLOCALS (_NROTATE - _NINPUTS - _NOUTPUT) + +#ifndef SZ +# define SZ 4 // this must be set to sizeof(RC4_INT) +#endif + +#if SZ == 1 +# define LKEY ld1 +# define SKEY st1 +# define KEYADDR(dst, i) add dst = i, KTable +#elif SZ == 2 +# define LKEY ld2 +# define SKEY st2 +# define KEYADDR(dst, i) shladd dst = i, 1, KTable +#elif SZ == 4 +# define LKEY ld4 +# define SKEY st4 +# define KEYADDR(dst, i) shladd dst = i, 2, KTable +#else +# define LKEY ld8 +# define SKEY st8 +# define KEYADDR(dst, i) shladd dst = i, 3, KTable +#endif + +#if defined(_HPUX_SOURCE) && !defined(_LP64) +# define ADDP addp4 +#else +# define ADDP add +#endif + +/* Define a macro for the bit number of the n-th byte: */ + +#if defined(_HPUX_SOURCE) || defined(B_ENDIAN) +# define HOST_IS_BIG_ENDIAN +# define BYTE_POS(n) (56 - (8 * (n))) +#else +# define BYTE_POS(n) (8 * (n)) +#endif + +/* + We must perform the first phase of the pipeline explicitly since + we will always load from the stable the first time. The br.cexit + will never be taken since regardless of the number of bytes because + the epilogue count is 4. +*/ +/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX + assembler failed on original macro with syntax error. <appro> */ +#define MODSCHED_RC4_PROLOGUE \\ + { \\ + ld1 Data[0] = [InPtr], 1; \\ + add IFinal = 1, I[1]; \\ + KEYADDR(IPr[0], I[1]); \\ + } ;; \\ + { \\ + LKEY SI[0] = [IPr[0]]; \\ + mov pr.rot = 0x10000; \\ + mov ar.ec = 4; \\ + } ;; \\ + { \\ + add J = J, SI[0]; \\ + zxt1 I[0] = IFinal; \\ + br.cexit.spnt.few .+16; /* never taken */ \\ + } ;; +#define MODSCHED_RC4_LOOP(label) \\ +label: \\ + { .mmi; \\ + (pComputeI) ld1 Data[0] = [InPtr], 1; \\ + (pComputeI) add IFinal = 1, I[1]; \\ + (pComputeJ) zxt1 J = J; \\ + }{ .mmi; \\ + (pOutput) LKEY T[1] = [T[1]]; \\ + (pComputeT) add T[0] = SI[2], SJ[1]; \\ + (pComputeI) KEYADDR(IPr[0], I[1]); \\ + } ;; \\ + { .mmi; \\ + (pComputeT) SKEY [IPr[2]] = SJ[1]; \\ + (pComputeT) SKEY [JP[1]] = SI[2]; \\ + (pComputeT) zxt1 T[0] = T[0]; \\ + }{ .mmi; \\ + (pComputeI) LKEY SI[0] = [IPr[0]]; \\ + (pComputeJ) KEYADDR(JP[0], J); \\ + (pComputeI) cmp.eq.unc pBypass, p0 = I[1], J; \\ + } ;; \\ + { .mmi; \\ + (pComputeJ) LKEY SJ[0] = [JP[0]]; \\ + (pOutput) xor Data[3] = Data[3], T[1]; \\ + nop 0x0; \\ + }{ .mmi; \\ + (pComputeT) KEYADDR(T[0], T[0]); \\ + (pBypass) mov SI[0] = SI[1]; \\ + (pComputeI) zxt1 I[0] = IFinal; \\ + } ;; \\ + { .mmb; \\ + (pOutput) st1 [OutPtr] = Data[3], 1; \\ + (pComputeI) add J = J, SI[0]; \\ + br.ctop.sptk.few label; \\ + } ;; + + .text + + .align 32 + + .type RC4, \@function + .global RC4 + + .proc RC4 + .prologue + +RC4: + { + .mmi + alloc r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE + + .rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\ + OutWord[2] + .rotp pPhase[4] + + ADDP InPrefetch = 0, InputBuffer + ADDP KTable = 0, StateTable + } + { + .mmi + ADDP InPtr = 0, InputBuffer + ADDP OutPtr = 0, OutputBuffer + mov RetVal = r0 + } + ;; + { + .mmi + lfetch.nt1 [InPrefetch], 0x80 + ADDP OutPrefetch = 0, OutputBuffer + } + { // Return 0 if the input length is nonsensical + .mib + ADDP StateTable = 0, StateTable + cmp.ge.unc L_NOK, L_OK = r0, DataLen + (L_NOK) br.ret.sptk.few rp + } + ;; + { + .mib + cmp.eq.or L_NOK, L_OK = r0, InPtr + cmp.eq.or L_NOK, L_OK = r0, OutPtr + nop 0x0 + } + { + .mib + cmp.eq.or L_NOK, L_OK = r0, StateTable + nop 0x0 + (L_NOK) br.ret.sptk.few rp + } + ;; + LKEY I[1] = [KTable], SZ +/* Prefetch the state-table. It contains 256 elements of size SZ */ + +#if SZ == 1 + ADDP tmp0 = 1*128, StateTable +#elif SZ == 2 + ADDP tmp0 = 3*128, StateTable + ADDP tmp1 = 2*128, StateTable +#elif SZ == 4 + ADDP tmp0 = 7*128, StateTable + ADDP tmp1 = 6*128, StateTable +#elif SZ == 8 + ADDP tmp0 = 15*128, StateTable + ADDP tmp1 = 14*128, StateTable +#endif + ;; +#if SZ >= 8 + lfetch.fault.nt1 [tmp0], -256 // 15 + lfetch.fault.nt1 [tmp1], -256;; + lfetch.fault.nt1 [tmp0], -256 // 13 + lfetch.fault.nt1 [tmp1], -256;; + lfetch.fault.nt1 [tmp0], -256 // 11 + lfetch.fault.nt1 [tmp1], -256;; + lfetch.fault.nt1 [tmp0], -256 // 9 + lfetch.fault.nt1 [tmp1], -256;; +#endif +#if SZ >= 4 + lfetch.fault.nt1 [tmp0], -256 // 7 + lfetch.fault.nt1 [tmp1], -256;; + lfetch.fault.nt1 [tmp0], -256 // 5 + lfetch.fault.nt1 [tmp1], -256;; +#endif +#if SZ >= 2 + lfetch.fault.nt1 [tmp0], -256 // 3 + lfetch.fault.nt1 [tmp1], -256;; +#endif + { + .mii + lfetch.fault.nt1 [tmp0] // 1 + add I[1]=1,I[1];; + zxt1 I[1]=I[1] + } + { + .mmi + lfetch.nt1 [InPrefetch], 0x80 + lfetch.excl.nt1 [OutPrefetch], 0x80 + .save pr, PRSave + mov PRSave = pr + } ;; + { + .mmi + lfetch.excl.nt1 [OutPrefetch], 0x80 + LKEY J = [KTable], SZ + ADDP EndPtr = DataLen, InPtr + } ;; + { + .mmi + ADDP EndPtr = -1, EndPtr // Make it point to + // last data byte. + mov One = 1 + .save ar.lc, LCSave + mov LCSave = ar.lc + .body + } ;; + { + .mmb + sub Remainder = 0, OutPtr + cmp.gtu pSmall, p0 = $threshold, DataLen +(pSmall) br.cond.dpnt .rc4Remainder // Data too small for + // big loop. + } ;; + { + .mmi + and Remainder = 0x7, Remainder + ;; + cmp.eq pAligned, pUnaligned = Remainder, r0 + nop 0x0 + } ;; + { + .mmb +.pred.rel "mutex",pUnaligned,pAligned +(pUnaligned) add Remainder = -1, Remainder +(pAligned) sub Remainder = EndPtr, InPtr +(pAligned) br.cond.dptk.many .rc4Aligned + } ;; + { + .mmi + nop 0x0 + nop 0x0 + mov.i ar.lc = Remainder + } + +/* Do the initial few bytes via the compact, modulo-scheduled loop + until the output pointer is 8-byte-aligned. */ + + MODSCHED_RC4_PROLOGUE + MODSCHED_RC4_LOOP(.RC4AlignLoop) + + { + .mib + sub Remainder = EndPtr, InPtr + zxt1 IFinal = IFinal + clrrrb // Clear CFM.rrb.pr so + ;; // next "mov pr.rot = N" + // does the right thing. + } + { + .mmi + mov I[1] = IFinal + nop 0x0 + nop 0x0 + } ;; + + +.rc4Aligned: + +/* + Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases) + */ + + { + .mlx + add LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder + movl Remainder = 0xaaaaaaaaaaaaaaab + } ;; + { + .mmi + setf.sig f6 = LoopCount // M2, M3 6 cyc + setf.sig f7 = Remainder // M2, M3 6 cyc + nop 0x0 + } ;; + { + .mfb + nop 0x0 + xmpy.hu f6 = f6, f7 + nop 0x0 + } ;; + { + .mmi + getf.sig LoopCount = f6;; // M2 5 cyc + nop 0x0 + shr.u LoopCount = LoopCount, 4 + } ;; + { + .mmi + nop 0x0 + nop 0x0 + mov.i ar.lc = LoopCount + } ;; + +/* Now comes the unrolled loop: */ + +.rc4Prologue: +___ + +$iteration = 0; + +# Generate the prologue: +$predicates = 1; +for ($i = 0; $i < $phases; ++$i) { + &emit_body (\$code, \$bypass, $iteration++, $predicates); + $predicates = ($predicates << 1) | 1; +} + +$code.=<<___; +.rc4Loop: +___ + +# Generate the body: +for ($i = 0; $i < $unroll_count*$phases; ++$i) { + &emit_body (\$code, \$bypass, $iteration++, $predicates); +} + +$code.=<<___; +.rc4Epilogue: +___ + +# Generate the epilogue: +for ($i = 0; $i < $phases; ++$i) { + $predicates <<= 1; + &emit_body (\$code, \$bypass, $iteration++, $predicates); +} + +$code.=<<___; + { + .mmi + lfetch.nt1 [EndPtr] // fetch line with last byte + mov IFinal = I[1] + nop 0x0 + } + +.rc4Remainder: + { + .mmi + sub Remainder = EndPtr, InPtr // Calculate + // # of bytes + // left - 1 + nop 0x0 + nop 0x0 + } ;; + { + .mib + cmp.eq pDone, p0 = -1, Remainder // done already? + mov.i ar.lc = Remainder +(pDone) br.cond.dptk.few .rc4Complete + } + +/* Do the remaining bytes via the compact, modulo-scheduled loop */ + + MODSCHED_RC4_PROLOGUE + MODSCHED_RC4_LOOP(.RC4RestLoop) + +.rc4Complete: + { + .mmi + add KTable = -SZ, KTable + add IFinal = -1, IFinal + mov ar.lc = LCSave + } ;; + { + .mii + SKEY [KTable] = J,-SZ + zxt1 IFinal = IFinal + mov pr = PRSave, 0x1FFFF + } ;; + { + .mib + SKEY [KTable] = IFinal + add RetVal = 1, r0 + br.ret.sptk.few rp + } ;; +___ + +# Last but not least, emit the code for the bypass-code of the unrolled loop: + +$code.=$bypass; + +$code.=<<___; + .endp RC4 +___ + +print $code; diff --git a/lib/libcrypto/rc4/asm/rc4-s390x.pl b/lib/libcrypto/rc4/asm/rc4-s390x.pl new file mode 100644 index 00000000000..96681fa05ec --- /dev/null +++ b/lib/libcrypto/rc4/asm/rc4-s390x.pl @@ -0,0 +1,205 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# February 2009 +# +# Performance is 2x of gcc 3.4.6 on z10. Coding "secret" is to +# "cluster" Address Generation Interlocks, so that one pipeline stall +# resolves several dependencies. + +$rp="%r14"; +$sp="%r15"; +$code=<<___; +.text + +___ + +# void RC4(RC4_KEY *key,size_t len,const void *inp,void *out) +{ +$acc="%r0"; +$cnt="%r1"; +$key="%r2"; +$len="%r3"; +$inp="%r4"; +$out="%r5"; + +@XX=("%r6","%r7"); +@TX=("%r8","%r9"); +$YY="%r10"; +$TY="%r11"; + +$code.=<<___; +.globl RC4 +.type RC4,\@function +.align 64 +RC4: + stmg %r6,%r11,48($sp) + llgc $XX[0],0($key) + llgc $YY,1($key) + la $XX[0],1($XX[0]) + nill $XX[0],0xff + srlg $cnt,$len,3 + ltgr $cnt,$cnt + llgc $TX[0],2($XX[0],$key) + jz .Lshort + j .Loop8 + +.align 64 +.Loop8: +___ +for ($i=0;$i<8;$i++) { +$code.=<<___; + la $YY,0($YY,$TX[0]) # $i + nill $YY,255 + la $XX[1],1($XX[0]) + nill $XX[1],255 +___ +$code.=<<___ if ($i==1); + llgc $acc,2($TY,$key) +___ +$code.=<<___ if ($i>1); + sllg $acc,$acc,8 + ic $acc,2($TY,$key) +___ +$code.=<<___; + llgc $TY,2($YY,$key) + stc $TX[0],2($YY,$key) + llgc $TX[1],2($XX[1],$key) + stc $TY,2($XX[0],$key) + cr $XX[1],$YY + jne .Lcmov$i + la $TX[1],0($TX[0]) +.Lcmov$i: + la $TY,0($TY,$TX[0]) + nill $TY,255 +___ +push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers +} + +$code.=<<___; + lg $TX[1],0($inp) + sllg $acc,$acc,8 + la $inp,8($inp) + ic $acc,2($TY,$key) + xgr $acc,$TX[1] + stg $acc,0($out) + la $out,8($out) + brct $cnt,.Loop8 + +.Lshort: + lghi $acc,7 + ngr $len,$acc + jz .Lexit + j .Loop1 + +.align 16 +.Loop1: + la $YY,0($YY,$TX[0]) + nill $YY,255 + llgc $TY,2($YY,$key) + stc $TX[0],2($YY,$key) + stc $TY,2($XX[0],$key) + ar $TY,$TX[0] + ahi $XX[0],1 + nill $TY,255 + nill $XX[0],255 + llgc $acc,0($inp) + la $inp,1($inp) + llgc $TY,2($TY,$key) + llgc $TX[0],2($XX[0],$key) + xr $acc,$TY + stc $acc,0($out) + la $out,1($out) + brct $len,.Loop1 + +.Lexit: + ahi $XX[0],-1 + stc $XX[0],0($key) + stc $YY,1($key) + lmg %r6,%r11,48($sp) + br $rp +.size RC4,.-RC4 +.string "RC4 for s390x, CRYPTOGAMS by <appro\@openssl.org>" + +___ +} + +# void RC4_set_key(RC4_KEY *key,unsigned int len,const void *inp) +{ +$cnt="%r0"; +$idx="%r1"; +$key="%r2"; +$len="%r3"; +$inp="%r4"; +$acc="%r5"; +$dat="%r6"; +$ikey="%r7"; +$iinp="%r8"; + +$code.=<<___; +.globl RC4_set_key +.type RC4_set_key,\@function +.align 64 +RC4_set_key: + stmg %r6,%r8,48($sp) + lhi $cnt,256 + la $idx,0(%r0) + sth $idx,0($key) +.align 4 +.L1stloop: + stc $idx,2($idx,$key) + la $idx,1($idx) + brct $cnt,.L1stloop + + lghi $ikey,-256 + lr $cnt,$len + la $iinp,0(%r0) + la $idx,0(%r0) +.align 16 +.L2ndloop: + llgc $acc,2+256($ikey,$key) + llgc $dat,0($iinp,$inp) + la $idx,0($idx,$acc) + la $ikey,1($ikey) + la $idx,0($idx,$dat) + nill $idx,255 + la $iinp,1($iinp) + tml $ikey,255 + llgc $dat,2($idx,$key) + stc $dat,2+256-1($ikey,$key) + stc $acc,2($idx,$key) + jz .Ldone + brct $cnt,.L2ndloop + lr $cnt,$len + la $iinp,0(%r0) + j .L2ndloop +.Ldone: + lmg %r6,%r8,48($sp) + br $rp +.size RC4_set_key,.-RC4_set_key + +___ +} + +# const char *RC4_options() +$code.=<<___; +.globl RC4_options +.type RC4_options,\@function +.align 16 +RC4_options: + larl %r2,.Loptions + br %r14 +.size RC4_options,.-RC4_options +.section .rodata +.Loptions: +.align 8 +.string "rc4(8x,char)" +___ + +print $code; diff --git a/lib/libcrypto/rc5/Makefile b/lib/libcrypto/rc5/Makefile index b4e21c9bb23..8a8b00eb89e 100644 --- a/lib/libcrypto/rc5/Makefile +++ b/lib/libcrypto/rc5/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r RC5_ENC= rc5_enc.o -# or use -#DES_ENC= r586-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -40,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > ../$@) -# COFF -r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@) -# a.out -r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@) +rc5-586.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/lib/libcrypto/ripemd/Makefile b/lib/libcrypto/ripemd/Makefile index 6145f136992..d5b1067dbeb 100644 --- a/lib/libcrypto/ripemd/Makefile +++ b/lib/libcrypto/ripemd/Makefile @@ -38,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@) -# COFF -rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@) -# a.out -rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@) +rmd-586.s: asm/rmd-586.pl ../perlasm/x86asm.pl + $(PERL) asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -89,13 +82,8 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rmd_dgst.o: ../../include/openssl/opensslconf.h -rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h -rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/lib/libcrypto/rsa/rsa_ameth.c b/lib/libcrypto/rsa/rsa_ameth.c new file mode 100644 index 00000000000..8c3209885ea --- /dev/null +++ b/lib/libcrypto/rsa/rsa_ameth.c @@ -0,0 +1,349 @@ +/* crypto/rsa/rsa_ameth.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_CMS +#include <openssl/cms.h> +#endif +#include "asn1_locl.h" + +static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + unsigned char *penc = NULL; + int penclen; + penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); + if (penclen <= 0) + return 0; + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), + V_ASN1_NULL, NULL, penc, penclen)) + return 1; + + OPENSSL_free(penc); + return 0; + } + +static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p; + int pklen; + RSA *rsa = NULL; + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) + return 0; + if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) + { + RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); + return 0; + } + EVP_PKEY_assign_RSA (pkey, rsa); + return 1; + } + +static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 + || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) + return 0; + return 1; + } + +static int old_rsa_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + RSA *rsa; + if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) + { + RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); + return 0; + } + EVP_PKEY_assign_RSA(pkey, rsa); + return 1; + } + +static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); + } + +static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) + { + unsigned char *rk = NULL; + int rklen; + rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); + + if (rklen <= 0) + { + RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, + V_ASN1_NULL, NULL, rk, rklen)) + { + RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + return 0; + } + + return 1; + } + +static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p; + int pklen; + if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) + return 0; + return old_rsa_priv_decode(pkey, &p, pklen); + } + +static int int_rsa_size(const EVP_PKEY *pkey) + { + return RSA_size(pkey->pkey.rsa); + } + +static int rsa_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.rsa->n); + } + +static void int_rsa_free(EVP_PKEY *pkey) + { + RSA_free(pkey->pkey.rsa); + } + + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + +static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) + { + char *str; + const char *s; + unsigned char *m=NULL; + int ret=0, mod_len = 0; + size_t buf_len=0; + + update_buflen(x->n, &buf_len); + update_buflen(x->e, &buf_len); + + if (priv) + { + update_buflen(x->d, &buf_len); + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->dmp1, &buf_len); + update_buflen(x->dmq1, &buf_len); + update_buflen(x->iqmp, &buf_len); + } + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (x->n != NULL) + mod_len = BN_num_bits(x->n); + + if(!BIO_indent(bp,off,128)) + goto err; + + if (priv && x->d) + { + if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) + <= 0) goto err; + str = "modulus:"; + s = "publicExponent:"; + } + else + { + if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len) + <= 0) goto err; + str = "Modulus:"; + s= "Exponent:"; + } + if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err; + if (!ASN1_bn_print(bp,s,x->e,m,off)) + goto err; + if (priv) + { + if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off)) + goto err; + if (!ASN1_bn_print(bp,"prime1:",x->p,m,off)) + goto err; + if (!ASN1_bn_print(bp,"prime2:",x->q,m,off)) + goto err; + if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off)) + goto err; + if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off)) + goto err; + if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off)) + goto err; + } + ret=1; +err: + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); + } + + +static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); + } + + +static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + X509_ALGOR *alg = NULL; + switch (op) + { + + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); + break; + + case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (arg1 == 0) + PKCS7_RECIP_INFO_get0_alg(arg2, &alg); + break; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg); + break; + + case ASN1_PKEY_CTRL_CMS_ENVELOPE: + if (arg1 == 0) + CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg); + break; +#endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 1; + + default: + return -2; + + } + + if (alg) + X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, 0); + + return 1; + + } + + +const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = + { + { + EVP_PKEY_RSA, + EVP_PKEY_RSA, + ASN1_PKEY_SIGPARAM_NULL, + + "RSA", + "OpenSSL RSA method", + + rsa_pub_decode, + rsa_pub_encode, + rsa_pub_cmp, + rsa_pub_print, + + rsa_priv_decode, + rsa_priv_encode, + rsa_priv_print, + + int_rsa_size, + rsa_bits, + + 0,0,0,0,0,0, + + int_rsa_free, + rsa_pkey_ctrl, + old_rsa_priv_decode, + old_rsa_priv_encode + }, + + { + EVP_PKEY_RSA2, + EVP_PKEY_RSA, + ASN1_PKEY_ALIAS + } + }; diff --git a/lib/libcrypto/rsa/rsa_locl.h b/lib/libcrypto/rsa/rsa_locl.h new file mode 100644 index 00000000000..f5d2d566284 --- /dev/null +++ b/lib/libcrypto/rsa/rsa_locl.h @@ -0,0 +1,4 @@ +extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, + unsigned char *rm, size_t *prm_len, + const unsigned char *sigbuf, size_t siglen, + RSA *rsa); diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c new file mode 100644 index 00000000000..c6892ecd09c --- /dev/null +++ b/lib/libcrypto/rsa/rsa_pmeth.c @@ -0,0 +1,587 @@ +/* crypto/rsa/rsa_pmeth.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> +#include <openssl/evp.h> +#include "evp_locl.h" +#include "rsa_locl.h" + +/* RSA pkey context structure */ + +typedef struct + { + /* Key gen parameters */ + int nbits; + BIGNUM *pub_exp; + /* Keygen callback info */ + int gentmp[2]; + /* RSA padding mode */ + int pad_mode; + /* message digest */ + const EVP_MD *md; + /* PSS/OAEP salt length */ + int saltlen; + /* Temp buffer */ + unsigned char *tbuf; + } RSA_PKEY_CTX; + +static int pkey_rsa_init(EVP_PKEY_CTX *ctx) + { + RSA_PKEY_CTX *rctx; + rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); + if (!rctx) + return 0; + rctx->nbits = 1024; + rctx->pub_exp = NULL; + rctx->pad_mode = RSA_PKCS1_PADDING; + rctx->md = NULL; + rctx->tbuf = NULL; + + rctx->saltlen = -2; + + ctx->data = rctx; + ctx->keygen_info = rctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; + } + +static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + RSA_PKEY_CTX *dctx, *sctx; + if (!pkey_rsa_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->nbits = sctx->nbits; + if (sctx->pub_exp) + { + dctx->pub_exp = BN_dup(sctx->pub_exp); + if (!dctx->pub_exp) + return 0; + } + dctx->pad_mode = sctx->pad_mode; + dctx->md = sctx->md; + return 1; + } + +static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) + { + if (ctx->tbuf) + return 1; + ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); + if (!ctx->tbuf) + return 0; + return 1; + } + +static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) + { + RSA_PKEY_CTX *rctx = ctx->data; + if (rctx) + { + if (rctx->pub_exp) + BN_free(rctx->pub_exp); + if (rctx->tbuf) + OPENSSL_free(rctx->tbuf); + OPENSSL_free(rctx); + } + } + +static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + RSA *rsa = ctx->pkey->pkey.rsa; + + if (rctx->md) + { + if (tbslen != (size_t)EVP_MD_size(rctx->md)) + { + RSAerr(RSA_F_PKEY_RSA_SIGN, + RSA_R_INVALID_DIGEST_LENGTH); + return -1; + } + if (rctx->pad_mode == RSA_X931_PADDING) + { + if (!setup_tbuf(rctx, ctx)) + return -1; + memcpy(rctx->tbuf, tbs, tbslen); + rctx->tbuf[tbslen] = + RSA_X931_hash_id(EVP_MD_type(rctx->md)); + ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, + sig, rsa, RSA_X931_PADDING); + } + else if (rctx->pad_mode == RSA_PKCS1_PADDING) + { + unsigned int sltmp; + ret = RSA_sign(EVP_MD_type(rctx->md), + tbs, tbslen, sig, &sltmp, rsa); + if (ret <= 0) + return ret; + ret = sltmp; + } + else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) + { + if (!setup_tbuf(rctx, ctx)) + return -1; + if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs, + rctx->md, rctx->saltlen)) + return -1; + ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, + sig, rsa, RSA_NO_PADDING); + } + else + return -1; + } + else + ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *siglen = ret; + return 1; + } + + +static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen) + { + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + + if (rctx->md) + { + if (rctx->pad_mode == RSA_X931_PADDING) + { + if (!setup_tbuf(rctx, ctx)) + return -1; + ret = RSA_public_decrypt(siglen, sig, + rctx->tbuf, ctx->pkey->pkey.rsa, + RSA_X931_PADDING); + if (ret < 1) + return 0; + ret--; + if (rctx->tbuf[ret] != + RSA_X931_hash_id(EVP_MD_type(rctx->md))) + { + RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, + RSA_R_ALGORITHM_MISMATCH); + return 0; + } + if (ret != EVP_MD_size(rctx->md)) + { + RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, + RSA_R_INVALID_DIGEST_LENGTH); + return 0; + } + if (rout) + memcpy(rout, rctx->tbuf, ret); + } + else if (rctx->pad_mode == RSA_PKCS1_PADDING) + { + size_t sltmp; + ret = int_rsa_verify(EVP_MD_type(rctx->md), + NULL, 0, rout, &sltmp, + sig, siglen, ctx->pkey->pkey.rsa); + if (ret <= 0) + return 0; + ret = sltmp; + } + else + return -1; + } + else + ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *routlen = ret; + return 1; + } + +static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) + { + RSA_PKEY_CTX *rctx = ctx->data; + RSA *rsa = ctx->pkey->pkey.rsa; + size_t rslen; + if (rctx->md) + { + if (rctx->pad_mode == RSA_PKCS1_PADDING) + return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, + sig, siglen, rsa); + if (rctx->pad_mode == RSA_X931_PADDING) + { + if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, + sig, siglen) <= 0) + return 0; + } + else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) + { + int ret; + if (!setup_tbuf(rctx, ctx)) + return -1; + ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, + rsa, RSA_NO_PADDING); + if (ret <= 0) + return 0; + ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md, + rctx->tbuf, rctx->saltlen); + if (ret <= 0) + return 0; + return 1; + } + else + return -1; + } + else + { + if (!setup_tbuf(rctx, ctx)) + return -1; + rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, + rsa, rctx->pad_mode); + if (rslen == 0) + return 0; + } + + if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) + return 0; + + return 1; + + } + + +static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) + { + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *outlen = ret; + return 1; + } + +static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) + { + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *outlen = ret; + return 1; + } + +static int check_padding_md(const EVP_MD *md, int padding) + { + if (!md) + return 1; + + if (padding == RSA_NO_PADDING) + { + RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); + return 0; + } + + if (padding == RSA_X931_PADDING) + { + if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) + { + RSAerr(RSA_F_CHECK_PADDING_MD, + RSA_R_INVALID_X931_DIGEST); + return 0; + } + return 1; + } + + return 1; + } + + +static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + RSA_PKEY_CTX *rctx = ctx->data; + switch (type) + { + case EVP_PKEY_CTRL_RSA_PADDING: + if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) + { + if (!check_padding_md(rctx->md, p1)) + return 0; + if (p1 == RSA_PKCS1_PSS_PADDING) + { + if (!(ctx->operation & + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) + goto bad_pad; + if (!rctx->md) + rctx->md = EVP_sha1(); + } + if (p1 == RSA_PKCS1_OAEP_PADDING) + { + if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) + goto bad_pad; + if (!rctx->md) + rctx->md = EVP_sha1(); + } + rctx->pad_mode = p1; + return 1; + } + bad_pad: + RSAerr(RSA_F_PKEY_RSA_CTRL, + RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); + return -2; + + case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: + if (p1 < -2) + return -2; + if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) + { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); + return -2; + } + rctx->saltlen = p1; + return 1; + + case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: + if (p1 < 256) + { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); + return -2; + } + rctx->nbits = p1; + return 1; + + case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: + if (!p2) + return -2; + rctx->pub_exp = p2; + return 1; + + case EVP_PKEY_CTRL_MD: + if (!check_padding_md(p2, rctx->pad_mode)) + return 0; + rctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: + case EVP_PKEY_CTRL_PKCS7_DECRYPT: + case EVP_PKEY_CTRL_PKCS7_SIGN: +#ifndef OPENSSL_NO_CMS + case EVP_PKEY_CTRL_CMS_ENCRYPT: + case EVP_PKEY_CTRL_CMS_DECRYPT: + case EVP_PKEY_CTRL_CMS_SIGN: +#endif + return 1; + case EVP_PKEY_CTRL_PEER_KEY: + RSAerr(RSA_F_PKEY_RSA_CTRL, + RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + + default: + return -2; + + } + } + +static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!value) + { + RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); + return 0; + } + if (!strcmp(type, "rsa_padding_mode")) + { + int pm; + if (!strcmp(value, "pkcs1")) + pm = RSA_PKCS1_PADDING; + else if (!strcmp(value, "sslv23")) + pm = RSA_SSLV23_PADDING; + else if (!strcmp(value, "none")) + pm = RSA_NO_PADDING; + else if (!strcmp(value, "oeap")) + pm = RSA_PKCS1_OAEP_PADDING; + else if (!strcmp(value, "x931")) + pm = RSA_X931_PADDING; + else if (!strcmp(value, "pss")) + pm = RSA_PKCS1_PSS_PADDING; + else + { + RSAerr(RSA_F_PKEY_RSA_CTRL_STR, + RSA_R_UNKNOWN_PADDING_TYPE); + return -2; + } + return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); + } + + if (!strcmp(type, "rsa_pss_saltlen")) + { + int saltlen; + saltlen = atoi(value); + return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); + } + + if (!strcmp(type, "rsa_keygen_bits")) + { + int nbits; + nbits = atoi(value); + return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); + } + + if (!strcmp(type, "rsa_keygen_pubexp")) + { + int ret; + BIGNUM *pubexp = NULL; + if (!BN_asc2bn(&pubexp, value)) + return 0; + ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); + if (ret <= 0) + BN_free(pubexp); + return ret; + } + + return -2; + } + +static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + RSA *rsa = NULL; + RSA_PKEY_CTX *rctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + if (!rctx->pub_exp) + { + rctx->pub_exp = BN_new(); + if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) + return 0; + } + rsa = RSA_new(); + if (!rsa) + return 0; + if (ctx->pkey_gencb) + { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } + else + pcb = NULL; + ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); + if (ret > 0) + EVP_PKEY_assign_RSA(pkey, rsa); + else + RSA_free(rsa); + return ret; + } + +const EVP_PKEY_METHOD rsa_pkey_meth = + { + EVP_PKEY_RSA, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_rsa_init, + pkey_rsa_copy, + pkey_rsa_cleanup, + + 0,0, + + 0, + pkey_rsa_keygen, + + 0, + pkey_rsa_sign, + + 0, + pkey_rsa_verify, + + 0, + pkey_rsa_verifyrecover, + + + 0,0,0,0, + + 0, + pkey_rsa_encrypt, + + 0, + pkey_rsa_decrypt, + + 0,0, + + pkey_rsa_ctrl, + pkey_rsa_ctrl_str + + + }; diff --git a/lib/libcrypto/rsa/rsa_prn.c b/lib/libcrypto/rsa/rsa_prn.c new file mode 100644 index 00000000000..224db0fae52 --- /dev/null +++ b/lib/libcrypto/rsa/rsa_prn.c @@ -0,0 +1,93 @@ +/* crypto/rsa/rsa_prn.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/rsa.h> +#include <openssl/evp.h> + +#ifndef OPENSSL_NO_FP_API +int RSA_print_fp(FILE *fp, const RSA *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=RSA_print(b,x,off); + BIO_free(b); + return(ret); + } +#endif + +int RSA_print(BIO *bp, const RSA *x, int off) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; + } + diff --git a/lib/libcrypto/rsa/rsa_pss.c b/lib/libcrypto/rsa/rsa_pss.c index 9b993aca498..ac211e2ffe0 100644 --- a/lib/libcrypto/rsa/rsa_pss.c +++ b/lib/libcrypto/rsa/rsa_pss.c @@ -81,7 +81,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, EVP_MD_CTX ctx; unsigned char H_[EVP_MAX_MD_SIZE]; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); + if (hLen < 0) + goto err; /* * Negative sLen has special meanings: * -1 sLen == hLen @@ -126,7 +128,8 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); goto err; } - PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); + if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0) + goto err; for (i = 0; i < maskedDBLen; i++) DB[i] ^= EM[i]; if (MSBits) @@ -176,7 +179,9 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, unsigned char *H, *salt = NULL, *p; EVP_MD_CTX ctx; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); + if (hLen < 0) + goto err; /* * Negative sLen has special meanings: * -1 sLen == hLen @@ -217,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, ERR_R_MALLOC_FAILURE); goto err; } - if (!RAND_bytes(salt, sLen)) + if (RAND_bytes(salt, sLen) <= 0) goto err; } maskedDBLen = emLen - hLen - 1; @@ -232,7 +237,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, EVP_MD_CTX_cleanup(&ctx); /* Generate dbMask in place then perform XOR on it */ - PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); + if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash)) + goto err; p = EM; diff --git a/lib/libcrypto/s390xcap.c b/lib/libcrypto/s390xcap.c new file mode 100644 index 00000000000..ffbe0235f99 --- /dev/null +++ b/lib/libcrypto/s390xcap.c @@ -0,0 +1,37 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <setjmp.h> +#include <signal.h> + +extern unsigned long OPENSSL_s390xcap_P; + +static sigjmp_buf ill_jmp; +static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } + +unsigned long OPENSSL_s390x_facilities(void); + +void OPENSSL_cpuid_setup(void) + { + sigset_t oset; + struct sigaction ill_act,oact; + + if (OPENSSL_s390xcap_P) return; + + memset(&ill_act,0,sizeof(ill_act)); + ill_act.sa_handler = ill_handler; + sigfillset(&ill_act.sa_mask); + sigdelset(&ill_act.sa_mask,SIGILL); + sigdelset(&ill_act.sa_mask,SIGTRAP); + sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset); + sigaction (SIGILL,&ill_act,&oact); + + /* protection against missing store-facility-list-extended */ + if (sigsetjmp(ill_jmp,0) == 0) + OPENSSL_s390xcap_P = OPENSSL_s390x_facilities(); + else + OPENSSL_s390xcap_P = 1UL<<63; + + sigaction (SIGILL,&oact,NULL); + sigprocmask(SIG_SETMASK,&oset,NULL); + } diff --git a/lib/libcrypto/s390xcpuid.S b/lib/libcrypto/s390xcpuid.S index 8500133ad0f..b053c6a2819 100644 --- a/lib/libcrypto/s390xcpuid.S +++ b/lib/libcrypto/s390xcpuid.S @@ -1,12 +1,5 @@ .text -.globl OPENSSL_cpuid_setup -.type OPENSSL_cpuid_setup,@function -.align 16 -OPENSSL_cpuid_setup: - br %r14 # reserved for future -.size OPENSSL_cpuid_setup,.-OPENSSL_cpuid_setup - .globl OPENSSL_s390x_facilities .type OPENSSL_s390x_facilities,@function .align 16 @@ -14,6 +7,8 @@ OPENSSL_s390x_facilities: lghi %r0,0 .long 0xb2b0f010 # stfle 16(%r15) lg %r2,16(%r15) + larl %r1,OPENSSL_s390xcap_P + stg %r2,0(%r1) br %r14 .size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities @@ -67,6 +62,8 @@ OPENSSL_cleanse: lghi %r0,0 clgr %r3,%r4 jh .Lot + clgr %r3,%r0 + bcr 8,%r14 .Little: stc %r0,0(%r2) la %r2,1(%r2) @@ -88,3 +85,8 @@ OPENSSL_cleanse: jnz .Little br %r14 .size OPENSSL_cleanse,.-OPENSSL_cleanse + +.section .init + brasl %r14,OPENSSL_cpuid_setup + +.comm OPENSSL_s390xcap_P,8,8 diff --git a/lib/libcrypto/seed/Makefile b/lib/libcrypto/seed/Makefile index ffaeb84218d..4bc55e49164 100644 --- a/lib/libcrypto/seed/Makefile +++ b/lib/libcrypto/seed/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -75,13 +75,32 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -seed.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -seed.o: ../../include/openssl/seed.h seed.c seed_locl.h -seed_cbc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -seed_cbc.o: ../../include/openssl/seed.h seed_cbc.c seed_locl.h -seed_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -seed_cfb.o: ../../include/openssl/seed.h seed_cfb.c seed_locl.h -seed_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/seed.h +seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +seed.o: ../../include/openssl/seed.h ../../include/openssl/stack.h +seed.o: ../../include/openssl/symhacks.h seed.c seed_locl.h +seed_cbc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed_cbc.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +seed_cbc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +seed_cbc.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h +seed_cbc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +seed_cbc.o: seed_cbc.c +seed_cfb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed_cfb.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +seed_cfb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +seed_cfb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h +seed_cfb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +seed_cfb.o: seed_cfb.c +seed_ecb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed_ecb.o: ../../include/openssl/opensslconf.h +seed_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +seed_ecb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h +seed_ecb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h seed_ecb.o: seed_ecb.c -seed_ofb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -seed_ofb.o: ../../include/openssl/seed.h seed_locl.h seed_ofb.c +seed_ofb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed_ofb.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +seed_ofb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +seed_ofb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h +seed_ofb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +seed_ofb.o: seed_ofb.c diff --git a/lib/libcrypto/seed/seed.c b/lib/libcrypto/seed/seed.c index 125dd7d66f6..2bc384a19f0 100644 --- a/lib/libcrypto/seed/seed.c +++ b/lib/libcrypto/seed/seed.c @@ -35,7 +35,7 @@ #include <openssl/seed.h> #include "seed_locl.h" -static seed_word SS[4][256] = { { +static const seed_word SS[4][256] = { { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314, @@ -187,6 +187,11 @@ static seed_word SS[4][256] = { { #define KC14 0xde6e678d #define KC15 0xbcdccf1b +#if defined(OPENSSL_SMALL_FOOTPRINT) +static const seed_word KC[] = { + KC0, KC1, KC2, KC3, KC4, KC5, KC6, KC7, + KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15 }; +#endif void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks) { @@ -201,6 +206,8 @@ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE t0 = (x1 + x3 - KC0) & 0xffffffff; t1 = (x2 - x4 + KC0) & 0xffffffff; KEYUPDATE_TEMP(t0, t1, &ks->data[0]); KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1); KEYUPDATE_TEMP(t0, t1, &ks->data[2]); + +#if !defined(OPENSSL_SMALL_FOOTPRINT) KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2); KEYUPDATE_TEMP(t0, t1, &ks->data[4]); KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3); KEYUPDATE_TEMP(t0, t1, &ks->data[6]); KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4); KEYUPDATE_TEMP(t0, t1, &ks->data[8]); @@ -215,6 +222,17 @@ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13); KEYUPDATE_TEMP(t0, t1, &ks->data[26]); KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14); KEYUPDATE_TEMP(t0, t1, &ks->data[28]); KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15); KEYUPDATE_TEMP(t0, t1, &ks->data[30]); +#else + { + int i; + for (i=2; i<16; i+=2) { + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC[i]); + KEYUPDATE_TEMP(t0, t1, &ks->data[i*2]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC[i+1]); + KEYUPDATE_TEMP(t0, t1, &ks->data[i*2+2]); + } + } +#endif } void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks) @@ -226,7 +244,8 @@ void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_B char2word(s+4, x2); char2word(s+8, x3); char2word(s+12, x4); - + +#if !defined(OPENSSL_SMALL_FOOTPRINT) E_SEED(t0, t1, x1, x2, x3, x4, 0); E_SEED(t0, t1, x3, x4, x1, x2, 2); E_SEED(t0, t1, x1, x2, x3, x4, 4); @@ -243,6 +262,15 @@ void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_B E_SEED(t0, t1, x3, x4, x1, x2, 26); E_SEED(t0, t1, x1, x2, x3, x4, 28); E_SEED(t0, t1, x3, x4, x1, x2, 30); +#else + { + int i; + for (i=0;i<30;i+=4) { + E_SEED(t0,t1,x1,x2,x3,x4,i); + E_SEED(t0,t1,x3,x4,x1,x2,i+2); + } + } +#endif word2char(x3, d); word2char(x4, d+4); @@ -259,7 +287,8 @@ void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_B char2word(s+4, x2); char2word(s+8, x3); char2word(s+12, x4); - + +#if !defined(OPENSSL_SMALL_FOOTPRINT) E_SEED(t0, t1, x1, x2, x3, x4, 30); E_SEED(t0, t1, x3, x4, x1, x2, 28); E_SEED(t0, t1, x1, x2, x3, x4, 26); @@ -276,6 +305,16 @@ void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_B E_SEED(t0, t1, x3, x4, x1, x2, 4); E_SEED(t0, t1, x1, x2, x3, x4, 2); E_SEED(t0, t1, x3, x4, x1, x2, 0); +#else + { + int i; + for (i=30; i>0; i-=4) { + E_SEED(t0, t1, x1, x2, x3, x4, i); + E_SEED(t0, t1, x3, x4, x1, x2, i-2); + + } + } +#endif word2char(x3, d); word2char(x4, d+4); diff --git a/lib/libcrypto/seed/seed.h b/lib/libcrypto/seed/seed.h index 427915ed9a9..6ffa5f024e8 100644 --- a/lib/libcrypto/seed/seed.h +++ b/lib/libcrypto/seed/seed.h @@ -82,6 +82,8 @@ #define HEADER_SEED_H #include <openssl/opensslconf.h> +#include <openssl/e_os2.h> +#include <openssl/crypto.h> #ifdef OPENSSL_NO_SEED #error SEED is disabled. diff --git a/lib/libcrypto/seed/seed_cbc.c b/lib/libcrypto/seed/seed_cbc.c index 4f718ccb44e..6c3f9b527af 100644 --- a/lib/libcrypto/seed/seed_cbc.c +++ b/lib/libcrypto/seed/seed_cbc.c @@ -49,81 +49,15 @@ * */ -#include "seed_locl.h" -#include <string.h> +#include <openssl/seed.h> +#include <openssl/modes.h> void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc) { - size_t n; - unsigned char tmp[SEED_BLOCK_SIZE]; - const unsigned char *iv = ivec; - if (enc) - { - while (len >= SEED_BLOCK_SIZE) - { - for (n = 0; n < SEED_BLOCK_SIZE; ++n) - out[n] = in[n] ^ iv[n]; - SEED_encrypt(out, out, ks); - iv = out; - len -= SEED_BLOCK_SIZE; - in += SEED_BLOCK_SIZE; - out += SEED_BLOCK_SIZE; - } - if (len) - { - for (n = 0; n < len; ++n) - out[n] = in[n] ^ iv[n]; - for (n = len; n < SEED_BLOCK_SIZE; ++n) - out[n] = iv[n]; - SEED_encrypt(out, out, ks); - iv = out; - } - memcpy(ivec, iv, SEED_BLOCK_SIZE); - } - else if (in != out) /* decrypt */ - { - while (len >= SEED_BLOCK_SIZE) - { - SEED_decrypt(in, out, ks); - for (n = 0; n < SEED_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - iv = in; - len -= SEED_BLOCK_SIZE; - in += SEED_BLOCK_SIZE; - out += SEED_BLOCK_SIZE; - } - if (len) - { - SEED_decrypt(in, tmp, ks); - for (n = 0; n < len; ++n) - out[n] = tmp[n] ^ iv[n]; - iv = in; - } - memcpy(ivec, iv, SEED_BLOCK_SIZE); - } - else /* decrypt, overlap */ - { - while (len >= SEED_BLOCK_SIZE) - { - memcpy(tmp, in, SEED_BLOCK_SIZE); - SEED_decrypt(in, out, ks); - for (n = 0; n < SEED_BLOCK_SIZE; ++n) - out[n] ^= ivec[n]; - memcpy(ivec, tmp, SEED_BLOCK_SIZE); - len -= SEED_BLOCK_SIZE; - in += SEED_BLOCK_SIZE; - out += SEED_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp, in, SEED_BLOCK_SIZE); - SEED_decrypt(tmp, tmp, ks); - for (n = 0; n < len; ++n) - out[n] = tmp[n] ^ ivec[n]; - memcpy(ivec, tmp, SEED_BLOCK_SIZE); - } - } + CRYPTO_cbc128_encrypt(in,out,len,ks,ivec,(block128_f)SEED_encrypt); + else + CRYPTO_cbc128_decrypt(in,out,len,ks,ivec,(block128_f)SEED_decrypt); } diff --git a/lib/libcrypto/seed/seed_cfb.c b/lib/libcrypto/seed/seed_cfb.c index 07d878a7888..694597dd06e 100644 --- a/lib/libcrypto/seed/seed_cfb.c +++ b/lib/libcrypto/seed/seed_cfb.c @@ -105,40 +105,12 @@ * [including the GNU Public Licence.] */ -#include "seed_locl.h" -#include <string.h> +#include <openssl/seed.h> +#include <openssl/modes.h> void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc) { - int n; - unsigned char c; - - n = *num; - - if (enc) - { - while (len--) - { - if (n == 0) - SEED_encrypt(ivec, ivec, ks); - ivec[n] = *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % SEED_BLOCK_SIZE; - } - } - else - { - while (len--) - { - if (n == 0) - SEED_encrypt(ivec, ivec, ks); - c = *(in); - *(out++) = *(in++) ^ ivec[n]; - ivec[n] = c; - n = (n+1) % SEED_BLOCK_SIZE; - } - } - - *num = n; + CRYPTO_cfb128_encrypt(in,out,len,ks,ivec,num,enc,(block128_f)SEED_encrypt); } diff --git a/lib/libcrypto/seed/seed_ofb.c b/lib/libcrypto/seed/seed_ofb.c index e2f3f57a38c..3c8ba33bb9f 100644 --- a/lib/libcrypto/seed/seed_ofb.c +++ b/lib/libcrypto/seed/seed_ofb.c @@ -105,24 +105,12 @@ * [including the GNU Public Licence.] */ -#include "seed_locl.h" -#include <string.h> +#include <openssl/seed.h> +#include <openssl/modes.h> void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num) { - int n; - - n = *num; - - while (len--) - { - if (n == 0) - SEED_encrypt(ivec, ivec, ks); - *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % SEED_BLOCK_SIZE; - } - - *num = n; + CRYPTO_ofb128_encrypt(in,out,len,ks,ivec,num,(block128_f)SEED_encrypt); } diff --git a/lib/libcrypto/sha/Makefile b/lib/libcrypto/sha/Makefile index f4741b9ee63..e6eccb05f97 100644 --- a/lib/libcrypto/sha/Makefile +++ b/lib/libcrypto/sha/Makefile @@ -38,25 +38,16 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -# COFF -sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-cof.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -# a.out -sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-out.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +sha1-586.s: asm/sha1-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha256-586.s: asm/sha256-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha512-586.s: asm/sha512-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ sha1-ia64.s: asm/sha1-ia64.pl (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS)) @@ -65,10 +56,25 @@ sha256-ia64.s: asm/sha512-ia64.pl sha512-ia64.s: asm/sha512-ia64.pl (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) +sha256-armv4.s: asm/sha256-armv4.pl + $(PERL) $< $@ + # Solaris make has to be explicitly told -sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $@ -sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ -sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ +sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@ +sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha1-sparcv9.s: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS) +sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) +sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) + +sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@ +sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ +sha512-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +sha1-%.s: asm/sha1-%.pl; $(PERL) $< $@ +sha256-%.s: asm/sha512-%.pl; $(PERL) $< $@ +sha512-%.s: asm/sha512-%.pl; $(PERL) $< $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -113,31 +119,24 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sha1_one.o: sha1_one.c -sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -sha1dgst.o: ../../include/openssl/opensslconf.h +sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha256.o: ../md32_common.h sha256.c +sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c sha512.o: ../../e_os.h ../../include/openssl/bio.h sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c -sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha_dgst.o: ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../cryptlib.h sha512.c +sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/lib/libcrypto/sha/asm/sha1-armv4-large.pl b/lib/libcrypto/sha/asm/sha1-armv4-large.pl new file mode 100644 index 00000000000..88861af6411 --- /dev/null +++ b/lib/libcrypto/sha/asm/sha1-armv4-large.pl @@ -0,0 +1,234 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# sha1_block procedure for ARMv4. +# +# January 2007. + +# Size/performance trade-off +# ==================================================================== +# impl size in bytes comp cycles[*] measured performance +# ==================================================================== +# thumb 304 3212 4420 +# armv4-small 392/+29% 1958/+64% 2250/+96% +# armv4-compact 740/+89% 1552/+26% 1840/+22% +# armv4-large 1420/+92% 1307/+19% 1370/+34%[***] +# full unroll ~5100/+260% ~1260/+4% ~1300/+5% +# ==================================================================== +# thumb = same as 'small' but in Thumb instructions[**] and +# with recurring code in two private functions; +# small = detached Xload/update, loops are folded; +# compact = detached Xload/update, 5x unroll; +# large = interleaved Xload/update, 5x unroll; +# full unroll = interleaved Xload/update, full unroll, estimated[!]; +# +# [*] Manually counted instructions in "grand" loop body. Measured +# performance is affected by prologue and epilogue overhead, +# i-cache availability, branch penalties, etc. +# [**] While each Thumb instruction is twice smaller, they are not as +# diverse as ARM ones: e.g., there are only two arithmetic +# instructions with 3 arguments, no [fixed] rotate, addressing +# modes are limited. As result it takes more instructions to do +# the same job in Thumb, therefore the code is never twice as +# small and always slower. +# [***] which is also ~35% better than compiler generated code. + +$output=shift; +open STDOUT,">$output"; + +$ctx="r0"; +$inp="r1"; +$len="r2"; +$a="r3"; +$b="r4"; +$c="r5"; +$d="r6"; +$e="r7"; +$K="r8"; +$t0="r9"; +$t1="r10"; +$t2="r11"; +$t3="r12"; +$Xi="r14"; +@V=($a,$b,$c,$d,$e); + +# One can optimize this for aligned access on big-endian architecture, +# but code's endian neutrality makes it too pretty:-) +sub Xload { +my ($a,$b,$c,$d,$e)=@_; +$code.=<<___; + ldrb $t0,[$inp],#4 + ldrb $t1,[$inp,#-3] + ldrb $t2,[$inp,#-2] + ldrb $t3,[$inp,#-1] + add $e,$K,$e,ror#2 @ E+=K_00_19 + orr $t0,$t1,$t0,lsl#8 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + orr $t0,$t2,$t0,lsl#8 + eor $t1,$c,$d @ F_xx_xx + orr $t0,$t3,$t0,lsl#8 + add $e,$e,$t0 @ E+=X[i] + str $t0,[$Xi,#-4]! +___ +} +sub Xupdate { +my ($a,$b,$c,$d,$e,$flag)=@_; +$code.=<<___; + ldr $t0,[$Xi,#15*4] + ldr $t1,[$Xi,#13*4] + ldr $t2,[$Xi,#7*4] + ldr $t3,[$Xi,#2*4] + add $e,$K,$e,ror#2 @ E+=K_xx_xx + eor $t0,$t0,$t1 + eor $t0,$t0,$t2 + eor $t0,$t0,$t3 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) +___ +$code.=<<___ if (!defined($flag)); + eor $t1,$c,$d @ F_xx_xx, but not in 40_59 +___ +$code.=<<___; + mov $t0,$t0,ror#31 + add $e,$e,$t0 @ E+=X[i] + str $t0,[$Xi,#-4]! +___ +} + +sub BODY_00_15 { +my ($a,$b,$c,$d,$e)=@_; + &Xload(@_); +$code.=<<___; + and $t1,$b,$t1,ror#2 + eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) + add $e,$e,$t1 @ E+=F_00_19(B,C,D) +___ +} + +sub BODY_16_19 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_); +$code.=<<___; + and $t1,$b,$t1,ror#2 + eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) + add $e,$e,$t1 @ E+=F_00_19(B,C,D) +___ +} + +sub BODY_20_39 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_); +$code.=<<___; + eor $t1,$b,$t1,ror#2 @ F_20_39(B,C,D) + add $e,$e,$t1 @ E+=F_20_39(B,C,D) +___ +} + +sub BODY_40_59 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_,1); +$code.=<<___; + and $t1,$b,$c,ror#2 + orr $t2,$b,$c,ror#2 + and $t2,$t2,$d,ror#2 + orr $t1,$t1,$t2 @ F_40_59(B,C,D) + add $e,$e,$t1 @ E+=F_40_59(B,C,D) +___ +} + +$code=<<___; +.text + +.global sha1_block_data_order +.type sha1_block_data_order,%function + +.align 2 +sha1_block_data_order: + stmdb sp!,{r4-r12,lr} + add $len,$inp,$len,lsl#6 @ $len to point at the end of $inp + ldmia $ctx,{$a,$b,$c,$d,$e} +.Lloop: + ldr $K,.LK_00_19 + mov $Xi,sp + sub sp,sp,#15*4 + mov $c,$c,ror#30 + mov $d,$d,ror#30 + mov $e,$e,ror#30 @ [6] +.L_00_15: +___ +for($i=0;$i<5;$i++) { + &BODY_00_15(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp + bne .L_00_15 @ [((11+4)*5+2)*3] +___ + &BODY_00_15(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); +$code.=<<___; + + ldr $K,.LK_20_39 @ [+15+16*4] + sub sp,sp,#25*4 + cmn sp,#0 @ [+3], clear carry to denote 20_39 +.L_20_39_or_60_79: +___ +for($i=0;$i<5;$i++) { + &BODY_20_39(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp @ preserve carry + bne .L_20_39_or_60_79 @ [+((12+3)*5+2)*4] + bcs .L_done @ [+((12+3)*5+2)*4], spare 300 bytes + + ldr $K,.LK_40_59 + sub sp,sp,#20*4 @ [+2] +.L_40_59: +___ +for($i=0;$i<5;$i++) { + &BODY_40_59(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp + bne .L_40_59 @ [+((12+5)*5+2)*4] + + ldr $K,.LK_60_79 + sub sp,sp,#20*4 + cmp sp,#0 @ set carry to denote 60_79 + b .L_20_39_or_60_79 @ [+4], spare 300 bytes +.L_done: + add sp,sp,#80*4 @ "deallocate" stack frame + ldmia $ctx,{$K,$t0,$t1,$t2,$t3} + add $a,$K,$a + add $b,$t0,$b + add $c,$t1,$c,ror#2 + add $d,$t2,$d,ror#2 + add $e,$t3,$e,ror#2 + stmia $ctx,{$a,$b,$c,$d,$e} + teq $inp,$len + bne .Lloop @ [+18], total 1307 + + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +.align 2 +.LK_00_19: .word 0x5a827999 +.LK_20_39: .word 0x6ed9eba1 +.LK_40_59: .word 0x8f1bbcdc +.LK_60_79: .word 0xca62c1d6 +.size sha1_block_data_order,.-sha1_block_data_order +.asciz "SHA1 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 +___ + +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/lib/libcrypto/sha/asm/sha1-ppc.pl b/lib/libcrypto/sha/asm/sha1-ppc.pl new file mode 100755 index 00000000000..dcd0fcdfcfa --- /dev/null +++ b/lib/libcrypto/sha/asm/sha1-ppc.pl @@ -0,0 +1,319 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# I let hardware handle unaligned input(*), except on page boundaries +# (see below for details). Otherwise straightforward implementation +# with X vector in register bank. The module is big-endian [which is +# not big deal as there're no little-endian targets left around]. +# +# (*) this means that this module is inappropriate for PPC403? Does +# anybody know if pre-POWER3 can sustain unaligned load? + +# -m64 -m32 +# ---------------------------------- +# PPC970,gcc-4.0.0 +76% +59% +# Power6,xlc-7 +68% +33% + +$flavour = shift; + +if ($flavour =~ /64/) { + $SIZE_T =8; + $UCMP ="cmpld"; + $STU ="stdu"; + $POP ="ld"; + $PUSH ="std"; +} elsif ($flavour =~ /32/) { + $SIZE_T =4; + $UCMP ="cmplw"; + $STU ="stwu"; + $POP ="lwz"; + $PUSH ="stw"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$FRAME=24*$SIZE_T; + +$K ="r0"; +$sp ="r1"; +$toc="r2"; +$ctx="r3"; +$inp="r4"; +$num="r5"; +$t0 ="r15"; +$t1 ="r6"; + +$A ="r7"; +$B ="r8"; +$C ="r9"; +$D ="r10"; +$E ="r11"; +$T ="r12"; + +@V=($A,$B,$C,$D,$E,$T); +@X=("r16","r17","r18","r19","r20","r21","r22","r23", + "r24","r25","r26","r27","r28","r29","r30","r31"); + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___ if ($i==0); + lwz @X[$i],`$i*4`($inp) +___ +$code.=<<___ if ($i<15); + lwz @X[$j],`$j*4`($inp) + add $f,$K,$e + rotlwi $e,$a,5 + add $f,$f,@X[$i] + and $t0,$c,$b + add $f,$f,$e + andc $t1,$d,$b + rotlwi $b,$b,30 + or $t0,$t0,$t1 + add $f,$f,$t0 +___ +$code.=<<___ if ($i>=15); + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + and $t0,$c,$b + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + andc $t1,$d,$b + rotlwi $b,$b,30 + or $t0,$t0,$t1 + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + add $f,$f,$t0 + rotlwi @X[$j%16],@X[$j%16],1 +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___ if ($i<79); + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + xor $t0,$b,$c + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + rotlwi $b,$b,30 + xor $t0,$t0,$d + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + add $f,$f,$t0 + rotlwi @X[$j%16],@X[$j%16],1 +___ +$code.=<<___ if ($i==79); + add $f,$K,$e + rotlwi $e,$a,5 + lwz r16,0($ctx) + add $f,$f,@X[$i%16] + xor $t0,$b,$c + lwz r17,4($ctx) + add $f,$f,$e + rotlwi $b,$b,30 + lwz r18,8($ctx) + xor $t0,$t0,$d + lwz r19,12($ctx) + add $f,$f,$t0 + lwz r20,16($ctx) +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___; + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + and $t0,$b,$c + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + or $t1,$b,$c + rotlwi $b,$b,30 + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + and $t1,$t1,$d + or $t0,$t0,$t1 + rotlwi @X[$j%16],@X[$j%16],1 + add $f,$f,$t0 +___ +} + +$code=<<___; +.machine "any" +.text + +.globl .sha1_block_data_order +.align 4 +.sha1_block_data_order: + mflr r0 + $STU $sp,`-($FRAME+64)`($sp) + $PUSH r0,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + lwz $A,0($ctx) + lwz $B,4($ctx) + lwz $C,8($ctx) + lwz $D,12($ctx) + lwz $E,16($ctx) + andi. r0,$inp,3 + bne Lunaligned +Laligned: + mtctr $num + bl Lsha1_block_private +Ldone: + $POP r0,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,`$FRAME+64` + blr +___ + +# PowerPC specification allows an implementation to be ill-behaved +# upon unaligned access which crosses page boundary. "Better safe +# than sorry" principle makes me treat it specially. But I don't +# look for particular offending word, but rather for 64-byte input +# block which crosses the boundary. Once found that block is aligned +# and hashed separately... +$code.=<<___; +.align 4 +Lunaligned: + subfic $t1,$inp,4096 + andi. $t1,$t1,4095 ; distance to closest page boundary + srwi. $t1,$t1,6 ; t1/=64 + beq Lcross_page + $UCMP $num,$t1 + ble- Laligned ; didn't cross the page boundary + mtctr $t1 + subfc $num,$t1,$num + bl Lsha1_block_private +Lcross_page: + li $t1,16 + mtctr $t1 + addi r20,$sp,$FRAME ; spot below the frame +Lmemcpy: + lbz r16,0($inp) + lbz r17,1($inp) + lbz r18,2($inp) + lbz r19,3($inp) + addi $inp,$inp,4 + stb r16,0(r20) + stb r17,1(r20) + stb r18,2(r20) + stb r19,3(r20) + addi r20,r20,4 + bdnz Lmemcpy + + $PUSH $inp,`$FRAME-$SIZE_T*19`($sp) + li $t1,1 + addi $inp,$sp,$FRAME + mtctr $t1 + bl Lsha1_block_private + $POP $inp,`$FRAME-$SIZE_T*19`($sp) + addic. $num,$num,-1 + bne- Lunaligned + b Ldone +___ + +# This is private block function, which uses tailored calling +# interface, namely upon entry SHA_CTX is pre-loaded to given +# registers and counter register contains amount of chunks to +# digest... +$code.=<<___; +.align 4 +Lsha1_block_private: +___ +$code.=<<___; # load K_00_19 + lis $K,0x5a82 + ori $K,$K,0x7999 +___ +for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_20_39 + lis $K,0x6ed9 + ori $K,$K,0xeba1 +___ +for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_40_59 + lis $K,0x8f1b + ori $K,$K,0xbcdc +___ +for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_60_79 + lis $K,0xca62 + ori $K,$K,0xc1d6 +___ +for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add r16,r16,$E + add r17,r17,$T + add r18,r18,$A + add r19,r19,$B + add r20,r20,$C + stw r16,0($ctx) + mr $A,r16 + stw r17,4($ctx) + mr $B,r17 + stw r18,8($ctx) + mr $C,r18 + stw r19,12($ctx) + mr $D,r19 + stw r20,16($ctx) + mr $E,r20 + addi $inp,$inp,`16*4` + bdnz- Lsha1_block_private + blr +___ +$code.=<<___; +.asciz "SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>" +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libcrypto/sha/asm/sha1-s390x.pl b/lib/libcrypto/sha/asm/sha1-s390x.pl new file mode 100644 index 00000000000..4b17848287a --- /dev/null +++ b/lib/libcrypto/sha/asm/sha1-s390x.pl @@ -0,0 +1,226 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA1 block procedure for s390x. + +# April 2007. +# +# Performance is >30% better than gcc 3.3 generated code. But the real +# twist is that SHA1 hardware support is detected and utilized. In +# which case performance can reach further >4.5x for larger chunks. + +# January 2009. +# +# Optimize Xupdate for amount of memory references and reschedule +# instructions to favour dual-issue z10 pipeline. On z10 hardware is +# "only" ~2.3x faster than software. + +$kimdfunc=1; # magic function code for kimd instruction + +$output=shift; +open STDOUT,">$output"; + +$K_00_39="%r0"; $K=$K_00_39; +$K_40_79="%r1"; +$ctx="%r2"; $prefetch="%r2"; +$inp="%r3"; +$len="%r4"; + +$A="%r5"; +$B="%r6"; +$C="%r7"; +$D="%r8"; +$E="%r9"; @V=($A,$B,$C,$D,$E); +$t0="%r10"; +$t1="%r11"; +@X=("%r12","%r13","%r14"); +$sp="%r15"; + +$frame=160+16*4; + +sub Xupdate { +my $i=shift; + +$code.=<<___ if ($i==15); + lg $prefetch,160($sp) ### Xupdate(16) warm-up + lr $X[0],$X[2] +___ +return if ($i&1); # Xupdate is vectorized and executed every 2nd cycle +$code.=<<___ if ($i<16); + lg $X[0],`$i*4`($inp) ### Xload($i) + rllg $X[1],$X[0],32 +___ +$code.=<<___ if ($i>=16); + xgr $X[0],$prefetch ### Xupdate($i) + lg $prefetch,`160+4*(($i+2)%16)`($sp) + xg $X[0],`160+4*(($i+8)%16)`($sp) + xgr $X[0],$prefetch + rll $X[0],$X[0],1 + rllg $X[1],$X[0],32 + rll $X[1],$X[1],1 + rllg $X[0],$X[1],32 + lr $X[2],$X[1] # feedback +___ +$code.=<<___ if ($i<=70); + stg $X[0],`160+4*($i%16)`($sp) +___ +unshift(@X,pop(@X)); +} + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=$X[1]; + + &Xupdate($i); +$code.=<<___; + alr $e,$K ### $i + rll $t1,$a,5 + lr $t0,$d + xr $t0,$c + alr $e,$t1 + nr $t0,$b + alr $e,$xi + xr $t0,$d + rll $b,$b,30 + alr $e,$t0 +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=$X[1]; + + &Xupdate($i); +$code.=<<___; + alr $e,$K ### $i + rll $t1,$a,5 + lr $t0,$b + alr $e,$t1 + xr $t0,$c + alr $e,$xi + xr $t0,$d + rll $b,$b,30 + alr $e,$t0 +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=$X[1]; + + &Xupdate($i); +$code.=<<___; + alr $e,$K ### $i + rll $t1,$a,5 + lr $t0,$b + alr $e,$t1 + or $t0,$c + lr $t1,$b + nr $t0,$d + nr $t1,$c + alr $e,$xi + or $t0,$t1 + rll $b,$b,30 + alr $e,$t0 +___ +} + +$code.=<<___; +.text +.align 64 +.type Ktable,\@object +Ktable: .long 0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6 + .skip 48 #.long 0,0,0,0,0,0,0,0,0,0,0,0 +.size Ktable,.-Ktable +.globl sha1_block_data_order +.type sha1_block_data_order,\@function +sha1_block_data_order: +___ +$code.=<<___ if ($kimdfunc); + larl %r1,OPENSSL_s390xcap_P + lg %r0,0(%r1) + tmhl %r0,0x4000 # check for message-security assist + jz .Lsoftware + lghi %r0,0 + la %r1,16($sp) + .long 0xb93e0002 # kimd %r0,%r2 + lg %r0,16($sp) + tmhh %r0,`0x8000>>$kimdfunc` + jz .Lsoftware + lghi %r0,$kimdfunc + lgr %r1,$ctx + lgr %r2,$inp + sllg %r3,$len,6 + .long 0xb93e0002 # kimd %r0,%r2 + brc 1,.-4 # pay attention to "partial completion" + br %r14 +.align 16 +.Lsoftware: +___ +$code.=<<___; + lghi %r1,-$frame + stg $ctx,16($sp) + stmg %r6,%r15,48($sp) + lgr %r0,$sp + la $sp,0(%r1,$sp) + stg %r0,0($sp) + + larl $t0,Ktable + llgf $A,0($ctx) + llgf $B,4($ctx) + llgf $C,8($ctx) + llgf $D,12($ctx) + llgf $E,16($ctx) + + lg $K_00_39,0($t0) + lg $K_40_79,8($t0) + +.Lloop: + rllg $K_00_39,$K_00_39,32 +___ +for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + rllg $K_00_39,$K_00_39,32 +___ +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; $K=$K_40_79; + rllg $K_40_79,$K_40_79,32 +___ +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + rllg $K_40_79,$K_40_79,32 +___ +for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + + lg $ctx,`$frame+16`($sp) + la $inp,64($inp) + al $A,0($ctx) + al $B,4($ctx) + al $C,8($ctx) + al $D,12($ctx) + al $E,16($ctx) + st $A,0($ctx) + st $B,4($ctx) + st $C,8($ctx) + st $D,12($ctx) + st $E,16($ctx) + brct $len,.Lloop + + lmg %r6,%r15,`$frame+48`($sp) + br %r14 +.size sha1_block_data_order,.-sha1_block_data_order +.string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>" +.comm OPENSSL_s390xcap_P,8,8 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; + +print $code; +close STDOUT; diff --git a/lib/libcrypto/sha/asm/sha1-sparcv9.pl b/lib/libcrypto/sha/asm/sha1-sparcv9.pl new file mode 100644 index 00000000000..8306fc88ccf --- /dev/null +++ b/lib/libcrypto/sha/asm/sha1-sparcv9.pl @@ -0,0 +1,283 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# Performance improvement is not really impressive on pre-T1 CPU: +8% +# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it +# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and +# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick. +# X[16] vector is packed to 8 64-bit registers and as result nothing +# is spilled on stack. In addition input data is loaded in compact +# instruction sequence, thus minimizing the window when the code is +# subject to [inter-thread] cache-thrashing hazard. The goal is to +# ensure scalability on UltraSPARC T1, or rather to avoid decay when +# amount of active threads exceeds the number of physical cores. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); +$rot1m="%g2"; +$tmp64="%g3"; +$Xi="%g4"; +$A="%l0"; +$B="%l1"; +$C="%l2"; +$D="%l3"; +$E="%l4"; +@V=($A,$B,$C,$D,$E); +$K_00_19="%l5"; +$K_20_39="%l6"; +$K_40_59="%l7"; +$K_60_79="%g5"; +@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79); + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$tmp0="%i3"; +$tmp1="%i4"; +$tmp2="%i5"; + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=($i&1)?@X[($i/2)%8]:$Xi; + +$code.=<<___; + sll $a,5,$tmp0 !! $i + add @K[$i/20],$e,$e + srl $a,27,$tmp1 + add $tmp0,$e,$e + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + andn $d,$b,$tmp1 + srl $b,2,$b + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $xi,$e,$e +___ +if ($i&1 && $i<15) { + $code.= + " srlx @X[(($i+1)/2)%8],32,$Xi\n"; +} +$code.=<<___; + add $tmp1,$e,$e +___ +} + +sub Xupdate { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i/2; + +if ($i&1) { +$code.=<<___; + sll $a,5,$tmp0 !! $i + add @K[$i/20],$e,$e + srl $a,27,$tmp1 +___ +} else { +$code.=<<___; + sllx @X[($j+6)%8],32,$Xi ! Xupdate($i) + xor @X[($j+1)%8],@X[$j%8],@X[$j%8] + srlx @X[($j+7)%8],32,$tmp1 + xor @X[($j+4)%8],@X[$j%8],@X[$j%8] + sll $a,5,$tmp0 !! $i + or $tmp1,$Xi,$Xi + add @K[$i/20],$e,$e !! + xor $Xi,@X[$j%8],@X[$j%8] + srlx @X[$j%8],31,$Xi + add @X[$j%8],@X[$j%8],@X[$j%8] + and $Xi,$rot1m,$Xi + andn @X[$j%8],$rot1m,@X[$j%8] + srl $a,27,$tmp1 !! + or $Xi,@X[$j%8],@X[$j%8] +___ +} +} + +sub BODY_16_19 { +my ($i,$a,$b,$c,$d,$e)=@_; + + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + add $xi,$e,$e + andn $d,$b,$tmp1 + srl $b,2,$b + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi; + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $xi,$e,$e +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi; + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + or $c,$b,$tmp1 + srl $b,2,$b + and $d,$tmp1,$tmp1 + add $xi,$e,$e + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +} + +$code.=<<___ if ($bits==64); +.register %g2,#scratch +.register %g3,#scratch +___ +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 32 +.globl sha1_block_data_order +sha1_block_data_order: + save %sp,-$frame,%sp + sllx $len,6,$len + add $inp,$len,$len + + or %g0,1,$rot1m + sllx $rot1m,32,$rot1m + or $rot1m,1,$rot1m + + ld [$ctx+0],$A + ld [$ctx+4],$B + ld [$ctx+8],$C + ld [$ctx+12],$D + ld [$ctx+16],$E + andn $inp,7,$tmp0 + + sethi %hi(0x5a827999),$K_00_19 + or $K_00_19,%lo(0x5a827999),$K_00_19 + sethi %hi(0x6ed9eba1),$K_20_39 + or $K_20_39,%lo(0x6ed9eba1),$K_20_39 + sethi %hi(0x8f1bbcdc),$K_40_59 + or $K_40_59,%lo(0x8f1bbcdc),$K_40_59 + sethi %hi(0xca62c1d6),$K_60_79 + or $K_60_79,%lo(0xca62c1d6),$K_60_79 + +.Lloop: + ldx [$tmp0+0],@X[0] + ldx [$tmp0+16],@X[2] + ldx [$tmp0+32],@X[4] + ldx [$tmp0+48],@X[6] + and $inp,7,$tmp1 + ldx [$tmp0+8],@X[1] + sll $tmp1,3,$tmp1 + ldx [$tmp0+24],@X[3] + subcc %g0,$tmp1,$tmp2 ! should be 64-$tmp1, but -$tmp1 works too + ldx [$tmp0+40],@X[5] + bz,pt %icc,.Laligned + ldx [$tmp0+56],@X[7] + + sllx @X[0],$tmp1,@X[0] + ldx [$tmp0+64],$tmp64 +___ +for($i=0;$i<7;$i++) +{ $code.=<<___; + srlx @X[$i+1],$tmp2,$Xi + sllx @X[$i+1],$tmp1,@X[$i+1] + or $Xi,@X[$i],@X[$i] +___ +} +$code.=<<___; + srlx $tmp64,$tmp2,$tmp64 + or $tmp64,@X[7],@X[7] +.Laligned: + srlx @X[0],32,$Xi +___ +for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +for (;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); } +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + + ld [$ctx+0],@X[0] + ld [$ctx+4],@X[1] + ld [$ctx+8],@X[2] + ld [$ctx+12],@X[3] + add $inp,64,$inp + ld [$ctx+16],@X[4] + cmp $inp,$len + + add $A,@X[0],$A + st $A,[$ctx+0] + add $B,@X[1],$B + st $B,[$ctx+4] + add $C,@X[2],$C + st $C,[$ctx+8] + add $D,@X[3],$D + st $D,[$ctx+12] + add $E,@X[4],$E + st $E,[$ctx+16] + + bne `$bits==64?"%xcc":"%icc"`,.Lloop + andn $inp,7,$tmp0 + + ret + restore +.type sha1_block_data_order,#function +.size sha1_block_data_order,(.-sha1_block_data_order) +.asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libcrypto/sha/asm/sha1-sparcv9a.pl b/lib/libcrypto/sha/asm/sha1-sparcv9a.pl new file mode 100644 index 00000000000..15eb854badc --- /dev/null +++ b/lib/libcrypto/sha/asm/sha1-sparcv9a.pl @@ -0,0 +1,600 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# January 2009 +# +# Provided that UltraSPARC VIS instructions are pipe-lined(*) and +# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC +# Graphic Unit would make it possible to achieve higher instruction- +# level parallelism, ILP, and thus higher performance. It should be +# explicitly noted that ILP is the keyword, and it means that this +# code would be unsuitable for cores like UltraSPARC-Tx. The idea is +# not really novel, Sun had VIS-powered implementation for a while. +# Unlike Sun's implementation this one can process multiple unaligned +# input blocks, and as such works as drop-in replacement for OpenSSL +# sha1_block_data_order. Performance improvement was measured to be +# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on +# UltraSPARC-III. See below for discussion... +# +# The module does not present direct interest for OpenSSL, because +# it doesn't provide better performance on contemporary SPARCv9 CPUs, +# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they +# absolutely must score on UltraSPARC-I-IV can simply replace +# crypto/sha/asm/sha1-sparcv9.pl with this module. +# +# (*) "Pipe-lined" means that even if it takes several cycles to +# complete, next instruction using same functional unit [but not +# depending on the result of the current instruction] can start +# execution without having to wait for the unit. "Pairable" +# means that two [or more] independent instructions can be +# issued at the very same time. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$tmp0="%i3"; +$tmp1="%i4"; +$tmp2="%i5"; +$tmp3="%g5"; + +$base="%g1"; +$align="%g4"; +$Xfer="%o5"; +$nXfer=$tmp3; +$Xi="%o7"; + +$A="%l0"; +$B="%l1"; +$C="%l2"; +$D="%l3"; +$E="%l4"; +@V=($A,$B,$C,$D,$E); + +$Actx="%o0"; +$Bctx="%o1"; +$Cctx="%o2"; +$Dctx="%o3"; +$Ectx="%o4"; + +$fmul="%f32"; +$VK_00_19="%f34"; +$VK_20_39="%f36"; +$VK_40_59="%f38"; +$VK_60_79="%f40"; +@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79); +@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7", + "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16"); + +# This is reference 2x-parallelized VIS-powered Xupdate procedure. It +# covers even K_NN_MM addition... +sub Xupdate { +my ($i)=@_; +my $K=@VK[($i+16)/20]; +my $j=($i+16)%16; + +# [ provided that GSR.alignaddr_offset is 5, $mul contains +# 0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to +# chosen registers... ] +$code.=<<___; + fxors @X[($j+13)%16],@X[$j],@X[$j] !-1/-1/-1:X[0]^=X[13] + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + ![fxors %f15,%f2,%f2] + for %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + ![fxors %f0,%f3,%f3] !10/17/12:X[0] dependency + fpadd32 $K,@X[$j],%f20 + std %f20,[$Xfer+`4*$j`] +___ +# The numbers delimited with slash are the earliest possible dispatch +# cycles for given instruction assuming 1 cycle latency for simple VIS +# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as +# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being +# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1 +# round. As [long as] FPU/VIS instructions are perfectly pairable with +# IALU ones, the round timing is defined by the maximum between VIS +# and IALU timings. The latter varies from round to round and averages +# out at 6.25 ticks. This means that USI&II should operate at IALU +# rate, while USIII&IV - at VIS rate. This explains why performance +# improvement varies among processors. Well, given that pure IALU +# sha1-sparcv9.pl module exhibits virtually uniform performance of +# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical +# lower limits. Real-life performance was measured to be 6.6 cycles +# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than +# half-round VIS timing, because there are 16 Xupdate-free rounds, +# which "push down" average theoretical timing to 8 cycles... + +# (*) SPARC64-V[II] was originally believed to have 2 cycles VIS +# latency. Well, it might have, but it doesn't have dedicated +# VIS-unit. Instead, VIS instructions are executed by other +# functional units, ones used here - by IALU. This doesn't +# improve effective ILP... +} + +# The reference Xupdate procedure is then "strained" over *pairs* of +# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13] +# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves +# plenty of room to amortize for read-after-write hazard, as well as +# to fetch and align input for the next spin. The VIS instructions are +# scheduled for latency of 2 cycles, because there are not enough IALU +# instructions to schedule for latency of 3, while scheduling for 1 +# would give no gain on USI&II anyway. + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1)); + sll $a,5,$tmp0 !! $i + and $c,$b,$tmp3 + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + sll $b,30,$tmp2 + add $tmp1,$e,$e + andn $d,$b,$tmp1 + add $Xi,$e,$e + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + or $tmp1,$tmp3,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 +___ +$code.=<<___ if ($i&1); + sll $a,5,$tmp0 !! $i + and $c,$b,$tmp3 + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + sll $b,30,$tmp2 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + andn $d,$b,$tmp1 + add $Xi,$e,$e + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + or $tmp1,$tmp3,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +$code.=<<___ if ($i&1 && $i>=2); + std %f20,[$Xfer+`4*$l`] ! +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1) && $i<64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 +___ +$code.=<<___ if ($i&1 && $i<64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + xor $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + add $tmp1,$e,$e + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + or $tmp2,$b,$b + add $Xi,$e,$e + std %f20,[$Xfer+`4*$l`] ! +___ +$code.=<<___ if ($i==64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 $K,@X[$l],%f20 + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + std %f20,[$Xfer+`4*$l`] + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i>64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1)); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + or $c,$b,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + and $d,$tmp1,$tmp1 + add $Xi,$e,$e + or $tmp1,$tmp0,$tmp1 + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 + or $tmp2,$b,$b + add $tmp1,$e,$e + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 +___ +$code.=<<___ if ($i&1); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + and $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + sll $b,30,$tmp2 + or $c,$b,$tmp1 + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + and $d,$tmp1,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + add $Xi,$e,$e + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e + std %f20,[$Xfer+`4*$l`] ! +___ +} + +# If there is more data to process, then we pre-fetch the data for +# next iteration in last ten rounds... +sub BODY_70_79 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $m=($i%8)*2; + +$j=($j+16)%16; + +$code.=<<___ if ($i==70); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + ldd [$inp+64],@X[0] + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e + + and $inp,-64,$nXfer + inc 64,$inp + and $nXfer,255,$nXfer + alignaddr %g0,$align,%g0 + add $base,$nXfer,$nXfer +___ +$code.=<<___ if ($i==71); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i>=72); + faligndata @X[$m],@X[$m+2],@X[$m] + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $VK_00_19,@X[$m],%f20 + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i<77); + ldd [$inp+`8*($i+1-70)`],@X[2*($i+1-70)] +___ +$code.=<<___ if ($i==77); # redundant if $inp was aligned + add $align,63,$tmp0 + and $tmp0,-8,$tmp0 + ldd [$inp+$tmp0],@X[16] +___ +$code.=<<___ if ($i>=72); + std %f20,[$nXfer+`4*$m`] +___ +} + +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 64 +vis_const: +.long 0x5a827999,0x5a827999 ! K_00_19 +.long 0x6ed9eba1,0x6ed9eba1 ! K_20_39 +.long 0x8f1bbcdc,0x8f1bbcdc ! K_40_59 +.long 0xca62c1d6,0xca62c1d6 ! K_60_79 +.long 0x00000100,0x00000100 +.align 64 +.type vis_const,#object +.size vis_const,(.-vis_const) + +.globl sha1_block_data_order +sha1_block_data_order: + save %sp,-$frame,%sp + add %fp,$bias-256,$base + +1: call .+8 + add %o7,vis_const-1b,$tmp0 + + ldd [$tmp0+0],$VK_00_19 + ldd [$tmp0+8],$VK_20_39 + ldd [$tmp0+16],$VK_40_59 + ldd [$tmp0+24],$VK_60_79 + ldd [$tmp0+32],$fmul + + ld [$ctx+0],$Actx + and $base,-256,$base + ld [$ctx+4],$Bctx + sub $base,$bias+$frame,%sp + ld [$ctx+8],$Cctx + and $inp,7,$align + ld [$ctx+12],$Dctx + and $inp,-8,$inp + ld [$ctx+16],$Ectx + + ! X[16] is maintained in FP register bank + alignaddr %g0,$align,%g0 + ldd [$inp+0],@X[0] + sub $inp,-64,$Xfer + ldd [$inp+8],@X[2] + and $Xfer,-64,$Xfer + ldd [$inp+16],@X[4] + and $Xfer,255,$Xfer + ldd [$inp+24],@X[6] + add $base,$Xfer,$Xfer + ldd [$inp+32],@X[8] + ldd [$inp+40],@X[10] + ldd [$inp+48],@X[12] + brz,pt $align,.Laligned + ldd [$inp+56],@X[14] + + ldd [$inp+64],@X[16] + faligndata @X[0],@X[2],@X[0] + faligndata @X[2],@X[4],@X[2] + faligndata @X[4],@X[6],@X[4] + faligndata @X[6],@X[8],@X[6] + faligndata @X[8],@X[10],@X[8] + faligndata @X[10],@X[12],@X[10] + faligndata @X[12],@X[14],@X[12] + faligndata @X[14],@X[16],@X[14] + +.Laligned: + mov 5,$tmp0 + dec 1,$len + alignaddr %g0,$tmp0,%g0 + fpadd32 $VK_00_19,@X[0],%f16 + fpadd32 $VK_00_19,@X[2],%f18 + fpadd32 $VK_00_19,@X[4],%f20 + fpadd32 $VK_00_19,@X[6],%f22 + fpadd32 $VK_00_19,@X[8],%f24 + fpadd32 $VK_00_19,@X[10],%f26 + fpadd32 $VK_00_19,@X[12],%f28 + fpadd32 $VK_00_19,@X[14],%f30 + std %f16,[$Xfer+0] + mov $Actx,$A + std %f18,[$Xfer+8] + mov $Bctx,$B + std %f20,[$Xfer+16] + mov $Cctx,$C + std %f22,[$Xfer+24] + mov $Dctx,$D + std %f24,[$Xfer+32] + mov $Ectx,$E + std %f26,[$Xfer+40] + fxors @X[13],@X[0],@X[0] + std %f28,[$Xfer+48] + ba .Loop + std %f30,[$Xfer+56] +.align 32 +.Loop: +___ +for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +for (;$i<70;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + tst $len + bz,pn `$bits==32?"%icc":"%xcc"`,.Ltail + nop +___ +for (;$i<80;$i++) { &BODY_70_79($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add $A,$Actx,$Actx + add $B,$Bctx,$Bctx + add $C,$Cctx,$Cctx + add $D,$Dctx,$Dctx + add $E,$Ectx,$Ectx + mov 5,$tmp0 + fxors @X[13],@X[0],@X[0] + mov $Actx,$A + mov $Bctx,$B + mov $Cctx,$C + mov $Dctx,$D + mov $Ectx,$E + alignaddr %g0,$tmp0,%g0 + dec 1,$len + ba .Loop + mov $nXfer,$Xfer + +.align 32 +.Ltail: +___ +for($i=70;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add $A,$Actx,$Actx + add $B,$Bctx,$Bctx + add $C,$Cctx,$Cctx + add $D,$Dctx,$Dctx + add $E,$Ectx,$Ectx + + st $Actx,[$ctx+0] + st $Bctx,[$ctx+4] + st $Cctx,[$ctx+8] + st $Dctx,[$ctx+12] + st $Ectx,[$ctx+16] + + ret + restore +.type sha1_block_data_order,#function +.size sha1_block_data_order,(.-sha1_block_data_order) +.asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>" +___ + +# Purpose of these subroutines is to explicitly encode VIS instructions, +# so that one can compile the module without having to specify VIS +# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. +# Idea is to reserve for option to produce "universal" binary and let +# programmer detect if current CPU is VIS capable at run-time. +sub unvis { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my $ref,$opf; +my %visopf = ( "fmul8ulx16" => 0x037, + "faligndata" => 0x048, + "fpadd32" => 0x052, + "fxor" => 0x06c, + "fxors" => 0x06d ); + + $ref = "$mnemonic\t$rs1,$rs2,$rd"; + + if ($opf=$visopf{$mnemonic}) { + foreach ($rs1,$rs2,$rd) { + return $ref if (!/%f([0-9]{1,2})/); + $_=$1; + if ($1>=32) { + return $ref if ($1&1); + # re-encode for upper double register addressing + $_=($1|$1>>5)&31; + } + } + + return sprintf ".word\t0x%08x !%s", + 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, + $ref; + } else { + return $ref; + } +} +sub unalignaddr { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); +my $ref="$mnemonic\t$rs1,$rs2,$rd"; + + foreach ($rs1,$rs2,$rd) { + if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } + else { return $ref; } + } + return sprintf ".word\t0x%08x !%s", + 0x81b00300|$rd<<25|$rs1<<14|$rs2, + $ref; +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/ + &unvis($1,$2,$3,$4) + /gem; +$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/ + &unalignaddr($1,$2,$3,$4) + /gem; +print $code; +close STDOUT; diff --git a/lib/libcrypto/sha/asm/sha1-thumb.pl b/lib/libcrypto/sha/asm/sha1-thumb.pl new file mode 100644 index 00000000000..7c9ea9b0296 --- /dev/null +++ b/lib/libcrypto/sha/asm/sha1-thumb.pl @@ -0,0 +1,259 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# sha1_block for Thumb. +# +# January 2007. +# +# The code does not present direct interest to OpenSSL, because of low +# performance. Its purpose is to establish _size_ benchmark. Pretty +# useless one I must say, because 30% or 88 bytes larger ARMv4 code +# [avialable on demand] is almost _twice_ as fast. It should also be +# noted that in-lining of .Lcommon and .Lrotate improves performance +# by over 40%, while code increases by only 10% or 32 bytes. But once +# again, the goal was to establish _size_ benchmark, not performance. + +$output=shift; +open STDOUT,">$output"; + +$inline=0; +#$cheat_on_binutils=1; + +$t0="r0"; +$t1="r1"; +$t2="r2"; +$a="r3"; +$b="r4"; +$c="r5"; +$d="r6"; +$e="r7"; +$K="r8"; # "upper" registers can be used in add/sub and mov insns +$ctx="r9"; +$inp="r10"; +$len="r11"; +$Xi="r12"; + +sub common { +<<___; + sub $t0,#4 + ldr $t1,[$t0] + add $e,$K @ E+=K_xx_xx + lsl $t2,$a,#5 + add $t2,$e + lsr $e,$a,#27 + add $t2,$e @ E+=ROR(A,27) + add $t2,$t1 @ E+=X[i] +___ +} +sub rotate { +<<___; + mov $e,$d @ E=D + mov $d,$c @ D=C + lsl $c,$b,#30 + lsr $b,$b,#2 + orr $c,$b @ C=ROR(B,2) + mov $b,$a @ B=A + add $a,$t2,$t1 @ A=E+F_xx_xx(B,C,D) +___ +} + +sub BODY_00_19 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$c + eor $t1,$d + and $t1,$b + eor $t1,$d @ F_00_19(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +sub BODY_20_39 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$b + eor $t1,$c + eor $t1,$d @ F_20_39(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +sub BODY_40_59 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$b + and $t1,$c + mov $e,$b + orr $e,$c + and $e,$d + orr $t1,$e @ F_40_59(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +$code=<<___; +.text +.code 16 + +.global sha1_block_data_order +.type sha1_block_data_order,%function + +.align 2 +sha1_block_data_order: +___ +if ($cheat_on_binutils) { +$code.=<<___; +.code 32 + add r3,pc,#1 + bx r3 @ switch to Thumb ISA +.code 16 +___ +} +$code.=<<___; + push {r4-r7} + mov r3,r8 + mov r4,r9 + mov r5,r10 + mov r6,r11 + mov r7,r12 + push {r3-r7,lr} + lsl r2,#6 + mov $ctx,r0 @ save context + mov $inp,r1 @ save inp + mov $len,r2 @ save len + add $len,$inp @ $len to point at inp end + +.Lloop: + mov $Xi,sp + mov $t2,sp + sub $t2,#16*4 @ [3] +.LXload: + ldrb $a,[$t1,#0] @ $t1 is r1 and holds inp + ldrb $b,[$t1,#1] + ldrb $c,[$t1,#2] + ldrb $d,[$t1,#3] + lsl $a,#24 + lsl $b,#16 + lsl $c,#8 + orr $a,$b + orr $a,$c + orr $a,$d + add $t1,#4 + push {$a} + cmp sp,$t2 + bne .LXload @ [+14*16] + + mov $inp,$t1 @ update $inp + sub $t2,#32*4 + sub $t2,#32*4 + mov $e,#31 @ [+4] +.LXupdate: + ldr $a,[sp,#15*4] + ldr $b,[sp,#13*4] + ldr $c,[sp,#7*4] + ldr $d,[sp,#2*4] + eor $a,$b + eor $a,$c + eor $a,$d + ror $a,$e + push {$a} + cmp sp,$t2 + bne .LXupdate @ [+(11+1)*64] + + ldmia $t0!,{$a,$b,$c,$d,$e} @ $t0 is r0 and holds ctx + mov $t0,$Xi + + ldr $t2,.LK_00_19 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+7+4] +.L_00_19: +___ + &BODY_00_19(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_00_19 @ [+(2+9+4+2+8+2)*20] + + ldr $t2,.LK_20_39 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+5] +.L_20_39_or_60_79: +___ + &BODY_20_39(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_20_39_or_60_79 @ [+(2+9+3+2+8+2)*20*2] + cmp sp,$t0 + beq .Ldone @ [+2] + + ldr $t2,.LK_40_59 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+5] +.L_40_59: +___ + &BODY_40_59(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_40_59 @ [+(2+9+6+2+8+2)*20] + + ldr $t2,.LK_60_79 + mov $Xi,sp + mov $K,$t2 + b .L_20_39_or_60_79 @ [+4] +.Ldone: + mov $t0,$ctx + ldr $t1,[$t0,#0] + ldr $t2,[$t0,#4] + add $a,$t1 + ldr $t1,[$t0,#8] + add $b,$t2 + ldr $t2,[$t0,#12] + add $c,$t1 + ldr $t1,[$t0,#16] + add $d,$t2 + add $e,$t1 + stmia $t0!,{$a,$b,$c,$d,$e} @ [+20] + + add sp,#80*4 @ deallocate stack frame + mov $t0,$ctx @ restore ctx + mov $t1,$inp @ restore inp + cmp $t1,$len + beq .Lexit + b .Lloop @ [+6] total 3212 cycles +.Lexit: + pop {r2-r7} + mov r8,r2 + mov r9,r3 + mov r10,r4 + mov r11,r5 + mov r12,r6 + mov lr,r7 + pop {r4-r7} + bx lr +.align 2 +___ +$code.=".Lcommon:\n".&common()."\tmov pc,lr\n" if (!$inline); +$code.=".Lrotate:\n".&rotate()."\tmov pc,lr\n" if (!$inline); +$code.=<<___; +.align 2 +.LK_00_19: .word 0x5a827999 +.LK_20_39: .word 0x6ed9eba1 +.LK_40_59: .word 0x8f1bbcdc +.LK_60_79: .word 0xca62c1d6 +.size sha1_block_data_order,.-sha1_block_data_order +.asciz "SHA1 block transform for Thumb, CRYPTOGAMS by <appro\@openssl.org>" +___ + +print $code; +close STDOUT; # enforce flush diff --git a/lib/libcrypto/sha/asm/sha1-x86_64.pl b/lib/libcrypto/sha/asm/sha1-x86_64.pl index f7ed67a7260..4edc5ea9ad5 100755 --- a/lib/libcrypto/sha/asm/sha1-x86_64.pl +++ b/lib/libcrypto/sha/asm/sha1-x86_64.pl @@ -29,14 +29,18 @@ # Xeon P4 +65% +0% 9.9 # Core2 +60% +10% 7.0 -$output=shift; +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $output"; +open STDOUT,"| $^X $xlate $flavour $output"; $ctx="%rdi"; # 1st arg $inp="%rsi"; # 2nd arg @@ -69,13 +73,14 @@ $func: push %rbx push %rbp push %r12 - mov %rsp,%rax + mov %rsp,%r11 mov %rdi,$ctx # reassigned argument sub \$`8+16*4`,%rsp mov %rsi,$inp # reassigned argument and \$-64,%rsp mov %rdx,$num # reassigned argument - mov %rax,`16*4`(%rsp) + mov %r11,`16*4`(%rsp) +.Lprologue: mov 0($ctx),$A mov 4($ctx),$B @@ -88,10 +93,12 @@ ___ sub EPILOGUE { my $func=shift; $code.=<<___; - mov `16*4`(%rsp),%rsp - pop %r12 - pop %rbp - pop %rbx + mov `16*4`(%rsp),%rsi + mov (%rsi),%r12 + mov 8(%rsi),%rbp + mov 16(%rsi),%rbx + lea 24(%rsi),%rsp +.Lepilogue: ret .size $func,.-$func ___ @@ -233,7 +240,109 @@ ___ &EPILOGUE("sha1_block_data_order"); $code.=<<___; .asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>" +.align 16 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + mov `16*4`(%rax),%rax # pull saved stack pointer + lea 24(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_sha1_block_data_order + .rva .LSEH_end_sha1_block_data_order + .rva .LSEH_info_sha1_block_data_order + +.section .xdata +.align 8 +.LSEH_info_sha1_block_data_order: + .byte 9,0,0,0 + .rva se_handler ___ +} #################################################################### diff --git a/lib/libcrypto/sha/asm/sha256-586.pl b/lib/libcrypto/sha/asm/sha256-586.pl new file mode 100644 index 00000000000..ecc8b69c75d --- /dev/null +++ b/lib/libcrypto/sha/asm/sha256-586.pl @@ -0,0 +1,251 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA256 block transform for x86. September 2007. +# +# Performance in clock cycles per processed byte (less is better): +# +# Pentium PIII P4 AMD K8 Core2 +# gcc 46 36 41 27 26 +# icc 57 33 38 25 23 +# x86 asm 40 30 35 20 20 +# x86_64 asm(*) - - 21 15.8 16.5 +# +# (*) x86_64 assembler performance is presented for reference +# purposes. +# +# Performance improvement over compiler generated code varies from +# 10% to 40% [see above]. Not very impressive on some µ-archs, but +# it's 5 times smaller and optimizies amount of writes. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386"); + +$A="eax"; +$E="edx"; +$T="ebx"; +$Aoff=&DWP(0,"esp"); +$Boff=&DWP(4,"esp"); +$Coff=&DWP(8,"esp"); +$Doff=&DWP(12,"esp"); +$Eoff=&DWP(16,"esp"); +$Foff=&DWP(20,"esp"); +$Goff=&DWP(24,"esp"); +$Hoff=&DWP(28,"esp"); +$Xoff=&DWP(32,"esp"); +$K256="ebp"; + +sub BODY_00_15() { + my $in_16_63=shift; + + &mov ("ecx",$E); + &add ($T,&DWP(4*(8+15+16-9),"esp")) if ($in_16_63); # T += X[-7] + &ror ("ecx",6); + &mov ("edi",$E); + &ror ("edi",11); + &mov ("esi",$Foff); + &xor ("ecx","edi"); + &ror ("edi",25-11); + &mov (&DWP(4*(8+15),"esp"),$T) if ($in_16_63); # save X[0] + &xor ("ecx","edi"); # Sigma1(e) + &mov ("edi",$Goff); + &add ($T,"ecx"); # T += Sigma1(e) + &mov ($Eoff,$E); # modulo-scheduled + + &xor ("esi","edi"); + &mov ("ecx",$A); + &and ("esi",$E); + &mov ($E,$Doff); # e becomes d, which is e in next iteration + &xor ("esi","edi"); # Ch(e,f,g) + &mov ("edi",$A); + &add ($T,"esi"); # T += Ch(e,f,g) + + &ror ("ecx",2); + &add ($T,$Hoff); # T += h + &ror ("edi",13); + &mov ("esi",$Boff); + &xor ("ecx","edi"); + &ror ("edi",22-13); + &add ($E,$T); # d += T + &xor ("ecx","edi"); # Sigma0(a) + &mov ("edi",$Coff); + + &add ($T,"ecx"); # T += Sigma0(a) + &mov ($Aoff,$A); # modulo-scheduled + + &mov ("ecx",$A); + &sub ("esp",4); + &or ($A,"esi"); # a becomes h, which is a in next iteration + &and ("ecx","esi"); + &and ($A,"edi"); + &mov ("esi",&DWP(0,$K256)); + &or ($A,"ecx"); # h=Maj(a,b,c) + + &add ($K256,4); + &add ($A,$T); # h += T + &mov ($T,&DWP(4*(8+15+16-1),"esp")) if ($in_16_63); # preload T + &add ($E,"esi"); # d += K256[i] + &add ($A,"esi"); # h += K256[i] +} + +&function_begin("sha256_block_data_order"); + &mov ("esi",wparam(0)); # ctx + &mov ("edi",wparam(1)); # inp + &mov ("eax",wparam(2)); # num + &mov ("ebx","esp"); # saved sp + + &call (&label("pic_point")); # make it PIC! +&set_label("pic_point"); + &blindpop($K256); + &lea ($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256)); + + &sub ("esp",16); + &and ("esp",-64); + + &shl ("eax",6); + &add ("eax","edi"); + &mov (&DWP(0,"esp"),"esi"); # ctx + &mov (&DWP(4,"esp"),"edi"); # inp + &mov (&DWP(8,"esp"),"eax"); # inp+num*128 + &mov (&DWP(12,"esp"),"ebx"); # saved sp + +&set_label("loop",16); + # copy input block to stack reversing byte and dword order + for($i=0;$i<4;$i++) { + &mov ("eax",&DWP($i*16+0,"edi")); + &mov ("ebx",&DWP($i*16+4,"edi")); + &mov ("ecx",&DWP($i*16+8,"edi")); + &mov ("edx",&DWP($i*16+12,"edi")); + &bswap ("eax"); + &bswap ("ebx"); + &bswap ("ecx"); + &bswap ("edx"); + &push ("eax"); + &push ("ebx"); + &push ("ecx"); + &push ("edx"); + } + &add ("edi",64); + &sub ("esp",4*8); # place for A,B,C,D,E,F,G,H + &mov (&DWP(4*(8+16)+4,"esp"),"edi"); + + # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack + &mov ($A,&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edi",&DWP(12,"esi")); + # &mov ($Aoff,$A); + &mov ($Boff,"ebx"); + &mov ($Coff,"ecx"); + &mov ($Doff,"edi"); + &mov ($E,&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &mov ("edi",&DWP(28,"esi")); + # &mov ($Eoff,$E); + &mov ($Foff,"ebx"); + &mov ($Goff,"ecx"); + &mov ($Hoff,"edi"); + +&set_label("00_15",16); + &mov ($T,&DWP(4*(8+15),"esp")); + + &BODY_00_15(); + + &cmp ("esi",0xc19bf174); + &jne (&label("00_15")); + + &mov ($T,&DWP(4*(8+15+16-1),"esp")); # preloaded in BODY_00_15(1) +&set_label("16_63",16); + &mov ("esi",$T); + &mov ("ecx",&DWP(4*(8+15+16-14),"esp")); + &shr ($T,3); + &ror ("esi",7); + &xor ($T,"esi"); + &ror ("esi",18-7); + &mov ("edi","ecx"); + &xor ($T,"esi"); # T = sigma0(X[-15]) + + &shr ("ecx",10); + &mov ("esi",&DWP(4*(8+15+16),"esp")); + &ror ("edi",17); + &xor ("ecx","edi"); + &ror ("edi",19-17); + &add ($T,"esi"); # T += X[-16] + &xor ("edi","ecx") # sigma1(X[-2]) + + &add ($T,"edi"); # T += sigma1(X[-2]) + # &add ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7], moved to BODY_00_15(1) + # &mov (&DWP(4*(8+15),"esp"),$T); # save X[0] + + &BODY_00_15(1); + + &cmp ("esi",0xc67178f2); + &jne (&label("16_63")); + + &mov ("esi",&DWP(4*(8+16+64)+0,"esp"));#ctx + # &mov ($A,$Aoff); + &mov ("ebx",$Boff); + &mov ("ecx",$Coff); + &mov ("edi",$Doff); + &add ($A,&DWP(0,"esi")); + &add ("ebx",&DWP(4,"esi")); + &add ("ecx",&DWP(8,"esi")); + &add ("edi",&DWP(12,"esi")); + &mov (&DWP(0,"esi"),$A); + &mov (&DWP(4,"esi"),"ebx"); + &mov (&DWP(8,"esi"),"ecx"); + &mov (&DWP(12,"esi"),"edi"); + # &mov ($E,$Eoff); + &mov ("eax",$Foff); + &mov ("ebx",$Goff); + &mov ("ecx",$Hoff); + &mov ("edi",&DWP(4*(8+16+64)+4,"esp"));#inp + &add ($E,&DWP(16,"esi")); + &add ("eax",&DWP(20,"esi")); + &add ("ebx",&DWP(24,"esi")); + &add ("ecx",&DWP(28,"esi")); + &mov (&DWP(16,"esi"),$E); + &mov (&DWP(20,"esi"),"eax"); + &mov (&DWP(24,"esi"),"ebx"); + &mov (&DWP(28,"esi"),"ecx"); + + &add ("esp",4*(8+16+64)); # destroy frame + &sub ($K256,4*64); # rewind K + + &cmp ("edi",&DWP(8,"esp")); # are we done yet? + &jb (&label("loop")); + + &mov ("esp",&DWP(12,"esp")); # restore sp +&function_end_A(); + +&set_label("K256",64); # Yes! I keep it in the code segment! + &data_word(0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5); + &data_word(0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5); + &data_word(0xd807aa98,0x12835b01,0x243185be,0x550c7dc3); + &data_word(0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174); + &data_word(0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc); + &data_word(0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da); + &data_word(0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7); + &data_word(0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967); + &data_word(0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13); + &data_word(0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85); + &data_word(0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3); + &data_word(0xd192e819,0xd6990624,0xf40e3585,0x106aa070); + &data_word(0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5); + &data_word(0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3); + &data_word(0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208); + &data_word(0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2); +&function_end_B("sha256_block_data_order"); +&asciz("SHA256 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>"); + +&asm_finish(); diff --git a/lib/libcrypto/sha/asm/sha256-armv4.pl b/lib/libcrypto/sha/asm/sha256-armv4.pl new file mode 100644 index 00000000000..48d846deec3 --- /dev/null +++ b/lib/libcrypto/sha/asm/sha256-armv4.pl @@ -0,0 +1,181 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256 block procedure for ARMv4. May 2007. + +# Performance is ~2x better than gcc 3.4 generated code and in "abso- +# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per +# byte. + +$output=shift; +open STDOUT,">$output"; + +$ctx="r0"; $t0="r0"; +$inp="r1"; +$len="r2"; $t1="r2"; +$T1="r3"; +$A="r4"; +$B="r5"; +$C="r6"; +$D="r7"; +$E="r8"; +$F="r9"; +$G="r10"; +$H="r11"; +@V=($A,$B,$C,$D,$E,$F,$G,$H); +$t2="r12"; +$Ktbl="r14"; + +@Sigma0=( 2,13,22); +@Sigma1=( 6,11,25); +@sigma0=( 7,18, 3); +@sigma1=(17,19,10); + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___ if ($i<16); + ldrb $T1,[$inp,#3] @ $i + ldrb $t2,[$inp,#2] + ldrb $t1,[$inp,#1] + ldrb $t0,[$inp],#4 + orr $T1,$T1,$t2,lsl#8 + orr $T1,$T1,$t1,lsl#16 + orr $T1,$T1,$t0,lsl#24 + `"str $inp,[sp,#17*4]" if ($i==15)` +___ +$code.=<<___; + ldr $t2,[$Ktbl],#4 @ *K256++ + str $T1,[sp,#`$i%16`*4] + mov $t0,$e,ror#$Sigma1[0] + eor $t0,$t0,$e,ror#$Sigma1[1] + eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e) + add $T1,$T1,$t0 + eor $t1,$f,$g + and $t1,$t1,$e + eor $t1,$t1,$g @ Ch(e,f,g) + add $T1,$T1,$t1 + add $T1,$T1,$h + add $T1,$T1,$t2 + mov $h,$a,ror#$Sigma0[0] + eor $h,$h,$a,ror#$Sigma0[1] + eor $h,$h,$a,ror#$Sigma0[2] @ Sigma0(a) + orr $t0,$a,$b + and $t0,$t0,$c + and $t1,$a,$b + orr $t0,$t0,$t1 @ Maj(a,b,c) + add $h,$h,$t0 + add $d,$d,$T1 + add $h,$h,$T1 +___ +} + +sub BODY_16_XX { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + ldr $t1,[sp,#`($i+1)%16`*4] @ $i + ldr $t2,[sp,#`($i+14)%16`*4] + ldr $T1,[sp,#`($i+0)%16`*4] + ldr $inp,[sp,#`($i+9)%16`*4] + mov $t0,$t1,ror#$sigma0[0] + eor $t0,$t0,$t1,ror#$sigma0[1] + eor $t0,$t0,$t1,lsr#$sigma0[2] @ sigma0(X[i+1]) + mov $t1,$t2,ror#$sigma1[0] + eor $t1,$t1,$t2,ror#$sigma1[1] + eor $t1,$t1,$t2,lsr#$sigma1[2] @ sigma1(X[i+14]) + add $T1,$T1,$t0 + add $T1,$T1,$t1 + add $T1,$T1,$inp +___ + &BODY_00_15(@_); +} + +$code=<<___; +.text +.code 32 + +.type K256,%object +.align 5 +K256: +.word 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 +.word 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 +.word 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 +.word 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 +.word 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc +.word 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da +.word 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 +.word 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 +.word 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 +.word 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 +.word 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 +.word 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 +.word 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 +.word 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 +.word 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 +.word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +.size K256,.-K256 + +.global sha256_block_data_order +.type sha256_block_data_order,%function +sha256_block_data_order: + sub r3,pc,#8 @ sha256_block_data_order + add $len,$inp,$len,lsl#6 @ len to point at the end of inp + stmdb sp!,{$ctx,$inp,$len,r4-r12,lr} + ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H} + sub $Ktbl,r3,#256 @ K256 + sub sp,sp,#16*4 @ alloca(X[16]) +.Loop: +___ +for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=".Lrounds_16_xx:\n"; +for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + and $t2,$t2,#0xff + cmp $t2,#0xf2 + bne .Lrounds_16_xx + + ldr $T1,[sp,#16*4] @ pull ctx + ldr $t0,[$T1,#0] + ldr $t1,[$T1,#4] + ldr $t2,[$T1,#8] + add $A,$A,$t0 + ldr $t0,[$T1,#12] + add $B,$B,$t1 + ldr $t1,[$T1,#16] + add $C,$C,$t2 + ldr $t2,[$T1,#20] + add $D,$D,$t0 + ldr $t0,[$T1,#24] + add $E,$E,$t1 + ldr $t1,[$T1,#28] + add $F,$F,$t2 + ldr $inp,[sp,#17*4] @ pull inp + ldr $t2,[sp,#18*4] @ pull inp+len + add $G,$G,$t0 + add $H,$H,$t1 + stmia $T1,{$A,$B,$C,$D,$E,$F,$G,$H} + cmp $inp,$t2 + sub $Ktbl,$Ktbl,#256 @ rewind Ktbl + bne .Loop + + add sp,sp,#`16+3`*4 @ destroy frame + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +.size sha256_block_data_order,.-sha256_block_data_order +.asciz "SHA256 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/lib/libcrypto/sha/asm/sha512-586.pl b/lib/libcrypto/sha/asm/sha512-586.pl new file mode 100644 index 00000000000..5b9f3337add --- /dev/null +++ b/lib/libcrypto/sha/asm/sha512-586.pl @@ -0,0 +1,644 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA512 block transform for x86. September 2007. +# +# Performance in clock cycles per processed byte (less is better): +# +# Pentium PIII P4 AMD K8 Core2 +# gcc 100 75 116 54 66 +# icc 97 77 95 55 57 +# x86 asm 61 56 82 36 40 +# SSE2 asm - - 38 24 20 +# x86_64 asm(*) - - 30 10.0 10.5 +# +# (*) x86_64 assembler performance is presented for reference +# purposes. +# +# IALU code-path is optimized for elder Pentiums. On vanilla Pentium +# performance improvement over compiler generated code reaches ~60%, +# while on PIII - ~35%. On newer µ-archs improvement varies from 15% +# to 50%, but it's less important as they are expected to execute SSE2 +# code-path, which is commonly ~2-3x faster [than compiler generated +# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even +# though it does not use 128-bit operations. The latter means that +# SSE2-aware kernel is no longer required to execute the code. Another +# difference is that new code optimizes amount of writes, but at the +# cost of increased data cache "footprint" by 1/2KB. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386"); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + +$Tlo=&DWP(0,"esp"); $Thi=&DWP(4,"esp"); +$Alo=&DWP(8,"esp"); $Ahi=&DWP(8+4,"esp"); +$Blo=&DWP(16,"esp"); $Bhi=&DWP(16+4,"esp"); +$Clo=&DWP(24,"esp"); $Chi=&DWP(24+4,"esp"); +$Dlo=&DWP(32,"esp"); $Dhi=&DWP(32+4,"esp"); +$Elo=&DWP(40,"esp"); $Ehi=&DWP(40+4,"esp"); +$Flo=&DWP(48,"esp"); $Fhi=&DWP(48+4,"esp"); +$Glo=&DWP(56,"esp"); $Ghi=&DWP(56+4,"esp"); +$Hlo=&DWP(64,"esp"); $Hhi=&DWP(64+4,"esp"); +$K512="ebp"; + +$Asse2=&QWP(0,"esp"); +$Bsse2=&QWP(8,"esp"); +$Csse2=&QWP(16,"esp"); +$Dsse2=&QWP(24,"esp"); +$Esse2=&QWP(32,"esp"); +$Fsse2=&QWP(40,"esp"); +$Gsse2=&QWP(48,"esp"); +$Hsse2=&QWP(56,"esp"); + +$A="mm0"; # B-D and +$E="mm4"; # F-H are commonly loaded to respectively mm1-mm3 and + # mm5-mm7, but it's done on on-demand basis... + +sub BODY_00_15_sse2 { + my $prefetch=shift; + + &movq ("mm5",$Fsse2); # load f + &movq ("mm6",$Gsse2); # load g + &movq ("mm7",$Hsse2); # load h + + &movq ("mm1",$E); # %mm1 is sliding right + &movq ("mm2",$E); # %mm2 is sliding left + &psrlq ("mm1",14); + &movq ($Esse2,$E); # modulo-scheduled save e + &psllq ("mm2",23); + &movq ("mm3","mm1"); # %mm3 is T1 + &psrlq ("mm1",4); + &pxor ("mm3","mm2"); + &psllq ("mm2",23); + &pxor ("mm3","mm1"); + &psrlq ("mm1",23); + &pxor ("mm3","mm2"); + &psllq ("mm2",4); + &pxor ("mm3","mm1"); + &paddq ("mm7",QWP(0,$K512)); # h+=K512[i] + &pxor ("mm3","mm2"); # T1=Sigma1_512(e) + + &pxor ("mm5","mm6"); # f^=g + &movq ("mm1",$Bsse2); # load b + &pand ("mm5",$E); # f&=e + &movq ("mm2",$Csse2); # load c + &pxor ("mm5","mm6"); # f^=g + &movq ($E,$Dsse2); # e = load d + &paddq ("mm3","mm5"); # T1+=Ch(e,f,g) + &movq (&QWP(0,"esp"),$A); # modulo-scheduled save a + &paddq ("mm3","mm7"); # T1+=h + + &movq ("mm5",$A); # %mm5 is sliding right + &movq ("mm6",$A); # %mm6 is sliding left + &paddq ("mm3",&QWP(8*9,"esp")); # T1+=X[0] + &psrlq ("mm5",28); + &paddq ($E,"mm3"); # e += T1 + &psllq ("mm6",25); + &movq ("mm7","mm5"); # %mm7 is T2 + &psrlq ("mm5",6); + &pxor ("mm7","mm6"); + &psllq ("mm6",5); + &pxor ("mm7","mm5"); + &psrlq ("mm5",5); + &pxor ("mm7","mm6"); + &psllq ("mm6",6); + &pxor ("mm7","mm5"); + &sub ("esp",8); + &pxor ("mm7","mm6"); # T2=Sigma0_512(a) + + &movq ("mm5",$A); # %mm5=a + &por ($A,"mm2"); # a=a|c + &movq ("mm6",&QWP(8*(9+16-14),"esp")) if ($prefetch); + &pand ("mm5","mm2"); # %mm5=a&c + &pand ($A,"mm1"); # a=(a|c)&b + &movq ("mm2",&QWP(8*(9+16-1),"esp")) if ($prefetch); + &por ("mm5",$A); # %mm5=(a&c)|((a|c)&b) + &paddq ("mm7","mm5"); # T2+=Maj(a,b,c) + &movq ($A,"mm3"); # a=T1 + + &mov (&LB("edx"),&BP(0,$K512)); + &paddq ($A,"mm7"); # a+=T2 + &add ($K512,8); +} + +sub BODY_00_15_x86 { + #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) + # LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 + # HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 + &mov ("ecx",$Elo); + &mov ("edx",$Ehi); + &mov ("esi","ecx"); + + &shr ("ecx",9) # lo>>9 + &mov ("edi","edx"); + &shr ("edx",9) # hi>>9 + &mov ("ebx","ecx"); + &shl ("esi",14); # lo<<14 + &mov ("eax","edx"); + &shl ("edi",14); # hi<<14 + &xor ("ebx","esi"); + + &shr ("ecx",14-9); # lo>>14 + &xor ("eax","edi"); + &shr ("edx",14-9); # hi>>14 + &xor ("eax","ecx"); + &shl ("esi",18-14); # lo<<18 + &xor ("ebx","edx"); + &shl ("edi",18-14); # hi<<18 + &xor ("ebx","esi"); + + &shr ("ecx",18-14); # lo>>18 + &xor ("eax","edi"); + &shr ("edx",18-14); # hi>>18 + &xor ("eax","ecx"); + &shl ("esi",23-18); # lo<<23 + &xor ("ebx","edx"); + &shl ("edi",23-18); # hi<<23 + &xor ("eax","esi"); + &xor ("ebx","edi"); # T1 = Sigma1(e) + + &mov ("ecx",$Flo); + &mov ("edx",$Fhi); + &mov ("esi",$Glo); + &mov ("edi",$Ghi); + &add ("eax",$Hlo); + &adc ("ebx",$Hhi); # T1 += h + &xor ("ecx","esi"); + &xor ("edx","edi"); + &and ("ecx",$Elo); + &and ("edx",$Ehi); + &add ("eax",&DWP(8*(9+15)+0,"esp")); + &adc ("ebx",&DWP(8*(9+15)+4,"esp")); # T1 += X[0] + &xor ("ecx","esi"); + &xor ("edx","edi"); # Ch(e,f,g) = (f^g)&e)^g + + &mov ("esi",&DWP(0,$K512)); + &mov ("edi",&DWP(4,$K512)); # K[i] + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += Ch(e,f,g) + &mov ("ecx",$Dlo); + &mov ("edx",$Dhi); + &add ("eax","esi"); + &adc ("ebx","edi"); # T1 += K[i] + &mov ($Tlo,"eax"); + &mov ($Thi,"ebx"); # put T1 away + &add ("eax","ecx"); + &adc ("ebx","edx"); # d += T1 + + #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) + # LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 + # HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 + &mov ("ecx",$Alo); + &mov ("edx",$Ahi); + &mov ($Dlo,"eax"); + &mov ($Dhi,"ebx"); + &mov ("esi","ecx"); + + &shr ("ecx",2) # lo>>2 + &mov ("edi","edx"); + &shr ("edx",2) # hi>>2 + &mov ("ebx","ecx"); + &shl ("esi",4); # lo<<4 + &mov ("eax","edx"); + &shl ("edi",4); # hi<<4 + &xor ("ebx","esi"); + + &shr ("ecx",7-2); # lo>>7 + &xor ("eax","edi"); + &shr ("edx",7-2); # hi>>7 + &xor ("ebx","ecx"); + &shl ("esi",25-4); # lo<<25 + &xor ("eax","edx"); + &shl ("edi",25-4); # hi<<25 + &xor ("eax","esi"); + + &shr ("ecx",28-7); # lo>>28 + &xor ("ebx","edi"); + &shr ("edx",28-7); # hi>>28 + &xor ("eax","ecx"); + &shl ("esi",30-25); # lo<<30 + &xor ("ebx","edx"); + &shl ("edi",30-25); # hi<<30 + &xor ("eax","esi"); + &xor ("ebx","edi"); # Sigma0(a) + + &mov ("ecx",$Alo); + &mov ("edx",$Ahi); + &mov ("esi",$Blo); + &mov ("edi",$Bhi); + &add ("eax",$Tlo); + &adc ("ebx",$Thi); # T1 = Sigma0(a)+T1 + &or ("ecx","esi"); + &or ("edx","edi"); + &and ("ecx",$Clo); + &and ("edx",$Chi); + &and ("esi",$Alo); + &and ("edi",$Ahi); + &or ("ecx","esi"); + &or ("edx","edi"); # Maj(a,b,c) = ((a|b)&c)|(a&b) + + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += Maj(a,b,c) + &mov ($Tlo,"eax"); + &mov ($Thi,"ebx"); + + &mov (&LB("edx"),&BP(0,$K512)); # pre-fetch LSB of *K + &sub ("esp",8); + &lea ($K512,&DWP(8,$K512)); # K++ +} + + +&function_begin("sha512_block_data_order"); + &mov ("esi",wparam(0)); # ctx + &mov ("edi",wparam(1)); # inp + &mov ("eax",wparam(2)); # num + &mov ("ebx","esp"); # saved sp + + &call (&label("pic_point")); # make it PIC! +&set_label("pic_point"); + &blindpop($K512); + &lea ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512)); + + &sub ("esp",16); + &and ("esp",-64); + + &shl ("eax",7); + &add ("eax","edi"); + &mov (&DWP(0,"esp"),"esi"); # ctx + &mov (&DWP(4,"esp"),"edi"); # inp + &mov (&DWP(8,"esp"),"eax"); # inp+num*128 + &mov (&DWP(12,"esp"),"ebx"); # saved sp + +if ($sse2) { + &picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512")); + &bt (&DWP(0,"edx"),26); + &jnc (&label("loop_x86")); + + # load ctx->h[0-7] + &movq ($A,&QWP(0,"esi")); + &movq ("mm1",&QWP(8,"esi")); + &movq ("mm2",&QWP(16,"esi")); + &movq ("mm3",&QWP(24,"esi")); + &movq ($E,&QWP(32,"esi")); + &movq ("mm5",&QWP(40,"esi")); + &movq ("mm6",&QWP(48,"esi")); + &movq ("mm7",&QWP(56,"esi")); + &sub ("esp",8*10); + +&set_label("loop_sse2",16); + # &movq ($Asse2,$A); + &movq ($Bsse2,"mm1"); + &movq ($Csse2,"mm2"); + &movq ($Dsse2,"mm3"); + # &movq ($Esse2,$E); + &movq ($Fsse2,"mm5"); + &movq ($Gsse2,"mm6"); + &movq ($Hsse2,"mm7"); + + &mov ("ecx",&DWP(0,"edi")); + &mov ("edx",&DWP(4,"edi")); + &add ("edi",8); + &bswap ("ecx"); + &bswap ("edx"); + &mov (&DWP(8*9+4,"esp"),"ecx"); + &mov (&DWP(8*9+0,"esp"),"edx"); + +&set_label("00_14_sse2",16); + &mov ("eax",&DWP(0,"edi")); + &mov ("ebx",&DWP(4,"edi")); + &add ("edi",8); + &bswap ("eax"); + &bswap ("ebx"); + &mov (&DWP(8*8+4,"esp"),"eax"); + &mov (&DWP(8*8+0,"esp"),"ebx"); + + &BODY_00_15_sse2(); + + &cmp (&LB("edx"),0x35); + &jne (&label("00_14_sse2")); + + &BODY_00_15_sse2(1); + +&set_label("16_79_sse2",16); + #&movq ("mm2",&QWP(8*(9+16-1),"esp")); #prefetched in BODY_00_15 + #&movq ("mm6",&QWP(8*(9+16-14),"esp")); + &movq ("mm1","mm2"); + + &psrlq ("mm2",1); + &movq ("mm7","mm6"); + &psrlq ("mm6",6); + &movq ("mm3","mm2"); + + &psrlq ("mm2",7-1); + &movq ("mm5","mm6"); + &psrlq ("mm6",19-6); + &pxor ("mm3","mm2"); + + &psrlq ("mm2",8-7); + &pxor ("mm5","mm6"); + &psrlq ("mm6",61-19); + &pxor ("mm3","mm2"); + + &movq ("mm2",&QWP(8*(9+16),"esp")); + + &psllq ("mm1",56); + &pxor ("mm5","mm6"); + &psllq ("mm7",3); + &pxor ("mm3","mm1"); + + &paddq ("mm2",&QWP(8*(9+16-9),"esp")); + + &psllq ("mm1",63-56); + &pxor ("mm5","mm7"); + &psllq ("mm7",45-3); + &pxor ("mm3","mm1"); + &pxor ("mm5","mm7"); + + &paddq ("mm3","mm5"); + &paddq ("mm3","mm2"); + &movq (&QWP(8*9,"esp"),"mm3"); + + &BODY_00_15_sse2(1); + + &cmp (&LB("edx"),0x17); + &jne (&label("16_79_sse2")); + + # &movq ($A,$Asse2); + &movq ("mm1",$Bsse2); + &movq ("mm2",$Csse2); + &movq ("mm3",$Dsse2); + # &movq ($E,$Esse2); + &movq ("mm5",$Fsse2); + &movq ("mm6",$Gsse2); + &movq ("mm7",$Hsse2); + + &paddq ($A,&QWP(0,"esi")); + &paddq ("mm1",&QWP(8,"esi")); + &paddq ("mm2",&QWP(16,"esi")); + &paddq ("mm3",&QWP(24,"esi")); + &paddq ($E,&QWP(32,"esi")); + &paddq ("mm5",&QWP(40,"esi")); + &paddq ("mm6",&QWP(48,"esi")); + &paddq ("mm7",&QWP(56,"esi")); + + &movq (&QWP(0,"esi"),$A); + &movq (&QWP(8,"esi"),"mm1"); + &movq (&QWP(16,"esi"),"mm2"); + &movq (&QWP(24,"esi"),"mm3"); + &movq (&QWP(32,"esi"),$E); + &movq (&QWP(40,"esi"),"mm5"); + &movq (&QWP(48,"esi"),"mm6"); + &movq (&QWP(56,"esi"),"mm7"); + + &add ("esp",8*80); # destroy frame + &sub ($K512,8*80); # rewind K + + &cmp ("edi",&DWP(8*10+8,"esp")); # are we done yet? + &jb (&label("loop_sse2")); + + &emms (); + &mov ("esp",&DWP(8*10+12,"esp")); # restore sp +&function_end_A(); +} +&set_label("loop_x86",16); + # copy input block to stack reversing byte and qword order + for ($i=0;$i<8;$i++) { + &mov ("eax",&DWP($i*16+0,"edi")); + &mov ("ebx",&DWP($i*16+4,"edi")); + &mov ("ecx",&DWP($i*16+8,"edi")); + &mov ("edx",&DWP($i*16+12,"edi")); + &bswap ("eax"); + &bswap ("ebx"); + &bswap ("ecx"); + &bswap ("edx"); + &push ("eax"); + &push ("ebx"); + &push ("ecx"); + &push ("edx"); + } + &add ("edi",128); + &sub ("esp",9*8); # place for T,A,B,C,D,E,F,G,H + &mov (&DWP(8*(9+16)+4,"esp"),"edi"); + + # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack + &lea ("edi",&DWP(8,"esp")); + &mov ("ecx",16); + &data_word(0xA5F3F689); # rep movsd + +&set_label("00_15_x86",16); + &BODY_00_15_x86(); + + &cmp (&LB("edx"),0x94); + &jne (&label("00_15_x86")); + +&set_label("16_79_x86",16); + #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) + # LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 + # HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 + &mov ("ecx",&DWP(8*(9+15+16-1)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16-1)+4,"esp")); + &mov ("esi","ecx"); + + &shr ("ecx",1) # lo>>1 + &mov ("edi","edx"); + &shr ("edx",1) # hi>>1 + &mov ("eax","ecx"); + &shl ("esi",24); # lo<<24 + &mov ("ebx","edx"); + &shl ("edi",24); # hi<<24 + &xor ("ebx","esi"); + + &shr ("ecx",7-1); # lo>>7 + &xor ("eax","edi"); + &shr ("edx",7-1); # hi>>7 + &xor ("eax","ecx"); + &shl ("esi",31-24); # lo<<31 + &xor ("ebx","edx"); + &shl ("edi",25-24); # hi<<25 + &xor ("ebx","esi"); + + &shr ("ecx",8-7); # lo>>8 + &xor ("eax","edi"); + &shr ("edx",8-7); # hi>>8 + &xor ("eax","ecx"); + &shl ("edi",31-25); # hi<<31 + &xor ("ebx","edx"); + &xor ("eax","edi"); # T1 = sigma0(X[-15]) + + &mov (&DWP(0,"esp"),"eax"); + &mov (&DWP(4,"esp"),"ebx"); # put T1 away + + #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + # LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 + # HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 + &mov ("ecx",&DWP(8*(9+15+16-14)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16-14)+4,"esp")); + &mov ("esi","ecx"); + + &shr ("ecx",6) # lo>>6 + &mov ("edi","edx"); + &shr ("edx",6) # hi>>6 + &mov ("eax","ecx"); + &shl ("esi",3); # lo<<3 + &mov ("ebx","edx"); + &shl ("edi",3); # hi<<3 + &xor ("eax","esi"); + + &shr ("ecx",19-6); # lo>>19 + &xor ("ebx","edi"); + &shr ("edx",19-6); # hi>>19 + &xor ("eax","ecx"); + &shl ("esi",13-3); # lo<<13 + &xor ("ebx","edx"); + &shl ("edi",13-3); # hi<<13 + &xor ("ebx","esi"); + + &shr ("ecx",29-19); # lo>>29 + &xor ("eax","edi"); + &shr ("edx",29-19); # hi>>29 + &xor ("ebx","ecx"); + &shl ("edi",26-13); # hi<<26 + &xor ("eax","edx"); + &xor ("eax","edi"); # sigma1(X[-2]) + + &mov ("ecx",&DWP(8*(9+15+16)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16)+4,"esp")); + &add ("eax",&DWP(0,"esp")); + &adc ("ebx",&DWP(4,"esp")); # T1 = sigma1(X[-2])+T1 + &mov ("esi",&DWP(8*(9+15+16-9)+0,"esp")); + &mov ("edi",&DWP(8*(9+15+16-9)+4,"esp")); + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += X[-16] + &add ("eax","esi"); + &adc ("ebx","edi"); # T1 += X[-7] + &mov (&DWP(8*(9+15)+0,"esp"),"eax"); + &mov (&DWP(8*(9+15)+4,"esp"),"ebx"); # save X[0] + + &BODY_00_15_x86(); + + &cmp (&LB("edx"),0x17); + &jne (&label("16_79_x86")); + + &mov ("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx + &mov ("edi",&DWP(8*(9+16+80)+4,"esp"));# inp + for($i=0;$i<4;$i++) { + &mov ("eax",&DWP($i*16+0,"esi")); + &mov ("ebx",&DWP($i*16+4,"esi")); + &mov ("ecx",&DWP($i*16+8,"esi")); + &mov ("edx",&DWP($i*16+12,"esi")); + &add ("eax",&DWP(8+($i*16)+0,"esp")); + &adc ("ebx",&DWP(8+($i*16)+4,"esp")); + &mov (&DWP($i*16+0,"esi"),"eax"); + &mov (&DWP($i*16+4,"esi"),"ebx"); + &add ("ecx",&DWP(8+($i*16)+8,"esp")); + &adc ("edx",&DWP(8+($i*16)+12,"esp")); + &mov (&DWP($i*16+8,"esi"),"ecx"); + &mov (&DWP($i*16+12,"esi"),"edx"); + } + &add ("esp",8*(9+16+80)); # destroy frame + &sub ($K512,8*80); # rewind K + + &cmp ("edi",&DWP(8,"esp")); # are we done yet? + &jb (&label("loop_x86")); + + &mov ("esp",&DWP(12,"esp")); # restore sp +&function_end_A(); + +&set_label("K512",64); # Yes! I keep it in the code segment! + &data_word(0xd728ae22,0x428a2f98); # u64 + &data_word(0x23ef65cd,0x71374491); # u64 + &data_word(0xec4d3b2f,0xb5c0fbcf); # u64 + &data_word(0x8189dbbc,0xe9b5dba5); # u64 + &data_word(0xf348b538,0x3956c25b); # u64 + &data_word(0xb605d019,0x59f111f1); # u64 + &data_word(0xaf194f9b,0x923f82a4); # u64 + &data_word(0xda6d8118,0xab1c5ed5); # u64 + &data_word(0xa3030242,0xd807aa98); # u64 + &data_word(0x45706fbe,0x12835b01); # u64 + &data_word(0x4ee4b28c,0x243185be); # u64 + &data_word(0xd5ffb4e2,0x550c7dc3); # u64 + &data_word(0xf27b896f,0x72be5d74); # u64 + &data_word(0x3b1696b1,0x80deb1fe); # u64 + &data_word(0x25c71235,0x9bdc06a7); # u64 + &data_word(0xcf692694,0xc19bf174); # u64 + &data_word(0x9ef14ad2,0xe49b69c1); # u64 + &data_word(0x384f25e3,0xefbe4786); # u64 + &data_word(0x8b8cd5b5,0x0fc19dc6); # u64 + &data_word(0x77ac9c65,0x240ca1cc); # u64 + &data_word(0x592b0275,0x2de92c6f); # u64 + &data_word(0x6ea6e483,0x4a7484aa); # u64 + &data_word(0xbd41fbd4,0x5cb0a9dc); # u64 + &data_word(0x831153b5,0x76f988da); # u64 + &data_word(0xee66dfab,0x983e5152); # u64 + &data_word(0x2db43210,0xa831c66d); # u64 + &data_word(0x98fb213f,0xb00327c8); # u64 + &data_word(0xbeef0ee4,0xbf597fc7); # u64 + &data_word(0x3da88fc2,0xc6e00bf3); # u64 + &data_word(0x930aa725,0xd5a79147); # u64 + &data_word(0xe003826f,0x06ca6351); # u64 + &data_word(0x0a0e6e70,0x14292967); # u64 + &data_word(0x46d22ffc,0x27b70a85); # u64 + &data_word(0x5c26c926,0x2e1b2138); # u64 + &data_word(0x5ac42aed,0x4d2c6dfc); # u64 + &data_word(0x9d95b3df,0x53380d13); # u64 + &data_word(0x8baf63de,0x650a7354); # u64 + &data_word(0x3c77b2a8,0x766a0abb); # u64 + &data_word(0x47edaee6,0x81c2c92e); # u64 + &data_word(0x1482353b,0x92722c85); # u64 + &data_word(0x4cf10364,0xa2bfe8a1); # u64 + &data_word(0xbc423001,0xa81a664b); # u64 + &data_word(0xd0f89791,0xc24b8b70); # u64 + &data_word(0x0654be30,0xc76c51a3); # u64 + &data_word(0xd6ef5218,0xd192e819); # u64 + &data_word(0x5565a910,0xd6990624); # u64 + &data_word(0x5771202a,0xf40e3585); # u64 + &data_word(0x32bbd1b8,0x106aa070); # u64 + &data_word(0xb8d2d0c8,0x19a4c116); # u64 + &data_word(0x5141ab53,0x1e376c08); # u64 + &data_word(0xdf8eeb99,0x2748774c); # u64 + &data_word(0xe19b48a8,0x34b0bcb5); # u64 + &data_word(0xc5c95a63,0x391c0cb3); # u64 + &data_word(0xe3418acb,0x4ed8aa4a); # u64 + &data_word(0x7763e373,0x5b9cca4f); # u64 + &data_word(0xd6b2b8a3,0x682e6ff3); # u64 + &data_word(0x5defb2fc,0x748f82ee); # u64 + &data_word(0x43172f60,0x78a5636f); # u64 + &data_word(0xa1f0ab72,0x84c87814); # u64 + &data_word(0x1a6439ec,0x8cc70208); # u64 + &data_word(0x23631e28,0x90befffa); # u64 + &data_word(0xde82bde9,0xa4506ceb); # u64 + &data_word(0xb2c67915,0xbef9a3f7); # u64 + &data_word(0xe372532b,0xc67178f2); # u64 + &data_word(0xea26619c,0xca273ece); # u64 + &data_word(0x21c0c207,0xd186b8c7); # u64 + &data_word(0xcde0eb1e,0xeada7dd6); # u64 + &data_word(0xee6ed178,0xf57d4f7f); # u64 + &data_word(0x72176fba,0x06f067aa); # u64 + &data_word(0xa2c898a6,0x0a637dc5); # u64 + &data_word(0xbef90dae,0x113f9804); # u64 + &data_word(0x131c471b,0x1b710b35); # u64 + &data_word(0x23047d84,0x28db77f5); # u64 + &data_word(0x40c72493,0x32caab7b); # u64 + &data_word(0x15c9bebc,0x3c9ebe0a); # u64 + &data_word(0x9c100d4c,0x431d67c4); # u64 + &data_word(0xcb3e42b6,0x4cc5d4be); # u64 + &data_word(0xfc657e2a,0x597f299c); # u64 + &data_word(0x3ad6faec,0x5fcb6fab); # u64 + &data_word(0x4a475817,0x6c44198c); # u64 +&function_end_B("sha512_block_data_order"); +&asciz("SHA512 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>"); + +&asm_finish(); diff --git a/lib/libcrypto/sha/asm/sha512-armv4.pl b/lib/libcrypto/sha/asm/sha512-armv4.pl new file mode 100644 index 00000000000..4fbb94a914f --- /dev/null +++ b/lib/libcrypto/sha/asm/sha512-armv4.pl @@ -0,0 +1,399 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA512 block procedure for ARMv4. September 2007. + +# This code is ~4.5 (four and a half) times faster than code generated +# by gcc 3.4 and it spends ~72 clock cycles per byte. + +# Byte order [in]dependence. ========================================= +# +# Caller is expected to maintain specific *dword* order in h[0-7], +# namely with most significant dword at *lower* address, which is +# reflected in below two parameters. *Byte* order within these dwords +# in turn is whatever *native* byte order on current platform. +$hi=0; +$lo=4; +# ==================================================================== + +$output=shift; +open STDOUT,">$output"; + +$ctx="r0"; +$inp="r1"; +$len="r2"; +$Tlo="r3"; +$Thi="r4"; +$Alo="r5"; +$Ahi="r6"; +$Elo="r7"; +$Ehi="r8"; +$t0="r9"; +$t1="r10"; +$t2="r11"; +$t3="r12"; +############ r13 is stack pointer +$Ktbl="r14"; +############ r15 is program counter + +$Aoff=8*0; +$Boff=8*1; +$Coff=8*2; +$Doff=8*3; +$Eoff=8*4; +$Foff=8*5; +$Goff=8*6; +$Hoff=8*7; +$Xoff=8*8; + +sub BODY_00_15() { +my $magic = shift; +$code.=<<___; + ldr $t2,[sp,#$Hoff+0] @ h.lo + ldr $t3,[sp,#$Hoff+4] @ h.hi + @ Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) + @ LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 + @ HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 + mov $t0,$Elo,lsr#14 + mov $t1,$Ehi,lsr#14 + eor $t0,$t0,$Ehi,lsl#18 + eor $t1,$t1,$Elo,lsl#18 + eor $t0,$t0,$Elo,lsr#18 + eor $t1,$t1,$Ehi,lsr#18 + eor $t0,$t0,$Ehi,lsl#14 + eor $t1,$t1,$Elo,lsl#14 + eor $t0,$t0,$Ehi,lsr#9 + eor $t1,$t1,$Elo,lsr#9 + eor $t0,$t0,$Elo,lsl#23 + eor $t1,$t1,$Ehi,lsl#23 @ Sigma1(e) + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 @ T += Sigma1(e) + adds $Tlo,$Tlo,$t2 + adc $Thi,$Thi,$t3 @ T += h + + ldr $t0,[sp,#$Foff+0] @ f.lo + ldr $t1,[sp,#$Foff+4] @ f.hi + ldr $t2,[sp,#$Goff+0] @ g.lo + ldr $t3,[sp,#$Goff+4] @ g.hi + str $Elo,[sp,#$Eoff+0] + str $Ehi,[sp,#$Eoff+4] + str $Alo,[sp,#$Aoff+0] + str $Ahi,[sp,#$Aoff+4] + + eor $t0,$t0,$t2 + eor $t1,$t1,$t3 + and $t0,$t0,$Elo + and $t1,$t1,$Ehi + eor $t0,$t0,$t2 + eor $t1,$t1,$t3 @ Ch(e,f,g) + + ldr $t2,[$Ktbl,#4] @ K[i].lo + ldr $t3,[$Ktbl,#0] @ K[i].hi + ldr $Elo,[sp,#$Doff+0] @ d.lo + ldr $Ehi,[sp,#$Doff+4] @ d.hi + + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 @ T += Ch(e,f,g) + adds $Tlo,$Tlo,$t2 + adc $Thi,$Thi,$t3 @ T += K[i] + adds $Elo,$Elo,$Tlo + adc $Ehi,$Ehi,$Thi @ d += T + + and $t0,$t2,#0xff + teq $t0,#$magic + orreq $Ktbl,$Ktbl,#1 + + ldr $t2,[sp,#$Boff+0] @ b.lo + ldr $t3,[sp,#$Coff+0] @ c.lo + @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) + @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 + @ HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 + mov $t0,$Alo,lsr#28 + mov $t1,$Ahi,lsr#28 + eor $t0,$t0,$Ahi,lsl#4 + eor $t1,$t1,$Alo,lsl#4 + eor $t0,$t0,$Ahi,lsr#2 + eor $t1,$t1,$Alo,lsr#2 + eor $t0,$t0,$Alo,lsl#30 + eor $t1,$t1,$Ahi,lsl#30 + eor $t0,$t0,$Ahi,lsr#7 + eor $t1,$t1,$Alo,lsr#7 + eor $t0,$t0,$Alo,lsl#25 + eor $t1,$t1,$Ahi,lsl#25 @ Sigma0(a) + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 @ T += Sigma0(a) + + and $t0,$Alo,$t2 + orr $Alo,$Alo,$t2 + ldr $t1,[sp,#$Boff+4] @ b.hi + ldr $t2,[sp,#$Coff+4] @ c.hi + and $Alo,$Alo,$t3 + orr $Alo,$Alo,$t0 @ Maj(a,b,c).lo + and $t3,$Ahi,$t1 + orr $Ahi,$Ahi,$t1 + and $Ahi,$Ahi,$t2 + orr $Ahi,$Ahi,$t3 @ Maj(a,b,c).hi + adds $Alo,$Alo,$Tlo + adc $Ahi,$Ahi,$Thi @ h += T + + sub sp,sp,#8 + add $Ktbl,$Ktbl,#8 +___ +} +$code=<<___; +.text +.code 32 +.type K512,%object +.align 5 +K512: +.word 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd +.word 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc +.word 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019 +.word 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118 +.word 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe +.word 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2 +.word 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1 +.word 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694 +.word 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3 +.word 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65 +.word 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483 +.word 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5 +.word 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210 +.word 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4 +.word 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725 +.word 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70 +.word 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926 +.word 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df +.word 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8 +.word 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b +.word 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001 +.word 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30 +.word 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910 +.word 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8 +.word 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53 +.word 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8 +.word 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb +.word 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3 +.word 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60 +.word 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec +.word 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9 +.word 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b +.word 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207 +.word 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178 +.word 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6 +.word 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b +.word 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493 +.word 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c +.word 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a +.word 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817 +.size K512,.-K512 + +.global sha512_block_data_order +.type sha512_block_data_order,%function +sha512_block_data_order: + sub r3,pc,#8 @ sha512_block_data_order + add $len,$inp,$len,lsl#7 @ len to point at the end of inp + stmdb sp!,{r4-r12,lr} + sub $Ktbl,r3,#640 @ K512 + sub sp,sp,#9*8 + + ldr $Elo,[$ctx,#$Eoff+$lo] + ldr $Ehi,[$ctx,#$Eoff+$hi] + ldr $t0, [$ctx,#$Goff+$lo] + ldr $t1, [$ctx,#$Goff+$hi] + ldr $t2, [$ctx,#$Hoff+$lo] + ldr $t3, [$ctx,#$Hoff+$hi] +.Loop: + str $t0, [sp,#$Goff+0] + str $t1, [sp,#$Goff+4] + str $t2, [sp,#$Hoff+0] + str $t3, [sp,#$Hoff+4] + ldr $Alo,[$ctx,#$Aoff+$lo] + ldr $Ahi,[$ctx,#$Aoff+$hi] + ldr $Tlo,[$ctx,#$Boff+$lo] + ldr $Thi,[$ctx,#$Boff+$hi] + ldr $t0, [$ctx,#$Coff+$lo] + ldr $t1, [$ctx,#$Coff+$hi] + ldr $t2, [$ctx,#$Doff+$lo] + ldr $t3, [$ctx,#$Doff+$hi] + str $Tlo,[sp,#$Boff+0] + str $Thi,[sp,#$Boff+4] + str $t0, [sp,#$Coff+0] + str $t1, [sp,#$Coff+4] + str $t2, [sp,#$Doff+0] + str $t3, [sp,#$Doff+4] + ldr $Tlo,[$ctx,#$Foff+$lo] + ldr $Thi,[$ctx,#$Foff+$hi] + str $Tlo,[sp,#$Foff+0] + str $Thi,[sp,#$Foff+4] + +.L00_15: + ldrb $Tlo,[$inp,#7] + ldrb $t0, [$inp,#6] + ldrb $t1, [$inp,#5] + ldrb $t2, [$inp,#4] + ldrb $Thi,[$inp,#3] + ldrb $t3, [$inp,#2] + orr $Tlo,$Tlo,$t0,lsl#8 + ldrb $t0, [$inp,#1] + orr $Tlo,$Tlo,$t1,lsl#16 + ldrb $t1, [$inp],#8 + orr $Tlo,$Tlo,$t2,lsl#24 + orr $Thi,$Thi,$t3,lsl#8 + orr $Thi,$Thi,$t0,lsl#16 + orr $Thi,$Thi,$t1,lsl#24 + str $Tlo,[sp,#$Xoff+0] + str $Thi,[sp,#$Xoff+4] +___ + &BODY_00_15(0x94); +$code.=<<___; + tst $Ktbl,#1 + beq .L00_15 + bic $Ktbl,$Ktbl,#1 + +.L16_79: + ldr $t0,[sp,#`$Xoff+8*(16-1)`+0] + ldr $t1,[sp,#`$Xoff+8*(16-1)`+4] + ldr $t2,[sp,#`$Xoff+8*(16-14)`+0] + ldr $t3,[sp,#`$Xoff+8*(16-14)`+4] + + @ sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) + @ LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 + @ HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 + mov $Tlo,$t0,lsr#1 + mov $Thi,$t1,lsr#1 + eor $Tlo,$Tlo,$t1,lsl#31 + eor $Thi,$Thi,$t0,lsl#31 + eor $Tlo,$Tlo,$t0,lsr#8 + eor $Thi,$Thi,$t1,lsr#8 + eor $Tlo,$Tlo,$t1,lsl#24 + eor $Thi,$Thi,$t0,lsl#24 + eor $Tlo,$Tlo,$t0,lsr#7 + eor $Thi,$Thi,$t1,lsr#7 + eor $Tlo,$Tlo,$t1,lsl#25 + + @ sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + @ LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 + @ HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 + mov $t0,$t2,lsr#19 + mov $t1,$t3,lsr#19 + eor $t0,$t0,$t3,lsl#13 + eor $t1,$t1,$t2,lsl#13 + eor $t0,$t0,$t3,lsr#29 + eor $t1,$t1,$t2,lsr#29 + eor $t0,$t0,$t2,lsl#3 + eor $t1,$t1,$t3,lsl#3 + eor $t0,$t0,$t2,lsr#6 + eor $t1,$t1,$t3,lsr#6 + eor $t0,$t0,$t3,lsl#26 + + ldr $t2,[sp,#`$Xoff+8*(16-9)`+0] + ldr $t3,[sp,#`$Xoff+8*(16-9)`+4] + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 + + ldr $t0,[sp,#`$Xoff+8*16`+0] + ldr $t1,[sp,#`$Xoff+8*16`+4] + adds $Tlo,$Tlo,$t2 + adc $Thi,$Thi,$t3 + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 + str $Tlo,[sp,#$Xoff+0] + str $Thi,[sp,#$Xoff+4] +___ + &BODY_00_15(0x17); +$code.=<<___; + tst $Ktbl,#1 + beq .L16_79 + bic $Ktbl,$Ktbl,#1 + + ldr $Tlo,[sp,#$Boff+0] + ldr $Thi,[sp,#$Boff+4] + ldr $t0, [$ctx,#$Aoff+$lo] + ldr $t1, [$ctx,#$Aoff+$hi] + ldr $t2, [$ctx,#$Boff+$lo] + ldr $t3, [$ctx,#$Boff+$hi] + adds $t0,$Alo,$t0 + adc $t1,$Ahi,$t1 + adds $t2,$Tlo,$t2 + adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Aoff+$lo] + str $t1, [$ctx,#$Aoff+$hi] + str $t2, [$ctx,#$Boff+$lo] + str $t3, [$ctx,#$Boff+$hi] + + ldr $Alo,[sp,#$Coff+0] + ldr $Ahi,[sp,#$Coff+4] + ldr $Tlo,[sp,#$Doff+0] + ldr $Thi,[sp,#$Doff+4] + ldr $t0, [$ctx,#$Coff+$lo] + ldr $t1, [$ctx,#$Coff+$hi] + ldr $t2, [$ctx,#$Doff+$lo] + ldr $t3, [$ctx,#$Doff+$hi] + adds $t0,$Alo,$t0 + adc $t1,$Ahi,$t1 + adds $t2,$Tlo,$t2 + adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Coff+$lo] + str $t1, [$ctx,#$Coff+$hi] + str $t2, [$ctx,#$Doff+$lo] + str $t3, [$ctx,#$Doff+$hi] + + ldr $Tlo,[sp,#$Foff+0] + ldr $Thi,[sp,#$Foff+4] + ldr $t0, [$ctx,#$Eoff+$lo] + ldr $t1, [$ctx,#$Eoff+$hi] + ldr $t2, [$ctx,#$Foff+$lo] + ldr $t3, [$ctx,#$Foff+$hi] + adds $Elo,$Elo,$t0 + adc $Ehi,$Ehi,$t1 + adds $t2,$Tlo,$t2 + adc $t3,$Thi,$t3 + str $Elo,[$ctx,#$Eoff+$lo] + str $Ehi,[$ctx,#$Eoff+$hi] + str $t2, [$ctx,#$Foff+$lo] + str $t3, [$ctx,#$Foff+$hi] + + ldr $Alo,[sp,#$Goff+0] + ldr $Ahi,[sp,#$Goff+4] + ldr $Tlo,[sp,#$Hoff+0] + ldr $Thi,[sp,#$Hoff+4] + ldr $t0, [$ctx,#$Goff+$lo] + ldr $t1, [$ctx,#$Goff+$hi] + ldr $t2, [$ctx,#$Hoff+$lo] + ldr $t3, [$ctx,#$Hoff+$hi] + adds $t0,$Alo,$t0 + adc $t1,$Ahi,$t1 + adds $t2,$Tlo,$t2 + adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Goff+$lo] + str $t1, [$ctx,#$Goff+$hi] + str $t2, [$ctx,#$Hoff+$lo] + str $t3, [$ctx,#$Hoff+$hi] + + add sp,sp,#640 + sub $Ktbl,$Ktbl,#640 + + teq $inp,$len + bne .Loop + + add sp,sp,#8*9 @ destroy frame + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +.size sha512_block_data_order,.-sha512_block_data_order +.asciz "SHA512 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/lib/libcrypto/sha/asm/sha512-ppc.pl b/lib/libcrypto/sha/asm/sha512-ppc.pl new file mode 100755 index 00000000000..768a6a6fad5 --- /dev/null +++ b/lib/libcrypto/sha/asm/sha512-ppc.pl @@ -0,0 +1,462 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# I let hardware handle unaligned input, except on page boundaries +# (see below for details). Otherwise straightforward implementation +# with X vector in register bank. The module is big-endian [which is +# not big deal as there're no little-endian targets left around]. + +# sha256 | sha512 +# -m64 -m32 | -m64 -m32 +# --------------------------------------+----------------------- +# PPC970,gcc-4.0.0 +50% +38% | +40% +410%(*) +# Power6,xlc-7 +150% +90% | +100% +430%(*) +# +# (*) 64-bit code in 32-bit application context, which actually is +# on TODO list. It should be noted that for safe deployment in +# 32-bit *mutli-threaded* context asyncronous signals should be +# blocked upon entry to SHA512 block routine. This is because +# 32-bit signaling procedure invalidates upper halves of GPRs. +# Context switch procedure preserves them, but not signaling:-( + +# Second version is true multi-thread safe. Trouble with the original +# version was that it was using thread local storage pointer register. +# Well, it scrupulously preserved it, but the problem would arise the +# moment asynchronous signal was delivered and signal handler would +# dereference the TLS pointer. While it's never the case in openssl +# application or test suite, we have to respect this scenario and not +# use TLS pointer register. Alternative would be to require caller to +# block signals prior calling this routine. For the record, in 32-bit +# context R2 serves as TLS pointer, while in 64-bit context - R13. + +$flavour=shift; +$output =shift; + +if ($flavour =~ /64/) { + $SIZE_T=8; + $STU="stdu"; + $UCMP="cmpld"; + $SHL="sldi"; + $POP="ld"; + $PUSH="std"; +} elsif ($flavour =~ /32/) { + $SIZE_T=4; + $STU="stwu"; + $UCMP="cmplw"; + $SHL="slwi"; + $POP="lwz"; + $PUSH="stw"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!"; + +if ($output =~ /512/) { + $func="sha512_block_data_order"; + $SZ=8; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; + $LD="ld"; + $ST="std"; + $ROR="rotrdi"; + $SHR="srdi"; +} else { + $func="sha256_block_data_order"; + $SZ=4; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; + $LD="lwz"; + $ST="stw"; + $ROR="rotrwi"; + $SHR="srwi"; +} + +$FRAME=32*$SIZE_T; + +$sp ="r1"; +$toc="r2"; +$ctx="r3"; # zapped by $a0 +$inp="r4"; # zapped by $a1 +$num="r5"; # zapped by $t0 + +$T ="r0"; +$a0 ="r3"; +$a1 ="r4"; +$t0 ="r5"; +$t1 ="r6"; +$Tbl="r7"; + +$A ="r8"; +$B ="r9"; +$C ="r10"; +$D ="r11"; +$E ="r12"; +$F ="r13"; $F="r2" if ($SIZE_T==8);# reassigned to exempt TLS pointer +$G ="r14"; +$H ="r15"; + +@V=($A,$B,$C,$D,$E,$F,$G,$H); +@X=("r16","r17","r18","r19","r20","r21","r22","r23", + "r24","r25","r26","r27","r28","r29","r30","r31"); + +$inp="r31"; # reassigned $inp! aliases with @X[15] + +sub ROUND_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +$code.=<<___; + $LD $T,`$i*$SZ`($Tbl) + $ROR $a0,$e,$Sigma1[0] + $ROR $a1,$e,$Sigma1[1] + and $t0,$f,$e + andc $t1,$g,$e + add $T,$T,$h + xor $a0,$a0,$a1 + $ROR $a1,$a1,`$Sigma1[2]-$Sigma1[1]` + or $t0,$t0,$t1 ; Ch(e,f,g) + add $T,$T,@X[$i] + xor $a0,$a0,$a1 ; Sigma1(e) + add $T,$T,$t0 + add $T,$T,$a0 + + $ROR $a0,$a,$Sigma0[0] + $ROR $a1,$a,$Sigma0[1] + and $t0,$a,$b + and $t1,$a,$c + xor $a0,$a0,$a1 + $ROR $a1,$a1,`$Sigma0[2]-$Sigma0[1]` + xor $t0,$t0,$t1 + and $t1,$b,$c + xor $a0,$a0,$a1 ; Sigma0(a) + add $d,$d,$T + xor $t0,$t0,$t1 ; Maj(a,b,c) + add $h,$T,$a0 + add $h,$h,$t0 + +___ +} + +sub ROUND_16_xx { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +$i-=16; +$code.=<<___; + $ROR $a0,@X[($i+1)%16],$sigma0[0] + $ROR $a1,@X[($i+1)%16],$sigma0[1] + $ROR $t0,@X[($i+14)%16],$sigma1[0] + $ROR $t1,@X[($i+14)%16],$sigma1[1] + xor $a0,$a0,$a1 + $SHR $a1,@X[($i+1)%16],$sigma0[2] + xor $t0,$t0,$t1 + $SHR $t1,@X[($i+14)%16],$sigma1[2] + add @X[$i],@X[$i],@X[($i+9)%16] + xor $a0,$a0,$a1 ; sigma0(X[(i+1)&0x0f]) + xor $t0,$t0,$t1 ; sigma1(X[(i+14)&0x0f]) + add @X[$i],@X[$i],$a0 + add @X[$i],@X[$i],$t0 +___ +&ROUND_00_15($i,$a,$b,$c,$d,$e,$f,$g,$h); +} + +$code=<<___; +.machine "any" +.text + +.globl $func +.align 6 +$func: + mflr r0 + $STU $sp,`-($FRAME+16*$SZ)`($sp) + $SHL $num,$num,`log(16*$SZ)/log(2)` + + $PUSH $ctx,`$FRAME-$SIZE_T*22`($sp) + + $PUSH r0,`$FRAME-$SIZE_T*21`($sp) + $PUSH $toc,`$FRAME-$SIZE_T*20`($sp) + $PUSH r13,`$FRAME-$SIZE_T*19`($sp) + $PUSH r14,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + + $LD $A,`0*$SZ`($ctx) + mr $inp,r4 ; incarnate $inp + $LD $B,`1*$SZ`($ctx) + $LD $C,`2*$SZ`($ctx) + $LD $D,`3*$SZ`($ctx) + $LD $E,`4*$SZ`($ctx) + $LD $F,`5*$SZ`($ctx) + $LD $G,`6*$SZ`($ctx) + $LD $H,`7*$SZ`($ctx) + + b LPICmeup +LPICedup: + andi. r0,$inp,3 + bne Lunaligned +Laligned: + add $num,$inp,$num + $PUSH $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private +Ldone: + $POP r0,`$FRAME-$SIZE_T*21`($sp) + $POP $toc,`$FRAME-$SIZE_T*20`($sp) + $POP r13,`$FRAME-$SIZE_T*19`($sp) + $POP r14,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,`$FRAME+16*$SZ` + blr +___ + +# PowerPC specification allows an implementation to be ill-behaved +# upon unaligned access which crosses page boundary. "Better safe +# than sorry" principle makes me treat it specially. But I don't +# look for particular offending word, but rather for the input +# block which crosses the boundary. Once found that block is aligned +# and hashed separately... +$code.=<<___; +.align 4 +Lunaligned: + subfic $t1,$inp,4096 + andi. $t1,$t1,`4096-16*$SZ` ; distance to closest page boundary + beq Lcross_page + $UCMP $num,$t1 + ble- Laligned ; didn't cross the page boundary + subfc $num,$t1,$num + add $t1,$inp,$t1 + $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real remaining num + $PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; intermediate end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private + ; $inp equals to the intermediate end pointer here + $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real remaining num +Lcross_page: + li $t1,`16*$SZ/4` + mtctr $t1 + addi r20,$sp,$FRAME ; aligned spot below the frame +Lmemcpy: + lbz r16,0($inp) + lbz r17,1($inp) + lbz r18,2($inp) + lbz r19,3($inp) + addi $inp,$inp,4 + stb r16,0(r20) + stb r17,1(r20) + stb r18,2(r20) + stb r19,3(r20) + addi r20,r20,4 + bdnz Lmemcpy + + $PUSH $inp,`$FRAME-$SIZE_T*26`($sp) ; save real inp + addi $t1,$sp,`$FRAME+16*$SZ` ; fictitious end pointer + addi $inp,$sp,$FRAME ; fictitious inp pointer + $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real num + $PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private + $POP $inp,`$FRAME-$SIZE_T*26`($sp) ; restore real inp + $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real num + addic. $num,$num,`-16*$SZ` ; num-- + bne- Lunaligned + b Ldone +___ + +$code.=<<___; +.align 4 +Lsha2_block_private: +___ +for($i=0;$i<16;$i++) { +$code.=<<___ if ($SZ==4); + lwz @X[$i],`$i*$SZ`($inp) +___ +# 64-bit loads are split to 2x32-bit ones, as CPU can't handle +# unaligned 64-bit loads, only 32-bit ones... +$code.=<<___ if ($SZ==8); + lwz $t0,`$i*$SZ`($inp) + lwz @X[$i],`$i*$SZ+4`($inp) + insrdi @X[$i],$t0,32,0 +___ + &ROUND_00_15($i,@V); + unshift(@V,pop(@V)); +} +$code.=<<___; + li $T,`$rounds/16-1` + mtctr $T +.align 4 +Lrounds: + addi $Tbl,$Tbl,`16*$SZ` +___ +for(;$i<32;$i++) { + &ROUND_16_xx($i,@V); + unshift(@V,pop(@V)); +} +$code.=<<___; + bdnz- Lrounds + + $POP $ctx,`$FRAME-$SIZE_T*22`($sp) + $POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + $POP $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer + subi $Tbl,$Tbl,`($rounds-16)*$SZ` ; rewind Tbl + + $LD r16,`0*$SZ`($ctx) + $LD r17,`1*$SZ`($ctx) + $LD r18,`2*$SZ`($ctx) + $LD r19,`3*$SZ`($ctx) + $LD r20,`4*$SZ`($ctx) + $LD r21,`5*$SZ`($ctx) + $LD r22,`6*$SZ`($ctx) + addi $inp,$inp,`16*$SZ` ; advance inp + $LD r23,`7*$SZ`($ctx) + add $A,$A,r16 + add $B,$B,r17 + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) + add $C,$C,r18 + $ST $A,`0*$SZ`($ctx) + add $D,$D,r19 + $ST $B,`1*$SZ`($ctx) + add $E,$E,r20 + $ST $C,`2*$SZ`($ctx) + add $F,$F,r21 + $ST $D,`3*$SZ`($ctx) + add $G,$G,r22 + $ST $E,`4*$SZ`($ctx) + add $H,$H,r23 + $ST $F,`5*$SZ`($ctx) + $ST $G,`6*$SZ`($ctx) + $UCMP $inp,$num + $ST $H,`7*$SZ`($ctx) + bne Lsha2_block_private + blr +___ + +# Ugly hack here, because PPC assembler syntax seem to vary too +# much from platforms to platform... +$code.=<<___; +.align 6 +LPICmeup: + bl LPIC + addi $Tbl,$Tbl,`64-4` ; "distance" between . and last nop + b LPICedup + nop + nop + nop + nop + nop +LPIC: mflr $Tbl + blr + nop + nop + nop + nop + nop + nop +___ +$code.=<<___ if ($SZ==8); + .long 0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd + .long 0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc + .long 0x3956c25b,0xf348b538,0x59f111f1,0xb605d019 + .long 0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118 + .long 0xd807aa98,0xa3030242,0x12835b01,0x45706fbe + .long 0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2 + .long 0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1 + .long 0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694 + .long 0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3 + .long 0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65 + .long 0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483 + .long 0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5 + .long 0x983e5152,0xee66dfab,0xa831c66d,0x2db43210 + .long 0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4 + .long 0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725 + .long 0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70 + .long 0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926 + .long 0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df + .long 0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8 + .long 0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b + .long 0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001 + .long 0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30 + .long 0xd192e819,0xd6ef5218,0xd6990624,0x5565a910 + .long 0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8 + .long 0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53 + .long 0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8 + .long 0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb + .long 0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3 + .long 0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60 + .long 0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec + .long 0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9 + .long 0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b + .long 0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207 + .long 0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178 + .long 0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6 + .long 0x113f9804,0xbef90dae,0x1b710b35,0x131c471b + .long 0x28db77f5,0x23047d84,0x32caab7b,0x40c72493 + .long 0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c + .long 0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a + .long 0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817 +___ +$code.=<<___ if ($SZ==4); + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libcrypto/sha/asm/sha512-s390x.pl b/lib/libcrypto/sha/asm/sha512-s390x.pl new file mode 100644 index 00000000000..e7ef2d5a9f5 --- /dev/null +++ b/lib/libcrypto/sha/asm/sha512-s390x.pl @@ -0,0 +1,301 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256/512 block procedures for s390x. + +# April 2007. +# +# sha256_block_data_order is reportedly >3 times faster than gcc 3.3 +# generated code (must be a bug in compiler, as improvement is +# "pathologically" high, in particular in comparison to other SHA +# modules). But the real twist is that it detects if hardware support +# for SHA256 is available and in such case utilizes it. Then the +# performance can reach >6.5x of assembler one for larger chunks. +# +# sha512_block_data_order is ~70% faster than gcc 3.3 generated code. + +# January 2009. +# +# Add support for hardware SHA512 and reschedule instructions to +# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster +# than software. + +$t0="%r0"; +$t1="%r1"; +$ctx="%r2"; $t2="%r2"; +$inp="%r3"; +$len="%r4"; # used as index in inner loop + +$A="%r5"; +$B="%r6"; +$C="%r7"; +$D="%r8"; +$E="%r9"; +$F="%r10"; +$G="%r11"; +$H="%r12"; @V=($A,$B,$C,$D,$E,$F,$G,$H); +$tbl="%r13"; +$T1="%r14"; +$sp="%r15"; + +$output=shift; +open STDOUT,">$output"; + +if ($output =~ /512/) { + $label="512"; + $SZ=8; + $LD="lg"; # load from memory + $ST="stg"; # store to memory + $ADD="alg"; # add with memory operand + $ROT="rllg"; # rotate left + $SHR="srlg"; # logical right shift [see even at the end] + @Sigma0=(25,30,36); + @Sigma1=(23,46,50); + @sigma0=(56,63, 7); + @sigma1=( 3,45, 6); + $rounds=80; + $kimdfunc=3; # 0 means unknown/unsupported/unimplemented/disabled +} else { + $label="256"; + $SZ=4; + $LD="llgf"; # load from memory + $ST="st"; # store to memory + $ADD="al"; # add with memory operand + $ROT="rll"; # rotate left + $SHR="srl"; # logical right shift + @Sigma0=(10,19,30); + @Sigma1=( 7,21,26); + @sigma0=(14,25, 3); + @sigma1=(13,15,10); + $rounds=64; + $kimdfunc=2; # magic function code for kimd instruction +} +$Func="sha${label}_block_data_order"; +$Table="K${label}"; +$frame=160+16*$SZ; + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___ if ($i<16); + $LD $T1,`$i*$SZ`($inp) ### $i +___ +$code.=<<___; + $ROT $t0,$e,$Sigma1[0] + $ROT $t1,$e,$Sigma1[1] + lgr $t2,$f + xgr $t0,$t1 + $ROT $t1,$t1,`$Sigma1[2]-$Sigma1[1]` + xgr $t2,$g + $ST $T1,`160+$SZ*($i%16)`($sp) + xgr $t0,$t1 # Sigma1(e) + la $T1,0($T1,$h) # T1+=h + ngr $t2,$e + lgr $t1,$a + algr $T1,$t0 # T1+=Sigma1(e) + $ROT $h,$a,$Sigma0[0] + xgr $t2,$g # Ch(e,f,g) + $ADD $T1,`$i*$SZ`($len,$tbl) # T1+=K[i] + $ROT $t0,$a,$Sigma0[1] + algr $T1,$t2 # T1+=Ch(e,f,g) + ogr $t1,$b + xgr $h,$t0 + lgr $t2,$a + ngr $t1,$c + $ROT $t0,$t0,`$Sigma0[2]-$Sigma0[1]` + xgr $h,$t0 # h=Sigma0(a) + ngr $t2,$b + algr $h,$T1 # h+=T1 + ogr $t2,$t1 # Maj(a,b,c) + la $d,0($d,$T1) # d+=T1 + algr $h,$t2 # h+=Maj(a,b,c) +___ +} + +sub BODY_16_XX { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + $LD $T1,`160+$SZ*(($i+1)%16)`($sp) ### $i + $LD $t1,`160+$SZ*(($i+14)%16)`($sp) + $ROT $t0,$T1,$sigma0[0] + $SHR $T1,$sigma0[2] + $ROT $t2,$t0,`$sigma0[1]-$sigma0[0]` + xgr $T1,$t0 + $ROT $t0,$t1,$sigma1[0] + xgr $T1,$t2 # sigma0(X[i+1]) + $SHR $t1,$sigma1[2] + $ADD $T1,`160+$SZ*($i%16)`($sp) # +=X[i] + xgr $t1,$t0 + $ROT $t0,$t0,`$sigma1[1]-$sigma1[0]` + $ADD $T1,`160+$SZ*(($i+9)%16)`($sp) # +=X[i+9] + xgr $t1,$t0 # sigma1(X[i+14]) + algr $T1,$t1 # +=sigma1(X[i+14]) +___ + &BODY_00_15(@_); +} + +$code.=<<___; +.text +.align 64 +.type $Table,\@object +$Table: +___ +$code.=<<___ if ($SZ==4); + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +___ +$code.=<<___ if ($SZ==8); + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +___ +$code.=<<___; +.size $Table,.-$Table +.globl $Func +.type $Func,\@function +$Func: +___ +$code.=<<___ if ($kimdfunc); + larl %r1,OPENSSL_s390xcap_P + lg %r0,0(%r1) + tmhl %r0,0x4000 # check for message-security assist + jz .Lsoftware + lghi %r0,0 + la %r1,16($sp) + .long 0xb93e0002 # kimd %r0,%r2 + lg %r0,16($sp) + tmhh %r0,`0x8000>>$kimdfunc` + jz .Lsoftware + lghi %r0,$kimdfunc + lgr %r1,$ctx + lgr %r2,$inp + sllg %r3,$len,`log(16*$SZ)/log(2)` + .long 0xb93e0002 # kimd %r0,%r2 + brc 1,.-4 # pay attention to "partial completion" + br %r14 +.align 16 +.Lsoftware: +___ +$code.=<<___; + sllg $len,$len,`log(16*$SZ)/log(2)` + lghi %r1,-$frame + agr $len,$inp + stmg $ctx,%r15,16($sp) + lgr %r0,$sp + la $sp,0(%r1,$sp) + stg %r0,0($sp) + + larl $tbl,$Table + $LD $A,`0*$SZ`($ctx) + $LD $B,`1*$SZ`($ctx) + $LD $C,`2*$SZ`($ctx) + $LD $D,`3*$SZ`($ctx) + $LD $E,`4*$SZ`($ctx) + $LD $F,`5*$SZ`($ctx) + $LD $G,`6*$SZ`($ctx) + $LD $H,`7*$SZ`($ctx) + +.Lloop: + lghi $len,0 +___ +for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=".Lrounds_16_xx:\n"; +for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + aghi $len,`16*$SZ` + lghi $t0,`($rounds-16)*$SZ` + clgr $len,$t0 + jne .Lrounds_16_xx + + lg $ctx,`$frame+16`($sp) + la $inp,`16*$SZ`($inp) + $ADD $A,`0*$SZ`($ctx) + $ADD $B,`1*$SZ`($ctx) + $ADD $C,`2*$SZ`($ctx) + $ADD $D,`3*$SZ`($ctx) + $ADD $E,`4*$SZ`($ctx) + $ADD $F,`5*$SZ`($ctx) + $ADD $G,`6*$SZ`($ctx) + $ADD $H,`7*$SZ`($ctx) + $ST $A,`0*$SZ`($ctx) + $ST $B,`1*$SZ`($ctx) + $ST $C,`2*$SZ`($ctx) + $ST $D,`3*$SZ`($ctx) + $ST $E,`4*$SZ`($ctx) + $ST $F,`5*$SZ`($ctx) + $ST $G,`6*$SZ`($ctx) + $ST $H,`7*$SZ`($ctx) + clg $inp,`$frame+32`($sp) + jne .Lloop + + lmg %r6,%r15,`$frame+48`($sp) + br %r14 +.size $Func,.-$Func +.string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>" +.comm OPENSSL_s390xcap_P,8,8 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +# unlike 32-bit shift 64-bit one takes three arguments +$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; + +print $code; +close STDOUT; diff --git a/lib/libcrypto/sha/asm/sha512-sparcv9.pl b/lib/libcrypto/sha/asm/sha512-sparcv9.pl new file mode 100644 index 00000000000..54241aab504 --- /dev/null +++ b/lib/libcrypto/sha/asm/sha512-sparcv9.pl @@ -0,0 +1,593 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256 performance improvement over compiler generated code varies +# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit +# build]. Just like in SHA1 module I aim to ensure scalability on +# UltraSPARC T1 by packing X[16] to 8 64-bit registers. + +# SHA512 on pre-T1 UltraSPARC. +# +# Performance is >75% better than 64-bit code generated by Sun C and +# over 2x than 32-bit code. X[16] resides on stack, but access to it +# is scheduled for L2 latency and staged through 32 least significant +# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI +# duality. Nevetheless it's ~40% faster than SHA256, which is pretty +# good [optimal coefficient is 50%]. +# +# SHA512 on UltraSPARC T1. +# +# It's not any faster than 64-bit code generated by Sun C 5.8. This is +# because 64-bit code generator has the advantage of using 64-bit +# loads(*) to access X[16], which I consciously traded for 32-/64-bit +# ABI duality [as per above]. But it surpasses 32-bit Sun C generated +# code by 60%, not to mention that it doesn't suffer from severe decay +# when running 4 times physical cores threads and that it leaves gcc +# [3.4] behind by over 4x factor! If compared to SHA256, single thread +# performance is only 10% better, but overall throughput for maximum +# amount of threads for given CPU exceeds corresponding one of SHA256 +# by 30% [again, optimal coefficient is 50%]. +# +# (*) Unlike pre-T1 UltraSPARC loads on T1 are executed strictly +# in-order, i.e. load instruction has to complete prior next +# instruction in given thread is executed, even if the latter is +# not dependent on load result! This means that on T1 two 32-bit +# loads are always slower than one 64-bit load. Once again this +# is unlike pre-T1 UltraSPARC, where, if scheduled appropriately, +# 2x32-bit loads can be as fast as 1x64-bit ones. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +if ($output =~ /512/) { + $label="512"; + $SZ=8; + $LD="ldx"; # load from memory + $ST="stx"; # store to memory + $SLL="sllx"; # shift left logical + $SRL="srlx"; # shift right logical + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=( 7, 1, 8); # right shift first + @sigma1=( 6,19,61); # right shift first + $lastK=0x817; + $rounds=80; + $align=4; + + $locals=16*$SZ; # X[16] + + $A="%o0"; + $B="%o1"; + $C="%o2"; + $D="%o3"; + $E="%o4"; + $F="%o5"; + $G="%g1"; + $H="%o7"; + @V=($A,$B,$C,$D,$E,$F,$G,$H); +} else { + $label="256"; + $SZ=4; + $LD="ld"; # load from memory + $ST="st"; # store to memory + $SLL="sll"; # shift left logical + $SRL="srl"; # shift right logical + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 3, 7,18); # right shift first + @sigma1=(10,17,19); # right shift first + $lastK=0x8f2; + $rounds=64; + $align=8; + + $locals=0; # X[16] is register resident + @X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); + + $A="%l0"; + $B="%l1"; + $C="%l2"; + $D="%l3"; + $E="%l4"; + $F="%l5"; + $G="%l6"; + $H="%l7"; + @V=($A,$B,$C,$D,$E,$F,$G,$H); +} +$T1="%g2"; +$tmp0="%g3"; +$tmp1="%g4"; +$tmp2="%g5"; + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$Ktbl="%i3"; +$tmp31="%i4"; +$tmp32="%i5"; + +########### SHA256 +$Xload = sub { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; + + if ($i==0) { +$code.=<<___; + ldx [$inp+0],@X[0] + ldx [$inp+16],@X[2] + ldx [$inp+32],@X[4] + ldx [$inp+48],@X[6] + ldx [$inp+8],@X[1] + ldx [$inp+24],@X[3] + subcc %g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too + ldx [$inp+40],@X[5] + bz,pt %icc,.Laligned + ldx [$inp+56],@X[7] + + sllx @X[0],$tmp31,@X[0] + ldx [$inp+64],$T1 +___ +for($j=0;$j<7;$j++) +{ $code.=<<___; + srlx @X[$j+1],$tmp32,$tmp1 + sllx @X[$j+1],$tmp31,@X[$j+1] + or $tmp1,@X[$j],@X[$j] +___ +} +$code.=<<___; + srlx $T1,$tmp32,$T1 + or $T1,@X[7],@X[7] +.Laligned: +___ + } + + if ($i&1) { + $code.="\tadd @X[$i/2],$h,$T1\n"; + } else { + $code.="\tsrlx @X[$i/2],32,$T1\n\tadd $h,$T1,$T1\n"; + } +} if ($SZ==4); + +########### SHA512 +$Xload = sub { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8)); + +$code.=<<___ if ($i==0); + ld [$inp+0],%l0 + ld [$inp+4],%l1 + ld [$inp+8],%l2 + ld [$inp+12],%l3 + ld [$inp+16],%l4 + ld [$inp+20],%l5 + ld [$inp+24],%l6 + ld [$inp+28],%l7 +___ +$code.=<<___ if ($i<15); + sllx @pair[1],$tmp31,$tmp2 ! Xload($i) + add $tmp31,32,$tmp0 + sllx @pair[0],$tmp0,$tmp1 + `"ld [$inp+".eval(32+0+$i*8)."],@pair[0]" if ($i<12)` + srlx @pair[2],$tmp32,@pair[1] + or $tmp1,$tmp2,$tmp2 + or @pair[1],$tmp2,$tmp2 + `"ld [$inp+".eval(32+4+$i*8)."],@pair[1]" if ($i<12)` + add $h,$tmp2,$T1 + $ST $tmp2,[%sp+`$bias+$frame+$i*$SZ`] +___ +$code.=<<___ if ($i==12); + brnz,a $tmp31,.+8 + ld [$inp+128],%l0 +___ +$code.=<<___ if ($i==15); + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2 + sllx @pair[1],$tmp31,$tmp2 ! Xload($i) + add $tmp31,32,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3 + sllx @pair[0],$tmp0,$tmp1 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4 + srlx @pair[2],$tmp32,@pair[1] + or $tmp1,$tmp2,$tmp2 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5 + or @pair[1],$tmp2,$tmp2 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6 + add $h,$tmp2,$T1 + $ST $tmp2,[%sp+`$bias+$frame+$i*$SZ`] + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1 +___ +} if ($SZ==8); + +########### common +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; + + if ($i<16) { + &$Xload(@_); + } else { + $code.="\tadd $h,$T1,$T1\n"; + } + +$code.=<<___; + $SRL $e,@Sigma1[0],$h !! $i + xor $f,$g,$tmp2 + $SLL $e,`$SZ*8-@Sigma1[2]`,$tmp1 + and $e,$tmp2,$tmp2 + $SRL $e,@Sigma1[1],$tmp0 + xor $tmp1,$h,$h + $SLL $e,`$SZ*8-@Sigma1[1]`,$tmp1 + xor $tmp0,$h,$h + $SRL $e,@Sigma1[2],$tmp0 + xor $tmp1,$h,$h + $SLL $e,`$SZ*8-@Sigma1[0]`,$tmp1 + xor $tmp0,$h,$h + xor $g,$tmp2,$tmp2 ! Ch(e,f,g) + xor $tmp1,$h,$tmp0 ! Sigma1(e) + + $SRL $a,@Sigma0[0],$h + add $tmp2,$T1,$T1 + $LD [$Ktbl+`$i*$SZ`],$tmp2 ! K[$i] + $SLL $a,`$SZ*8-@Sigma0[2]`,$tmp1 + add $tmp0,$T1,$T1 + $SRL $a,@Sigma0[1],$tmp0 + xor $tmp1,$h,$h + $SLL $a,`$SZ*8-@Sigma0[1]`,$tmp1 + xor $tmp0,$h,$h + $SRL $a,@Sigma0[2],$tmp0 + xor $tmp1,$h,$h + $SLL $a,`$SZ*8-@Sigma0[0]`,$tmp1 + xor $tmp0,$h,$h + xor $tmp1,$h,$h ! Sigma0(a) + + or $a,$b,$tmp0 + and $a,$b,$tmp1 + and $c,$tmp0,$tmp0 + or $tmp0,$tmp1,$tmp1 ! Maj(a,b,c) + add $tmp2,$T1,$T1 ! +=K[$i] + add $tmp1,$h,$h + + add $T1,$d,$d + add $T1,$h,$h +___ +} + +########### SHA256 +$BODY_16_XX = sub { +my $i=@_[0]; +my $xi; + + if ($i&1) { + $xi=$tmp32; + $code.="\tsrlx @X[(($i+1)/2)%8],32,$xi\n"; + } else { + $xi=@X[(($i+1)/2)%8]; + } +$code.=<<___; + srl $xi,@sigma0[0],$T1 !! Xupdate($i) + sll $xi,`32-@sigma0[2]`,$tmp1 + srl $xi,@sigma0[1],$tmp0 + xor $tmp1,$T1,$T1 + sll $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1 + xor $tmp0,$T1,$T1 + srl $xi,@sigma0[2],$tmp0 + xor $tmp1,$T1,$T1 +___ + if ($i&1) { + $xi=@X[(($i+14)/2)%8]; + } else { + $xi=$tmp32; + $code.="\tsrlx @X[(($i+14)/2)%8],32,$xi\n"; + } +$code.=<<___; + srl $xi,@sigma1[0],$tmp2 + xor $tmp0,$T1,$T1 ! T1=sigma0(X[i+1]) + sll $xi,`32-@sigma1[2]`,$tmp1 + srl $xi,@sigma1[1],$tmp0 + xor $tmp1,$tmp2,$tmp2 + sll $tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1 + xor $tmp0,$tmp2,$tmp2 + srl $xi,@sigma1[2],$tmp0 + xor $tmp1,$tmp2,$tmp2 +___ + if ($i&1) { + $xi=@X[($i/2)%8]; +$code.=<<___; + srlx @X[(($i+9)/2)%8],32,$tmp1 ! X[i+9] + xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) + srl @X[($i/2)%8],0,$tmp0 + add $xi,$T1,$T1 ! +=X[i] + xor $tmp0,@X[($i/2)%8],@X[($i/2)%8] + add $tmp2,$T1,$T1 + add $tmp1,$T1,$T1 + + srl $T1,0,$T1 + or $T1,@X[($i/2)%8],@X[($i/2)%8] +___ + } else { + $xi=@X[(($i+9)/2)%8]; +$code.=<<___; + srlx @X[($i/2)%8],32,$tmp1 ! X[i] + xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) + srl @X[($i/2)%8],0,@X[($i/2)%8] + add $xi,$T1,$T1 ! +=X[i+9] + add $tmp2,$T1,$T1 + add $tmp1,$T1,$T1 + + sllx $T1,32,$tmp0 + or $tmp0,@X[($i/2)%8],@X[($i/2)%8] +___ + } + &BODY_00_15(@_); +} if ($SZ==4); + +########### SHA512 +$BODY_16_XX = sub { +my $i=@_[0]; +my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1)); + +$code.=<<___; + sllx %l2,32,$tmp0 !! Xupdate($i) + or %l3,$tmp0,$tmp0 + + srlx $tmp0,@sigma0[0],$T1 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2 + sllx $tmp0,`64-@sigma0[2]`,$tmp1 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3 + srlx $tmp0,@sigma0[1],$tmp0 + xor $tmp1,$T1,$T1 + sllx $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1 + xor $tmp0,$T1,$T1 + srlx $tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0 + xor $tmp1,$T1,$T1 + sllx %l6,32,$tmp2 + xor $tmp0,$T1,$T1 ! sigma0(X[$i+1]) + or %l7,$tmp2,$tmp2 + + srlx $tmp2,@sigma1[0],$tmp1 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6 + sllx $tmp2,`64-@sigma1[2]`,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7 + srlx $tmp2,@sigma1[1],$tmp2 + xor $tmp0,$tmp1,$tmp1 + sllx $tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0 + xor $tmp2,$tmp1,$tmp1 + srlx $tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2 + xor $tmp0,$tmp1,$tmp1 + sllx %l4,32,$tmp0 + xor $tmp2,$tmp1,$tmp1 ! sigma1(X[$i+14]) + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4 + or %l5,$tmp0,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5 + + sllx %l0,32,$tmp2 + add $tmp1,$T1,$T1 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0 + or %l1,$tmp2,$tmp2 + add $tmp0,$T1,$T1 ! +=X[$i+9] + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1 + add $tmp2,$T1,$T1 ! +=X[$i] + $ST $T1,[%sp+`$bias+$frame+($i%16)*$SZ`] +___ + &BODY_00_15(@_); +} if ($SZ==8); + +$code.=<<___ if ($bits==64); +.register %g2,#scratch +.register %g3,#scratch +___ +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 64 +K${label}: +.type K${label},#object +___ +if ($SZ==4) { +$code.=<<___; + .long 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 + .long 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 + .long 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 + .long 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 + .long 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc + .long 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da + .long 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 + .long 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 + .long 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 + .long 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 + .long 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 + .long 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 + .long 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 + .long 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 + .long 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 + .long 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +___ +} else { +$code.=<<___; + .long 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd + .long 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc + .long 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019 + .long 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118 + .long 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe + .long 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2 + .long 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1 + .long 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694 + .long 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3 + .long 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65 + .long 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483 + .long 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5 + .long 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210 + .long 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4 + .long 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725 + .long 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70 + .long 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926 + .long 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df + .long 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8 + .long 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b + .long 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001 + .long 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30 + .long 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910 + .long 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8 + .long 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53 + .long 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8 + .long 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb + .long 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3 + .long 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60 + .long 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec + .long 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9 + .long 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b + .long 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207 + .long 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178 + .long 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6 + .long 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b + .long 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493 + .long 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c + .long 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a + .long 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817 +___ +} +$code.=<<___; +.size K${label},.-K${label} +.globl sha${label}_block_data_order +sha${label}_block_data_order: + save %sp,`-$frame-$locals`,%sp + and $inp,`$align-1`,$tmp31 + sllx $len,`log(16*$SZ)/log(2)`,$len + andn $inp,`$align-1`,$inp + sll $tmp31,3,$tmp31 + add $inp,$len,$len +___ +$code.=<<___ if ($SZ==8); # SHA512 + mov 32,$tmp32 + sub $tmp32,$tmp31,$tmp32 +___ +$code.=<<___; +.Lpic: call .+8 + add %o7,K${label}-.Lpic,$Ktbl + + $LD [$ctx+`0*$SZ`],$A + $LD [$ctx+`1*$SZ`],$B + $LD [$ctx+`2*$SZ`],$C + $LD [$ctx+`3*$SZ`],$D + $LD [$ctx+`4*$SZ`],$E + $LD [$ctx+`5*$SZ`],$F + $LD [$ctx+`6*$SZ`],$G + $LD [$ctx+`7*$SZ`],$H + +.Lloop: +___ +for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=".L16_xx:\n"; +for (;$i<32;$i++) { &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + and $tmp2,0xfff,$tmp2 + cmp $tmp2,$lastK + bne .L16_xx + add $Ktbl,`16*$SZ`,$Ktbl ! Ktbl+=16 + +___ +$code.=<<___ if ($SZ==4); # SHA256 + $LD [$ctx+`0*$SZ`],@X[0] + $LD [$ctx+`1*$SZ`],@X[1] + $LD [$ctx+`2*$SZ`],@X[2] + $LD [$ctx+`3*$SZ`],@X[3] + $LD [$ctx+`4*$SZ`],@X[4] + $LD [$ctx+`5*$SZ`],@X[5] + $LD [$ctx+`6*$SZ`],@X[6] + $LD [$ctx+`7*$SZ`],@X[7] + + add $A,@X[0],$A + $ST $A,[$ctx+`0*$SZ`] + add $B,@X[1],$B + $ST $B,[$ctx+`1*$SZ`] + add $C,@X[2],$C + $ST $C,[$ctx+`2*$SZ`] + add $D,@X[3],$D + $ST $D,[$ctx+`3*$SZ`] + add $E,@X[4],$E + $ST $E,[$ctx+`4*$SZ`] + add $F,@X[5],$F + $ST $F,[$ctx+`5*$SZ`] + add $G,@X[6],$G + $ST $G,[$ctx+`6*$SZ`] + add $H,@X[7],$H + $ST $H,[$ctx+`7*$SZ`] +___ +$code.=<<___ if ($SZ==8); # SHA512 + ld [$ctx+`0*$SZ+0`],%l0 + ld [$ctx+`0*$SZ+4`],%l1 + ld [$ctx+`1*$SZ+0`],%l2 + ld [$ctx+`1*$SZ+4`],%l3 + ld [$ctx+`2*$SZ+0`],%l4 + ld [$ctx+`2*$SZ+4`],%l5 + ld [$ctx+`3*$SZ+0`],%l6 + + sllx %l0,32,$tmp0 + ld [$ctx+`3*$SZ+4`],%l7 + sllx %l2,32,$tmp1 + or %l1,$tmp0,$tmp0 + or %l3,$tmp1,$tmp1 + add $tmp0,$A,$A + add $tmp1,$B,$B + $ST $A,[$ctx+`0*$SZ`] + sllx %l4,32,$tmp2 + $ST $B,[$ctx+`1*$SZ`] + sllx %l6,32,$T1 + or %l5,$tmp2,$tmp2 + or %l7,$T1,$T1 + add $tmp2,$C,$C + $ST $C,[$ctx+`2*$SZ`] + add $T1,$D,$D + $ST $D,[$ctx+`3*$SZ`] + + ld [$ctx+`4*$SZ+0`],%l0 + ld [$ctx+`4*$SZ+4`],%l1 + ld [$ctx+`5*$SZ+0`],%l2 + ld [$ctx+`5*$SZ+4`],%l3 + ld [$ctx+`6*$SZ+0`],%l4 + ld [$ctx+`6*$SZ+4`],%l5 + ld [$ctx+`7*$SZ+0`],%l6 + + sllx %l0,32,$tmp0 + ld [$ctx+`7*$SZ+4`],%l7 + sllx %l2,32,$tmp1 + or %l1,$tmp0,$tmp0 + or %l3,$tmp1,$tmp1 + add $tmp0,$E,$E + add $tmp1,$F,$F + $ST $E,[$ctx+`4*$SZ`] + sllx %l4,32,$tmp2 + $ST $F,[$ctx+`5*$SZ`] + sllx %l6,32,$T1 + or %l5,$tmp2,$tmp2 + or %l7,$T1,$T1 + add $tmp2,$G,$G + $ST $G,[$ctx+`6*$SZ`] + add $T1,$H,$H + $ST $H,[$ctx+`7*$SZ`] +___ +$code.=<<___; + add $inp,`16*$SZ`,$inp ! advance inp + cmp $inp,$len + bne `$bits==64?"%xcc":"%icc"`,.Lloop + sub $Ktbl,`($rounds-16)*$SZ`,$Ktbl ! rewind Ktbl + + ret + restore +.type sha${label}_block_data_order,#function +.size sha${label}_block_data_order,(.-sha${label}_block_data_order) +.asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libcrypto/sha/asm/sha512-x86_64.pl b/lib/libcrypto/sha/asm/sha512-x86_64.pl index b6252d31eca..e6643f8cf61 100755 --- a/lib/libcrypto/sha/asm/sha512-x86_64.pl +++ b/lib/libcrypto/sha/asm/sha512-x86_64.pl @@ -40,14 +40,18 @@ # sha256_block:-( This is presumably because 64-bit shifts/rotates # apparently are not atomic instructions, but implemented in microcode. -$output=shift; +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $output"; +open STDOUT,"| $^X $xlate $flavour $output"; if ($output =~ /512/) { $func="sha512_block_data_order"; @@ -186,7 +190,7 @@ $func: push %r13 push %r14 push %r15 - mov %rsp,%rbp # copy %rsp + mov %rsp,%r11 # copy %rsp shl \$4,%rdx # num*16 sub \$$framesz,%rsp lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ @@ -194,10 +198,10 @@ $func: mov $ctx,$_ctx # save ctx, 1st arg mov $inp,$_inp # save inp, 2nd arh mov %rdx,$_end # save end pointer, "3rd" arg - mov %rbp,$_rsp # save copy of %rsp + mov %r11,$_rsp # save copy of %rsp +.Lprologue: - .picmeup $Tbl - lea $TABLE-.($Tbl),$Tbl + lea $TABLE(%rip),$Tbl mov $SZ*0($ctx),$A mov $SZ*1($ctx),$B @@ -257,14 +261,15 @@ $code.=<<___; mov $H,$SZ*7($ctx) jb .Lloop - mov $_rsp,%rsp - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - + mov $_rsp,%rsi + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue: ret .size $func,.-$func ___ @@ -339,6 +344,113 @@ $TABLE: ___ } +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + mov 16*$SZ+3*8(%rax),%rax # pull $_rsp + lea 48(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_$func + .rva .LSEH_end_$func + .rva .LSEH_info_$func + +.section .xdata +.align 8 +.LSEH_info_$func: + .byte 9,0,0,0 + .rva se_handler +___ +} + $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; close STDOUT; diff --git a/lib/libcrypto/sha/sha256.c b/lib/libcrypto/sha/sha256.c index 3256a83e98e..8952d87673b 100644 --- a/lib/libcrypto/sha/sha256.c +++ b/lib/libcrypto/sha/sha256.c @@ -12,39 +12,29 @@ #include <openssl/crypto.h> #include <openssl/sha.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif - #include <openssl/opensslv.h> const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; int SHA224_Init (SHA256_CTX *c) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif + memset (c,0,sizeof(*c)); c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; - c->Nl=0; c->Nh=0; - c->num=0; c->md_len=SHA224_DIGEST_LENGTH; + c->md_len=SHA224_DIGEST_LENGTH; return 1; } int SHA256_Init (SHA256_CTX *c) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif + memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; - c->Nl=0; c->Nh=0; - c->num=0; c->md_len=SHA256_DIGEST_LENGTH; + c->md_len=SHA256_DIGEST_LENGTH; return 1; } @@ -94,21 +84,21 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) */ #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ - unsigned int xn; \ + unsigned int nn; \ switch ((c)->md_len) \ { case SHA224_DIGEST_LENGTH: \ - for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++) \ - { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ + for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \ + { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ break; \ case SHA256_DIGEST_LENGTH: \ - for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++) \ - { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ + for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \ + { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ break; \ default: \ if ((c)->md_len > SHA256_DIGEST_LENGTH) \ return 0; \ - for (xn=0;xn<(c)->md_len/4;xn++) \ - { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ + for (nn=0;nn<(c)->md_len/4;nn++) \ + { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ break; \ } \ } while (0) diff --git a/lib/libcrypto/sha/sha512.c b/lib/libcrypto/sha/sha512.c index f5ed468b85e..cbc0e58c488 100644 --- a/lib/libcrypto/sha/sha512.c +++ b/lib/libcrypto/sha/sha512.c @@ -5,10 +5,6 @@ * ==================================================================== */ #include <openssl/opensslconf.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) /* * IMPLEMENTATION NOTES. @@ -65,9 +61,19 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; int SHA384_Init (SHA512_CTX *c) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif +#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) + /* maintain dword order required by assembler module */ + unsigned int *h = (unsigned int *)c->h; + + h[0] = 0xcbbb9d5d; h[1] = 0xc1059ed8; + h[2] = 0x629a292a; h[3] = 0x367cd507; + h[4] = 0x9159015a; h[5] = 0x3070dd17; + h[6] = 0x152fecd8; h[7] = 0xf70e5939; + h[8] = 0x67332667; h[9] = 0xffc00b31; + h[10] = 0x8eb44a87; h[11] = 0x68581511; + h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7; + h[14] = 0x47b5481d; h[15] = 0xbefa4fa4; +#else c->h[0]=U64(0xcbbb9d5dc1059ed8); c->h[1]=U64(0x629a292a367cd507); c->h[2]=U64(0x9159015a3070dd17); @@ -76,6 +82,7 @@ int SHA384_Init (SHA512_CTX *c) c->h[5]=U64(0x8eb44a8768581511); c->h[6]=U64(0xdb0c2e0d64f98fa7); c->h[7]=U64(0x47b5481dbefa4fa4); +#endif c->Nl=0; c->Nh=0; c->num=0; c->md_len=SHA384_DIGEST_LENGTH; return 1; @@ -83,9 +90,19 @@ int SHA384_Init (SHA512_CTX *c) int SHA512_Init (SHA512_CTX *c) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif +#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) + /* maintain dword order required by assembler module */ + unsigned int *h = (unsigned int *)c->h; + + h[0] = 0x6a09e667; h[1] = 0xf3bcc908; + h[2] = 0xbb67ae85; h[3] = 0x84caa73b; + h[4] = 0x3c6ef372; h[5] = 0xfe94f82b; + h[6] = 0xa54ff53a; h[7] = 0x5f1d36f1; + h[8] = 0x510e527f; h[9] = 0xade682d1; + h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f; + h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b; + h[14] = 0x5be0cd19; h[15] = 0x137e2179; +#else c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); @@ -94,6 +111,7 @@ int SHA512_Init (SHA512_CTX *c) c->h[5]=U64(0x9b05688c2b3e6c1f); c->h[6]=U64(0x1f83d9abfb41bd6b); c->h[7]=U64(0x5be0cd19137e2179); +#endif c->Nl=0; c->Nh=0; c->num=0; c->md_len=SHA512_DIGEST_LENGTH; return 1; @@ -142,6 +160,24 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) if (md==0) return 0; +#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) + /* recall assembler dword order... */ + n = c->md_len; + if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH) + { + unsigned int *h = (unsigned int *)c->h, t; + + for (n/=4;n;n--) + { + t = *(h++); + *(md++) = (unsigned char)(t>>24); + *(md++) = (unsigned char)(t>>16); + *(md++) = (unsigned char)(t>>8); + *(md++) = (unsigned char)(t); + } + } + else return 0; +#else switch (c->md_len) { /* Let compiler decide if it's appropriate to unroll... */ @@ -178,7 +214,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) /* ... as well as make sure md_len is not abused. */ default: return 0; } - +#endif return 1; } @@ -204,7 +240,7 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) if (len < n) { - memcpy (p+c->num,data,len), c->num += len; + memcpy (p+c->num,data,len), c->num += (unsigned int)len; return 1; } else { @@ -314,7 +350,7 @@ static const SHA_LONG64 K512[80] = { #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__x86_64) || defined(__x86_64__) -# define ROTR(a,n) ({ unsigned long ret; \ +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rorq %1,%0" \ : "=r"(ret) \ : "J"(n),"0"(a) \ @@ -337,20 +373,21 @@ static const SHA_LONG64 K512[80] = { ((SHA_LONG64)hi)<<32|lo; }) # else # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ + unsigned int hi=p[0],lo=p[1]; \ asm ("bswapl %0; bswapl %1;" \ : "=r"(lo),"=r"(hi) \ : "0"(lo),"1"(hi)); \ ((SHA_LONG64)hi)<<32|lo; }) # endif # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -# define ROTR(a,n) ({ unsigned long ret; \ +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) # endif # elif defined(_MSC_VER) # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# pragma intrinsic(_rotr64) # define ROTR(a,n) _rotr64((a),n) # endif # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) @@ -398,15 +435,66 @@ static const SHA_LONG64 K512[80] = { #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#define GO_FOR_SSE2(ctx,in,num) do { \ - void sha512_block_sse2(void *,const void *,size_t); \ - if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ - sha512_block_sse2(ctx->h,in,num); return; \ - } while (0) + +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +/* + * This code should give better results on 32-bit CPU with less than + * ~24 registers, both size and performance wise... + */ +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 A,E,T; + SHA_LONG64 X[9+80],*F; + int i; + + while (num--) { + + F = X+80; + A = ctx->h[0]; F[1] = ctx->h[1]; + F[2] = ctx->h[2]; F[3] = ctx->h[3]; + E = ctx->h[4]; F[5] = ctx->h[5]; + F[6] = ctx->h[6]; F[7] = ctx->h[7]; + + for (i=0;i<16;i++,F--) + { +#ifdef B_ENDIAN + T = W[i]; +#else + T = PULL64(W[i]); #endif + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A,F[1],F[2]); + } + + for (;i<80;i++,F--) + { + T = sigma0(F[8+16-1]); + T += sigma1(F[8+16-14]); + T += F[8+16] + F[8+16-9]; + + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A,F[1],F[2]); + } -#ifdef OPENSSL_SMALL_FOOTPRINT + ctx->h[0] += A; ctx->h[1] += F[1]; + ctx->h[2] += F[2]; ctx->h[3] += F[3]; + ctx->h[4] += E; ctx->h[5] += F[5]; + ctx->h[6] += F[6]; ctx->h[7] += F[7]; + + W+=SHA_LBLOCK; + } + } + +#elif defined(OPENSSL_SMALL_FOOTPRINT) static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { @@ -415,10 +503,6 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num SHA_LONG64 X[16]; int i; -#ifdef GO_FOR_SSE2 - GO_FOR_SSE2(ctx,in,num); -#endif - while (num--) { a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; @@ -463,11 +547,11 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num h = Sigma0(a) + Maj(a,b,c); \ d += T1; h += T1; } while (0) -#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ - ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) +#define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ + ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { @@ -476,10 +560,6 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num SHA_LONG64 X[16]; int i; -#ifdef GO_FOR_SSE2 - GO_FOR_SSE2(ctx,in,num); -#endif - while (num--) { a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; @@ -521,16 +601,24 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); #endif - for (i=16;i<80;i+=8) + for (i=16;i<80;i+=16) { - ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); - ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); - ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); - ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); - ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); - ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); - ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); - ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); + ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); + ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X); } ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; @@ -544,4 +632,10 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num #endif /* SHA512_ASM */ -#endif /* OPENSSL_NO_SHA512 */ +#else /* !OPENSSL_NO_SHA512 */ + +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +static void *dummy=&dummy; +#endif + +#endif /* !OPENSSL_NO_SHA512 */ diff --git a/lib/libcrypto/sparccpuid.S b/lib/libcrypto/sparccpuid.S index c17350fc89e..aa8b11efc97 100644 --- a/lib/libcrypto/sparccpuid.S +++ b/lib/libcrypto/sparccpuid.S @@ -34,7 +34,8 @@ OPENSSL_wipe_cpu: nop call .PIC.zero.up mov .zero-(.-4),%o0 - ldd [%o0],%f0 + ld [%o0],%f0 + ld [%o0],%f1 subcc %g0,1,%o0 ! Following is V9 "rd %ccr,%o0" instruction. However! V8 @@ -166,6 +167,7 @@ walk_reg_wins: .global OPENSSL_atomic_add .type OPENSSL_atomic_add,#function +.align 32 OPENSSL_atomic_add: #ifndef ABI64 subcc %g0,1,%o2 @@ -177,7 +179,7 @@ OPENSSL_atomic_add: ba .enter nop #ifdef __sun -! Note that you don't have to link with libthread to call thr_yield, +! Note that you do not have to link with libthread to call thr_yield, ! as libc provides a stub, which is overloaded the moment you link ! with *either* libpthread or libthread... #define YIELD_CPU thr_yield @@ -213,27 +215,106 @@ OPENSSL_atomic_add: sra %o0,%g0,%o0 ! we return signed int, remember? .size OPENSSL_atomic_add,.-OPENSSL_atomic_add -.global OPENSSL_rdtsc +.global _sparcv9_rdtick +.align 32 +_sparcv9_rdtick: subcc %g0,1,%o0 .word 0x91408000 !rd %ccr,%o0 cmp %o0,0x99 - bne .notsc + bne .notick xor %o0,%o0,%o0 - save %sp,FRAME-16,%sp - mov 513,%o0 !SI_PLATFORM - add %sp,BIAS+16,%o1 - call sysinfo - mov 256,%o2 + .word 0x91410000 !rd %tick,%o0 + retl + .word 0x93323020 !srlx %o2,32,%o1 +.notick: + retl + xor %o1,%o1,%o1 +.type _sparcv9_rdtick,#function +.size _sparcv9_rdtick,.-_sparcv9_rdtick - add %sp,BIAS-16,%o1 - ld [%o1],%l0 - ld [%o1+4],%l1 - ld [%o1+8],%l2 - mov %lo('SUNW'),%l3 - ret - restore -.notsc: +.global OPENSSL_cleanse +.align 32 +OPENSSL_cleanse: + cmp %o1,14 + nop +#ifdef ABI64 + bgu %xcc,.Lot +#else + bgu .Lot +#endif + cmp %o1,0 + bne .Little + nop + retl + nop + +.Little: + stb %g0,[%o0] + subcc %o1,1,%o1 + bnz .Little + add %o0,1,%o0 + retl + nop +.align 32 +.Lot: +#ifndef ABI64 + subcc %g0,1,%g1 + ! see above for explanation + .word 0x83408000 !rd %ccr,%g1 + cmp %g1,0x99 + bne .v8lot + nop +#endif + +.v9lot: andcc %o0,7,%g0 + bz .v9aligned + nop + stb %g0,[%o0] + sub %o1,1,%o1 + ba .v9lot + add %o0,1,%o0 +.align 16,0x01000000 +.v9aligned: + .word 0xc0720000 !stx %g0,[%o0] + sub %o1,8,%o1 + andcc %o1,-8,%g0 +#ifdef ABI64 + .word 0x126ffffd !bnz %xcc,.v9aligned +#else + .word 0x124ffffd !bnz %icc,.v9aligned +#endif + add %o0,8,%o0 + + cmp %o1,0 + bne .Little + nop retl nop -.type OPENSSL_rdtsc,#function -.size OPENSSL_rdtsc,.-OPENSSL_atomic_add +#ifndef ABI64 +.v8lot: andcc %o0,3,%g0 + bz .v8aligned + nop + stb %g0,[%o0] + sub %o1,1,%o1 + ba .v8lot + add %o0,1,%o0 + nop +.v8aligned: + st %g0,[%o0] + sub %o1,4,%o1 + andcc %o1,-4,%g0 + bnz .v8aligned + add %o0,4,%o0 + + cmp %o1,0 + bne .Little + nop + retl + nop +#endif +.type OPENSSL_cleanse,#function +.size OPENSSL_cleanse,.-OPENSSL_cleanse + +.section ".init",#alloc,#execinstr + call OPENSSL_cpuid_setup + nop diff --git a/lib/libcrypto/stack/Makefile b/lib/libcrypto/stack/Makefile index 489a77b93c4..5327692ac89 100644 --- a/lib/libcrypto/stack/Makefile +++ b/lib/libcrypto/stack/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libcrypto/store/Makefile b/lib/libcrypto/store/Makefile index c9f5d001a39..0dcfd7857a3 100644 --- a/lib/libcrypto/store/Makefile +++ b/lib/libcrypto/store/Makefile @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -89,14 +89,14 @@ str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -str_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -str_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -str_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -str_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -str_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -str_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h -str_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h +str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +str_lib.o: str_lib.c str_locl.h str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h diff --git a/lib/libcrypto/store/store.h b/lib/libcrypto/store/store.h index 64583377a94..0a28c7d5a20 100644 --- a/lib/libcrypto/store/store.h +++ b/lib/libcrypto/store/store.h @@ -59,6 +59,12 @@ #ifndef HEADER_STORE_H #define HEADER_STORE_H +#include <openssl/opensslconf.h> + +#ifdef OPENSSL_NO_STORE +#error STORE is disabled. +#endif + #include <openssl/ossl_typ.h> #ifndef OPENSSL_NO_DEPRECATED #include <openssl/evp.h> @@ -408,7 +414,8 @@ int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, /* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in each contained attribute. */ -int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO * const *a, + const STORE_ATTR_INFO * const *b); /* Check if the set of attributes in a is within the range of attributes set in b. */ int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); diff --git a/lib/libcrypto/store/str_err.c b/lib/libcrypto/store/str_err.c index 6fee6498220..924edf05058 100644 --- a/lib/libcrypto/store/str_err.c +++ b/lib/libcrypto/store/str_err.c @@ -1,6 +1,6 @@ /* crypto/store/str_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libcrypto/store/str_lib.c b/lib/libcrypto/store/str_lib.c index 32ae5bd3957..f1dbcbd0e0c 100644 --- a/lib/libcrypto/store/str_lib.c +++ b/lib/libcrypto/store/str_lib.c @@ -1670,7 +1670,7 @@ int STORE_parse_attrs_endp(void *handle) } static int attr_info_compare_compute_range( - unsigned char *abits, unsigned char *bbits, + const unsigned char *abits, const unsigned char *bbits, unsigned int *alowp, unsigned int *ahighp, unsigned int *blowp, unsigned int *bhighp) { @@ -1739,13 +1739,15 @@ static int attr_info_compare_compute_range( return res; } -int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO * const *a, + const STORE_ATTR_INFO * const *b) { if (a == b) return 0; if (!a) return -1; if (!b) return 1; - return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); + return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0); } + int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { unsigned int alow, ahigh, blow, bhigh; @@ -1759,6 +1761,7 @@ int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) return 1; return 0; } + int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { unsigned char *abits, *bbits; @@ -1776,6 +1779,7 @@ int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) } return 1; } + int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { STORE_ATTR_TYPES i; diff --git a/lib/libcrypto/store/str_mem.c b/lib/libcrypto/store/str_mem.c index 527757ae099..8ac4f7e55c7 100644 --- a/lib/libcrypto/store/str_mem.c +++ b/lib/libcrypto/store/str_mem.c @@ -76,30 +76,35 @@ attribute type code). */ -struct mem_object_data_st +typedef struct mem_object_data_st { STORE_OBJECT *object; STORE_ATTR_INFO *attr_info; int references; - }; + } MEM_OBJECT_DATA; +DECLARE_STACK_OF(MEM_OBJECT_DATA) struct mem_data_st { - STACK *data; /* A stack of mem_object_data_st, - sorted with STORE_ATTR_INFO_compare(). */ + STACK_OF(MEM_OBJECT_DATA) *data; /* sorted with + * STORE_ATTR_INFO_compare(). */ unsigned int compute_components : 1; /* Currently unused, but can be used to add attributes from parts of the data. */ }; +DECLARE_STACK_OF(STORE_ATTR_INFO) struct mem_ctx_st { int type; /* The type we're searching for */ - STACK *search_attributes; /* Sets of attributes to search for. - Each element is a STORE_ATTR_INFO. */ - int search_index; /* which of the search attributes we found a match - for, -1 when we still haven't found any */ - int index; /* -1 as long as we're searching for the first */ + STACK_OF(STORE_ATTR_INFO) *search_attributes; /* Sets of + attributes to search for. Each + element is a STORE_ATTR_INFO. */ + int search_index; /* which of the search attributes we + found a match for, -1 when we still + haven't found any */ + int index; /* -1 as long as we're searching for + the first */ }; static int mem_init(STORE *s); @@ -240,7 +245,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, if (context->search_attributes == NULL) { context->search_attributes = - sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare); + sk_STORE_ATTR_INFO_new(STORE_ATTR_INFO_compare); if (!context->search_attributes) { STOREerr(STORE_F_MEM_LIST_START, @@ -248,7 +253,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, goto err; } } - sk_push(context->search_attributes,(char *)attrs); + sk_STORE_ATTR_INFO_push(context->search_attributes,attrs); } if (!STORE_parse_attrs_endp(attribute_context)) goto err; @@ -284,11 +289,14 @@ static STORE_OBJECT *mem_list_next(STORE *s, void *handle) if (context->search_index == -1) { - for (i = 0; i < sk_num(context->search_attributes); i++) + for (i = 0; + i < sk_STORE_ATTR_INFO_num(context->search_attributes); + i++) { - key.attr_info = - (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); - srch = sk_find_ex(store->data, (char *)&key); + key.attr_info + = sk_STORE_ATTR_INFO_value(context->search_attributes, + i); + srch = sk_MEM_OBJECT_DATA_find_ex(store->data, &key); if (srch >= 0) { @@ -301,21 +309,20 @@ static STORE_OBJECT *mem_list_next(STORE *s, void *handle) return NULL; key.attr_info = - (STORE_ATTR_INFO *)sk_value(context->search_attributes, - context->search_index); + sk_STORE_ATTR_INFO_value(context->search_attributes, + context->search_index); for(srch = context->search_index; - srch < sk_num(store->data) + srch < sk_MEM_OBJECT_DATA_num(store->data) && STORE_ATTR_INFO_in_range(key.attr_info, - (STORE_ATTR_INFO *)sk_value(store->data, srch)) + sk_MEM_OBJECT_DATA_value(store->data, srch)->attr_info) && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, - (STORE_ATTR_INFO *)sk_value(store->data, srch))); + sk_MEM_OBJECT_DATA_value(store->data, srch)->attr_info)); srch++) ; context->search_index = srch; if (cres) - return ((struct mem_object_data_st *)sk_value(store->data, - srch))->object; + return (sk_MEM_OBJECT_DATA_value(store->data, srch))->object; return NULL; } static int mem_list_end(STORE *s, void *handle) @@ -328,7 +335,7 @@ static int mem_list_end(STORE *s, void *handle) return 0; } if (context && context->search_attributes) - sk_free(context->search_attributes); + sk_STORE_ATTR_INFO_free(context->search_attributes); if (context) OPENSSL_free(context); return 1; } @@ -337,7 +344,8 @@ static int mem_list_endp(STORE *s, void *handle) struct mem_ctx_st *context = (struct mem_ctx_st *)handle; if (!context - || context->search_index == sk_num(context->search_attributes)) + || context->search_index + == sk_STORE_ATTR_INFO_num(context->search_attributes)) return 1; return 0; } diff --git a/lib/libcrypto/threads/pthreads-vms.com b/lib/libcrypto/threads/pthreads-vms.com index 63f5b8cc2e9..1cf92bdf576 100644 --- a/lib/libcrypto/threads/pthreads-vms.com +++ b/lib/libcrypto/threads/pthreads-vms.com @@ -2,8 +2,13 @@ $! To compile mttest on VMS. $! $! WARNING: only tested with DEC C so far. $ -$ arch := vax -$ if f$getsyi("CPU") .ge. 128 then arch := axp +$ if (f$getsyi("cpu").lt.128) +$ then +$ arch := VAX +$ else +$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" +$ endif $ define/user openssl [--.include.openssl] $ cc/def=PTHREADS mttest.c $ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib diff --git a/lib/libcrypto/ts/Makefile b/lib/libcrypto/ts/Makefile new file mode 100644 index 00000000000..c18234555be --- /dev/null +++ b/lib/libcrypto/ts/Makefile @@ -0,0 +1,269 @@ +# +# SSLeay/crypto/ts/Makefile +# + +DIR= ts +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG = -g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +AR= ar r + +PEX_LIBS= +EX_LIBS= + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL= Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c \ + ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c \ + ts_asn1.c +LIBOBJ= ts_err.o ts_req_utils.o ts_req_print.o ts_rsp_utils.o ts_rsp_print.o \ + ts_rsp_sign.o ts_rsp_verify.o ts_verify_ctx.o ts_lib.o ts_conf.o \ + ts_asn1.o + +SRC= $(LIBSRC) + +EXHEADER= ts.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +test: + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +ts_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +ts_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ts_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ts_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +ts_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ts_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ts_asn1.o: ../../include/openssl/ts.h ../../include/openssl/x509.h +ts_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ts_asn1.o: ts_asn1.c +ts_conf.o: ../../e_os.h ../../include/openssl/asn1.h +ts_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_conf.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ts_conf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ts_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ts_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +ts_conf.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +ts_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_conf.c +ts_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ts_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ts_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ts_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ts_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ts_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ts_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ts_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ts_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_err.o: ../../include/openssl/x509v3.h ts_err.c +ts_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +ts_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ts_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ts_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ts_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +ts_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ts_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ts_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ts.h ts_lib.c +ts_req_print.o: ../../e_os.h ../../include/openssl/asn1.h +ts_req_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ts_req_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ts_req_print.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ts_req_print.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ts_req_print.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ts_req_print.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ts_req_print.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_req_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ts_req_print.o: ../../include/openssl/opensslconf.h +ts_req_print.o: ../../include/openssl/opensslv.h +ts_req_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_req_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_req_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_req_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_req_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_req_print.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_req_print.c +ts_req_utils.o: ../../e_os.h ../../include/openssl/asn1.h +ts_req_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_req_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_req_utils.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_req_utils.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_req_utils.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_req_utils.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_req_utils.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_req_utils.o: ../../include/openssl/objects.h +ts_req_utils.o: ../../include/openssl/opensslconf.h +ts_req_utils.o: ../../include/openssl/opensslv.h +ts_req_utils.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_req_utils.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_req_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_req_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_req_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_req_utils.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_req_utils.c +ts_rsp_print.o: ../../e_os.h ../../include/openssl/asn1.h +ts_rsp_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ts_rsp_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ts_rsp_print.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ts_rsp_print.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ts_rsp_print.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ts_rsp_print.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ts_rsp_print.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_rsp_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ts_rsp_print.o: ../../include/openssl/opensslconf.h +ts_rsp_print.o: ../../include/openssl/opensslv.h +ts_rsp_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_rsp_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_rsp_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_rsp_print.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ts_rsp_print.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ts_rsp_print.o: ../cryptlib.h ts.h ts_rsp_print.c +ts_rsp_sign.o: ../../e_os.h ../../include/openssl/asn1.h +ts_rsp_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_rsp_sign.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_rsp_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_rsp_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_rsp_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_rsp_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_rsp_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_rsp_sign.o: ../../include/openssl/objects.h +ts_rsp_sign.o: ../../include/openssl/opensslconf.h +ts_rsp_sign.o: ../../include/openssl/opensslv.h +ts_rsp_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_rsp_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_sign.c +ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h +ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_rsp_utils.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_rsp_utils.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_rsp_utils.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_rsp_utils.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_rsp_utils.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_rsp_utils.o: ../../include/openssl/objects.h +ts_rsp_utils.o: ../../include/openssl/opensslconf.h +ts_rsp_utils.o: ../../include/openssl/opensslv.h +ts_rsp_utils.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_rsp_utils.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_rsp_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_rsp_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_rsp_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_rsp_utils.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_utils.c +ts_rsp_verify.o: ../../e_os.h ../../include/openssl/asn1.h +ts_rsp_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_rsp_verify.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_rsp_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_rsp_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_rsp_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_rsp_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_rsp_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_rsp_verify.o: ../../include/openssl/objects.h +ts_rsp_verify.o: ../../include/openssl/opensslconf.h +ts_rsp_verify.o: ../../include/openssl/opensslv.h +ts_rsp_verify.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_rsp_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_rsp_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_rsp_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_rsp_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_rsp_verify.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_verify.c +ts_verify_ctx.o: ../../e_os.h ../../include/openssl/asn1.h +ts_verify_ctx.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_verify_ctx.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_verify_ctx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_verify_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_verify_ctx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_verify_ctx.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_verify_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_verify_ctx.o: ../../include/openssl/objects.h +ts_verify_ctx.o: ../../include/openssl/opensslconf.h +ts_verify_ctx.o: ../../include/openssl/opensslv.h +ts_verify_ctx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_verify_ctx.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_verify_ctx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_verify_ctx.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_verify_ctx.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_verify_ctx.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_verify_ctx.c diff --git a/lib/libcrypto/ts/ts.h b/lib/libcrypto/ts/ts.h new file mode 100644 index 00000000000..190e8a1bf2b --- /dev/null +++ b/lib/libcrypto/ts/ts.h @@ -0,0 +1,861 @@ +/* crypto/ts/ts.h */ +/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL + * project 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_H +#define HEADER_TS_H + +#include <openssl/opensslconf.h> +#include <openssl/symhacks.h> +#ifndef OPENSSL_NO_BUFFER +#include <openssl/buffer.h> +#endif +#ifndef OPENSSL_NO_EVP +#include <openssl/evp.h> +#endif +#ifndef OPENSSL_NO_BIO +#include <openssl/bio.h> +#endif +#include <openssl/stack.h> +#include <openssl/asn1.h> +#include <openssl/safestack.h> + +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif + +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif + +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif + +#include <openssl/evp.h> + + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef WIN32 +/* Under Win32 this is defined in wincrypt.h */ +#undef X509_NAME +#endif + +#include <openssl/x509.h> +#include <openssl/x509v3.h> + +/* +MessageImprint ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + hashedMessage OCTET STRING } +*/ + +typedef struct TS_msg_imprint_st + { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; + } TS_MSG_IMPRINT; + +/* +TimeStampReq ::= SEQUENCE { + version INTEGER { v1(1) }, + messageImprint MessageImprint, + --a hash algorithm OID and the hash value of the data to be + --time-stamped + reqPolicy TSAPolicyId OPTIONAL, + nonce INTEGER OPTIONAL, + certReq BOOLEAN DEFAULT FALSE, + extensions [0] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_req_st + { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; /* OPTIONAL */ + ASN1_INTEGER *nonce; /* OPTIONAL */ + ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ + STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ + } TS_REQ; + +/* +Accuracy ::= SEQUENCE { + seconds INTEGER OPTIONAL, + millis [0] INTEGER (1..999) OPTIONAL, + micros [1] INTEGER (1..999) OPTIONAL } +*/ + +typedef struct TS_accuracy_st + { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; + } TS_ACCURACY; + +/* +TSTInfo ::= SEQUENCE { + version INTEGER { v1(1) }, + policy TSAPolicyId, + messageImprint MessageImprint, + -- MUST have the same value as the similar field in + -- TimeStampReq + serialNumber INTEGER, + -- Time-Stamping users MUST be ready to accommodate integers + -- up to 160 bits. + genTime GeneralizedTime, + accuracy Accuracy OPTIONAL, + ordering BOOLEAN DEFAULT FALSE, + nonce INTEGER OPTIONAL, + -- MUST be present if the similar field was present + -- in TimeStampReq. In that case it MUST have the same value. + tsa [0] GeneralName OPTIONAL, + extensions [1] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_tst_info_st + { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; + } TS_TST_INFO; + +/* +PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL } + +From RFC 1510 - section 3.1.1: +PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String (note: each UTF8String SHOULD + -- include an RFC 1766 language tag to indicate the language + -- of the contained text) +*/ + +/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ + +#define TS_STATUS_GRANTED 0 +#define TS_STATUS_GRANTED_WITH_MODS 1 +#define TS_STATUS_REJECTION 2 +#define TS_STATUS_WAITING 3 +#define TS_STATUS_REVOCATION_WARNING 4 +#define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */ + +#define TS_INFO_BAD_ALG 0 +#define TS_INFO_BAD_REQUEST 2 +#define TS_INFO_BAD_DATA_FORMAT 5 +#define TS_INFO_TIME_NOT_AVAILABLE 14 +#define TS_INFO_UNACCEPTED_POLICY 15 +#define TS_INFO_UNACCEPTED_EXTENSION 16 +#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +#define TS_INFO_SYSTEM_FAILURE 25 + +typedef struct TS_status_info_st + { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; + } TS_STATUS_INFO; + +DECLARE_STACK_OF(ASN1_UTF8STRING) +DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) + +/* +TimeStampResp ::= SEQUENCE { + status PKIStatusInfo, + timeStampToken TimeStampToken OPTIONAL } +*/ + +typedef struct TS_resp_st + { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; + } TS_RESP; + +/* The structure below would belong to the ESS component. */ + +/* +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber + } +*/ + +typedef struct ESS_issuer_serial + { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; + } ESS_ISSUER_SERIAL; + +/* +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} +*/ + +typedef struct ESS_cert_id + { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; + } ESS_CERT_ID; + +DECLARE_STACK_OF(ESS_CERT_ID) +DECLARE_ASN1_SET_OF(ESS_CERT_ID) + +/* +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} +*/ + +typedef struct ESS_signing_cert + { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; + } ESS_SIGNING_CERT; + + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, + unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, + unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +void ERR_load_TS_strings(void); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +#define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +#define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +#define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); + +/* This must return the seconds and microseconds since Jan 1, 1970 in + the sec and usec variables allocated by the caller. + Return non-zero for success and zero for failure. */ +typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec); + +/* This must process the given extension. + * It can modify the TS_TST_INFO object of the context. + * Return values: !0 (processed), 0 (error, it must set the + * status info/failure info of the response). + */ +typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); + +typedef struct TS_resp_ctx + { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in + time stamp token. */ + unsigned flags; /* Optional info, see values above. */ + + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; + } TS_RESP_CTX; + +DECLARE_STACK_OF(EVP_MD) +DECLARE_ASN1_SET_OF(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* Adds a new acceptable policy, only the default policy + is accepted by default. */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); + +/* Adds a new acceptable message digest. Note that no message digests + are accepted by default. The md argument is shared with the caller. */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* Clock precision digits, i.e. the number of decimal digits: + '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +#define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +#define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +#define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +#define TS_VFY_POLICY (1u << 2) +/* Verify the message imprint provided by the user. This flag should not be + specified with TS_VFY_DATA. */ +#define TS_VFY_IMPRINT (1u << 3) +/* Verify the message imprint computed by the verify method from the user + provided data and the MD algorithm of the response. This flag should not be + specified with TS_VFY_IMPRINT. */ +#define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +#define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +#define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +#define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +#define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +#define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx + { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + + /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, + the algorithm from the response is used. */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; + } TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + * they are defined in ts/ts_verify_ctx.c. + */ + +/* Set all fields to zero. */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); + +/* + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* Function declarations for handling configuration options, + defined in ts/ts_conf.c */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +/* -------------------------------------------------- */ +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_TS_strings(void); + +/* Error codes for the TS functions. */ + +/* Function codes. */ +#define TS_F_D2I_TS_RESP 147 +#define TS_F_DEF_SERIAL_CB 110 +#define TS_F_DEF_TIME_CB 111 +#define TS_F_ESS_ADD_SIGNING_CERT 112 +#define TS_F_ESS_CERT_ID_NEW_INIT 113 +#define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +#define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +#define TS_F_PKCS7_TO_TS_TST_INFO 148 +#define TS_F_TS_ACCURACY_SET_MICROS 115 +#define TS_F_TS_ACCURACY_SET_MILLIS 116 +#define TS_F_TS_ACCURACY_SET_SECONDS 117 +#define TS_F_TS_CHECK_IMPRINTS 100 +#define TS_F_TS_CHECK_NONCES 101 +#define TS_F_TS_CHECK_POLICY 102 +#define TS_F_TS_CHECK_SIGNING_CERTS 103 +#define TS_F_TS_CHECK_STATUS_INFO 104 +#define TS_F_TS_COMPUTE_IMPRINT 145 +#define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +#define TS_F_TS_GET_STATUS_TEXT 105 +#define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +#define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +#define TS_F_TS_REQ_SET_NONCE 120 +#define TS_F_TS_REQ_SET_POLICY_ID 121 +#define TS_F_TS_RESP_CREATE_RESPONSE 122 +#define TS_F_TS_RESP_CREATE_TST_INFO 123 +#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +#define TS_F_TS_RESP_CTX_ADD_MD 125 +#define TS_F_TS_RESP_CTX_ADD_POLICY 126 +#define TS_F_TS_RESP_CTX_NEW 127 +#define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +#define TS_F_TS_RESP_CTX_SET_CERTS 129 +#define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +#define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +#define TS_F_TS_RESP_GET_POLICY 133 +#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +#define TS_F_TS_RESP_SET_STATUS_INFO 135 +#define TS_F_TS_RESP_SET_TST_INFO 150 +#define TS_F_TS_RESP_SIGN 136 +#define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +#define TS_F_TS_RESP_VERIFY_TOKEN 107 +#define TS_F_TS_TST_INFO_SET_ACCURACY 137 +#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +#define TS_F_TS_TST_INFO_SET_NONCE 139 +#define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +#define TS_F_TS_TST_INFO_SET_SERIAL 141 +#define TS_F_TS_TST_INFO_SET_TIME 142 +#define TS_F_TS_TST_INFO_SET_TSA 143 +#define TS_F_TS_VERIFY 108 +#define TS_F_TS_VERIFY_CERT 109 +#define TS_F_TS_VERIFY_CTX_NEW 144 + +/* Reason codes. */ +#define TS_R_BAD_PKCS7_TYPE 132 +#define TS_R_BAD_TYPE 133 +#define TS_R_CERTIFICATE_VERIFY_ERROR 100 +#define TS_R_COULD_NOT_SET_ENGINE 127 +#define TS_R_COULD_NOT_SET_TIME 115 +#define TS_R_D2I_TS_RESP_INT_FAILED 128 +#define TS_R_DETACHED_CONTENT 134 +#define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +#define TS_R_INVALID_NULL_POINTER 102 +#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +#define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +#define TS_R_NONCE_MISMATCH 104 +#define TS_R_NONCE_NOT_RETURNED 105 +#define TS_R_NO_CONTENT 106 +#define TS_R_NO_TIME_STAMP_TOKEN 107 +#define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +#define TS_R_POLICY_MISMATCH 108 +#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +#define TS_R_RESPONSE_SETUP_ERROR 121 +#define TS_R_SIGNATURE_FAILURE 109 +#define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +#define TS_R_TIME_SYSCALL_ERROR 122 +#define TS_R_TOKEN_NOT_PRESENT 130 +#define TS_R_TOKEN_PRESENT 131 +#define TS_R_TSA_NAME_MISMATCH 111 +#define TS_R_TSA_UNTRUSTED 112 +#define TS_R_TST_INFO_SETUP_ERROR 123 +#define TS_R_TS_DATASIGN 124 +#define TS_R_UNACCEPTABLE_POLICY 125 +#define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +#define TS_R_UNSUPPORTED_VERSION 113 +#define TS_R_WRONG_CONTENT_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/lib/libcrypto/ts/ts_asn1.c b/lib/libcrypto/ts/ts_asn1.c new file mode 100644 index 00000000000..40b730c5e2e --- /dev/null +++ b/lib/libcrypto/ts/ts_asn1.c @@ -0,0 +1,322 @@ +/* crypto/ts/ts_asn1.c */ +/* Written by Nils Larsch for the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/ts.h> +#include <openssl/err.h> +#include <openssl/asn1t.h> + +ASN1_SEQUENCE(TS_MSG_IMPRINT) = { + ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), + ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(TS_MSG_IMPRINT) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) +#ifndef OPENSSL_NO_BIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) + { + return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, bp, a); + } + +int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a) +{ + return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a); +} +#endif +#ifndef OPENSSL_NO_FP_API +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) + { + return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, fp, a); + } + +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a) + { + return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a); + } +#endif + +ASN1_SEQUENCE(TS_REQ) = { + ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER), + ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT), + ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT), + ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER), + ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN), + ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0) +} ASN1_SEQUENCE_END(TS_REQ) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ) +#ifndef OPENSSL_NO_BIO +TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a) + { + return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a); + } + +int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a) + { + return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a); + } +#endif +#ifndef OPENSSL_NO_FP_API +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a) + { + return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a); + } + +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a) + { + return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a); + } +#endif + +ASN1_SEQUENCE(TS_ACCURACY) = { + ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER), + ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0), + ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1) +} ASN1_SEQUENCE_END(TS_ACCURACY) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY) + +ASN1_SEQUENCE(TS_TST_INFO) = { + ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT), + ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT), + ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER), + ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME), + ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY), + ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN), + ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER), + ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0), + ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1) +} ASN1_SEQUENCE_END(TS_TST_INFO) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO) +#ifndef OPENSSL_NO_BIO +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) + { + return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, a); + } + +int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a) + { + return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a); + } +#endif +#ifndef OPENSSL_NO_FP_API +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) + { + return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, a); + } + +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a) + { + return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a); + } +#endif + +ASN1_SEQUENCE(TS_STATUS_INFO) = { + ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER), + ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING), + ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(TS_STATUS_INFO) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO) + +static int ts_resp_set_tst_info(TS_RESP *a) +{ + long status; + + status = ASN1_INTEGER_get(a->status_info->status); + + if (a->token) { + if (status != 0 && status != 1) { + TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT); + return 0; + } + if (a->tst_info != NULL) + TS_TST_INFO_free(a->tst_info); + a->tst_info = PKCS7_to_TS_TST_INFO(a->token); + if (!a->tst_info) { + TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_PKCS7_TO_TS_TST_INFO_FAILED); + return 0; + } + } else if (status == 0 || status == 1) { + TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT); + return 0; + } + + return 1; +} + +static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + TS_RESP *ts_resp = (TS_RESP *)*pval; + if (op == ASN1_OP_NEW_POST) { + ts_resp->tst_info = NULL; + } else if (op == ASN1_OP_FREE_POST) { + if (ts_resp->tst_info != NULL) + TS_TST_INFO_free(ts_resp->tst_info); + } else if (op == ASN1_OP_D2I_POST) { + if (ts_resp_set_tst_info(ts_resp) == 0) + return 0; + } + return 1; +} + +ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = { + ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO), + ASN1_OPT(TS_RESP, token, PKCS7), +} ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP) +#ifndef OPENSSL_NO_BIO +TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a) + { + return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a); + } + +int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a) + { + return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a); + } +#endif +#ifndef OPENSSL_NO_FP_API +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a) + { + return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a); + } + +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a) + { + return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a); + } +#endif + +ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = { + ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME), + ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER) +} ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL) + +IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL) +IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) + +ASN1_SEQUENCE(ESS_CERT_ID) = { + ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING), + ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL) +} ASN1_SEQUENCE_END(ESS_CERT_ID) + +IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID) +IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID) + +ASN1_SEQUENCE(ESS_SIGNING_CERT) = { + ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID), + ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO) +} ASN1_SEQUENCE_END(ESS_SIGNING_CERT) + +IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT) +IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) + +/* Getting encapsulated TS_TST_INFO object from PKCS7. */ +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token) +{ + PKCS7_SIGNED *pkcs7_signed; + PKCS7 *enveloped; + ASN1_TYPE *tst_info_wrapper; + ASN1_OCTET_STRING *tst_info_der; + const unsigned char *p; + + if (!PKCS7_type_is_signed(token)) + { + TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); + return NULL; + } + + /* Content must be present. */ + if (PKCS7_get_detached(token)) + { + TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT); + return NULL; + } + + /* We have a signed data with content. */ + pkcs7_signed = token->d.sign; + enveloped = pkcs7_signed->contents; + if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) + { + TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); + return NULL; + } + + /* We have a DER encoded TST_INFO as the signed data. */ + tst_info_wrapper = enveloped->d.other; + if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) + { + TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE); + return NULL; + } + + /* We have the correct ASN1_OCTET_STRING type. */ + tst_info_der = tst_info_wrapper->value.octet_string; + /* At last, decode the TST_INFO. */ + p = tst_info_der->data; + return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length); +} diff --git a/lib/libcrypto/ts/ts_conf.c b/lib/libcrypto/ts/ts_conf.c new file mode 100644 index 00000000000..c39be76f284 --- /dev/null +++ b/lib/libcrypto/ts/ts_conf.c @@ -0,0 +1,507 @@ +/* crypto/ts/ts_conf.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <string.h> + +#include <openssl/crypto.h> +#include "cryptlib.h" +#include <openssl/pem.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif +#include <openssl/ts.h> + +/* Macro definitions for the configuration file. */ + +#define BASE_SECTION "tsa" +#define ENV_DEFAULT_TSA "default_tsa" +#define ENV_SERIAL "serial" +#define ENV_CRYPTO_DEVICE "crypto_device" +#define ENV_SIGNER_CERT "signer_cert" +#define ENV_CERTS "certs" +#define ENV_SIGNER_KEY "signer_key" +#define ENV_DEFAULT_POLICY "default_policy" +#define ENV_OTHER_POLICIES "other_policies" +#define ENV_DIGESTS "digests" +#define ENV_ACCURACY "accuracy" +#define ENV_ORDERING "ordering" +#define ENV_TSA_NAME "tsa_name" +#define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" +#define ENV_VALUE_SECS "secs" +#define ENV_VALUE_MILLISECS "millisecs" +#define ENV_VALUE_MICROSECS "microsecs" +#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" +#define ENV_VALUE_YES "yes" +#define ENV_VALUE_NO "no" + +/* Function definitions for certificate and key loading. */ + +X509 *TS_CONF_load_cert(const char *file) + { + BIO *cert = NULL; + X509 *x = NULL; + + if ((cert = BIO_new_file(file, "r")) == NULL) goto end; + x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); +end: + if (x == NULL) + fprintf(stderr, "unable to load certificate: %s\n", file); + BIO_free(cert); + return x; + } + +STACK_OF(X509) *TS_CONF_load_certs(const char *file) + { + BIO *certs = NULL; + STACK_OF(X509) *othercerts = NULL; + STACK_OF(X509_INFO) *allcerts = NULL; + int i; + + if (!(certs = BIO_new_file(file, "r"))) goto end; + + if (!(othercerts = sk_X509_new_null())) goto end; + allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); + for(i = 0; i < sk_X509_INFO_num(allcerts); i++) + { + X509_INFO *xi = sk_X509_INFO_value(allcerts, i); + if (xi->x509) + { + sk_X509_push(othercerts, xi->x509); + xi->x509 = NULL; + } + } +end: + if (othercerts == NULL) + fprintf(stderr, "unable to load certificates: %s\n", file); + sk_X509_INFO_pop_free(allcerts, X509_INFO_free); + BIO_free(certs); + return othercerts; + } + +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) + { + BIO *key = NULL; + EVP_PKEY *pkey = NULL; + + if (!(key = BIO_new_file(file, "r"))) goto end; + pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *) pass); + end: + if (pkey == NULL) + fprintf(stderr, "unable to load private key: %s\n", file); + BIO_free(key); + return pkey; + } + +/* Function definitions for handling configuration options. */ + +static void TS_CONF_lookup_fail(const char *name, const char *tag) + { + fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); + } + +static void TS_CONF_invalid(const char *name, const char *tag) + { + fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); + } + +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) + { + if (!section) + { + section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); + if (!section) + TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); + } + return section; + } + +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx) + { + int ret = 0; + char *serial = NCONF_get_string(conf, section, ENV_SERIAL); + if (!serial) + { + TS_CONF_lookup_fail(section, ENV_SERIAL); + goto err; + } + TS_RESP_CTX_set_serial_cb(ctx, cb, serial); + + ret = 1; + err: + return ret; + } + +#ifndef OPENSSL_NO_ENGINE + +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device) + { + int ret = 0; + + if (!device) + device = NCONF_get_string(conf, section, + ENV_CRYPTO_DEVICE); + + if (device && !TS_CONF_set_default_engine(device)) + { + TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); + goto err; + } + ret = 1; + err: + return ret; + } + +int TS_CONF_set_default_engine(const char *name) + { + ENGINE *e = NULL; + int ret = 0; + + /* Leave the default if builtin specified. */ + if (strcmp(name, "builtin") == 0) return 1; + + if (!(e = ENGINE_by_id(name))) goto err; + /* Enable the use of the NCipher HSM for forked children. */ + if (strcmp(name, "chil") == 0) + ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); + /* All the operations are going to be carried out by the engine. */ + if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) goto err; + ret = 1; + err: + if (!ret) + { + TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, + TS_R_COULD_NOT_SET_ENGINE); + ERR_add_error_data(2, "engine:", name); + } + if (e) ENGINE_free(e); + return ret; + } + +#endif + +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx) + { + int ret = 0; + X509 *cert_obj = NULL; + if (!cert) + cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); + if (!cert) + { + TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); + goto err; + } + if (!(cert_obj = TS_CONF_load_cert(cert))) + goto err; + if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) + goto err; + + ret = 1; + err: + X509_free(cert_obj); + return ret; + } + +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx) + { + int ret = 0; + STACK_OF(X509) *certs_obj = NULL; + if (!certs) + certs = NCONF_get_string(conf, section, ENV_CERTS); + /* Certificate chain is optional. */ + if (!certs) goto end; + if (!(certs_obj = TS_CONF_load_certs(certs))) goto err; + if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) goto err; + end: + ret = 1; + err: + sk_X509_pop_free(certs_obj, X509_free); + return ret; + } + +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx) + { + int ret = 0; + EVP_PKEY *key_obj = NULL; + if (!key) + key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); + if (!key) + { + TS_CONF_lookup_fail(section, ENV_SIGNER_KEY); + goto err; + } + if (!(key_obj = TS_CONF_load_key(key, pass))) goto err; + if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) goto err; + + ret = 1; + err: + EVP_PKEY_free(key_obj); + return ret; + } + +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx) + { + int ret = 0; + ASN1_OBJECT *policy_obj = NULL; + if (!policy) + policy = NCONF_get_string(conf, section, + ENV_DEFAULT_POLICY); + if (!policy) + { + TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); + goto err; + } + if (!(policy_obj = OBJ_txt2obj(policy, 0))) + { + TS_CONF_invalid(section, ENV_DEFAULT_POLICY); + goto err; + } + if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) + goto err; + + ret = 1; + err: + ASN1_OBJECT_free(policy_obj); + return ret; + } + +int TS_CONF_set_policies(CONF *conf, const char *section, + TS_RESP_CTX *ctx) + { + int ret = 0; + int i; + STACK_OF(CONF_VALUE) *list = NULL; + char *policies = NCONF_get_string(conf, section, + ENV_OTHER_POLICIES); + /* If no other policy is specified, that's fine. */ + if (policies && !(list = X509V3_parse_list(policies))) + { + TS_CONF_invalid(section, ENV_OTHER_POLICIES); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) + { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + const char *extval = val->value ? val->value : val->name; + ASN1_OBJECT *objtmp; + if (!(objtmp = OBJ_txt2obj(extval, 0))) + { + TS_CONF_invalid(section, ENV_OTHER_POLICIES); + goto err; + } + if (!TS_RESP_CTX_add_policy(ctx, objtmp)) + goto err; + ASN1_OBJECT_free(objtmp); + } + + ret = 1; + err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; + } + +int TS_CONF_set_digests(CONF *conf, const char *section, + TS_RESP_CTX *ctx) + { + int ret = 0; + int i; + STACK_OF(CONF_VALUE) *list = NULL; + char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); + if (!digests) + { + TS_CONF_lookup_fail(section, ENV_DIGESTS); + goto err; + } + if (!(list = X509V3_parse_list(digests))) + { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + if (sk_CONF_VALUE_num(list) == 0) + { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) + { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + const char *extval = val->value ? val->value : val->name; + const EVP_MD *md; + if (!(md = EVP_get_digestbyname(extval))) + { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + if (!TS_RESP_CTX_add_md(ctx, md)) + goto err; + } + + ret = 1; + err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; + } + +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) + { + int ret = 0; + int i; + int secs = 0, millis = 0, micros = 0; + STACK_OF(CONF_VALUE) *list = NULL; + char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); + + if (accuracy && !(list = X509V3_parse_list(accuracy))) + { + TS_CONF_invalid(section, ENV_ACCURACY); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) + { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + if (strcmp(val->name, ENV_VALUE_SECS) == 0) + { + if (val->value) secs = atoi(val->value); + } + else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) + { + if (val->value) millis = atoi(val->value); + } + else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) + { + if (val->value) micros = atoi(val->value); + } + else + { + TS_CONF_invalid(section, ENV_ACCURACY); + goto err; + } + } + if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) + goto err; + + ret = 1; + err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; + } + +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx) + { + int ret = 0; + long digits = 0; + + /* If not specified, set the default value to 0, i.e. sec precision */ + if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS, + &digits)) + digits = 0; + if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) + { + TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); + goto err; + } + + if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) + goto err; + + return 1; + err: + return ret; + } + +static int TS_CONF_add_flag(CONF *conf, const char *section, const char *field, + int flag, TS_RESP_CTX *ctx) + { + /* Default is false. */ + const char *value = NCONF_get_string(conf, section, field); + if (value) + { + if (strcmp(value, ENV_VALUE_YES) == 0) + TS_RESP_CTX_add_flags(ctx, flag); + else if (strcmp(value, ENV_VALUE_NO) != 0) + { + TS_CONF_invalid(section, field); + return 0; + } + } + + return 1; + } + +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) + { + return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); + } + +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) + { + return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); + } + +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx) + { + return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, + TS_ESS_CERT_ID_CHAIN, ctx); + } diff --git a/lib/libcrypto/ts/ts_err.c b/lib/libcrypto/ts/ts_err.c new file mode 100644 index 00000000000..a08b0ffa234 --- /dev/null +++ b/lib/libcrypto/ts/ts_err.c @@ -0,0 +1,179 @@ +/* crypto/ts/ts_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include <stdio.h> +#include <openssl/err.h> +#include <openssl/ts.h> + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason) + +static ERR_STRING_DATA TS_str_functs[]= + { +{ERR_FUNC(TS_F_D2I_TS_RESP), "d2i_TS_RESP"}, +{ERR_FUNC(TS_F_DEF_SERIAL_CB), "DEF_SERIAL_CB"}, +{ERR_FUNC(TS_F_DEF_TIME_CB), "DEF_TIME_CB"}, +{ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_ADD_SIGNING_CERT"}, +{ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ESS_CERT_ID_NEW_INIT"}, +{ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ESS_SIGNING_CERT_NEW_INIT"}, +{ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "INT_TS_RESP_VERIFY_TOKEN"}, +{ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"}, +{ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"}, +{ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"}, +{ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"}, +{ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "TS_CHECK_IMPRINTS"}, +{ERR_FUNC(TS_F_TS_CHECK_NONCES), "TS_CHECK_NONCES"}, +{ERR_FUNC(TS_F_TS_CHECK_POLICY), "TS_CHECK_POLICY"}, +{ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"}, +{ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"}, +{ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"}, +{ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"}, +{ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"}, +{ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"}, +{ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"}, +{ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"}, +{ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"}, +{ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"}, +{ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "TS_RESP_CREATE_TST_INFO"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO), "TS_RESP_CTX_add_failure_info"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT), "TS_RESP_CTX_set_signer_cert"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO), "TS_RESP_CTX_set_status_info"}, +{ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "TS_RESP_GET_POLICY"}, +{ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION), "TS_RESP_SET_GENTIME_WITH_PRECISION"}, +{ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"}, +{ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"}, +{ERR_FUNC(TS_F_TS_RESP_SIGN), "TS_RESP_SIGN"}, +{ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"}, +{ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN), "TS_RESP_verify_token"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT), "TS_TST_INFO_set_msg_imprint"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"}, +{ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"}, +{ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"}, +{ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"}, +{0,NULL} + }; + +static ERR_STRING_DATA TS_str_reasons[]= + { +{ERR_REASON(TS_R_BAD_PKCS7_TYPE) ,"bad pkcs7 type"}, +{ERR_REASON(TS_R_BAD_TYPE) ,"bad type"}, +{ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +{ERR_REASON(TS_R_COULD_NOT_SET_ENGINE) ,"could not set engine"}, +{ERR_REASON(TS_R_COULD_NOT_SET_TIME) ,"could not set time"}, +{ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED) ,"d2i ts resp int failed"}, +{ERR_REASON(TS_R_DETACHED_CONTENT) ,"detached content"}, +{ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),"ess add signing cert error"}, +{ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR),"ess signing certificate error"}, +{ERR_REASON(TS_R_INVALID_NULL_POINTER) ,"invalid null pointer"}, +{ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),"invalid signer certificate purpose"}, +{ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH),"message imprint mismatch"}, +{ERR_REASON(TS_R_NONCE_MISMATCH) ,"nonce mismatch"}, +{ERR_REASON(TS_R_NONCE_NOT_RETURNED) ,"nonce not returned"}, +{ERR_REASON(TS_R_NO_CONTENT) ,"no content"}, +{ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN) ,"no time stamp token"}, +{ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, +{ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),"pkcs7 add signed attr error"}, +{ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED),"pkcs7 to ts tst info failed"}, +{ERR_REASON(TS_R_POLICY_MISMATCH) ,"policy mismatch"}, +{ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +{ERR_REASON(TS_R_RESPONSE_SETUP_ERROR) ,"response setup error"}, +{ERR_REASON(TS_R_SIGNATURE_FAILURE) ,"signature failure"}, +{ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER),"there must be one signer"}, +{ERR_REASON(TS_R_TIME_SYSCALL_ERROR) ,"time syscall error"}, +{ERR_REASON(TS_R_TOKEN_NOT_PRESENT) ,"token not present"}, +{ERR_REASON(TS_R_TOKEN_PRESENT) ,"token present"}, +{ERR_REASON(TS_R_TSA_NAME_MISMATCH) ,"tsa name mismatch"}, +{ERR_REASON(TS_R_TSA_UNTRUSTED) ,"tsa untrusted"}, +{ERR_REASON(TS_R_TST_INFO_SETUP_ERROR) ,"tst info setup error"}, +{ERR_REASON(TS_R_TS_DATASIGN) ,"ts datasign"}, +{ERR_REASON(TS_R_UNACCEPTABLE_POLICY) ,"unacceptable policy"}, +{ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM),"unsupported md algorithm"}, +{ERR_REASON(TS_R_UNSUPPORTED_VERSION) ,"unsupported version"}, +{ERR_REASON(TS_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, +{0,NULL} + }; + +#endif + +void ERR_load_TS_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(TS_str_functs[0].error) == NULL) + { + ERR_load_strings(0,TS_str_functs); + ERR_load_strings(0,TS_str_reasons); + } +#endif + } diff --git a/lib/libcrypto/ts/ts_lib.c b/lib/libcrypto/ts/ts_lib.c new file mode 100644 index 00000000000..e8608dbf711 --- /dev/null +++ b/lib/libcrypto/ts/ts_lib.c @@ -0,0 +1,145 @@ +/* crypto/ts/ts_lib.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> +#include "ts.h" + +/* Local function declarations. */ + +/* Function definitions. */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) + { + BIGNUM num_bn; + int result = 0; + char *hex; + + BN_init(&num_bn); + ASN1_INTEGER_to_BN(num, &num_bn); + if ((hex = BN_bn2hex(&num_bn))) + { + result = BIO_write(bio, "0x", 2) > 0; + result = result && BIO_write(bio, hex, strlen(hex)) > 0; + OPENSSL_free(hex); + } + BN_free(&num_bn); + + return result; + } + +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) + { + char obj_txt[128]; + + int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); + BIO_write(bio, obj_txt, len); + BIO_write(bio, "\n", 1); + + return 1; + } + +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions) + { + int i, critical, n; + X509_EXTENSION *ex; + ASN1_OBJECT *obj; + + BIO_printf(bio, "Extensions:\n"); + n = X509v3_get_ext_count(extensions); + for (i = 0; i < n; i++) + { + ex = X509v3_get_ext(extensions, i); + obj = X509_EXTENSION_get_object(ex); + i2a_ASN1_OBJECT(bio, obj); + critical = X509_EXTENSION_get_critical(ex); + BIO_printf(bio, ": %s\n", critical ? "critical" : ""); + if (!X509V3_EXT_print(bio, ex, 0, 4)) + { + BIO_printf(bio, "%4s", ""); + M_ASN1_OCTET_STRING_print(bio, ex->value); + } + BIO_write(bio, "\n", 1); + } + + return 1; + } + +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg) + { + int i = OBJ_obj2nid(alg->algorithm); + return BIO_printf(bio, "Hash Algorithm: %s\n", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); + } + +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a) + { + const ASN1_OCTET_STRING *msg; + + TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a)); + + BIO_printf(bio, "Message data:\n"); + msg = TS_MSG_IMPRINT_get_msg(a); + BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg), + M_ASN1_STRING_length(msg), 4); + + return 1; + } diff --git a/lib/libcrypto/ts/ts_req_print.c b/lib/libcrypto/ts/ts_req_print.c new file mode 100644 index 00000000000..eba12c38240 --- /dev/null +++ b/lib/libcrypto/ts/ts_req_print.c @@ -0,0 +1,102 @@ +/* crypto/ts/ts_req_print.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> +#include <openssl/ts.h> + +/* Function definitions. */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a) + { + int v; + ASN1_OBJECT *policy_id; + const ASN1_INTEGER *nonce; + + if (a == NULL) return 0; + + v = TS_REQ_get_version(a); + BIO_printf(bio, "Version: %d\n", v); + + TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a)); + + BIO_printf(bio, "Policy OID: "); + policy_id = TS_REQ_get_policy_id(a); + if (policy_id == NULL) + BIO_printf(bio, "unspecified\n"); + else + TS_OBJ_print_bio(bio, policy_id); + + BIO_printf(bio, "Nonce: "); + nonce = TS_REQ_get_nonce(a); + if (nonce == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, nonce); + BIO_write(bio, "\n", 1); + + BIO_printf(bio, "Certificate required: %s\n", + TS_REQ_get_cert_req(a) ? "yes" : "no"); + + TS_ext_print_bio(bio, TS_REQ_get_exts(a)); + + return 1; + } diff --git a/lib/libcrypto/ts/ts_req_utils.c b/lib/libcrypto/ts/ts_req_utils.c new file mode 100644 index 00000000000..43280c15874 --- /dev/null +++ b/lib/libcrypto/ts/ts_req_utils.c @@ -0,0 +1,234 @@ +/* crypto/ts/ts_req_utils.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/x509v3.h> +#include <openssl/ts.h> + +int TS_REQ_set_version(TS_REQ *a, long version) + { + return ASN1_INTEGER_set(a->version, version); + } + +long TS_REQ_get_version(const TS_REQ *a) + { + return ASN1_INTEGER_get(a->version); + } + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint) + { + TS_MSG_IMPRINT *new_msg_imprint; + + if (a->msg_imprint == msg_imprint) + return 1; + new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); + if (new_msg_imprint == NULL) + { + TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); + return 0; + } + TS_MSG_IMPRINT_free(a->msg_imprint); + a->msg_imprint = new_msg_imprint; + return 1; + } + +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a) + { + return a->msg_imprint; + } + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg) + { + X509_ALGOR *new_alg; + + if (a->hash_algo == alg) + return 1; + new_alg = X509_ALGOR_dup(alg); + if (new_alg == NULL) + { + TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE); + return 0; + } + X509_ALGOR_free(a->hash_algo); + a->hash_algo = new_alg; + return 1; + } + +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a) + { + return a->hash_algo; + } + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len) + { + return ASN1_OCTET_STRING_set(a->hashed_msg, d, len); + } + +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a) + { + return a->hashed_msg; + } + +int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy) + { + ASN1_OBJECT *new_policy; + + if (a->policy_id == policy) + return 1; + new_policy = OBJ_dup(policy); + if (new_policy == NULL) + { + TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(a->policy_id); + a->policy_id = new_policy; + return 1; + } + +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a) + { + return a->policy_id; + } + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce) + { + ASN1_INTEGER *new_nonce; + + if (a->nonce == nonce) + return 1; + new_nonce = ASN1_INTEGER_dup(nonce); + if (new_nonce == NULL) + { + TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->nonce); + a->nonce = new_nonce; + return 1; + } + +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a) + { + return a->nonce; + } + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req) + { + a->cert_req = cert_req ? 0xFF : 0x00; + return 1; + } + +int TS_REQ_get_cert_req(const TS_REQ *a) + { + return a->cert_req ? 1 : 0; + } + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a) + { + return a->extensions; + } + +void TS_REQ_ext_free(TS_REQ *a) + { + if (!a) return; + sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); + a->extensions = NULL; + } + +int TS_REQ_get_ext_count(TS_REQ *a) + { + return X509v3_get_ext_count(a->extensions); + } + +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos) + { + return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); + } + +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos) + { + return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); + } + +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos) + { + return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); + } + +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc) + { + return X509v3_get_ext(a->extensions,loc); + } + +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc) + { + return X509v3_delete_ext(a->extensions,loc); + } + +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc) + { + return X509v3_add_ext(&a->extensions,ex,loc) != NULL; + } + +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx) + { + return X509V3_get_d2i(a->extensions, nid, crit, idx); + } diff --git a/lib/libcrypto/ts/ts_rsp_print.c b/lib/libcrypto/ts/ts_rsp_print.c new file mode 100644 index 00000000000..21062517ba9 --- /dev/null +++ b/lib/libcrypto/ts/ts_rsp_print.c @@ -0,0 +1,287 @@ +/* crypto/ts/ts_resp_print.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> +#include "ts.h" + +struct status_map_st + { + int bit; + const char *text; + }; + +/* Local function declarations. */ + +static int TS_status_map_print(BIO *bio, struct status_map_st *a, + ASN1_BIT_STRING *v); +static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); + +/* Function definitions. */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a) + { + TS_TST_INFO *tst_info; + + BIO_printf(bio, "Status info:\n"); + TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a)); + + BIO_printf(bio, "\nTST info:\n"); + tst_info = TS_RESP_get_tst_info(a); + if (tst_info != NULL) + TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a)); + else + BIO_printf(bio, "Not included.\n"); + + return 1; + } + +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) + { + static const char *status_map[] = + { + "Granted.", + "Granted with modifications.", + "Rejected.", + "Waiting.", + "Revocation warning.", + "Revoked." + }; + static struct status_map_st failure_map[] = + { + { TS_INFO_BAD_ALG, + "unrecognized or unsupported algorithm identifier" }, + { TS_INFO_BAD_REQUEST, + "transaction not permitted or supported" }, + { TS_INFO_BAD_DATA_FORMAT, + "the data submitted has the wrong format" }, + { TS_INFO_TIME_NOT_AVAILABLE, + "the TSA's time source is not available" }, + { TS_INFO_UNACCEPTED_POLICY, + "the requested TSA policy is not supported by the TSA" }, + { TS_INFO_UNACCEPTED_EXTENSION, + "the requested extension is not supported by the TSA" }, + { TS_INFO_ADD_INFO_NOT_AVAILABLE, + "the additional information requested could not be understood " + "or is not available" }, + { TS_INFO_SYSTEM_FAILURE, + "the request cannot be handled due to system failure" }, + { -1, NULL } + }; + long status; + int i, lines = 0; + + /* Printing status code. */ + BIO_printf(bio, "Status: "); + status = ASN1_INTEGER_get(a->status); + if (0 <= status && status < (long)(sizeof(status_map)/sizeof(status_map[0]))) + BIO_printf(bio, "%s\n", status_map[status]); + else + BIO_printf(bio, "out of bounds\n"); + + /* Printing status description. */ + BIO_printf(bio, "Status description: "); + for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) + { + if (i > 0) + BIO_puts(bio, "\t"); + ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i), + 0); + BIO_puts(bio, "\n"); + } + if (i == 0) + BIO_printf(bio, "unspecified\n"); + + /* Printing failure information. */ + BIO_printf(bio, "Failure info: "); + if (a->failure_info != NULL) + lines = TS_status_map_print(bio, failure_map, + a->failure_info); + if (lines == 0) + BIO_printf(bio, "unspecified"); + BIO_printf(bio, "\n"); + + return 1; + } + +static int TS_status_map_print(BIO *bio, struct status_map_st *a, + ASN1_BIT_STRING *v) + { + int lines = 0; + + for (; a->bit >= 0; ++a) + { + if (ASN1_BIT_STRING_get_bit(v, a->bit)) + { + if (++lines > 1) + BIO_printf(bio, ", "); + BIO_printf(bio, "%s", a->text); + } + } + + return lines; + } + +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) + { + int v; + ASN1_OBJECT *policy_id; + const ASN1_INTEGER *serial; + const ASN1_GENERALIZEDTIME *gtime; + TS_ACCURACY *accuracy; + const ASN1_INTEGER *nonce; + GENERAL_NAME *tsa_name; + + if (a == NULL) return 0; + + /* Print version. */ + v = TS_TST_INFO_get_version(a); + BIO_printf(bio, "Version: %d\n", v); + + /* Print policy id. */ + BIO_printf(bio, "Policy OID: "); + policy_id = TS_TST_INFO_get_policy_id(a); + TS_OBJ_print_bio(bio, policy_id); + + /* Print message imprint. */ + TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a)); + + /* Print serial number. */ + BIO_printf(bio, "Serial number: "); + serial = TS_TST_INFO_get_serial(a); + if (serial == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, serial); + BIO_write(bio, "\n", 1); + + /* Print time stamp. */ + BIO_printf(bio, "Time stamp: "); + gtime = TS_TST_INFO_get_time(a); + ASN1_GENERALIZEDTIME_print(bio, gtime); + BIO_write(bio, "\n", 1); + + /* Print accuracy. */ + BIO_printf(bio, "Accuracy: "); + accuracy = TS_TST_INFO_get_accuracy(a); + if (accuracy == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ACCURACY_print_bio(bio, accuracy); + BIO_write(bio, "\n", 1); + + /* Print ordering. */ + BIO_printf(bio, "Ordering: %s\n", + TS_TST_INFO_get_ordering(a) ? "yes" : "no"); + + /* Print nonce. */ + BIO_printf(bio, "Nonce: "); + nonce = TS_TST_INFO_get_nonce(a); + if (nonce == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, nonce); + BIO_write(bio, "\n", 1); + + /* Print TSA name. */ + BIO_printf(bio, "TSA: "); + tsa_name = TS_TST_INFO_get_tsa(a); + if (tsa_name == NULL) + BIO_printf(bio, "unspecified"); + else + { + STACK_OF(CONF_VALUE) *nval; + if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL))) + X509V3_EXT_val_prn(bio, nval, 0, 0); + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + } + BIO_write(bio, "\n", 1); + + /* Print extensions. */ + TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a)); + + return 1; + } + +static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) + { + const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy); + const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy); + const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy); + + if (seconds != NULL) + TS_ASN1_INTEGER_print_bio(bio, seconds); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " seconds, "); + if (millis != NULL) + TS_ASN1_INTEGER_print_bio(bio, millis); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " millis, "); + if (micros != NULL) + TS_ASN1_INTEGER_print_bio(bio, micros); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " micros"); + + return 1; + } diff --git a/lib/libcrypto/ts/ts_rsp_sign.c b/lib/libcrypto/ts/ts_rsp_sign.c new file mode 100644 index 00000000000..b0f023c9d2f --- /dev/null +++ b/lib/libcrypto/ts/ts_rsp_sign.c @@ -0,0 +1,1020 @@ +/* crypto/ts/ts_resp_sign.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" + +#if defined(OPENSSL_SYS_UNIX) +#include <sys/time.h> +#endif + +#include <openssl/objects.h> +#include <openssl/ts.h> +#include <openssl/pkcs7.h> + +/* Private function declarations. */ + +static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); +static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); +static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); + +static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); +static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx); +static int TS_RESP_check_request(TS_RESP_CTX *ctx); +static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx); +static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, + ASN1_OBJECT *policy); +static int TS_RESP_process_extensions(TS_RESP_CTX *ctx); +static int TS_RESP_sign(TS_RESP_CTX *ctx); + +static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, + STACK_OF(X509) *certs); +static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); +static int TS_TST_INFO_content_new(PKCS7 *p7); +static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); + +static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( + ASN1_GENERALIZEDTIME *, long, long, unsigned); + +/* Default callbacks for response generation. */ + +static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) + { + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + if (!serial) goto err; + if (!ASN1_INTEGER_set(serial, 1)) goto err; + return serial; + err: + TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Error during serial number generation."); + return NULL; + } + +#if defined(OPENSSL_SYS_UNIX) + +/* Use the gettimeofday function call. */ +static int def_time_cb(struct TS_resp_ctx *ctx, void *data, + long *sec, long *usec) + { + struct timeval tv; + if (gettimeofday(&tv, NULL) != 0) + { + TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Time is not available."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); + return 0; + } + /* Return time to caller. */ + *sec = tv.tv_sec; + *usec = tv.tv_usec; + + return 1; + } + +#else + +/* Use the time function call that provides only seconds precision. */ +static int def_time_cb(struct TS_resp_ctx *ctx, void *data, + long *sec, long *usec) + { + time_t t; + if (time(&t) == (time_t) -1) + { + TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Time is not available."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); + return 0; + } + /* Return time to caller, only second precision. */ + *sec = (long) t; + *usec = 0; + + return 1; + } + +#endif + +static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, + void *data) + { + /* No extensions are processed here. */ + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Unsupported extension."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION); + return 0; + } + +/* TS_RESP_CTX management functions. */ + +TS_RESP_CTX *TS_RESP_CTX_new() + { + TS_RESP_CTX *ctx; + + if (!(ctx = (TS_RESP_CTX *) OPENSSL_malloc(sizeof(TS_RESP_CTX)))) + { + TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + memset(ctx, 0, sizeof(TS_RESP_CTX)); + + /* Setting default callbacks. */ + ctx->serial_cb = def_serial_cb; + ctx->time_cb = def_time_cb; + ctx->extension_cb = def_extension_cb; + + return ctx; + } + +void TS_RESP_CTX_free(TS_RESP_CTX *ctx) + { + if (!ctx) return; + + X509_free(ctx->signer_cert); + EVP_PKEY_free(ctx->signer_key); + sk_X509_pop_free(ctx->certs, X509_free); + sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free); + ASN1_OBJECT_free(ctx->default_policy); + sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ + ASN1_INTEGER_free(ctx->seconds); + ASN1_INTEGER_free(ctx->millis); + ASN1_INTEGER_free(ctx->micros); + OPENSSL_free(ctx); + } + +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) + { + if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) + { + TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, + TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); + return 0; + } + if (ctx->signer_cert) X509_free(ctx->signer_cert); + ctx->signer_cert = signer; + CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); + return 1; + } + +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) + { + if (ctx->signer_key) EVP_PKEY_free(ctx->signer_key); + ctx->signer_key = key; + CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY); + + return 1; + } + +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) + { + if (ctx->default_policy) ASN1_OBJECT_free(ctx->default_policy); + if (!(ctx->default_policy = OBJ_dup(def_policy))) goto err; + return 1; + err: + TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE); + return 0; + } + +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) + { + int i; + + if (ctx->certs) + { + sk_X509_pop_free(ctx->certs, X509_free); + ctx->certs = NULL; + } + if (!certs) return 1; + if (!(ctx->certs = sk_X509_dup(certs))) + { + TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); + return 0; + } + for (i = 0; i < sk_X509_num(ctx->certs); ++i) + { + X509 *cert = sk_X509_value(ctx->certs, i); + CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509); + } + + return 1; + } + +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) + { + ASN1_OBJECT *copy = NULL; + + /* Create new policy stack if necessary. */ + if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null())) + goto err; + if (!(copy = OBJ_dup(policy))) goto err; + if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) goto err; + + return 1; + err: + TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(copy); + return 0; + } + +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) + { + /* Create new md stack if necessary. */ + if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null())) + goto err; + /* Add the shared md, no copy needed. */ + if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md)) goto err; + + return 1; + err: + TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE); + return 0; + } + +#define TS_RESP_CTX_accuracy_free(ctx) \ + ASN1_INTEGER_free(ctx->seconds); \ + ctx->seconds = NULL; \ + ASN1_INTEGER_free(ctx->millis); \ + ctx->millis = NULL; \ + ASN1_INTEGER_free(ctx->micros); \ + ctx->micros = NULL; + +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros) + { + + TS_RESP_CTX_accuracy_free(ctx); + if (secs && (!(ctx->seconds = ASN1_INTEGER_new()) + || !ASN1_INTEGER_set(ctx->seconds, secs))) + goto err; + if (millis && (!(ctx->millis = ASN1_INTEGER_new()) + || !ASN1_INTEGER_set(ctx->millis, millis))) + goto err; + if (micros && (!(ctx->micros = ASN1_INTEGER_new()) + || !ASN1_INTEGER_set(ctx->micros, micros))) + goto err; + + return 1; + err: + TS_RESP_CTX_accuracy_free(ctx); + TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE); + return 0; + } + +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags) + { + ctx->flags |= flags; + } + +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) + { + ctx->serial_cb = cb; + ctx->serial_cb_data = data; + } + +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) + { + ctx->time_cb = cb; + ctx->time_cb_data = data; + } + +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data) + { + ctx->extension_cb = cb; + ctx->extension_cb_data = data; + } + +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text) + { + TS_STATUS_INFO *si = NULL; + ASN1_UTF8STRING *utf8_text = NULL; + int ret = 0; + + if (!(si = TS_STATUS_INFO_new())) goto err; + if (!ASN1_INTEGER_set(si->status, status)) goto err; + if (text) + { + if (!(utf8_text = ASN1_UTF8STRING_new()) + || !ASN1_STRING_set(utf8_text, text, strlen(text))) + goto err; + if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null())) + goto err; + if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) goto err; + utf8_text = NULL; /* Ownership is lost. */ + } + if (!TS_RESP_set_status_info(ctx->response, si)) goto err; + ret = 1; + err: + if (!ret) + TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); + TS_STATUS_INFO_free(si); + ASN1_UTF8STRING_free(utf8_text); + return ret; + } + +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text) + { + int ret = 1; + TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); + + if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) + { + /* Status has not been set, set it now. */ + ret = TS_RESP_CTX_set_status_info(ctx, status, text); + } + return ret; + } + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) + { + TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); + if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new())) + goto err; + if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1)) + goto err; + return 1; + err: + TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE); + return 0; + } + +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx) + { + return ctx->request; + } + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx) + { + return ctx->tst_info; + } + +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, unsigned precision) + { + if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) + return 0; + ctx->clock_precision_digits = precision; + return 1; + } + +/* Main entry method of the response generation. */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) + { + ASN1_OBJECT *policy; + TS_RESP *response; + int result = 0; + + TS_RESP_CTX_init(ctx); + + /* Creating the response object. */ + if (!(ctx->response = TS_RESP_new())) + { + TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE); + goto end; + } + + /* Parsing DER request. */ + if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad request format or " + "system error."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); + goto end; + } + + /* Setting default status info. */ + if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL)) + goto end; + + /* Checking the request format. */ + if (!TS_RESP_check_request(ctx)) goto end; + + /* Checking acceptable policies. */ + if (!(policy = TS_RESP_get_policy(ctx))) goto end; + + /* Creating the TS_TST_INFO object. */ + if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy))) + goto end; + + /* Processing extensions. */ + if (!TS_RESP_process_extensions(ctx)) goto end; + + /* Generating the signature. */ + if (!TS_RESP_sign(ctx)) goto end; + + /* Everything was successful. */ + result = 1; + end: + if (!result) + { + TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR); + if (ctx->response != NULL) + { + if (TS_RESP_CTX_set_status_info_cond(ctx, + TS_STATUS_REJECTION, "Error during response " + "generation.") == 0) + { + TS_RESP_free(ctx->response); + ctx->response = NULL; + } + } + } + response = ctx->response; + ctx->response = NULL; /* Ownership will be returned to caller. */ + TS_RESP_CTX_cleanup(ctx); + return response; + } + +/* Initializes the variable part of the context. */ +static void TS_RESP_CTX_init(TS_RESP_CTX *ctx) + { + ctx->request = NULL; + ctx->response = NULL; + ctx->tst_info = NULL; + } + +/* Cleans up the variable part of the context. */ +static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) + { + TS_REQ_free(ctx->request); + ctx->request = NULL; + TS_RESP_free(ctx->response); + ctx->response = NULL; + TS_TST_INFO_free(ctx->tst_info); + ctx->tst_info = NULL; + } + +/* Checks the format and content of the request. */ +static int TS_RESP_check_request(TS_RESP_CTX *ctx) + { + TS_REQ *request = ctx->request; + TS_MSG_IMPRINT *msg_imprint; + X509_ALGOR *md_alg; + int md_alg_id; + const ASN1_OCTET_STRING *digest; + EVP_MD *md = NULL; + int i; + + /* Checking request version. */ + if (TS_REQ_get_version(request) != 1) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad request version."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST); + return 0; + } + + /* Checking message digest algorithm. */ + msg_imprint = TS_REQ_get_msg_imprint(request); + md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint); + md_alg_id = OBJ_obj2nid(md_alg->algorithm); + for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) + { + EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); + if (md_alg_id == EVP_MD_type(current_md)) + md = current_md; + } + if (!md) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Message digest algorithm is " + "not supported."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); + return 0; + } + + /* No message digest takes parameter. */ + if (md_alg->parameter + && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Superfluous message digest " + "parameter."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); + return 0; + } + /* Checking message digest size. */ + digest = TS_MSG_IMPRINT_get_msg(msg_imprint); + if (digest->length != EVP_MD_size(md)) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad message digest."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); + return 0; + } + + return 1; + } + +/* Returns the TSA policy based on the requested and acceptable policies. */ +static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx) + { + ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); + ASN1_OBJECT *policy = NULL; + int i; + + if (ctx->default_policy == NULL) + { + TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER); + return NULL; + } + /* Return the default policy if none is requested or the default is + requested. */ + if (!requested || !OBJ_cmp(requested, ctx->default_policy)) + policy = ctx->default_policy; + + /* Check if the policy is acceptable. */ + for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) + { + ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i); + if (!OBJ_cmp(requested, current)) + policy = current; + } + if (!policy) + { + TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Requested policy is not " + "supported."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY); + } + return policy; + } + +/* Creates the TS_TST_INFO object based on the settings of the context. */ +static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, + ASN1_OBJECT *policy) + { + int result = 0; + TS_TST_INFO *tst_info = NULL; + ASN1_INTEGER *serial = NULL; + ASN1_GENERALIZEDTIME *asn1_time = NULL; + long sec, usec; + TS_ACCURACY *accuracy = NULL; + const ASN1_INTEGER *nonce; + GENERAL_NAME *tsa_name = NULL; + + if (!(tst_info = TS_TST_INFO_new())) goto end; + if (!TS_TST_INFO_set_version(tst_info, 1)) goto end; + if (!TS_TST_INFO_set_policy_id(tst_info, policy)) goto end; + if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint)) + goto end; + if (!(serial = (*ctx->serial_cb)(ctx, ctx->serial_cb_data)) + || !TS_TST_INFO_set_serial(tst_info, serial)) + goto end; + if (!(*ctx->time_cb)(ctx, ctx->time_cb_data, &sec, &usec) + || !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, + sec, usec, + ctx->clock_precision_digits)) + || !TS_TST_INFO_set_time(tst_info, asn1_time)) + goto end; + + /* Setting accuracy if needed. */ + if ((ctx->seconds || ctx->millis || ctx->micros) + && !(accuracy = TS_ACCURACY_new())) + goto end; + + if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds)) + goto end; + if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis)) + goto end; + if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros)) + goto end; + if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy)) + goto end; + + /* Setting ordering. */ + if ((ctx->flags & TS_ORDERING) + && !TS_TST_INFO_set_ordering(tst_info, 1)) + goto end; + + /* Setting nonce if needed. */ + if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL + && !TS_TST_INFO_set_nonce(tst_info, nonce)) + goto end; + + /* Setting TSA name to subject of signer certificate. */ + if (ctx->flags & TS_TSA_NAME) + { + if (!(tsa_name = GENERAL_NAME_new())) goto end; + tsa_name->type = GEN_DIRNAME; + tsa_name->d.dirn = + X509_NAME_dup(ctx->signer_cert->cert_info->subject); + if (!tsa_name->d.dirn) goto end; + if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) goto end; + } + + result = 1; + end: + if (!result) + { + TS_TST_INFO_free(tst_info); + tst_info = NULL; + TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR); + TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, + "Error during TSTInfo " + "generation."); + } + GENERAL_NAME_free(tsa_name); + TS_ACCURACY_free(accuracy); + ASN1_GENERALIZEDTIME_free(asn1_time); + ASN1_INTEGER_free(serial); + + return tst_info; + } + +/* Processing the extensions of the request. */ +static int TS_RESP_process_extensions(TS_RESP_CTX *ctx) + { + STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); + int i; + int ok = 1; + + for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) + { + X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); + /* XXXXX The last argument was previously + (void *)ctx->extension_cb, but ISO C doesn't permit + converting a function pointer to void *. For lack of + better information, I'm placing a NULL there instead. + The callback can pick its own address out from the ctx + anyway... + */ + ok = (*ctx->extension_cb)(ctx, ext, NULL); + } + + return ok; + } + +/* Functions for signing the TS_TST_INFO structure of the context. */ +static int TS_RESP_sign(TS_RESP_CTX *ctx) + { + int ret = 0; + PKCS7 *p7 = NULL; + PKCS7_SIGNER_INFO *si; + STACK_OF(X509) *certs; /* Certificates to include in sc. */ + ESS_SIGNING_CERT *sc = NULL; + ASN1_OBJECT *oid; + BIO *p7bio = NULL; + int i; + + /* Check if signcert and pkey match. */ + if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { + TSerr(TS_F_TS_RESP_SIGN, + TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + goto err; + } + + /* Create a new PKCS7 signed object. */ + if (!(p7 = PKCS7_new())) { + TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto err; + + /* Force SignedData version to be 3 instead of the default 1. */ + if (!ASN1_INTEGER_set(p7->d.sign->version, 3)) goto err; + + /* Add signer certificate and optional certificate chain. */ + if (TS_REQ_get_cert_req(ctx->request)) + { + PKCS7_add_certificate(p7, ctx->signer_cert); + if (ctx->certs) + { + for(i = 0; i < sk_X509_num(ctx->certs); ++i) + { + X509 *cert = sk_X509_value(ctx->certs, i); + PKCS7_add_certificate(p7, cert); + } + } + } + + /* Add a new signer info. */ + if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, + ctx->signer_key, EVP_sha1()))) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); + goto err; + } + + /* Add content type signed attribute to the signer info. */ + oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); + if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, oid)) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); + goto err; + } + + /* Create the ESS SigningCertificate attribute which contains + the signer certificate id and optionally the certificate chain. */ + certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; + if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs))) + goto err; + + /* Add SigningCertificate signed attribute to the signer info. */ + if (!ESS_add_signing_cert(si, sc)) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); + goto err; + } + + /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */ + if (!TS_TST_INFO_content_new(p7)) goto err; + + /* Add the DER encoded tst_info to the PKCS7 structure. */ + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Convert tst_info to DER. */ + if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); + goto err; + } + + /* Create the signature and add it to the signer info. */ + if (!PKCS7_dataFinal(p7, p7bio)) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); + goto err; + } + + /* Set new PKCS7 and TST_INFO objects. */ + TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info); + p7 = NULL; /* Ownership is lost. */ + ctx->tst_info = NULL; /* Ownership is lost. */ + + ret = 1; + err: + if (!ret) + TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, + "Error during signature " + "generation."); + BIO_free_all(p7bio); + ESS_SIGNING_CERT_free(sc); + PKCS7_free(p7); + return ret; + } + +static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, + STACK_OF(X509) *certs) + { + ESS_CERT_ID *cid; + ESS_SIGNING_CERT *sc = NULL; + int i; + + /* Creating the ESS_CERT_ID stack. */ + if (!(sc = ESS_SIGNING_CERT_new())) goto err; + if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null())) + goto err; + + /* Adding the signing certificate id. */ + if (!(cid = ESS_CERT_ID_new_init(signcert, 0)) + || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) + goto err; + /* Adding the certificate chain ids. */ + for (i = 0; i < sk_X509_num(certs); ++i) + { + X509 *cert = sk_X509_value(certs, i); + if (!(cid = ESS_CERT_ID_new_init(cert, 1)) + || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) + goto err; + } + + return sc; +err: + ESS_SIGNING_CERT_free(sc); + TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE); + return NULL; + } + +static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) + { + ESS_CERT_ID *cid = NULL; + GENERAL_NAME *name = NULL; + + /* Recompute SHA1 hash of certificate if necessary (side effect). */ + X509_check_purpose(cert, -1, 0); + + if (!(cid = ESS_CERT_ID_new())) goto err; + if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, + sizeof(cert->sha1_hash))) + goto err; + + /* Setting the issuer/serial if requested. */ + if (issuer_needed) + { + /* Creating issuer/serial structure. */ + if (!cid->issuer_serial + && !(cid->issuer_serial = ESS_ISSUER_SERIAL_new())) + goto err; + /* Creating general name from the certificate issuer. */ + if (!(name = GENERAL_NAME_new())) goto err; + name->type = GEN_DIRNAME; + if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) + goto err; + if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) + goto err; + name = NULL; /* Ownership is lost. */ + /* Setting the serial number. */ + ASN1_INTEGER_free(cid->issuer_serial->serial); + if (!(cid->issuer_serial->serial = + ASN1_INTEGER_dup(cert->cert_info->serialNumber))) + goto err; + } + + return cid; +err: + GENERAL_NAME_free(name); + ESS_CERT_ID_free(cid); + TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE); + return NULL; + } + +static int TS_TST_INFO_content_new(PKCS7 *p7) + { + PKCS7 *ret = NULL; + ASN1_OCTET_STRING *octet_string = NULL; + + /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ + if (!(ret = PKCS7_new())) goto err; + if (!(ret->d.other = ASN1_TYPE_new())) goto err; + ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); + if (!(octet_string = ASN1_OCTET_STRING_new())) goto err; + ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string); + octet_string = NULL; + + /* Add encapsulated content to signed PKCS7 structure. */ + if (!PKCS7_set_content(p7, ret)) goto err; + + return 1; + err: + ASN1_OCTET_STRING_free(octet_string); + PKCS7_free(ret); + return 0; + } + +static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) + { + ASN1_STRING *seq = NULL; + unsigned char *p, *pp = NULL; + int len; + + len = i2d_ESS_SIGNING_CERT(sc, NULL); + if (!(pp = (unsigned char *) OPENSSL_malloc(len))) + { + TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); + goto err; + } + p = pp; + i2d_ESS_SIGNING_CERT(sc, &p); + if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) + { + TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); + goto err; + } + OPENSSL_free(pp); pp = NULL; + return PKCS7_add_signed_attribute(si, + NID_id_smime_aa_signingCertificate, + V_ASN1_SEQUENCE, seq); + err: + ASN1_STRING_free(seq); + OPENSSL_free(pp); + + return 0; + } + + +static ASN1_GENERALIZEDTIME * +TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, + long sec, long usec, unsigned precision) + { + time_t time_sec = (time_t) sec; + struct tm *tm = NULL; + char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; + char *p = genTime_str; + char *p_end = genTime_str + sizeof(genTime_str); + + if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) + goto err; + + + if (!(tm = gmtime(&time_sec))) + goto err; + + /* + * Put "genTime_str" in GeneralizedTime format. We work around the + * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST + * NOT include fractional seconds") and OpenSSL related functions to + * meet the rfc3161 requirement: "GeneralizedTime syntax can include + * fraction-of-second details". + */ + p += BIO_snprintf(p, p_end - p, + "%04d%02d%02d%02d%02d%02d", + tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); + if (precision > 0) + { + /* Add fraction of seconds (leave space for dot and null). */ + BIO_snprintf(p, 2 + precision, ".%ld", usec); + /* We cannot use the snprintf return value, + because it might have been truncated. */ + p += strlen(p); + + /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides + the following restrictions for a DER-encoding, which OpenSSL + (specifically ASN1_GENERALIZEDTIME_check() function) doesn't + support: + "The encoding MUST terminate with a "Z" (which means "Zulu" + time). The decimal point element, if present, MUST be the + point option ".". The fractional-seconds elements, + if present, MUST omit all trailing 0's; + if the elements correspond to 0, they MUST be wholly + omitted, and the decimal point element also MUST be + omitted." */ + /* Remove trailing zeros. The dot guarantees the exit + condition of this loop even if all the digits are zero. */ + while (*--p == '0') + /* empty */; + /* p points to either the dot or the last non-zero digit. */ + if (*p != '.') ++p; + } + /* Add the trailing Z and the terminating null. */ + *p++ = 'Z'; + *p++ = '\0'; + + /* Now call OpenSSL to check and set our genTime value */ + if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) + goto err; + if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) + { + ASN1_GENERALIZEDTIME_free(asn1_time); + goto err; + } + + return asn1_time; + err: + TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME); + return NULL; + } diff --git a/lib/libcrypto/ts/ts_rsp_utils.c b/lib/libcrypto/ts/ts_rsp_utils.c new file mode 100644 index 00000000000..401c1fdc51d --- /dev/null +++ b/lib/libcrypto/ts/ts_rsp_utils.c @@ -0,0 +1,409 @@ +/* crypto/ts/ts_resp_utils.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/ts.h> +#include <openssl/pkcs7.h> + +/* Function definitions. */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) + { + TS_STATUS_INFO *new_status_info; + + if (a->status_info == status_info) + return 1; + new_status_info = TS_STATUS_INFO_dup(status_info); + if (new_status_info == NULL) + { + TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); + return 0; + } + TS_STATUS_INFO_free(a->status_info); + a->status_info = new_status_info; + + return 1; + } + +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a) + { + return a->status_info; + } + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info) + { + /* Set new PKCS7 and TST_INFO objects. */ + PKCS7_free(a->token); + a->token = p7; + TS_TST_INFO_free(a->tst_info); + a->tst_info = tst_info; + } + +PKCS7 *TS_RESP_get_token(TS_RESP *a) + { + return a->token; + } + +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a) + { + return a->tst_info; + } + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version) + { + return ASN1_INTEGER_set(a->version, version); + } + +long TS_TST_INFO_get_version(const TS_TST_INFO *a) + { + return ASN1_INTEGER_get(a->version); + } + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy) + { + ASN1_OBJECT *new_policy; + + if (a->policy_id == policy) + return 1; + new_policy = OBJ_dup(policy); + if (new_policy == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(a->policy_id); + a->policy_id = new_policy; + return 1; + } + +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a) + { + return a->policy_id; + } + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint) + { + TS_MSG_IMPRINT *new_msg_imprint; + + if (a->msg_imprint == msg_imprint) + return 1; + new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); + if (new_msg_imprint == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); + return 0; + } + TS_MSG_IMPRINT_free(a->msg_imprint); + a->msg_imprint = new_msg_imprint; + return 1; + } + +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a) + { + return a->msg_imprint; + } + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial) + { + ASN1_INTEGER *new_serial; + + if (a->serial == serial) + return 1; + new_serial = ASN1_INTEGER_dup(serial); + if (new_serial == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->serial); + a->serial = new_serial; + return 1; + } + +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a) + { + return a->serial; + } + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime) + { + ASN1_GENERALIZEDTIME *new_time; + + if (a->time == gtime) + return 1; + new_time = M_ASN1_GENERALIZEDTIME_dup(gtime); + if (new_time == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_GENERALIZEDTIME_free(a->time); + a->time = new_time; + return 1; + } + +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a) + { + return a->time; + } + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy) + { + TS_ACCURACY *new_accuracy; + + if (a->accuracy == accuracy) + return 1; + new_accuracy = TS_ACCURACY_dup(accuracy); + if (new_accuracy == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE); + return 0; + } + TS_ACCURACY_free(a->accuracy); + a->accuracy = new_accuracy; + return 1; + } + +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a) + { + return a->accuracy; + } + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds) + { + ASN1_INTEGER *new_seconds; + + if (a->seconds == seconds) + return 1; + new_seconds = ASN1_INTEGER_dup(seconds); + if (new_seconds == NULL) + { + TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->seconds); + a->seconds = new_seconds; + return 1; + } + +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a) + { + return a->seconds; + } + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis) + { + ASN1_INTEGER *new_millis = NULL; + + if (a->millis == millis) + return 1; + if (millis != NULL) + { + new_millis = ASN1_INTEGER_dup(millis); + if (new_millis == NULL) + { + TSerr(TS_F_TS_ACCURACY_SET_MILLIS, + ERR_R_MALLOC_FAILURE); + return 0; + } + } + ASN1_INTEGER_free(a->millis); + a->millis = new_millis; + return 1; + } + +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a) + { + return a->millis; + } + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros) + { + ASN1_INTEGER *new_micros = NULL; + + if (a->micros == micros) + return 1; + if (micros != NULL) + { + new_micros = ASN1_INTEGER_dup(micros); + if (new_micros == NULL) + { + TSerr(TS_F_TS_ACCURACY_SET_MICROS, + ERR_R_MALLOC_FAILURE); + return 0; + } + } + ASN1_INTEGER_free(a->micros); + a->micros = new_micros; + return 1; + } + +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a) + { + return a->micros; + } + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering) + { + a->ordering = ordering ? 0xFF : 0x00; + return 1; + } + +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a) + { + return a->ordering ? 1 : 0; + } + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce) + { + ASN1_INTEGER *new_nonce; + + if (a->nonce == nonce) + return 1; + new_nonce = ASN1_INTEGER_dup(nonce); + if (new_nonce == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->nonce); + a->nonce = new_nonce; + return 1; + } + +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a) + { + return a->nonce; + } + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa) + { + GENERAL_NAME *new_tsa; + + if (a->tsa == tsa) + return 1; + new_tsa = GENERAL_NAME_dup(tsa); + if (new_tsa == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE); + return 0; + } + GENERAL_NAME_free(a->tsa); + a->tsa = new_tsa; + return 1; + } + +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a) + { + return a->tsa; + } + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a) + { + return a->extensions; + } + +void TS_TST_INFO_ext_free(TS_TST_INFO *a) + { + if (!a) return; + sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); + a->extensions = NULL; + } + +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a) + { + return X509v3_get_ext_count(a->extensions); + } + +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos) + { + return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); + } + +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos) + { + return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); + } + +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos) + { + return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); + } + +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc) + { + return X509v3_get_ext(a->extensions,loc); + } + +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc) + { + return X509v3_delete_ext(a->extensions,loc); + } + +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc) + { + return X509v3_add_ext(&a->extensions,ex,loc) != NULL; + } + +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx) + { + return X509V3_get_d2i(a->extensions, nid, crit, idx); + } diff --git a/lib/libcrypto/ts/ts_rsp_verify.c b/lib/libcrypto/ts/ts_rsp_verify.c new file mode 100644 index 00000000000..e1f3b534afb --- /dev/null +++ b/lib/libcrypto/ts/ts_rsp_verify.c @@ -0,0 +1,725 @@ +/* crypto/ts/ts_resp_verify.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/ts.h> +#include <openssl/pkcs7.h> + +/* Private function declarations. */ + +static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, + X509 *signer, STACK_OF(X509) **chain); +static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); +static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); +static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); +static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); +static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, + PKCS7 *token, TS_TST_INFO *tst_info); +static int TS_check_status_info(TS_RESP *response); +static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); +static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); +static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, + X509_ALGOR **md_alg, + unsigned char **imprint, unsigned *imprint_len); +static int TS_check_imprints(X509_ALGOR *algor_a, + unsigned char *imprint_a, unsigned len_a, + TS_TST_INFO *tst_info); +static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); +static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); +static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); + +/* + * Local mapping between response codes and descriptions. + * Don't forget to change TS_STATUS_BUF_SIZE when modifying + * the elements of this array. + */ +static const char *TS_status_text[] = + { "granted", + "grantedWithMods", + "rejection", + "waiting", + "revocationWarning", + "revocationNotification" }; + +#define TS_STATUS_TEXT_SIZE (sizeof(TS_status_text)/sizeof(*TS_status_text)) + +/* + * This must be greater or equal to the sum of the strings in TS_status_text + * plus the number of its elements. + */ +#define TS_STATUS_BUF_SIZE 256 + +static struct + { + int code; + const char *text; + } TS_failure_info[] = + { { TS_INFO_BAD_ALG, "badAlg" }, + { TS_INFO_BAD_REQUEST, "badRequest" }, + { TS_INFO_BAD_DATA_FORMAT, "badDataFormat" }, + { TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" }, + { TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" }, + { TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" }, + { TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" }, + { TS_INFO_SYSTEM_FAILURE, "systemFailure" } }; + +#define TS_FAILURE_INFO_SIZE (sizeof(TS_failure_info) / \ + sizeof(*TS_failure_info)) + +/* Functions for verifying a signed TS_TST_INFO structure. */ + +/* + * This function carries out the following tasks: + * - Checks if there is one and only one signer. + * - Search for the signing certificate in 'certs' and in the response. + * - Check the extended key usage and key usage fields of the signer + * certificate (done by the path validation). + * - Build and validate the certificate path. + * - Check if the certificate path meets the requirements of the + * SigningCertificate ESS signed attribute. + * - Verify the signature value. + * - Returns the signer certificate in 'signer', if 'signer' is not NULL. + */ +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out) + { + STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; + PKCS7_SIGNER_INFO *si; + STACK_OF(X509) *signers = NULL; + X509 *signer; + STACK_OF(X509) *chain = NULL; + char buf[4096]; + int i, j = 0, ret = 0; + BIO *p7bio = NULL; + + /* Some sanity checks first. */ + if (!token) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER); + goto err; + } + + /* Check for the correct content type */ + if(!PKCS7_type_is_signed(token)) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE); + goto err; + } + + /* Check if there is one and only one signer. */ + sinfos = PKCS7_get_signer_info(token); + if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, + TS_R_THERE_MUST_BE_ONE_SIGNER); + goto err; + } + si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); + + /* Check for no content: no data to verify signature. */ + if (PKCS7_get_detached(token)) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT); + goto err; + } + + /* Get hold of the signer certificate, search only internal + certificates if it was requested. */ + signers = PKCS7_get0_signers(token, certs, 0); + if (!signers || sk_X509_num(signers) != 1) goto err; + signer = sk_X509_value(signers, 0); + + /* Now verify the certificate. */ + if (!TS_verify_cert(store, certs, signer, &chain)) goto err; + + /* Check if the signer certificate is consistent with the + ESS extension. */ + if (!TS_check_signing_certs(si, chain)) goto err; + + /* Creating the message digest. */ + p7bio = PKCS7_dataInit(token, NULL); + + /* We now have to 'read' from p7bio to calculate digests etc. */ + while ((i = BIO_read(p7bio,buf,sizeof(buf))) > 0); + + /* Verifying the signature. */ + j = PKCS7_signatureVerify(p7bio, token, si, signer); + if (j <= 0) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE); + goto err; + } + + /* Return the signer certificate if needed. */ + if (signer_out) + { + *signer_out = signer; + CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + } + + ret = 1; + + err: + BIO_free_all(p7bio); + sk_X509_pop_free(chain, X509_free); + sk_X509_free(signers); + + return ret; + } + +/* + * The certificate chain is returned in chain. Caller is responsible for + * freeing the vector. + */ +static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, + X509 *signer, STACK_OF(X509) **chain) + { + X509_STORE_CTX cert_ctx; + int i; + int ret = 1; + + /* chain is an out argument. */ + *chain = NULL; + X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted); + X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) + { + int j = X509_STORE_CTX_get_error(&cert_ctx); + TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(j)); + ret = 0; + } + else + { + /* Get a copy of the certificate chain. */ + *chain = X509_STORE_CTX_get1_chain(&cert_ctx); + } + + X509_STORE_CTX_cleanup(&cert_ctx); + + return ret; + } + +static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) + { + ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); + STACK_OF(ESS_CERT_ID) *cert_ids = NULL; + X509 *cert; + int i = 0; + int ret = 0; + + if (!ss) goto err; + cert_ids = ss->cert_ids; + /* The signer certificate must be the first in cert_ids. */ + cert = sk_X509_value(chain, 0); + if (TS_find_cert(cert_ids, cert) != 0) goto err; + + /* Check the other certificates of the chain if there are more + than one certificate ids in cert_ids. */ + if (sk_ESS_CERT_ID_num(cert_ids) > 1) + { + /* All the certificates of the chain must be in cert_ids. */ + for (i = 1; i < sk_X509_num(chain); ++i) + { + cert = sk_X509_value(chain, i); + if (TS_find_cert(cert_ids, cert) < 0) goto err; + } + } + ret = 1; + err: + if (!ret) + TSerr(TS_F_TS_CHECK_SIGNING_CERTS, + TS_R_ESS_SIGNING_CERTIFICATE_ERROR); + ESS_SIGNING_CERT_free(ss); + return ret; + } + +static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) + { + ASN1_TYPE *attr; + const unsigned char *p; + attr = PKCS7_get_signed_attribute(si, + NID_id_smime_aa_signingCertificate); + if (!attr) return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); + } + +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) + { + int i; + + if (!cert_ids || !cert) return -1; + + /* Recompute SHA1 hash of certificate if necessary (side effect). */ + X509_check_purpose(cert, -1, 0); + + /* Look for cert in the cert_ids vector. */ + for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) + { + ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); + + /* Check the SHA-1 hash first. */ + if (cid->hash->length == sizeof(cert->sha1_hash) + && !memcmp(cid->hash->data, cert->sha1_hash, + sizeof(cert->sha1_hash))) + { + /* Check the issuer/serial as well if specified. */ + ESS_ISSUER_SERIAL *is = cid->issuer_serial; + if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) + return i; + } + } + + return -1; + } + +static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) + { + GENERAL_NAME *issuer; + + if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) return -1; + + /* Check the issuer first. It must be a directory name. */ + issuer = sk_GENERAL_NAME_value(is->issuer, 0); + if (issuer->type != GEN_DIRNAME + || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)) + return -1; + + /* Check the serial number, too. */ + if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)) + return -1; + + return 0; + } + +/* + * Verifies whether 'response' contains a valid response with regards + * to the settings of the context: + * - Gives an error message if the TS_TST_INFO is not present. + * - Calls _TS_RESP_verify_token to verify the token content. + */ +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) + { + PKCS7 *token = TS_RESP_get_token(response); + TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); + int ret = 0; + + /* Check if we have a successful TS_TST_INFO object in place. */ + if (!TS_check_status_info(response)) goto err; + + /* Check the contents of the time stamp token. */ + if (!int_TS_RESP_verify_token(ctx, token, tst_info)) + goto err; + + ret = 1; + err: + return ret; + } + +/* + * Tries to extract a TS_TST_INFO structure from the PKCS7 token and + * calls the internal int_TS_RESP_verify_token function for verifying it. + */ +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) + { + TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); + int ret = 0; + if (tst_info) + { + ret = int_TS_RESP_verify_token(ctx, token, tst_info); + TS_TST_INFO_free(tst_info); + } + return ret; + } + +/* + * Verifies whether the 'token' contains a valid time stamp token + * with regards to the settings of the context. Only those checks are + * carried out that are specified in the context: + * - Verifies the signature of the TS_TST_INFO. + * - Checks the version number of the response. + * - Check if the requested and returned policies math. + * - Check if the message imprints are the same. + * - Check if the nonces are the same. + * - Check if the TSA name matches the signer. + * - Check if the TSA name is the expected TSA. + */ +static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, + PKCS7 *token, TS_TST_INFO *tst_info) + { + X509 *signer = NULL; + GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); + X509_ALGOR *md_alg = NULL; + unsigned char *imprint = NULL; + unsigned imprint_len = 0; + int ret = 0; + + /* Verify the signature. */ + if ((ctx->flags & TS_VFY_SIGNATURE) + && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, + &signer)) + goto err; + + /* Check version number of response. */ + if ((ctx->flags & TS_VFY_VERSION) + && TS_TST_INFO_get_version(tst_info) != 1) + { + TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION); + goto err; + } + + /* Check policies. */ + if ((ctx->flags & TS_VFY_POLICY) + && !TS_check_policy(ctx->policy, tst_info)) + goto err; + + /* Check message imprints. */ + if ((ctx->flags & TS_VFY_IMPRINT) + && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, + tst_info)) + goto err; + + /* Compute and check message imprints. */ + if ((ctx->flags & TS_VFY_DATA) + && (!TS_compute_imprint(ctx->data, tst_info, + &md_alg, &imprint, &imprint_len) + || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) + goto err; + + /* Check nonces. */ + if ((ctx->flags & TS_VFY_NONCE) + && !TS_check_nonces(ctx->nonce, tst_info)) + goto err; + + /* Check whether TSA name and signer certificate match. */ + if ((ctx->flags & TS_VFY_SIGNER) + && tsa_name && !TS_check_signer_name(tsa_name, signer)) + { + TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); + goto err; + } + + /* Check whether the TSA is the expected one. */ + if ((ctx->flags & TS_VFY_TSA_NAME) + && !TS_check_signer_name(ctx->tsa_name, signer)) + { + TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); + goto err; + } + + ret = 1; + err: + X509_free(signer); + X509_ALGOR_free(md_alg); + OPENSSL_free(imprint); + return ret; + } + +static int TS_check_status_info(TS_RESP *response) + { + TS_STATUS_INFO *info = TS_RESP_get_status_info(response); + long status = ASN1_INTEGER_get(info->status); + const char *status_text = NULL; + char *embedded_status_text = NULL; + char failure_text[TS_STATUS_BUF_SIZE] = ""; + + /* Check if everything went fine. */ + if (status == 0 || status == 1) return 1; + + /* There was an error, get the description in status_text. */ + if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE) + status_text = TS_status_text[status]; + else + status_text = "unknown code"; + + /* Set the embedded_status_text to the returned description. */ + if (sk_ASN1_UTF8STRING_num(info->text) > 0 + && !(embedded_status_text = TS_get_status_text(info->text))) + return 0; + + /* Filling in failure_text with the failure information. */ + if (info->failure_info) + { + int i; + int first = 1; + for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) + { + if (ASN1_BIT_STRING_get_bit(info->failure_info, + TS_failure_info[i].code)) + { + if (!first) + strcpy(failure_text, ","); + else + first = 0; + strcat(failure_text, TS_failure_info[i].text); + } + } + } + if (failure_text[0] == '\0') + strcpy(failure_text, "unspecified"); + + /* Making up the error string. */ + TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN); + ERR_add_error_data(6, + "status code: ", status_text, + ", status text: ", embedded_status_text ? + embedded_status_text : "unspecified", + ", failure codes: ", failure_text); + OPENSSL_free(embedded_status_text); + + return 0; + } + +static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) + { + int i; + unsigned int length = 0; + char *result = NULL; + char *p; + + /* Determine length first. */ + for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) + { + ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); + length += ASN1_STRING_length(current); + length += 1; /* separator character */ + } + /* Allocate memory (closing '\0' included). */ + if (!(result = OPENSSL_malloc(length))) + { + TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE); + return NULL; + } + /* Concatenate the descriptions. */ + for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) + { + ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); + length = ASN1_STRING_length(current); + if (i > 0) *p++ = '/'; + strncpy(p, (const char *)ASN1_STRING_data(current), length); + p += length; + } + /* We do have space for this, too. */ + *p = '\0'; + + return result; + } + +static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) + { + ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); + + if (OBJ_cmp(req_oid, resp_oid) != 0) + { + TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH); + return 0; + } + + return 1; + } + +static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, + X509_ALGOR **md_alg, + unsigned char **imprint, unsigned *imprint_len) + { + TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); + X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); + const EVP_MD *md; + EVP_MD_CTX md_ctx; + unsigned char buffer[4096]; + int length; + + *md_alg = NULL; + *imprint = NULL; + + /* Return the MD algorithm of the response. */ + if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) goto err; + + /* Getting the MD object. */ + if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) + { + TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM); + goto err; + } + + /* Compute message digest. */ + length = EVP_MD_size(md); + if (length < 0) + goto err; + *imprint_len = length; + if (!(*imprint = OPENSSL_malloc(*imprint_len))) + { + TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); + goto err; + } + + EVP_DigestInit(&md_ctx, md); + while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) + { + EVP_DigestUpdate(&md_ctx, buffer, length); + } + EVP_DigestFinal(&md_ctx, *imprint, NULL); + + return 1; + err: + X509_ALGOR_free(*md_alg); + OPENSSL_free(*imprint); + *imprint_len = 0; + return 0; + } + +static int TS_check_imprints(X509_ALGOR *algor_a, + unsigned char *imprint_a, unsigned len_a, + TS_TST_INFO *tst_info) + { + TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); + X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); + int ret = 0; + + /* algor_a is optional. */ + if (algor_a) + { + /* Compare algorithm OIDs. */ + if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) goto err; + + /* The parameter must be NULL in both. */ + if ((algor_a->parameter + && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) + || (algor_b->parameter + && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL)) + goto err; + } + + /* Compare octet strings. */ + ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) && + memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0; + err: + if (!ret) + TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH); + return ret; + } + +static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) + { + const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); + + /* Error if nonce is missing. */ + if (!b) + { + TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED); + return 0; + } + + /* No error if a nonce is returned without being requested. */ + if (ASN1_INTEGER_cmp(a, b) != 0) + { + TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH); + return 0; + } + + return 1; + } + +/* Check if the specified TSA name matches either the subject + or one of the subject alternative names of the TSA certificate. */ +static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) + { + STACK_OF(GENERAL_NAME) *gen_names = NULL; + int idx = -1; + int found = 0; + + /* Check the subject name first. */ + if (tsa_name->type == GEN_DIRNAME + && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) + return 1; + + /* Check all the alternative names. */ + gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, + NULL, &idx); + while (gen_names != NULL + && !(found = TS_find_name(gen_names, tsa_name) >= 0)) + { + /* Get the next subject alternative name, + although there should be no more than one. */ + GENERAL_NAMES_free(gen_names); + gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, + NULL, &idx); + } + if (gen_names) GENERAL_NAMES_free(gen_names); + + return found; + } + +/* Returns 1 if name is in gen_names, 0 otherwise. */ +static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) + { + int i, found; + for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); + ++i) + { + GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i); + found = GENERAL_NAME_cmp(current, name) == 0; + } + return found ? i - 1 : -1; + } diff --git a/lib/libcrypto/ts/ts_verify_ctx.c b/lib/libcrypto/ts/ts_verify_ctx.c new file mode 100644 index 00000000000..b079b50fc37 --- /dev/null +++ b/lib/libcrypto/ts/ts_verify_ctx.c @@ -0,0 +1,160 @@ +/* crypto/ts/ts_verify_ctx.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <assert.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/ts.h> + +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) + { + TS_VERIFY_CTX *ctx = + (TS_VERIFY_CTX *) OPENSSL_malloc(sizeof(TS_VERIFY_CTX)); + if (ctx) + memset(ctx, 0, sizeof(TS_VERIFY_CTX)); + else + TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); + return ctx; + } + +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) + { + assert(ctx != NULL); + memset(ctx, 0, sizeof(TS_VERIFY_CTX)); + } + +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) + { + if (!ctx) return; + + TS_VERIFY_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } + +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) + { + if (!ctx) return; + + X509_STORE_free(ctx->store); + sk_X509_pop_free(ctx->certs, X509_free); + + ASN1_OBJECT_free(ctx->policy); + + X509_ALGOR_free(ctx->md_alg); + OPENSSL_free(ctx->imprint); + + BIO_free_all(ctx->data); + + ASN1_INTEGER_free(ctx->nonce); + + GENERAL_NAME_free(ctx->tsa_name); + + TS_VERIFY_CTX_init(ctx); + } + +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) + { + TS_VERIFY_CTX *ret = ctx; + ASN1_OBJECT *policy; + TS_MSG_IMPRINT *imprint; + X509_ALGOR *md_alg; + ASN1_OCTET_STRING *msg; + const ASN1_INTEGER *nonce; + + assert(req != NULL); + if (ret) + TS_VERIFY_CTX_cleanup(ret); + else + if (!(ret = TS_VERIFY_CTX_new())) return NULL; + + /* Setting flags. */ + ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); + + /* Setting policy. */ + if ((policy = TS_REQ_get_policy_id(req)) != NULL) + { + if (!(ret->policy = OBJ_dup(policy))) goto err; + } + else + ret->flags &= ~TS_VFY_POLICY; + + /* Setting md_alg, imprint and imprint_len. */ + imprint = TS_REQ_get_msg_imprint(req); + md_alg = TS_MSG_IMPRINT_get_algo(imprint); + if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) goto err; + msg = TS_MSG_IMPRINT_get_msg(imprint); + ret->imprint_len = ASN1_STRING_length(msg); + if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) goto err; + memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); + + /* Setting nonce. */ + if ((nonce = TS_REQ_get_nonce(req)) != NULL) + { + if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) goto err; + } + else + ret->flags &= ~TS_VFY_NONCE; + + return ret; + err: + if (ctx) + TS_VERIFY_CTX_cleanup(ctx); + else + TS_VERIFY_CTX_free(ret); + return NULL; + } diff --git a/lib/libcrypto/txt_db/Makefile b/lib/libcrypto/txt_db/Makefile index 87e57b49f64..e6f30331d8d 100644 --- a/lib/libcrypto/txt_db/Makefile +++ b/lib/libcrypto/txt_db/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libcrypto/ui/Makefile b/lib/libcrypto/ui/Makefile index 4755e206f66..a685659fb4c 100644 --- a/lib/libcrypto/ui/Makefile +++ b/lib/libcrypto/ui/Makefile @@ -37,7 +37,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libcrypto/util/copy.pl b/lib/libcrypto/util/copy.pl index eba6d5815e9..e20b45530a8 100644 --- a/lib/libcrypto/util/copy.pl +++ b/lib/libcrypto/util/copy.pl @@ -8,16 +8,9 @@ use Fcntl; # Perl script 'copy' comment. On Windows the built in "copy" command also # copies timestamps: this messes up Makefile dependencies. -my $stripcr = 0; - my $arg; foreach $arg (@ARGV) { - if ($arg eq "-stripcr") - { - $stripcr = 1; - next; - } $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob... foreach (glob $arg) { @@ -56,10 +49,6 @@ foreach (@filelist) || die "Can't Open $dfile"; while (sysread IN, $buf, 10240) { - if ($stripcr) - { - $buf =~ tr/\015//d; - } syswrite(OUT, $buf, length($buf)); } close(IN); diff --git a/lib/libcrypto/util/deltree.com b/lib/libcrypto/util/deltree.com new file mode 100644 index 00000000000..9f36b1a5e9d --- /dev/null +++ b/lib/libcrypto/util/deltree.com @@ -0,0 +1,34 @@ +$! DELTREE.COM +$ +$ call deltree 'p1' +$ exit $status +$ +$ deltree: subroutine ! P1 is a name of a directory +$ on control_y then goto dt_STOP +$ on warning then goto dt_exit +$ _dt_def = f$trnlnm("SYS$DISK")+f$directory() +$ if f$parse(p1) .eqs. "" then exit +$ set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")' +$ p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE") +$ _fp = f$parse(".DIR",p1) +$ dt_loop: +$ _f = f$search(_fp) +$ if _f .eqs. "" then goto dt_loopend +$ call deltree [.'f$parse(_f,,,"NAME")']*.* +$ goto dt_loop +$ dt_loopend: +$ _fp = f$parse(p1,".;*") +$ if f$search(_fp) .eqs. "" then goto dt_exit +$ set noon +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp' +$ set on +$ delete/nolog '_fp' +$ dt_exit: +$ set default '_dt_def' +$ goto dt_end +$ dt_STOP: +$ set default '_dt_def' +$ stop/id="" +$ exit +$ dt_end: +$ endsubroutine diff --git a/lib/libcrypto/util/mkrc.pl b/lib/libcrypto/util/mkrc.pl new file mode 100755 index 00000000000..0ceadcf8d14 --- /dev/null +++ b/lib/libcrypto/util/mkrc.pl @@ -0,0 +1,71 @@ +#!/bin/env perl +# +open FD,"crypto/opensslv.h"; +while(<FD>) { + if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)/i) { + $ver = hex($1); + $v1 = ($ver>>28); + $v2 = ($ver>>20)&0xff; + $v3 = ($ver>>12)&0xff; + $v4 = ($ver>> 4)&0xff; + $beta = $ver&0xf; + $version = "$v1.$v2.$v3"; + if ($beta==0xf) { $version .= chr(ord('a')+$v4-1) if ($v4); } + elsif ($beta==0){ $version .= "-dev"; } + else { $version .= "-beta$beta"; } + last; + } +} +close(FD); + +$filename = $ARGV[0]; $filename =~ /(.*)\.([^.]+)$/; +$basename = $1; +$extname = $2; + +if ($extname =~ /dll/i) { $description = "OpenSSL shared library"; } +else { $description = "OpenSSL application"; } + +print <<___; +#include <winver.h> + +LANGUAGE 0x09,0x01 + +1 VERSIONINFO + FILEVERSION $v1,$v2,$v3,$v4 + PRODUCTVERSION $v1,$v2,$v3,$v4 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x01L +#else + FILEFLAGS 0x00L +#endif + FILEOS VOS__WINDOWS32 + FILETYPE VFT_DLL + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + // Required: + VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" + VALUE "FileDescription", "$description\\0" + VALUE "FileVersion", "$version\\0" + VALUE "InternalName", "$basename\\0" + VALUE "OriginalFilename", "$filename\\0" + VALUE "ProductName", "The OpenSSL Toolkit\\0" + VALUE "ProductVersion", "$version\\0" + // Optional: + //VALUE "Comments", "\\0" + VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + //VALUE "LegalTrademarks", "\\0" + //VALUE "PrivateBuild", "\\0" + //VALUE "SpecialBuild", "\\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 0x4b0 + END +END +___ diff --git a/lib/libcrypto/util/pl/netware.pl b/lib/libcrypto/util/pl/netware.pl index 173c9919f24..c78bcfc8742 100644 --- a/lib/libcrypto/util/pl/netware.pl +++ b/lib/libcrypto/util/pl/netware.pl @@ -131,13 +131,14 @@ else # assembler if ($nw_nasm) { + $asm=(`nasm -v 2>NUL` gt `nasmw -v 2>NUL`?"nasm":"nasmw"); if ($gnuc) { - $asm="nasmw -s -f elf"; + $asm.=" -s -f elf"; } else { - $asm="nasmw -s -f coff"; + $asm.=" -s -f coff -d __coff__"; } $afile="-o "; $asm.=" -g" if $debug; @@ -323,13 +324,16 @@ if (!$no_asm) $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm"; $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}"; $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm"; - $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj}"; - $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm"; + $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj} \$(OBJ_D)${o}sha256-nw${obj} \$(OBJ_D)${o}sha512-nw${obj}"; + $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm crypto${o}sha${o}asm${o}sha256-nw.asm crypto${o}sha${o}asm${o}sha512-nw.asm"; $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}"; $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm"; + $whirlpool_asm_obj="\$(OBJ_D)${o}wp-nw${obj}"; + $whirlpool_asm_src="crypto${o}whrlpool${o}asm${o}wp-nw.asm"; $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}"; $cpuid_asm_src="crypto${o}x86cpuid-nw.asm"; - $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM"; + $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DWHIRLPOOL_ASM"; + $cflags.=" -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"; $cflags.=" -DAES_ASM -DRMD160_ASM"; } else @@ -356,6 +360,8 @@ else $sha1_asm_src=''; $rmd160_asm_obj=''; $rmd160_asm_src=''; + $whirlpool_asm_obj=''; + $whirlpool_asm_src=''; $cpuid_asm_obj=''; $cpuid_asm_src=''; } diff --git a/lib/libcrypto/util/shlib_wrap.sh b/lib/libcrypto/util/shlib_wrap.sh index a2f62d696fa..9416d593d2b 100755 --- a/lib/libcrypto/util/shlib_wrap.sh +++ b/lib/libcrypto/util/shlib_wrap.sh @@ -80,7 +80,7 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then # it into a script makes it possible to do so on multi-ABI # platforms. case "$SYSNAME" in - *BSD) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD + *BSD|QNX) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD, QNX *) LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;; # SunOS, Linux, ELF HP-UX esac _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX @@ -88,4 +88,6 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES fi -exec "$@" +cmd="$1${EXE_EXT}" +shift +exec "$cmd" "$@" diff --git a/lib/libcrypto/whrlpool/Makefile b/lib/libcrypto/whrlpool/Makefile new file mode 100644 index 00000000000..566b9962905 --- /dev/null +++ b/lib/libcrypto/whrlpool/Makefile @@ -0,0 +1,93 @@ +# +# crypto/whrlpool/Makefile +# + +DIR= whrlpool +TOP= ../.. +CC= cc +CPP= $(CC) -E +INCLUDES= +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +WP_ASM_OBJ=wp_block.o + +CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) + +GENERAL=Makefile +TEST=wp_test.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=wp_dgst.c wp_block.c +LIBOBJ=wp_dgst.o $(WP_ASM_OBJ) + +SRC= $(LIBSRC) + +EXHEADER= whrlpool.h +HEADER= wp_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +wp-mmx.s: asm/wp-mmx.pl ../perlasm/x86asm.pl + $(PERL) asm/wp-mmx.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ + +wp-x86_64.s: asm/wp-x86_64.pl + $(PERL) asm/wp-x86_64.pl $(PERLASM_SCHEME) > $@ + +$(LIBOBJ): $(LIBSRC) + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +wp_block.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +wp_block.o: ../../include/openssl/whrlpool.h wp_block.c wp_locl.h +wp_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +wp_dgst.o: ../../include/openssl/whrlpool.h wp_dgst.c wp_locl.h diff --git a/lib/libcrypto/whrlpool/asm/wp-mmx.pl b/lib/libcrypto/whrlpool/asm/wp-mmx.pl new file mode 100644 index 00000000000..32cf16380b5 --- /dev/null +++ b/lib/libcrypto/whrlpool/asm/wp-mmx.pl @@ -0,0 +1,493 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# whirlpool_block_mmx implementation. +# +*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results +# in 16KB large table, which is tough on L1 cache, but eliminates +# unaligned references to it. Value of 2 results in 4KB table, but +# 7/8 of references to it are unaligned. AMD cores seem to be +# allergic to the latter, while Intel ones - to former [see the +# table]. I stick to value of 2 for two reasons: 1. smaller table +# minimizes cache trashing and thus mitigates the hazard of side- +# channel leakage similar to AES cache-timing one; 2. performance +# gap among different µ-archs is smaller. +# +# Performance table lists rounded amounts of CPU cycles spent by +# whirlpool_block_mmx routine on single 64 byte input block, i.e. +# smaller is better and asymptotic throughput can be estimated by +# multiplying 64 by CPU clock frequency and dividing by relevant +# value from the given table: +# +# $SCALE=2/8 icc8 gcc3 +# Intel P4 3200/4600 4600(*) 6400 +# Intel PIII 2900/3000 4900 5400 +# AMD K[78] 2500/1800 9900 8200(**) +# +# (*) I've sketched even non-MMX assembler, but for the record +# I've failed to beat the Intel compiler on P4, without using +# MMX that is... +# (**) ... on AMD on the other hand non-MMX assembler was observed +# to perform significantly better, but I figured this MMX +# implementation is even faster anyway, so why bother? As for +# pre-MMX AMD core[s], the improvement coefficient is more +# than likely to vary anyway and I don't know how. But the +# least I know is that gcc-generated code compiled with +# -DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for +# details] and optimized for Pentium was observed to perform +# *better* on Pentium 100 than unrolled non-MMX assembler +# loop... So we just say that I don't know if maintaining +# non-MMX implementation would actually pay off, but till +# opposite is proved "unlikely" is assumed. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"wp-mmx.pl"); + +sub L() { &data_byte(@_); } +sub LL() +{ if ($SCALE==2) { &data_byte(@_); &data_byte(@_); } + elsif ($SCALE==8) { for ($i=0;$i<8;$i++) { + &data_byte(@_); + unshift(@_,pop(@_)); + } + } + else { die "unvalid SCALE value"; } +} + +sub scale() +{ if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); } + elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); } + else { die "unvalid SCALE value"; } +} + +sub row() +{ if ($SCALE==2) { ((8-shift)&7); } + elsif ($SCALE==8) { (8*shift); } + else { die "unvalid SCALE value"; } +} + +$tbl="ebp"; +@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7"); + +&function_begin_B("whirlpool_block_mmx"); + &push ("ebp"); + &push ("ebx"); + &push ("esi"); + &push ("edi"); + + &mov ("esi",&wparam(0)); # hash value + &mov ("edi",&wparam(1)); # input data stream + &mov ("ebp",&wparam(2)); # number of chunks in input + + &mov ("eax","esp"); # copy stack pointer + &sub ("esp",128+20); # allocate frame + &and ("esp",-64); # align for cache-line + + &lea ("ebx",&DWP(128,"esp")); + &mov (&DWP(0,"ebx"),"esi"); # save parameter block + &mov (&DWP(4,"ebx"),"edi"); + &mov (&DWP(8,"ebx"),"ebp"); + &mov (&DWP(16,"ebx"),"eax"); # saved stack pointer + + &call (&label("pic_point")); +&set_label("pic_point"); + &blindpop($tbl); + &lea ($tbl,&DWP(&label("table")."-".&label("pic_point"),$tbl)); + + &xor ("ecx","ecx"); + &xor ("edx","edx"); + + for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); } # L=H +&set_label("outerloop"); + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp + for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L + + &xor ("esi","esi"); + &mov (&DWP(12,"ebx"),"esi"); # zero round counter + +&set_label("round",16); + &movq (@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8)); # rc[r] + &mov ("eax",&DWP(0,"esp")); + &mov ("ebx",&DWP(4,"esp")); +for($i=0;$i<8;$i++) { + my $func = ($i==0)? movq : pxor; + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("eax",16); + &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); + &$func (@mm[1],&QWP(&row(1),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &mov ("eax",&DWP(($i+1)*8,"esp")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &$func (@mm[2],&QWP(&row(2),$tbl,"esi",8)); + &$func (@mm[3],&QWP(&row(3),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("ebx",16); + &$func (@mm[4],&QWP(&row(4),$tbl,"esi",8)); + &$func (@mm[5],&QWP(&row(5),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &mov ("ebx",&DWP(($i+1)*8+4,"esp")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &$func (@mm[6],&QWP(&row(6),$tbl,"esi",8)); + &$func (@mm[7],&QWP(&row(7),$tbl,"edi",8)); + push(@mm,shift(@mm)); +} + + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L + +for($i=0;$i<8;$i++) { + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("eax",16); + &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); + &pxor (@mm[1],&QWP(&row(1),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &mov ("eax",&DWP(64+($i+1)*8,"esp")) if ($i<7); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &pxor (@mm[2],&QWP(&row(2),$tbl,"esi",8)); + &pxor (@mm[3],&QWP(&row(3),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("ebx",16); + &pxor (@mm[4],&QWP(&row(4),$tbl,"esi",8)); + &pxor (@mm[5],&QWP(&row(5),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &mov ("ebx",&DWP(64+($i+1)*8+4,"esp")) if ($i<7); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &pxor (@mm[6],&QWP(&row(6),$tbl,"esi",8)); + &pxor (@mm[7],&QWP(&row(7),$tbl,"edi",8)); + push(@mm,shift(@mm)); +} + &lea ("ebx",&DWP(128,"esp")); + &mov ("esi",&DWP(12,"ebx")); # pull round counter + &add ("esi",1); + &cmp ("esi",10); + &je (&label("roundsdone")); + + &mov (&DWP(12,"ebx"),"esi"); # update round counter + for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L + &jmp (&label("round")); + +&set_label("roundsdone",16); + &mov ("esi",&DWP(0,"ebx")); # reload argument block + &mov ("edi",&DWP(4,"ebx")); + &mov ("eax",&DWP(8,"ebx")); + + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); } # L^=H + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); } # H=L + + &lea ("edi",&DWP(64,"edi")); # inp+=64 + &sub ("eax",1); # num-- + &jz (&label("alldone")); + &mov (&DWP(4,"ebx"),"edi"); # update argument block + &mov (&DWP(8,"ebx"),"eax"); + &jmp (&label("outerloop")); + +&set_label("alldone"); + &emms (); + &mov ("esp",&DWP(16,"ebx")); # restore saved stack pointer + &pop ("edi"); + &pop ("esi"); + &pop ("ebx"); + &pop ("ebp"); + &ret (); + +&align(64); +&set_label("table"); + &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); + &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); + &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); + &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); + &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); + &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); + &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); + &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); + &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); + &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); + &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); + &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); + &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); + &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); + &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); + &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); + &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); + &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); + &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); + &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); + &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); + &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); + &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); + &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); + &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); + &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); + &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); + &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); + &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); + &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); + &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); + &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); + &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); + &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); + &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); + &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); + &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); + &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); + &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); + &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); + &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); + &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); + &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); + &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); + &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); + &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); + &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); + &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); + &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); + &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); + &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); + &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); + &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); + &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); + &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); + &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); + &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); + &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); + &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); + &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); + &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); + &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); + &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); + &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); + &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); + &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); + &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); + &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); + &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); + &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); + &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); + &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); + &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); + &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); + &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); + &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); + &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); + &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); + &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); + &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); + &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); + &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); + &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); + &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); + &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); + &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); + &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); + &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); + &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); + &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); + &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); + &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); + &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); + &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); + &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); + &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); + &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); + &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); + &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); + &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); + &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); + &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); + &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); + &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); + &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); + &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); + &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); + &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); + &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); + &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); + &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); + &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); + &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); + &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); + &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); + &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); + &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); + &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); + &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); + &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); + &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); + &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); + &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); + &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); + &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); + &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); + &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); + &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); + &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); + &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); + &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); + &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); + &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); + &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); + &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); + &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); + &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); + &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); + &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); + &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); + &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); + &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); + &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); + &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); + &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); + &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); + &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); + &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); + &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); + &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); + &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); + &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); + &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); + &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); + &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); + &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); + &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); + &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); + &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); + &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); + &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); + &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); + &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); + &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); + &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); + &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); + &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); + &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); + &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); + &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); + &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); + &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); + &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); + &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); + &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); + &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); + &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); + &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); + &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); + &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); + &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); + &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); + &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); + &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); + &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); + &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); + &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); + &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); + &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); + &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); + &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); + &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); + &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); + &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); + &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); + &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); + &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); + &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); + &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); + &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); + &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); + &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); + &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); + &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); + &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); + &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); + &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); + &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); + &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); + &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); + &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); + &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); + &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); + &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); + &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); + &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); + &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); + &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); + &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); + &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); + &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); + &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); + &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); + &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); + &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); + &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); + &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); + &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); + &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); + &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); + &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); + &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); + &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); + &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); + &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); + &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); + &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); + &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); + &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); + &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); + &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); + &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); + &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); + &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); + &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); + &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); + &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); + &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); + &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); + &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); + &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); + &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); + &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); + &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); + &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); + &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); + + &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] + &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); + &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); + &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); + &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); + &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); + &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); + &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); + &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); + &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); + +&function_end_B("whirlpool_block_mmx"); +&asm_finish(); diff --git a/lib/libcrypto/whrlpool/asm/wp-x86_64.pl b/lib/libcrypto/whrlpool/asm/wp-x86_64.pl new file mode 100644 index 00000000000..87c0843dc1d --- /dev/null +++ b/lib/libcrypto/whrlpool/asm/wp-x86_64.pl @@ -0,0 +1,589 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# whirlpool_block for x86_64. +# +# 2500 cycles per 64-byte input block on AMD64, which is *identical* +# to 32-bit MMX version executed on same CPU. So why did I bother? +# Well, it's faster than gcc 3.3.2 generated code by over 50%, and +# over 80% faster than PathScale 1.4, an "ambitious" commercial +# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio +# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the +# first example when they fail to generate more optimal code, when +# I believe they had *all* chances to... +# +# Note that register and stack frame layout are virtually identical +# to 32-bit MMX version, except that %r8-15 are used instead of +# %mm0-8. You can even notice that K[i] and S[i] are loaded to +# %eax:%ebx as pair of 32-bit values and not as single 64-bit one. +# This is done in order to avoid 64-bit shift penalties on Intel +# EM64T core. Speaking of which! I bet it's possible to improve +# Opteron performance by compressing the table to 2KB and replacing +# unaligned references with complementary rotations [which would +# incidentally replace lea instructions], but it would definitely +# just "kill" EM64T, because it has only 1 shifter/rotator [against +# 3 on Opteron] and which is *unacceptably* slow with 64-bit +# operand. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour $output"; + +sub L() { $code.=".byte ".join(',',@_)."\n"; } +sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; } + +@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"); + +$func="whirlpool_block"; +$table=".Ltable"; + +$code=<<___; +.text + +.globl $func +.type $func,\@function,3 +.align 16 +$func: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + mov %rsp,%r11 + sub \$128+40,%rsp + and \$-64,%rsp + + lea 128(%rsp),%r10 + mov %rdi,0(%r10) # save parameter block + mov %rsi,8(%r10) + mov %rdx,16(%r10) + mov %r11,32(%r10) # saved stack pointer +.Lprologue: + + mov %r10,%rbx + lea $table(%rip),%rbp + + xor %rcx,%rcx + xor %rdx,%rdx +___ +for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; } # L=H +$code.=".Louterloop:\n"; +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L +$code.=<<___; + xor %rsi,%rsi + mov %rsi,24(%rbx) # zero round counter +.align 16 +.Lround: + mov 4096(%rbp,%rsi,8),@mm[0] # rc[r] + mov 0(%rsp),%eax + mov 4(%rsp),%ebx +___ +for($i=0;$i<8;$i++) { + my $func = ($i==0)? "mov" : "xor"; + $code.=<<___; + mov %al,%cl + mov %ah,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%eax + xor 0(%rbp,%rsi,8),@mm[0] + $func 7(%rbp,%rdi,8),@mm[1] + mov %al,%cl + mov %ah,%dl + mov $i*8+8(%rsp),%eax # ($i+1)*8 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + $func 6(%rbp,%rsi,8),@mm[2] + $func 5(%rbp,%rdi,8),@mm[3] + mov %bl,%cl + mov %bh,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%ebx + $func 4(%rbp,%rsi,8),@mm[4] + $func 3(%rbp,%rdi,8),@mm[5] + mov %bl,%cl + mov %bh,%dl + mov $i*8+8+4(%rsp),%ebx # ($i+1)*8+4 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + $func 2(%rbp,%rsi,8),@mm[6] + $func 1(%rbp,%rdi,8),@mm[7] +___ + push(@mm,shift(@mm)); +} +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L +for($i=0;$i<8;$i++) { + $code.=<<___; + mov %al,%cl + mov %ah,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%eax + xor 0(%rbp,%rsi,8),@mm[0] + xor 7(%rbp,%rdi,8),@mm[1] + mov %al,%cl + mov %ah,%dl + `"mov 64+$i*8+8(%rsp),%eax" if($i<7);` # 64+($i+1)*8 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + xor 6(%rbp,%rsi,8),@mm[2] + xor 5(%rbp,%rdi,8),@mm[3] + mov %bl,%cl + mov %bh,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%ebx + xor 4(%rbp,%rsi,8),@mm[4] + xor 3(%rbp,%rdi,8),@mm[5] + mov %bl,%cl + mov %bh,%dl + `"mov 64+$i*8+8+4(%rsp),%ebx" if($i<7);` # 64+($i+1)*8+4 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + xor 2(%rbp,%rsi,8),@mm[6] + xor 1(%rbp,%rdi,8),@mm[7] +___ + push(@mm,shift(@mm)); +} +$code.=<<___; + lea 128(%rsp),%rbx + mov 24(%rbx),%rsi # pull round counter + add \$1,%rsi + cmp \$10,%rsi + je .Lroundsdone + + mov %rsi,24(%rbx) # update round counter +___ +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L +$code.=<<___; + jmp .Lround +.align 16 +.Lroundsdone: + mov 0(%rbx),%rdi # reload argument block + mov 8(%rbx),%rsi + mov 16(%rbx),%rax +___ +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; } # L^=H +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; } # H=L +$code.=<<___; + lea 64(%rsi),%rsi # inp+=64 + sub \$1,%rax # num-- + jz .Lalldone + mov %rsi,8(%rbx) # update parameter block + mov %rax,16(%rbx) + jmp .Louterloop +.Lalldone: + mov 32(%rbx),%rsi # restore saved pointer + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue: + ret +.size $func,.-$func + +.align 64 +.type $table,\@object +$table: +___ + &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); + &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); + &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); + &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); + &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); + &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); + &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); + &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); + &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); + &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); + &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); + &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); + &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); + &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); + &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); + &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); + &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); + &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); + &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); + &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); + &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); + &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); + &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); + &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); + &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); + &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); + &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); + &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); + &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); + &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); + &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); + &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); + &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); + &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); + &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); + &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); + &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); + &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); + &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); + &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); + &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); + &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); + &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); + &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); + &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); + &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); + &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); + &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); + &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); + &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); + &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); + &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); + &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); + &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); + &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); + &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); + &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); + &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); + &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); + &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); + &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); + &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); + &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); + &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); + &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); + &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); + &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); + &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); + &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); + &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); + &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); + &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); + &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); + &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); + &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); + &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); + &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); + &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); + &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); + &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); + &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); + &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); + &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); + &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); + &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); + &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); + &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); + &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); + &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); + &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); + &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); + &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); + &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); + &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); + &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); + &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); + &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); + &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); + &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); + &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); + &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); + &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); + &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); + &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); + &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); + &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); + &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); + &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); + &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); + &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); + &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); + &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); + &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); + &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); + &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); + &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); + &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); + &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); + &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); + &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); + &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); + &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); + &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); + &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); + &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); + &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); + &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); + &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); + &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); + &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); + &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); + &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); + &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); + &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); + &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); + &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); + &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); + &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); + &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); + &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); + &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); + &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); + &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); + &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); + &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); + &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); + &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); + &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); + &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); + &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); + &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); + &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); + &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); + &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); + &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); + &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); + &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); + &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); + &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); + &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); + &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); + &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); + &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); + &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); + &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); + &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); + &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); + &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); + &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); + &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); + &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); + &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); + &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); + &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); + &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); + &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); + &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); + &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); + &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); + &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); + &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); + &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); + &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); + &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); + &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); + &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); + &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); + &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); + &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); + &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); + &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); + &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); + &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); + &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); + &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); + &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); + &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); + &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); + &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); + &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); + &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); + &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); + &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); + &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); + &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); + &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); + &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); + &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); + &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); + &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); + &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); + &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); + &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); + &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); + &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); + &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); + &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); + &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); + &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); + &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); + &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); + &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); + &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); + &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); + &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); + &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); + &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); + &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); + &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); + &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); + &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); + &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); + &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); + &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); + &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); + &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); + &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); + &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); + &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); + &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); + &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); + &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); + &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); + &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); + &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); + &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); + &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); + &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); + &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); + &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); + &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); + &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); + &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); + &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); + &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); + &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); + + &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] + &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); + &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); + &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); + &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); + &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); + &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); + &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); + &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); + &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + mov 128+32(%rax),%rax # pull saved stack pointer + lea 48(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_$func + .rva .LSEH_end_$func + .rva .LSEH_info_$func + +.section .xdata +.align 8 +.LSEH_info_$func: + .byte 9,0,0,0 + .rva se_handler +___ +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libcrypto/whrlpool/whrlpool.h b/lib/libcrypto/whrlpool/whrlpool.h new file mode 100644 index 00000000000..03c91da1155 --- /dev/null +++ b/lib/libcrypto/whrlpool/whrlpool.h @@ -0,0 +1,38 @@ +#ifndef HEADER_WHRLPOOL_H +#define HEADER_WHRLPOOL_H + +#include <openssl/e_os2.h> +#include <stddef.h> + +#ifdef __cplusplus +extern "C" { +#endif + +#define WHIRLPOOL_DIGEST_LENGTH (512/8) +#define WHIRLPOOL_BBLOCK 512 +#define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK/8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)]; + } WHIRLPOOL_CTX; + +#ifndef OPENSSL_NO_WHIRLPOOL +int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); +int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/lib/libcrypto/whrlpool/wp_block.c b/lib/libcrypto/whrlpool/wp_block.c new file mode 100644 index 00000000000..221f6cc59f2 --- /dev/null +++ b/lib/libcrypto/whrlpool/wp_block.c @@ -0,0 +1,655 @@ +/** + * The Whirlpool hashing function. + * + * <P> + * <b>References</b> + * + * <P> + * The Whirlpool algorithm was developed by + * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and + * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>. + * + * See + * P.S.L.M. Barreto, V. Rijmen, + * ``The Whirlpool hashing function,'' + * NESSIE submission, 2000 (tweaked version, 2001), + * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip> + * + * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and + * Vincent Rijmen. Lookup "reference implementations" on + * <http://planeta.terra.com.br/informatica/paulobarreto/> + * + * ============================================================================= + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "wp_locl.h" +#include <string.h> + +typedef unsigned char u8; +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32) +typedef unsigned __int64 u64; +#elif defined(__arch64__) +typedef unsigned long u64; +#else +typedef unsigned long long u64; +#endif + +#define ROUNDS 10 + +#define STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) +/* Well, formally there're couple of other architectures, which permit + * unaligned loads, specifically those not crossing cache lines, IA-64 + * and PowerPC... */ +# undef STRICT_ALIGNMENT +#endif + +#undef SMALL_REGISTER_BANK +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +# define SMALL_REGISTER_BANK +# if defined(WHIRLPOOL_ASM) +# ifndef OPENSSL_SMALL_FOOTPRINT +# define OPENSSL_SMALL_FOOTPRINT /* it appears that for elder non-MMX + CPUs this is actually faster! */ +# endif +# define GO_FOR_MMX(ctx,inp,num) do { \ + extern unsigned long OPENSSL_ia32cap_P; \ + void whirlpool_block_mmx(void *,const void *,size_t); \ + if (!(OPENSSL_ia32cap_P & (1<<23))) break; \ + whirlpool_block_mmx(ctx->H.c,inp,num); return; \ + } while (0) +# endif +#endif + +#undef ROTATE +#if defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# pragma intrinsic(_rotl64) +# define ROTATE(a,n) _rotl64((a),n) +# endif +#elif defined(__GNUC__) && __GNUC__>=2 +# if defined(__x86_64) || defined(__x86_64__) +# if defined(L_ENDIAN) +# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \ + : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) +# elif defined(B_ENDIAN) + /* Most will argue that x86_64 is always little-endian. Well, + * yes, but then we have stratus.com who has modified gcc to + * "emulate" big-endian on x86. Is there evidence that they + * [or somebody else] won't do same for x86_64? Naturally no. + * And this line is waiting ready for that brave soul:-) */ +# define ROTATE(a,n) ({ u64 ret; asm ("rorq %1,%0" \ + : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) +# endif +# elif defined(__ia64) || defined(__ia64__) +# if defined(L_ENDIAN) +# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ + : "=r"(ret) : "r"(a),"M"(64-(n))); ret; }) +# elif defined(B_ENDIAN) +# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ + : "=r"(ret) : "r"(a),"M"(n)); ret; }) +# endif +# endif +#endif + +#if defined(OPENSSL_SMALL_FOOTPRINT) +# if !defined(ROTATE) +# if defined(L_ENDIAN) /* little-endians have to rotate left */ +# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n)) +# elif defined(B_ENDIAN) /* big-endians have to rotate right */ +# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n)) +# endif +# endif +# if defined(ROTATE) && !defined(STRICT_ALIGNMENT) +# define STRICT_ALIGNMENT /* ensure smallest table size */ +# endif +#endif + +/* + * Table size depends on STRICT_ALIGNMENT and whether or not endian- + * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not + * defined, which is normally the case on x86[_64] CPUs, the table is + * 4KB large unconditionally. Otherwise if ROTATE is defined, the + * table is 2KB large, and otherwise - 16KB. 2KB table requires a + * whole bunch of additional rotations, but I'm willing to "trade," + * because 16KB table certainly trashes L1 cache. I wish all CPUs + * could handle unaligned load as 4KB table doesn't trash the cache, + * nor does it require additional rotations. + */ +/* + * Note that every Cn macro expands as two loads: one byte load and + * one quadword load. One can argue that that many single-byte loads + * is too excessive, as one could load a quadword and "milk" it for + * eight 8-bit values instead. Well, yes, but in order to do so *and* + * avoid excessive loads you have to accomodate a handful of 64-bit + * values in the register bank and issue a bunch of shifts and mask. + * It's a tradeoff: loads vs. shift and mask in big register bank[!]. + * On most CPUs eight single-byte loads are faster and I let other + * ones to depend on smart compiler to fold byte loads if beneficial. + * Hand-coded assembler would be another alternative:-) + */ +#ifdef STRICT_ALIGNMENT +# if defined(ROTATE) +# define N 1 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7 +# define C0(K,i) (Cx.q[K.c[(i)*8+0]]) +# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8) +# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16) +# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24) +# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32) +# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40) +# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48) +# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56) +# else +# define N 8 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ + c7,c0,c1,c2,c3,c4,c5,c6, \ + c6,c7,c0,c1,c2,c3,c4,c5, \ + c5,c6,c7,c0,c1,c2,c3,c4, \ + c4,c5,c6,c7,c0,c1,c2,c3, \ + c3,c4,c5,c6,c7,c0,c1,c2, \ + c2,c3,c4,c5,c6,c7,c0,c1, \ + c1,c2,c3,c4,c5,c6,c7,c0 +# define C0(K,i) (Cx.q[0+8*K.c[(i)*8+0]]) +# define C1(K,i) (Cx.q[1+8*K.c[(i)*8+1]]) +# define C2(K,i) (Cx.q[2+8*K.c[(i)*8+2]]) +# define C3(K,i) (Cx.q[3+8*K.c[(i)*8+3]]) +# define C4(K,i) (Cx.q[4+8*K.c[(i)*8+4]]) +# define C5(K,i) (Cx.q[5+8*K.c[(i)*8+5]]) +# define C6(K,i) (Cx.q[6+8*K.c[(i)*8+6]]) +# define C7(K,i) (Cx.q[7+8*K.c[(i)*8+7]]) +# endif +#else +# define N 2 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ + c0,c1,c2,c3,c4,c5,c6,c7 +# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) +# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) +# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) +# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) +# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) +# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) +# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) +# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) +#endif + +static const +union { + u8 c[(256*N+ROUNDS)*sizeof(u64)]; + u64 q[(256*N+ROUNDS)]; + } Cx = { { + /* Note endian-neutral representation:-) */ + LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8), + LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26), + LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8), + LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb), + LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb), + LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11), + LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09), + LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d), + LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b), + LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff), + LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c), + LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e), + LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96), + LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30), + LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d), + LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8), + LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47), + LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35), + LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37), + LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a), + LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2), + LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c), + LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84), + LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80), + LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5), + LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3), + LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21), + LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c), + LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43), + LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29), + LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d), + LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5), + LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd), + LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8), + LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92), + LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e), + LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13), + LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23), + LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20), + LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44), + LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2), + LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf), + LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c), + LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a), + LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50), + LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9), + LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14), + LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9), + LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c), + LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f), + LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90), + LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07), + LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd), + LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3), + LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d), + LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78), + LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97), + LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02), + LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73), + LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7), + LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6), + LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2), + LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49), + LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56), + LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70), + LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd), + LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb), + LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71), + LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b), + LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf), + LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45), + LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a), + LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4), + LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58), + LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e), + LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f), + LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac), + LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0), + LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef), + LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6), + LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c), + LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12), + LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93), + LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde), + LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6), + LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1), + LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b), + LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f), + LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31), + LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8), + LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9), + LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc), + LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e), + LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b), + LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf), + LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59), + LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2), + LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77), + LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33), + LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4), + LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27), + LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb), + LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89), + LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32), + LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54), + LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d), + LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64), + LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d), + LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d), + LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f), + LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca), + LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7), + LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d), + LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce), + LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f), + LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f), + LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63), + LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a), + LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc), + LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82), + LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a), + LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48), + LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95), + LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf), + LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d), + LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0), + LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91), + LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8), + LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b), + LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00), + LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9), + LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e), + LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1), + LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6), + LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28), + LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3), + LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74), + LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe), + LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d), + LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea), + LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57), + LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38), + LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad), + LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4), + LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda), + LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7), + LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb), + LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9), + LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a), + LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03), + LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a), + LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e), + LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60), + LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc), + LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46), + LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f), + LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76), + LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa), + LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36), + LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae), + LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b), + LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85), + LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e), + LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7), + LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55), + LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a), + LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81), + LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52), + LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62), + LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3), + LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10), + LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab), + LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0), + LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5), + LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec), + LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16), + LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94), + LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f), + LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5), + LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98), + LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17), + LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4), + LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1), + LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e), + LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42), + LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34), + LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08), + LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee), + LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61), + LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1), + LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f), + LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24), + LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3), + LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25), + LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22), + LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65), + LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79), + LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69), + LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9), + LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19), + LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe), + LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a), + LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0), + LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99), + LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83), + LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04), + LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66), + LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0), + LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1), + LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd), + LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40), + LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c), + LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18), + LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b), + LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51), + LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05), + LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c), + LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39), + LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa), + LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b), + LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc), + LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e), + LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0), + LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88), + LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67), + LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a), + LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87), + LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1), + LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72), + LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53), + LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01), + LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b), + LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4), + LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3), + LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15), + LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c), + LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5), + LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5), + LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4), + LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba), + LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6), + LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7), + LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06), + LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41), + LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7), + LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f), + LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e), + LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6), + LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2), + LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68), + LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c), + LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed), + LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75), + LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86), + LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b), + LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2), +#define RC (&(Cx.q[256*N])) + 0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f, /* rc[ROUNDS] */ + 0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52, + 0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35, + 0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57, + 0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda, + 0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85, + 0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67, + 0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8, + 0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e, + 0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33 + } +}; + +void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n) + { + int r; + const u8 *p=inp; + union { u64 q[8]; u8 c[64]; } S,K,*H=(void *)ctx->H.q; + +#ifdef GO_FOR_MMX + GO_FOR_MMX(ctx,inp,n); +#endif + do { +#ifdef OPENSSL_SMALL_FOOTPRINT + u64 L[8]; + int i; + + for (i=0;i<64;i++) S.c[i] = (K.c[i] = H->c[i]) ^ p[i]; + for (r=0;r<ROUNDS;r++) + { + for (i=0;i<8;i++) + { + L[i] = i ? 0 : RC[r]; + L[i] ^= C0(K,i) ^ C1(K,(i-1)&7) ^ + C2(K,(i-2)&7) ^ C3(K,(i-3)&7) ^ + C4(K,(i-4)&7) ^ C5(K,(i-5)&7) ^ + C6(K,(i-6)&7) ^ C7(K,(i-7)&7); + } + memcpy (K.q,L,64); + for (i=0;i<8;i++) + { + L[i] ^= C0(S,i) ^ C1(S,(i-1)&7) ^ + C2(S,(i-2)&7) ^ C3(S,(i-3)&7) ^ + C4(S,(i-4)&7) ^ C5(S,(i-5)&7) ^ + C6(S,(i-6)&7) ^ C7(S,(i-7)&7); + } + memcpy (S.q,L,64); + } + for (i=0;i<64;i++) H->c[i] ^= S.c[i] ^ p[i]; +#else + u64 L0,L1,L2,L3,L4,L5,L6,L7; + +#ifdef STRICT_ALIGNMENT + if ((size_t)p & 7) + { + memcpy (S.c,p,64); + S.q[0] ^= (K.q[0] = H->q[0]); + S.q[1] ^= (K.q[1] = H->q[1]); + S.q[2] ^= (K.q[2] = H->q[2]); + S.q[3] ^= (K.q[3] = H->q[3]); + S.q[4] ^= (K.q[4] = H->q[4]); + S.q[5] ^= (K.q[5] = H->q[5]); + S.q[6] ^= (K.q[6] = H->q[6]); + S.q[7] ^= (K.q[7] = H->q[7]); + } + else +#endif + { + const u64 *pa = (const u64*)p; + S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; + S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; + S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; + S.q[3] = (K.q[3] = H->q[3]) ^ pa[3]; + S.q[4] = (K.q[4] = H->q[4]) ^ pa[4]; + S.q[5] = (K.q[5] = H->q[5]) ^ pa[5]; + S.q[6] = (K.q[6] = H->q[6]) ^ pa[6]; + S.q[7] = (K.q[7] = H->q[7]) ^ pa[7]; + } + + for(r=0;r<ROUNDS;r++) + { +#ifdef SMALL_REGISTER_BANK + L0 = C0(K,0) ^ C1(K,7) ^ C2(K,6) ^ C3(K,5) ^ + C4(K,4) ^ C5(K,3) ^ C6(K,2) ^ C7(K,1) ^ RC[r]; + L1 = C0(K,1) ^ C1(K,0) ^ C2(K,7) ^ C3(K,6) ^ + C4(K,5) ^ C5(K,4) ^ C6(K,3) ^ C7(K,2); + L2 = C0(K,2) ^ C1(K,1) ^ C2(K,0) ^ C3(K,7) ^ + C4(K,6) ^ C5(K,5) ^ C6(K,4) ^ C7(K,3); + L3 = C0(K,3) ^ C1(K,2) ^ C2(K,1) ^ C3(K,0) ^ + C4(K,7) ^ C5(K,6) ^ C6(K,5) ^ C7(K,4); + L4 = C0(K,4) ^ C1(K,3) ^ C2(K,2) ^ C3(K,1) ^ + C4(K,0) ^ C5(K,7) ^ C6(K,6) ^ C7(K,5); + L5 = C0(K,5) ^ C1(K,4) ^ C2(K,3) ^ C3(K,2) ^ + C4(K,1) ^ C5(K,0) ^ C6(K,7) ^ C7(K,6); + L6 = C0(K,6) ^ C1(K,5) ^ C2(K,4) ^ C3(K,3) ^ + C4(K,2) ^ C5(K,1) ^ C6(K,0) ^ C7(K,7); + L7 = C0(K,7) ^ C1(K,6) ^ C2(K,5) ^ C3(K,4) ^ + C4(K,3) ^ C5(K,2) ^ C6(K,1) ^ C7(K,0); + + K.q[0] = L0; K.q[1] = L1; K.q[2] = L2; K.q[3] = L3; + K.q[4] = L4; K.q[5] = L5; K.q[6] = L6; K.q[7] = L7; + + L0 ^= C0(S,0) ^ C1(S,7) ^ C2(S,6) ^ C3(S,5) ^ + C4(S,4) ^ C5(S,3) ^ C6(S,2) ^ C7(S,1); + L1 ^= C0(S,1) ^ C1(S,0) ^ C2(S,7) ^ C3(S,6) ^ + C4(S,5) ^ C5(S,4) ^ C6(S,3) ^ C7(S,2); + L2 ^= C0(S,2) ^ C1(S,1) ^ C2(S,0) ^ C3(S,7) ^ + C4(S,6) ^ C5(S,5) ^ C6(S,4) ^ C7(S,3); + L3 ^= C0(S,3) ^ C1(S,2) ^ C2(S,1) ^ C3(S,0) ^ + C4(S,7) ^ C5(S,6) ^ C6(S,5) ^ C7(S,4); + L4 ^= C0(S,4) ^ C1(S,3) ^ C2(S,2) ^ C3(S,1) ^ + C4(S,0) ^ C5(S,7) ^ C6(S,6) ^ C7(S,5); + L5 ^= C0(S,5) ^ C1(S,4) ^ C2(S,3) ^ C3(S,2) ^ + C4(S,1) ^ C5(S,0) ^ C6(S,7) ^ C7(S,6); + L6 ^= C0(S,6) ^ C1(S,5) ^ C2(S,4) ^ C3(S,3) ^ + C4(S,2) ^ C5(S,1) ^ C6(S,0) ^ C7(S,7); + L7 ^= C0(S,7) ^ C1(S,6) ^ C2(S,5) ^ C3(S,4) ^ + C4(S,3) ^ C5(S,2) ^ C6(S,1) ^ C7(S,0); + + S.q[0] = L0; S.q[1] = L1; S.q[2] = L2; S.q[3] = L3; + S.q[4] = L4; S.q[5] = L5; S.q[6] = L6; S.q[7] = L7; +#else + L0 = C0(K,0); L1 = C1(K,0); L2 = C2(K,0); L3 = C3(K,0); + L4 = C4(K,0); L5 = C5(K,0); L6 = C6(K,0); L7 = C7(K,0); + L0 ^= RC[r]; + + L1 ^= C0(K,1); L2 ^= C1(K,1); L3 ^= C2(K,1); L4 ^= C3(K,1); + L5 ^= C4(K,1); L6 ^= C5(K,1); L7 ^= C6(K,1); L0 ^= C7(K,1); + + L2 ^= C0(K,2); L3 ^= C1(K,2); L4 ^= C2(K,2); L5 ^= C3(K,2); + L6 ^= C4(K,2); L7 ^= C5(K,2); L0 ^= C6(K,2); L1 ^= C7(K,2); + + L3 ^= C0(K,3); L4 ^= C1(K,3); L5 ^= C2(K,3); L6 ^= C3(K,3); + L7 ^= C4(K,3); L0 ^= C5(K,3); L1 ^= C6(K,3); L2 ^= C7(K,3); + + L4 ^= C0(K,4); L5 ^= C1(K,4); L6 ^= C2(K,4); L7 ^= C3(K,4); + L0 ^= C4(K,4); L1 ^= C5(K,4); L2 ^= C6(K,4); L3 ^= C7(K,4); + + L5 ^= C0(K,5); L6 ^= C1(K,5); L7 ^= C2(K,5); L0 ^= C3(K,5); + L1 ^= C4(K,5); L2 ^= C5(K,5); L3 ^= C6(K,5); L4 ^= C7(K,5); + + L6 ^= C0(K,6); L7 ^= C1(K,6); L0 ^= C2(K,6); L1 ^= C3(K,6); + L2 ^= C4(K,6); L3 ^= C5(K,6); L4 ^= C6(K,6); L5 ^= C7(K,6); + + L7 ^= C0(K,7); L0 ^= C1(K,7); L1 ^= C2(K,7); L2 ^= C3(K,7); + L3 ^= C4(K,7); L4 ^= C5(K,7); L5 ^= C6(K,7); L6 ^= C7(K,7); + + K.q[0] = L0; K.q[1] = L1; K.q[2] = L2; K.q[3] = L3; + K.q[4] = L4; K.q[5] = L5; K.q[6] = L6; K.q[7] = L7; + + L0 ^= C0(S,0); L1 ^= C1(S,0); L2 ^= C2(S,0); L3 ^= C3(S,0); + L4 ^= C4(S,0); L5 ^= C5(S,0); L6 ^= C6(S,0); L7 ^= C7(S,0); + + L1 ^= C0(S,1); L2 ^= C1(S,1); L3 ^= C2(S,1); L4 ^= C3(S,1); + L5 ^= C4(S,1); L6 ^= C5(S,1); L7 ^= C6(S,1); L0 ^= C7(S,1); + + L2 ^= C0(S,2); L3 ^= C1(S,2); L4 ^= C2(S,2); L5 ^= C3(S,2); + L6 ^= C4(S,2); L7 ^= C5(S,2); L0 ^= C6(S,2); L1 ^= C7(S,2); + + L3 ^= C0(S,3); L4 ^= C1(S,3); L5 ^= C2(S,3); L6 ^= C3(S,3); + L7 ^= C4(S,3); L0 ^= C5(S,3); L1 ^= C6(S,3); L2 ^= C7(S,3); + + L4 ^= C0(S,4); L5 ^= C1(S,4); L6 ^= C2(S,4); L7 ^= C3(S,4); + L0 ^= C4(S,4); L1 ^= C5(S,4); L2 ^= C6(S,4); L3 ^= C7(S,4); + + L5 ^= C0(S,5); L6 ^= C1(S,5); L7 ^= C2(S,5); L0 ^= C3(S,5); + L1 ^= C4(S,5); L2 ^= C5(S,5); L3 ^= C6(S,5); L4 ^= C7(S,5); + + L6 ^= C0(S,6); L7 ^= C1(S,6); L0 ^= C2(S,6); L1 ^= C3(S,6); + L2 ^= C4(S,6); L3 ^= C5(S,6); L4 ^= C6(S,6); L5 ^= C7(S,6); + + L7 ^= C0(S,7); L0 ^= C1(S,7); L1 ^= C2(S,7); L2 ^= C3(S,7); + L3 ^= C4(S,7); L4 ^= C5(S,7); L5 ^= C6(S,7); L6 ^= C7(S,7); + + S.q[0] = L0; S.q[1] = L1; S.q[2] = L2; S.q[3] = L3; + S.q[4] = L4; S.q[5] = L5; S.q[6] = L6; S.q[7] = L7; +#endif + } + +#ifdef STRICT_ALIGNMENT + if ((size_t)p & 7) + { + int i; + for(i=0;i<64;i++) H->c[i] ^= S.c[i] ^ p[i]; + } + else +#endif + { + const u64 *pa=(const u64 *)p; + H->q[0] ^= S.q[0] ^ pa[0]; + H->q[1] ^= S.q[1] ^ pa[1]; + H->q[2] ^= S.q[2] ^ pa[2]; + H->q[3] ^= S.q[3] ^ pa[3]; + H->q[4] ^= S.q[4] ^ pa[4]; + H->q[5] ^= S.q[5] ^ pa[5]; + H->q[6] ^= S.q[6] ^ pa[6]; + H->q[7] ^= S.q[7] ^ pa[7]; + } +#endif + p += 64; + } while(--n); + } diff --git a/lib/libcrypto/whrlpool/wp_dgst.c b/lib/libcrypto/whrlpool/wp_dgst.c new file mode 100644 index 00000000000..ee5c5c1bf3a --- /dev/null +++ b/lib/libcrypto/whrlpool/wp_dgst.c @@ -0,0 +1,264 @@ +/** + * The Whirlpool hashing function. + * + * <P> + * <b>References</b> + * + * <P> + * The Whirlpool algorithm was developed by + * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and + * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>. + * + * See + * P.S.L.M. Barreto, V. Rijmen, + * ``The Whirlpool hashing function,'' + * NESSIE submission, 2000 (tweaked version, 2001), + * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip> + * + * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and + * Vincent Rijmen. Lookup "reference implementations" on + * <http://planeta.terra.com.br/informatica/paulobarreto/> + * + * ============================================================================= + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* + * OpenSSL-specific implementation notes. + * + * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect + * number of *bytes* as input length argument. Bit-oriented routine + * as specified by authors is called WHIRLPOOL_BitUpdate[!] and + * does not have one-stroke counterpart. + * + * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially + * to serve WHIRLPOOL_Update. This is done for performance. + * + * Unlike authors' reference implementation, block processing + * routine whirlpool_block is designed to operate on multi-block + * input. This is done for perfomance. + */ + +#include "wp_locl.h" +#include <string.h> + +int WHIRLPOOL_Init (WHIRLPOOL_CTX *c) + { + memset (c,0,sizeof(*c)); + return(1); + } + +int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *_inp,size_t bytes) + { + /* Well, largest suitable chunk size actually is + * (1<<(sizeof(size_t)*8-3))-64, but below number + * is large enough for not to care about excessive + * calls to WHIRLPOOL_BitUpdate... */ + size_t chunk = ((size_t)1)<<(sizeof(size_t)*8-4); + const unsigned char *inp = _inp; + + while (bytes>=chunk) + { + WHIRLPOOL_BitUpdate(c,inp,chunk*8); + bytes -= chunk; + inp += chunk; + } + if (bytes) + WHIRLPOOL_BitUpdate(c,inp,bytes*8); + + return(1); + } + +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *_inp,size_t bits) + { + size_t n; + unsigned int bitoff = c->bitoff, + bitrem = bitoff%8, + inpgap = (8-(unsigned int)bits%8)&7; + const unsigned char *inp=_inp; + + /* This 256-bit increment procedure relies on the size_t + * being natural size of CPU register, so that we don't + * have to mask the value in order to detect overflows. */ + c->bitlen[0] += bits; + if (c->bitlen[0] < bits) /* overflow */ + { + n = 1; + do { c->bitlen[n]++; + } while(c->bitlen[n]==0 + && ++n<(WHIRLPOOL_COUNTER/sizeof(size_t))); + } + +#ifndef OPENSSL_SMALL_FOOTPRINT + reconsider: + if (inpgap==0 && bitrem==0) /* byte-oriented loop */ + { + while (bits) + { + if (bitoff==0 && (n=bits/WHIRLPOOL_BBLOCK)) + { + whirlpool_block(c,inp,n); + inp += n*WHIRLPOOL_BBLOCK/8; + bits %= WHIRLPOOL_BBLOCK; + } + else + { + unsigned int byteoff = bitoff/8; + + bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */ + if (bits >= bitrem) + { + bits -= bitrem; + bitrem /= 8; + memcpy(c->data+byteoff,inp,bitrem); + inp += bitrem; + whirlpool_block(c,c->data,1); + bitoff = 0; + } + else + { + memcpy(c->data+byteoff,inp,bits/8); + bitoff += (unsigned int)bits; + bits = 0; + } + c->bitoff = bitoff; + } + } + } + else /* bit-oriented loop */ +#endif + { + /* + inp + | + +-------+-------+------- + ||||||||||||||||||||| + +-------+-------+------- + +-------+-------+-------+-------+------- + |||||||||||||| c->data + +-------+-------+-------+-------+------- + | + c->bitoff/8 + */ + while (bits) + { + unsigned int byteoff = bitoff/8; + unsigned char b; + +#ifndef OPENSSL_SMALL_FOOTPRINT + if (bitrem==inpgap) + { + c->data[byteoff++] |= inp[0] & (0xff>>inpgap); + inpgap = 8-inpgap; + bitoff += inpgap; bitrem = 0; /* bitoff%8 */ + bits -= inpgap; inpgap = 0; /* bits%8 */ + inp++; + if (bitoff==WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + bitoff = 0; + } + c->bitoff = bitoff; + goto reconsider; + } + else +#endif + if (bits>=8) + { + b = ((inp[0]<<inpgap) | (inp[1]>>(8-inpgap))); + b &= 0xff; + if (bitrem) c->data[byteoff++] |= b>>bitrem; + else c->data[byteoff++] = b; + bitoff += 8; + bits -= 8; + inp++; + if (bitoff>=WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + byteoff = 0; + bitoff %= WHIRLPOOL_BBLOCK; + } + if (bitrem) c->data[byteoff] = b<<(8-bitrem); + } + else /* remaining less than 8 bits */ + { + b = (inp[0]<<inpgap)&0xff; + if (bitrem) c->data[byteoff++] |= b>>bitrem; + else c->data[byteoff++] = b; + bitoff += (unsigned int)bits; + if (bitoff==WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + byteoff = 0; + bitoff %= WHIRLPOOL_BBLOCK; + } + if (bitrem) c->data[byteoff] = b<<(8-bitrem); + bits = 0; + } + c->bitoff = bitoff; + } + } + } + +int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c) + { + unsigned int bitoff = c->bitoff, + byteoff = bitoff/8; + size_t i,j,v; + unsigned char *p; + + bitoff %= 8; + if (bitoff) c->data[byteoff] |= 0x80>>bitoff; + else c->data[byteoff] = 0x80; + byteoff++; + + /* pad with zeros */ + if (byteoff > (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)) + { + if (byteoff<WHIRLPOOL_BBLOCK/8) + memset(&c->data[byteoff],0,WHIRLPOOL_BBLOCK/8-byteoff); + whirlpool_block(c,c->data,1); + byteoff = 0; + } + if (byteoff < (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)) + memset(&c->data[byteoff],0, + (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)-byteoff); + /* smash 256-bit c->bitlen in big-endian order */ + p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */ + for(i=0;i<WHIRLPOOL_COUNTER/sizeof(size_t);i++) + for(v=c->bitlen[i],j=0;j<sizeof(size_t);j++,v>>=8) + *p-- = (unsigned char)(v&0xff); + + whirlpool_block(c,c->data,1); + + if (md) { + memcpy(md,c->H.c,WHIRLPOOL_DIGEST_LENGTH); + memset(c,0,sizeof(*c)); + return(1); + } + return(0); + } + +unsigned char *WHIRLPOOL(const void *inp, size_t bytes,unsigned char *md) + { + WHIRLPOOL_CTX ctx; + static unsigned char m[WHIRLPOOL_DIGEST_LENGTH]; + + if (md == NULL) md=m; + WHIRLPOOL_Init(&ctx); + WHIRLPOOL_Update(&ctx,inp,bytes); + WHIRLPOOL_Final(md,&ctx); + return(md); + } diff --git a/lib/libcrypto/whrlpool/wp_locl.h b/lib/libcrypto/whrlpool/wp_locl.h new file mode 100644 index 00000000000..94e56a39f18 --- /dev/null +++ b/lib/libcrypto/whrlpool/wp_locl.h @@ -0,0 +1,3 @@ +#include <openssl/whrlpool.h> + +void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t); diff --git a/lib/libcrypto/whrlpool/wp_test.c b/lib/libcrypto/whrlpool/wp_test.c new file mode 100644 index 00000000000..c68c2c62cab --- /dev/null +++ b/lib/libcrypto/whrlpool/wp_test.c @@ -0,0 +1,228 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * ==================================================================== + */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include <openssl/whrlpool.h> +#include <openssl/crypto.h> + +#if defined(OPENSSL_NO_WHIRLPOOL) +int main(int argc, char *argv[]) +{ + printf("No Whirlpool support\n"); + return(0); +} +#else + +/* ISO/IEC 10118-3 test vector set */ +unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = { + 0x19,0xFA,0x61,0xD7,0x55,0x22,0xA4,0x66, + 0x9B,0x44,0xE3,0x9C,0x1D,0x2E,0x17,0x26, + 0xC5,0x30,0x23,0x21,0x30,0xD4,0x07,0xF8, + 0x9A,0xFE,0xE0,0x96,0x49,0x97,0xF7,0xA7, + 0x3E,0x83,0xBE,0x69,0x8B,0x28,0x8F,0xEB, + 0xCF,0x88,0xE3,0xE0,0x3C,0x4F,0x07,0x57, + 0xEA,0x89,0x64,0xE5,0x9B,0x63,0xD9,0x37, + 0x08,0xB1,0x38,0xCC,0x42,0xA6,0x6E,0xB3 }; + +unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = { + 0x8A,0xCA,0x26,0x02,0x79,0x2A,0xEC,0x6F, + 0x11,0xA6,0x72,0x06,0x53,0x1F,0xB7,0xD7, + 0xF0,0xDF,0xF5,0x94,0x13,0x14,0x5E,0x69, + 0x73,0xC4,0x50,0x01,0xD0,0x08,0x7B,0x42, + 0xD1,0x1B,0xC6,0x45,0x41,0x3A,0xEF,0xF6, + 0x3A,0x42,0x39,0x1A,0x39,0x14,0x5A,0x59, + 0x1A,0x92,0x20,0x0D,0x56,0x01,0x95,0xE5, + 0x3B,0x47,0x85,0x84,0xFD,0xAE,0x23,0x1A }; + +unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = { + 0x4E,0x24,0x48,0xA4,0xC6,0xF4,0x86,0xBB, + 0x16,0xB6,0x56,0x2C,0x73,0xB4,0x02,0x0B, + 0xF3,0x04,0x3E,0x3A,0x73,0x1B,0xCE,0x72, + 0x1A,0xE1,0xB3,0x03,0xD9,0x7E,0x6D,0x4C, + 0x71,0x81,0xEE,0xBD,0xB6,0xC5,0x7E,0x27, + 0x7D,0x0E,0x34,0x95,0x71,0x14,0xCB,0xD6, + 0xC7,0x97,0xFC,0x9D,0x95,0xD8,0xB5,0x82, + 0xD2,0x25,0x29,0x20,0x76,0xD4,0xEE,0xF5 }; + +unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = { + 0x37,0x8C,0x84,0xA4,0x12,0x6E,0x2D,0xC6, + 0xE5,0x6D,0xCC,0x74,0x58,0x37,0x7A,0xAC, + 0x83,0x8D,0x00,0x03,0x22,0x30,0xF5,0x3C, + 0xE1,0xF5,0x70,0x0C,0x0F,0xFB,0x4D,0x3B, + 0x84,0x21,0x55,0x76,0x59,0xEF,0x55,0xC1, + 0x06,0xB4,0xB5,0x2A,0xC5,0xA4,0xAA,0xA6, + 0x92,0xED,0x92,0x00,0x52,0x83,0x8F,0x33, + 0x62,0xE8,0x6D,0xBD,0x37,0xA8,0x90,0x3E }; + +unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = { + 0xF1,0xD7,0x54,0x66,0x26,0x36,0xFF,0xE9, + 0x2C,0x82,0xEB,0xB9,0x21,0x2A,0x48,0x4A, + 0x8D,0x38,0x63,0x1E,0xAD,0x42,0x38,0xF5, + 0x44,0x2E,0xE1,0x3B,0x80,0x54,0xE4,0x1B, + 0x08,0xBF,0x2A,0x92,0x51,0xC3,0x0B,0x6A, + 0x0B,0x8A,0xAE,0x86,0x17,0x7A,0xB4,0xA6, + 0xF6,0x8F,0x67,0x3E,0x72,0x07,0x86,0x5D, + 0x5D,0x98,0x19,0xA3,0xDB,0xA4,0xEB,0x3B }; + +unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = { + 0xDC,0x37,0xE0,0x08,0xCF,0x9E,0xE6,0x9B, + 0xF1,0x1F,0x00,0xED,0x9A,0xBA,0x26,0x90, + 0x1D,0xD7,0xC2,0x8C,0xDE,0xC0,0x66,0xCC, + 0x6A,0xF4,0x2E,0x40,0xF8,0x2F,0x3A,0x1E, + 0x08,0xEB,0xA2,0x66,0x29,0x12,0x9D,0x8F, + 0xB7,0xCB,0x57,0x21,0x1B,0x92,0x81,0xA6, + 0x55,0x17,0xCC,0x87,0x9D,0x7B,0x96,0x21, + 0x42,0xC6,0x5F,0x5A,0x7A,0xF0,0x14,0x67 }; + +unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = { + 0x46,0x6E,0xF1,0x8B,0xAB,0xB0,0x15,0x4D, + 0x25,0xB9,0xD3,0x8A,0x64,0x14,0xF5,0xC0, + 0x87,0x84,0x37,0x2B,0xCC,0xB2,0x04,0xD6, + 0x54,0x9C,0x4A,0xFA,0xDB,0x60,0x14,0x29, + 0x4D,0x5B,0xD8,0xDF,0x2A,0x6C,0x44,0xE5, + 0x38,0xCD,0x04,0x7B,0x26,0x81,0xA5,0x1A, + 0x2C,0x60,0x48,0x1E,0x88,0xC5,0xA2,0x0B, + 0x2C,0x2A,0x80,0xCF,0x3A,0x9A,0x08,0x3B }; + +unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = { + 0x2A,0x98,0x7E,0xA4,0x0F,0x91,0x70,0x61, + 0xF5,0xD6,0xF0,0xA0,0xE4,0x64,0x4F,0x48, + 0x8A,0x7A,0x5A,0x52,0xDE,0xEE,0x65,0x62, + 0x07,0xC5,0x62,0xF9,0x88,0xE9,0x5C,0x69, + 0x16,0xBD,0xC8,0x03,0x1B,0xC5,0xBE,0x1B, + 0x7B,0x94,0x76,0x39,0xFE,0x05,0x0B,0x56, + 0x93,0x9B,0xAA,0xA0,0xAD,0xFF,0x9A,0xE6, + 0x74,0x5B,0x7B,0x18,0x1C,0x3B,0xE3,0xFD }; + +unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = { + 0x0C,0x99,0x00,0x5B,0xEB,0x57,0xEF,0xF5, + 0x0A,0x7C,0xF0,0x05,0x56,0x0D,0xDF,0x5D, + 0x29,0x05,0x7F,0xD8,0x6B,0x20,0xBF,0xD6, + 0x2D,0xEC,0xA0,0xF1,0xCC,0xEA,0x4A,0xF5, + 0x1F,0xC1,0x54,0x90,0xED,0xDC,0x47,0xAF, + 0x32,0xBB,0x2B,0x66,0xC3,0x4F,0xF9,0xAD, + 0x8C,0x60,0x08,0xAD,0x67,0x7F,0x77,0x12, + 0x69,0x53,0xB2,0x26,0xE4,0xED,0x8B,0x01 }; + +int main (int argc,char *argv[]) +{ unsigned char md[WHIRLPOOL_DIGEST_LENGTH]; + int i; + WHIRLPOOL_CTX ctx; + +#ifdef OPENSSL_IA32_SSE2 + /* Alternative to this is to call OpenSSL_add_all_algorithms... + * The below code is retained exclusively for debugging purposes. */ + { char *env; + + if ((env=getenv("OPENSSL_ia32cap"))) + OPENSSL_ia32cap = strtoul (env,NULL,0); + } +#endif + + fprintf(stdout,"Testing Whirlpool "); + + WHIRLPOOL("",0,md); + if (memcmp(md,iso_test_1,sizeof(iso_test_1))) + { fflush(stdout); + fprintf(stderr,"\nTEST 1 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("a",1,md); + if (memcmp(md,iso_test_2,sizeof(iso_test_2))) + { fflush(stdout); + fprintf(stderr,"\nTEST 2 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("abc",3,md); + if (memcmp(md,iso_test_3,sizeof(iso_test_3))) + { fflush(stdout); + fprintf(stderr,"\nTEST 3 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("message digest",14,md); + if (memcmp(md,iso_test_4,sizeof(iso_test_4))) + { fflush(stdout); + fprintf(stderr,"\nTEST 4 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("abcdefghijklmnopqrstuvwxyz",26,md); + if (memcmp(md,iso_test_5,sizeof(iso_test_5))) + { fflush(stdout); + fprintf(stderr,"\nTEST 5 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL( "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789",62,md); + if (memcmp(md,iso_test_6,sizeof(iso_test_6))) + { fflush(stdout); + fprintf(stderr,"\nTEST 6 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL( "1234567890""1234567890""1234567890""1234567890" + "1234567890""1234567890""1234567890""1234567890",80,md); + if (memcmp(md,iso_test_7,sizeof(iso_test_7))) + { fflush(stdout); + fprintf(stderr,"\nTEST 7 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("abcdbcdecdefdefgefghfghighijhijk",32,md); + if (memcmp(md,iso_test_8,sizeof(iso_test_8))) + { fflush(stdout); + fprintf(stderr,"\nTEST 8 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL_Init (&ctx); + for (i=0;i<1000000;i+=288) + WHIRLPOOL_Update (&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", + (1000000-i)<288?1000000-i:288); + WHIRLPOOL_Final (md,&ctx); + if (memcmp(md,iso_test_9,sizeof(iso_test_9))) + { fflush(stdout); + fprintf(stderr,"\nTEST 9 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + fprintf(stdout," passed.\n"); fflush(stdout); + + return 0; +} +#endif diff --git a/lib/libcrypto/x509/Makefile b/lib/libcrypto/x509/Makefile index 464752b159a..72c82278f43 100644 --- a/lib/libcrypto/x509/Makefile +++ b/lib/libcrypto/x509/Makefile @@ -43,12 +43,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO links: @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @@ -89,37 +89,35 @@ by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h -by_dir.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -by_dir.o: ../cryptlib.h by_dir.c +by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c by_file.o: ../../e_os.h ../../include/openssl/asn1.h by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -by_file.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -by_file.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c +by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_file.o: ../cryptlib.h by_file.c x509_att.o: ../../e_os.h ../../include/openssl/asn1.h x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_att.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_att.o: ../../include/openssl/opensslconf.h +x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -132,9 +130,8 @@ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_cmp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_cmp.o: ../../include/openssl/opensslconf.h +x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -146,22 +143,22 @@ x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c +x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_d2.o: ../cryptlib.h x509_d2.c x509_def.o: ../../e_os.h ../../include/openssl/asn1.h x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_def.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_def.o: ../../include/openssl/opensslconf.h x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -172,9 +169,8 @@ x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_err.o: ../../include/openssl/opensslconf.h +x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -186,9 +182,8 @@ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_ext.o: ../../include/openssl/opensslconf.h +x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -201,22 +196,22 @@ x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_lu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c +x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_lu.o: ../cryptlib.h x509_lu.c x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_obj.o: ../../include/openssl/opensslconf.h x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -228,21 +223,20 @@ x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_r2x.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_r2x.o: ../../include/openssl/opensslconf.h +x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c x509_req.o: ../../e_os.h ../../include/openssl/asn1.h -x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +x509_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +x509_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_req.o: ../../include/openssl/opensslconf.h x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -256,9 +250,9 @@ x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_set.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_set.o: ../../include/openssl/opensslconf.h x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -270,9 +264,8 @@ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_trs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_trs.o: ../../include/openssl/opensslconf.h +x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -284,9 +277,9 @@ x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_txt.o: ../../include/openssl/opensslconf.h x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -298,23 +291,22 @@ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_v3.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c +x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_v3.o: ../cryptlib.h x509_v3.c x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vfy.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_vfy.o: ../../include/openssl/opensslconf.h +x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -327,9 +319,8 @@ x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vpm.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_vpm.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_vpm.o: ../../include/openssl/opensslconf.h +x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -341,9 +332,9 @@ x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509cset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509cset.o: ../../include/openssl/opensslconf.h x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -354,9 +345,9 @@ x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509name.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509name.o: ../../include/openssl/opensslconf.h x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -367,9 +358,9 @@ x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509rset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509rset.o: ../../include/openssl/opensslconf.h x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -380,9 +371,9 @@ x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509spki.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509spki.o: ../../include/openssl/opensslconf.h x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -393,9 +384,9 @@ x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509type.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509type.o: ../../include/openssl/opensslconf.h x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -406,12 +397,11 @@ x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_all.o: ../cryptlib.h x_all.c +x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c diff --git a/lib/libcrypto/x509/x509_vpm.c b/lib/libcrypto/x509/x509_vpm.c index 2b06718aec2..dfd89d89faf 100644 --- a/lib/libcrypto/x509/x509_vpm.c +++ b/lib/libcrypto/x509/x509_vpm.c @@ -74,6 +74,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) param->name = NULL; param->purpose = 0; param->trust = 0; + /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ param->inh_flags = 0; param->flags = 0; param->depth = -1; @@ -198,8 +199,12 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from) { + unsigned long save_flags = to->inh_flags; + int ret; to->inh_flags |= X509_VP_FLAG_DEFAULT; - return X509_VERIFY_PARAM_inherit(to, from); + ret = X509_VERIFY_PARAM_inherit(to, from); + to->inh_flags = save_flags; + return ret; } int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) @@ -324,7 +329,7 @@ static const X509_VERIFY_PARAM default_table[] = { NULL /* policies */ }, { - "pkcs7", /* S/MIME signing parameters */ + "pkcs7", /* S/MIME sign parameters */ 0, /* Check time */ 0, /* internal flags */ 0, /* flags */ @@ -334,7 +339,7 @@ static const X509_VERIFY_PARAM default_table[] = { NULL /* policies */ }, { - "smime_sign", /* S/MIME signing parameters */ + "smime_sign", /* S/MIME sign parameters */ 0, /* Check time */ 0, /* internal flags */ 0, /* flags */ @@ -366,12 +371,17 @@ static const X509_VERIFY_PARAM default_table[] = { static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; -static int table_cmp(const void *pa, const void *pb) +static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b) + { - const X509_VERIFY_PARAM *a = pa, *b = pb; return strcmp(a->name, b->name); } +DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, + table); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, + table); + static int param_cmp(const X509_VERIFY_PARAM * const *a, const X509_VERIFY_PARAM * const *b) { @@ -407,6 +417,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) { int idx; X509_VERIFY_PARAM pm; + pm.name = (char *)name; if (param_table) { @@ -414,11 +425,8 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) if (idx != -1) return sk_X509_VERIFY_PARAM_value(param_table, idx); } - return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm, - (char *)&default_table, - sizeof(default_table)/sizeof(X509_VERIFY_PARAM), - sizeof(X509_VERIFY_PARAM), - table_cmp); + return OBJ_bsearch_table(&pm, default_table, + sizeof(default_table)/sizeof(X509_VERIFY_PARAM)); } void X509_VERIFY_PARAM_table_cleanup(void) diff --git a/lib/libcrypto/x509v3/Makefile b/lib/libcrypto/x509v3/Makefile index e71dc42f9f7..556ef351bf8 100644 --- a/lib/libcrypto/x509v3/Makefile +++ b/lib/libcrypto/x509v3/Makefile @@ -43,7 +43,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -90,8 +90,8 @@ pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_cache.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_cache.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_cache.o: ../../include/openssl/objects.h pcy_cache.o: ../../include/openssl/opensslconf.h pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -105,9 +105,8 @@ pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_data.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_data.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_data.o: ../../include/openssl/opensslconf.h +pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -120,36 +119,35 @@ pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pcy_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pcy_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pcy_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcy_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pcy_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_lib.c +pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_map.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_map.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_map.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pcy_map.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pcy_map.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pcy_map.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcy_map.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pcy_map.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_map.c +pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -pcy_node.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_node.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_node.o: ../../include/openssl/opensslconf.h +pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -162,9 +160,8 @@ pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_tree.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_tree.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_tree.o: ../../include/openssl/opensslconf.h +pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -177,39 +174,37 @@ v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_addr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_addr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_addr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_addr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_addr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_addr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_addr.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_addr.o: ../cryptlib.h v3_addr.c +v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_akey.o: ../cryptlib.h v3_akey.c +v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_akeya.o: ../../include/openssl/opensslconf.h v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -221,15 +216,14 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_alt.o: ../cryptlib.h v3_alt.c +v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -237,23 +231,23 @@ v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_asid.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_asid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_asid.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_asid.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_asid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_asid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_asid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_asid.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_asid.c +v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_asid.o: ../cryptlib.h v3_asid.c v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_bcons.o: ../../include/openssl/opensslconf.h v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -266,9 +260,8 @@ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_bitst.o: ../../include/openssl/opensslconf.h +v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -281,23 +274,23 @@ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_conf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c +v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_conf.o: ../cryptlib.h v3_conf.c v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_cpols.o: ../../include/openssl/opensslconf.h v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -310,38 +303,37 @@ v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_crld.o: ../cryptlib.h v3_crld.c +v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_enum.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c +v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_enum.o: ../cryptlib.h v3_enum.c v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_extku.o: ../../include/openssl/opensslconf.h v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -354,81 +346,76 @@ v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_genn.o: ../cryptlib.h v3_genn.c +v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ia5.o: ../cryptlib.h v3_ia5.c +v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c v3_info.o: ../../e_os.h ../../include/openssl/asn1.h v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_info.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_info.o: ../cryptlib.h v3_info.c +v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_int.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_int.o: ../cryptlib.h v3_int.c +v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c +v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ncons.o: ../../include/openssl/opensslconf.h v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -441,52 +428,49 @@ v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_ocsp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ocsp.o: ../cryptlib.h v3_ocsp.c +v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pci.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pci.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pci.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pci.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pci.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pci.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pci.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pci.o: ../cryptlib.h v3_pci.c +v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pcia.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pcia.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pcia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pcia.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pcia.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pcia.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pcia.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pcia.o: v3_pcia.c +v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcons.o: ../../include/openssl/opensslconf.h v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -499,24 +483,23 @@ v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pku.o: ../cryptlib.h v3_pku.c +v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pmaps.o: ../../include/openssl/opensslconf.h v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -528,52 +511,51 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_prn.o: ../cryptlib.h v3_prn.c +v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_purp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c +v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_purp.o: ../cryptlib.h v3_purp.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c +v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_skey.o: ../cryptlib.h v3_skey.c v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_sxnet.o: ../../include/openssl/opensslconf.h v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -586,25 +568,24 @@ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_utl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c +v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_utl.o: ../cryptlib.h v3_utl.c v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3err.o: v3err.c +v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3err.o: ../../include/openssl/x509v3.h v3err.c diff --git a/lib/libcrypto/x509v3/pcy_cache.c b/lib/libcrypto/x509v3/pcy_cache.c index 1030931b713..172b7e7ee4f 100644 --- a/lib/libcrypto/x509v3/pcy_cache.c +++ b/lib/libcrypto/x509v3/pcy_cache.c @@ -139,7 +139,6 @@ static int policy_cache_new(X509 *x) return 0; cache->anyPolicy = NULL; cache->data = NULL; - cache->maps = NULL; cache->any_skip = -1; cache->explicit_skip = -1; cache->map_skip = -1; diff --git a/lib/libcrypto/x509v3/pcy_int.h b/lib/libcrypto/x509v3/pcy_int.h index 3780de4fcdb..ccff92846e4 100644 --- a/lib/libcrypto/x509v3/pcy_int.h +++ b/lib/libcrypto/x509v3/pcy_int.h @@ -56,12 +56,10 @@ * */ -DECLARE_STACK_OF(X509_POLICY_DATA) -DECLARE_STACK_OF(X509_POLICY_REF) -DECLARE_STACK_OF(X509_POLICY_NODE) typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; -typedef struct X509_POLICY_REF_st X509_POLICY_REF; + +DECLARE_STACK_OF(X509_POLICY_DATA) /* Internal structures */ @@ -110,16 +108,6 @@ struct X509_POLICY_DATA_st #define POLICY_DATA_FLAG_CRITICAL 0x10 -/* This structure is an entry from a table of mapped policies which - * cross reference the policy it refers to. - */ - -struct X509_POLICY_REF_st - { - ASN1_OBJECT *subjectDomainPolicy; - const X509_POLICY_DATA *data; - }; - /* This structure is cached with a certificate */ struct X509_POLICY_CACHE_st { @@ -127,8 +115,6 @@ struct X509_POLICY_CACHE_st { X509_POLICY_DATA *anyPolicy; /* other policy data */ STACK_OF(X509_POLICY_DATA) *data; - /* If policyMappings extension present a table of mapped policies */ - STACK_OF(X509_POLICY_REF) *maps; /* If InhibitAnyPolicy present this is its value or -1 if absent. */ long any_skip; /* If policyConstraints and requireExplicitPolicy present this is its @@ -193,7 +179,7 @@ struct X509_POLICY_TREE_st /* Internal functions */ -X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, +X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, int crit); void policy_data_free(X509_POLICY_DATA *data); @@ -209,15 +195,18 @@ void policy_cache_init(void); void policy_cache_free(X509_POLICY_CACHE *cache); X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + const X509_POLICY_NODE *parent, const ASN1_OBJECT *id); X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, const ASN1_OBJECT *id); X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree); void policy_node_free(X509_POLICY_NODE *node); +int policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); const X509_POLICY_CACHE *policy_cache_set(X509 *x); diff --git a/lib/libcrypto/x509v3/pcy_map.c b/lib/libcrypto/x509v3/pcy_map.c index f28796e6d4e..21163b529d4 100644 --- a/lib/libcrypto/x509v3/pcy_map.c +++ b/lib/libcrypto/x509v3/pcy_map.c @@ -62,31 +62,6 @@ #include "pcy_int.h" -static int ref_cmp(const X509_POLICY_REF * const *a, - const X509_POLICY_REF * const *b) - { - return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); - } - -static void policy_map_free(X509_POLICY_REF *map) - { - if (map->subjectDomainPolicy) - ASN1_OBJECT_free(map->subjectDomainPolicy); - OPENSSL_free(map); - } - -static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id) - { - X509_POLICY_REF tmp; - int idx; - tmp.subjectDomainPolicy = id; - - idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); - if (idx == -1) - return NULL; - return sk_X509_POLICY_REF_value(cache->maps, idx); - } - /* Set policy mapping entries in cache. * Note: this modifies the passed POLICY_MAPPINGS structure */ @@ -94,7 +69,6 @@ static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *i int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) { POLICY_MAPPING *map; - X509_POLICY_REF *ref = NULL; X509_POLICY_DATA *data; X509_POLICY_CACHE *cache = x->policy_cache; int i; @@ -104,7 +78,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) ret = -1; goto bad_mapping; } - cache->maps = sk_X509_POLICY_REF_new(ref_cmp); for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) { map = sk_POLICY_MAPPING_value(maps, i); @@ -116,13 +89,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) goto bad_mapping; } - /* If we've already mapped from this OID bad mapping */ - if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) - { - ret = -1; - goto bad_mapping; - } - /* Attempt to find matching policy data */ data = policy_cache_find_data(cache, map->issuerDomainPolicy); /* If we don't have anyPolicy can't map */ @@ -138,7 +104,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) if (!data) goto bad_mapping; data->qualifier_set = cache->anyPolicy->qualifier_set; - map->issuerDomainPolicy = NULL; + /*map->issuerDomainPolicy = NULL;*/ data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; if (!sk_X509_POLICY_DATA_push(cache->data, data)) @@ -149,23 +115,10 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) } else data->flags |= POLICY_DATA_FLAG_MAPPED; - if (!sk_ASN1_OBJECT_push(data->expected_policy_set, map->subjectDomainPolicy)) goto bad_mapping; - - ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); - if (!ref) - goto bad_mapping; - - ref->subjectDomainPolicy = map->subjectDomainPolicy; map->subjectDomainPolicy = NULL; - ref->data = data; - - if (!sk_X509_POLICY_REF_push(cache->maps, ref)) - goto bad_mapping; - - ref = NULL; } @@ -173,13 +126,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) bad_mapping: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; - if (ref) - policy_map_free(ref); - if (ret <= 0) - { - sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); - cache->maps = NULL; - } sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); return ret; diff --git a/lib/libcrypto/x509v3/pcy_node.c b/lib/libcrypto/x509v3/pcy_node.c index 6587cb05aba..bd1e7f1ae8b 100644 --- a/lib/libcrypto/x509v3/pcy_node.c +++ b/lib/libcrypto/x509v3/pcy_node.c @@ -92,13 +92,25 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, } X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + const X509_POLICY_NODE *parent, const ASN1_OBJECT *id) { - return tree_find_sk(level->nodes, id); + X509_POLICY_NODE *node; + int i; + for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) + { + node = sk_X509_POLICY_NODE_value(level->nodes, i); + if (node->parent == parent) + { + if (!OBJ_cmp(node->data->valid_policy, id)) + return node; + } + } + return NULL; } X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree) { @@ -155,4 +167,31 @@ void policy_node_free(X509_POLICY_NODE *node) OPENSSL_free(node); } +/* See if a policy node matches a policy OID. If mapping enabled look through + * expected policy set otherwise just valid policy. + */ + +int policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid) + { + int i; + ASN1_OBJECT *policy_oid; + const X509_POLICY_DATA *x = node->data; + + if ( (lvl->flags & X509_V_FLAG_INHIBIT_MAP) + || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) + { + if (!OBJ_cmp(x->valid_policy, oid)) + return 1; + return 0; + } + + for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) + { + policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i); + if (!OBJ_cmp(policy_oid, oid)) + return 1; + } + return 0; + } diff --git a/lib/libcrypto/x509v3/v3_ncons.c b/lib/libcrypto/x509v3/v3_ncons.c index 4e706be3e1c..689df46acdc 100644 --- a/lib/libcrypto/x509v3/v3_ncons.c +++ b/lib/libcrypto/x509v3/v3_ncons.c @@ -63,15 +63,22 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, +static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind); -static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name); +static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); +static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); +static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); +static int nc_dn(X509_NAME *sub, X509_NAME *nm); +static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); +static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); +static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); + const X509V3_EXT_METHOD v3_name_constraints = { NID_name_constraints, 0, ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -99,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) -static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { int i; CONF_VALUE tval, *val; @@ -155,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, -static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *a, BIO *bp, int ind) +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + BIO *bp, int ind) { NAME_CONSTRAINTS *ncons = a; do_i2r_name_constraints(method, ncons->permittedSubtrees, @@ -166,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, return 1; } -static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name) +static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name) { GENERAL_SUBTREE *tree; int i; @@ -218,3 +225,282 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) return 1; } +/* Check a certificate conforms to a specified set of constraints. + * Return values: + * X509_V_OK: All constraints obeyed. + * X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation. + * X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation. + * X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type. + * X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type. + * X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax. + * X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name + + */ + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) + { + int r, i; + X509_NAME *nm; + + nm = X509_get_subject_name(x); + + if (X509_NAME_entry_count(nm) > 0) + { + GENERAL_NAME gntmp; + gntmp.type = GEN_DIRNAME; + gntmp.d.directoryName = nm; + + r = nc_match(&gntmp, nc); + + if (r != X509_V_OK) + return r; + + gntmp.type = GEN_EMAIL; + + + /* Process any email address attributes in subject name */ + + for (i = -1;;) + { + X509_NAME_ENTRY *ne; + i = X509_NAME_get_index_by_NID(nm, + NID_pkcs9_emailAddress, + i); + if (i == -1) + break; + ne = X509_NAME_get_entry(nm, i); + gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne); + if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + r = nc_match(&gntmp, nc); + + if (r != X509_V_OK) + return r; + } + + } + + for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) + { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i); + r = nc_match(gen, nc); + if (r != X509_V_OK) + return r; + } + + return X509_V_OK; + + } + +static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + { + GENERAL_SUBTREE *sub; + int i, r, match = 0; + + /* Permitted subtrees: if any subtrees exist of matching the type + * at least one subtree must match. + */ + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) + { + sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); + if (gen->type != sub->base->type) + continue; + if (sub->minimum || sub->maximum) + return X509_V_ERR_SUBTREE_MINMAX; + /* If we already have a match don't bother trying any more */ + if (match == 2) + continue; + if (match == 0) + match = 1; + r = nc_match_single(gen, sub->base); + if (r == X509_V_OK) + match = 2; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) + return r; + } + + if (match == 1) + return X509_V_ERR_PERMITTED_VIOLATION; + + /* Excluded subtrees: must not match any of these */ + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) + { + sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); + if (gen->type != sub->base->type) + continue; + if (sub->minimum || sub->maximum) + return X509_V_ERR_SUBTREE_MINMAX; + + r = nc_match_single(gen, sub->base); + if (r == X509_V_OK) + return X509_V_ERR_EXCLUDED_VIOLATION; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) + return r; + + } + + return X509_V_OK; + + } + +static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) + { + switch(base->type) + { + case GEN_DIRNAME: + return nc_dn(gen->d.directoryName, base->d.directoryName); + + case GEN_DNS: + return nc_dns(gen->d.dNSName, base->d.dNSName); + + case GEN_EMAIL: + return nc_email(gen->d.rfc822Name, base->d.rfc822Name); + + case GEN_URI: + return nc_uri(gen->d.uniformResourceIdentifier, + base->d.uniformResourceIdentifier); + + default: + return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; + } + + } + +/* directoryName name constraint matching. + * The canonical encoding of X509_NAME makes this comparison easy. It is + * matched if the subtree is a subset of the name. + */ + +static int nc_dn(X509_NAME *nm, X509_NAME *base) + { + /* Ensure canonical encodings are up to date. */ + if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) + return X509_V_ERR_OUT_OF_MEM; + if (base->modified && i2d_X509_NAME(base, NULL) < 0) + return X509_V_ERR_OUT_OF_MEM; + if (base->canon_enclen > nm->canon_enclen) + return X509_V_ERR_PERMITTED_VIOLATION; + if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) + return X509_V_ERR_PERMITTED_VIOLATION; + return X509_V_OK; + } + +static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) + { + char *baseptr = (char *)base->data; + char *dnsptr = (char *)dns->data; + /* Empty matches everything */ + if (!*baseptr) + return X509_V_OK; + /* Otherwise can add zero or more components on the left so + * compare RHS and if dns is longer and expect '.' as preceding + * character. + */ + if (dns->length > base->length) + { + dnsptr += dns->length - base->length; + if (dnsptr[-1] != '.') + return X509_V_ERR_PERMITTED_VIOLATION; + } + + if (strcasecmp(baseptr, dnsptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; + + } + +static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) + { + const char *baseptr = (char *)base->data; + const char *emlptr = (char *)eml->data; + + const char *baseat = strchr(baseptr, '@'); + const char *emlat = strchr(emlptr, '@'); + if (!emlat) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + /* Special case: inital '.' is RHS match */ + if (!baseat && (*baseptr == '.')) + { + if (eml->length > base->length) + { + emlptr += eml->length - base->length; + if (!strcasecmp(baseptr, emlptr)) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; + } + + /* If we have anything before '@' match local part */ + + if (baseat) + { + if (baseat != baseptr) + { + if ((baseat - baseptr) != (emlat - emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + /* Case sensitive match of local part */ + if (strncmp(baseptr, emlptr, emlat - emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + } + /* Position base after '@' */ + baseptr = baseat + 1; + } + emlptr = emlat + 1; + /* Just have hostname left to match: case insensitive */ + if (strcasecmp(baseptr, emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; + + } + +static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) + { + const char *baseptr = (char *)base->data; + const char *hostptr = (char *)uri->data; + const char *p = strchr(hostptr, ':'); + int hostlen; + /* Check for foo:// and skip past it */ + if (!p || (p[1] != '/') || (p[2] != '/')) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + hostptr = p + 3; + + /* Determine length of hostname part of URI */ + + /* Look for a port indicator as end of hostname first */ + + p = strchr(hostptr, ':'); + /* Otherwise look for trailing slash */ + if (!p) + p = strchr(hostptr, '/'); + + if (!p) + hostlen = strlen(hostptr); + else + hostlen = p - hostptr; + + if (hostlen == 0) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + /* Special case: inital '.' is RHS match */ + if (*baseptr == '.') + { + if (hostlen > base->length) + { + p = hostptr + hostlen - base->length; + if (!strncasecmp(p, baseptr, base->length)) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; + } + + if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; + + } diff --git a/lib/libcrypto/x509v3/v3_pci.c b/lib/libcrypto/x509v3/v3_pci.c index 601211f4169..0dcfa004fe2 100644 --- a/lib/libcrypto/x509v3/v3_pci.c +++ b/lib/libcrypto/x509v3/v3_pci.c @@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val, { if (*language) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } @@ -97,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val, { if (*pathlen) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } @@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val, unsigned char *tmp_data2 = string_to_hex(val->value + 4, &val_len); - if (!tmp_data2) goto err; + if (!tmp_data2) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); + X509V3_conf_err(val); + goto err; + } tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1); @@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + OPENSSL_free(tmp_data2); + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + OPENSSL_free(tmp_data2); } else if (strncmp(val->value, "file:", 5) == 0) { @@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += n; (*policy)->data[(*policy)->length] = '\0'; } + BIO_free_all(b); if (n < 0) { @@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } } else { diff --git a/lib/libcrypto/x509v3/v3_pcons.c b/lib/libcrypto/x509v3/v3_pcons.c index 86c0ff70e6c..30ca6523512 100644 --- a/lib/libcrypto/x509v3/v3_pcons.c +++ b/lib/libcrypto/x509v3/v3_pcons.c @@ -64,10 +64,12 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *bcons, STACK_OF(CONF_VALUE) *extlist); -static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); +static STACK_OF(CONF_VALUE) * +i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, + STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values); const X509V3_EXT_METHOD v3_policy_constraints = { NID_policy_constraints, 0, @@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) -static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *extlist) +static STACK_OF(CONF_VALUE) * +i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *extlist) { POLICY_CONSTRAINTS *pcons = a; X509V3_add_value_int("Require Explicit Policy", @@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, return extlist; } -static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { POLICY_CONSTRAINTS *pcons=NULL; CONF_VALUE *val; diff --git a/lib/libcrypto/x509v3/v3_pmaps.c b/lib/libcrypto/x509v3/v3_pmaps.c index da03bbc35d3..865bcd39805 100644 --- a/lib/libcrypto/x509v3/v3_pmaps.c +++ b/lib/libcrypto/x509v3/v3_pmaps.c @@ -63,10 +63,11 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - void *pmps, STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) * +i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps, + STACK_OF(CONF_VALUE) *extlist); const X509V3_EXT_METHOD v3_policy_mappings = { NID_policy_mappings, 0, @@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) -static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *ext_list) +static STACK_OF(CONF_VALUE) * +i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *ext_list) { POLICY_MAPPINGS *pmaps = a; POLICY_MAPPING *pmap; @@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, return ext_list; } -static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { POLICY_MAPPINGS *pmaps; POLICY_MAPPING *pmap; diff --git a/lib/libcrypto/x86cpuid.pl b/lib/libcrypto/x86cpuid.pl index 4408ef2936e..a7464af19b7 100644 --- a/lib/libcrypto/x86cpuid.pl +++ b/lib/libcrypto/x86cpuid.pl @@ -1,6 +1,7 @@ #!/usr/bin/env perl -push(@INC,"perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC, "${dir}perlasm", "perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"x86cpuid"); @@ -22,38 +23,90 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &jnc (&label("done")); &xor ("eax","eax"); &cpuid (); + &mov ("edi","eax"); # max value for standard query level + &xor ("eax","eax"); &cmp ("ebx",0x756e6547); # "Genu" - &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); + &setne (&LB("eax")); &mov ("ebp","eax"); &cmp ("edx",0x49656e69); # "ineI" - &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); + &setne (&LB("eax")); &or ("ebp","eax"); &cmp ("ecx",0x6c65746e); # "ntel" - &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); - &or ("ebp","eax"); + &setne (&LB("eax")); + &or ("ebp","eax"); # 0 indicates Intel CPU + &jz (&label("intel")); + + &cmp ("ebx",0x68747541); # "Auth" + &setne (&LB("eax")); + &mov ("esi","eax"); + &cmp ("edx",0x69746E65); # "enti" + &setne (&LB("eax")); + &or ("esi","eax"); + &cmp ("ecx",0x444D4163); # "cAMD" + &setne (&LB("eax")); + &or ("esi","eax"); # 0 indicates AMD CPU + &jnz (&label("intel")); + + # AMD specific + &mov ("eax",0x80000000); + &cpuid (); + &cmp ("eax",0x80000008); + &jb (&label("intel")); + + &mov ("eax",0x80000008); + &cpuid (); + &movz ("esi",&LB("ecx")); # number of cores - 1 + &inc ("esi"); # number of cores + + &mov ("eax",1); + &cpuid (); + &bt ("edx",28); + &jnc (&label("done")); + &shr ("ebx",16); + &and ("ebx",0xff); + &cmp ("ebx","esi"); + &ja (&label("done")); + &and ("edx",0xefffffff); # clear hyper-threading bit + &jmp (&label("done")); + +&set_label("intel"); + &cmp ("edi",4); + &mov ("edi",-1); + &jb (&label("nocacheinfo")); + + &mov ("eax",4); + &mov ("ecx",0); # query L1D + &cpuid (); + &mov ("edi","eax"); + &shr ("edi",14); + &and ("edi",0xfff); # number of cores -1 per L1D + +&set_label("nocacheinfo"); &mov ("eax",1); &cpuid (); &cmp ("ebp",0); &jne (&label("notP4")); - &and ("eax",15<<8); # familiy ID - &cmp ("eax",15<<8); # P4? + &and (&HB("eax"),15); # familiy ID + &cmp (&HB("eax"),15); # P4? &jne (&label("notP4")); &or ("edx",1<<20); # use reserved bit to engage RC4_CHAR &set_label("notP4"); &bt ("edx",28); # test hyper-threading bit &jnc (&label("done")); + &and ("edx",0xefffffff); + &cmp ("edi",0); + &je (&label("done")); + + &or ("edx",0x10000000); &shr ("ebx",16); - &and ("ebx",0xff); - &cmp ("ebx",1); # see if cache is shared(*) + &cmp (&LB("ebx"),1); &ja (&label("done")); &and ("edx",0xefffffff); # clear hyper-threading bit if not &set_label("done"); &mov ("eax","edx"); &mov ("edx","ecx"); &function_end("OPENSSL_ia32_cpuid"); -# (*) on Core2 this value is set to 2 denoting the fact that L2 -# cache is shared between cores. &external_label("OPENSSL_ia32cap_P"); @@ -220,6 +273,40 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } } &function_end_B("OPENSSL_indirect_call"); +&function_begin_B("OPENSSL_cleanse"); + &mov ("edx",&wparam(0)); + &mov ("ecx",&wparam(1)); + &xor ("eax","eax"); + &cmp ("ecx",7); + &jae (&label("lot")); + &cmp ("ecx",0); + &je (&label("ret")); +&set_label("little"); + &mov (&BP(0,"edx"),"al"); + &sub ("ecx",1); + &lea ("edx",&DWP(1,"edx")); + &jnz (&label("little")); +&set_label("ret"); + &ret (); + +&set_label("lot",16); + &test ("edx",3); + &jz (&label("aligned")); + &mov (&BP(0,"edx"),"al"); + &lea ("ecx",&DWP(-1,"ecx")); + &lea ("edx",&DWP(1,"edx")); + &jmp (&label("lot")); +&set_label("aligned"); + &mov (&DWP(0,"edx"),"eax"); + &lea ("ecx",&DWP(-4,"ecx")); + &test ("ecx",-4); + &lea ("edx",&DWP(4,"edx")); + &jnz (&label("aligned")); + &cmp ("ecx",0); + &jne (&label("little")); + &ret (); +&function_end_B("OPENSSL_cleanse"); + &initseg("OPENSSL_cpuid_setup"); &asm_finish(); |