summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormiod <>2014-04-13 15:16:40 +0000
committermiod <>2014-04-13 15:16:40 +0000
commit92349eb53934e1b3e9b807e603d45417a6320d21 (patch)
tree0de23bccc2c4fc24d466d6a4291987efc8e44770
parentbdcc75be513421611e357921c457c3c5f631a14c (diff)
parent52628ee3f51f011b463aaedb1a28aa0524b43cb3 (diff)
downloadopenbsd-92349eb53934e1b3e9b807e603d45417a6320d21.tar.gz
openbsd-92349eb53934e1b3e9b807e603d45417a6320d21.tar.bz2
openbsd-92349eb53934e1b3e9b807e603d45417a6320d21.zip
This commit was generated by cvs2git to track changes on a CVS vendor
branch.
Diffstat
-rw-r--r--src/lib/libcrypto/aes/asm/aes-mips.pl20
-rw-r--r--src/lib/libcrypto/aes/asm/aes-parisc.pl3
-rw-r--r--src/lib/libcrypto/aes/asm/aes-s390x.pl95
-rw-r--r--src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl3
-rw-r--r--src/lib/libcrypto/aes/asm/bsaes-x86_64.pl76
-rw-r--r--src/lib/libcrypto/aes/asm/vpaes-x86_64.pl5
-rw-r--r--src/lib/libcrypto/armcap.c2
-rw-r--r--src/lib/libcrypto/bn/asm/mips-mont.pl2
-rw-r--r--src/lib/libcrypto/bn/asm/mips.pl46
-rw-r--r--src/lib/libcrypto/bn/asm/modexp512-x86_64.pl3
-rw-r--r--src/lib/libcrypto/bn/asm/parisc-mont.pl4
-rw-r--r--src/lib/libcrypto/bn/asm/x86_64-gf2m.pl3
-rwxr-xr-xsrc/lib/libcrypto/bn/asm/x86_64-mont.pl3
-rwxr-xr-xsrc/lib/libcrypto/bn/asm/x86_64-mont5.pl7
-rw-r--r--src/lib/libcrypto/camellia/asm/cmll-x86_64.pl3
-rw-r--r--src/lib/libcrypto/cms/cms_cd.c2
-rw-r--r--src/lib/libcrypto/cms/cms_enc.c2
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c4
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_derive.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_keygen.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_sign.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_verify.pod2
-rw-r--r--src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod103
-rw-r--r--src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod2
-rw-r--r--src/lib/libcrypto/ec/ec2_mult.c27
-rw-r--r--src/lib/libcrypto/ec/ec_ameth.c2
-rw-r--r--src/lib/libcrypto/ec/ec_asn1.c6
-rw-r--r--src/lib/libcrypto/ec/ec_key.c13
-rw-r--r--src/lib/libcrypto/ec/ec_pmeth.c2
-rw-r--r--src/lib/libcrypto/ecdh/ech_key.c3
-rw-r--r--src/lib/libcrypto/ecdh/ech_lib.c11
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_lib.c11
-rwxr-xr-xsrc/lib/libcrypto/md5/asm/md5-x86_64.pl3
-rw-r--r--src/lib/libcrypto/modes/asm/ghash-alpha.pl25
-rw-r--r--src/lib/libcrypto/modes/asm/ghash-parisc.pl1
-rw-r--r--src/lib/libcrypto/modes/asm/ghash-x86.pl6
-rw-r--r--src/lib/libcrypto/modes/asm/ghash-x86_64.pl3
-rw-r--r--src/lib/libcrypto/modes/cbc128.c25
-rw-r--r--src/lib/libcrypto/modes/ccm128.c2
-rw-r--r--src/lib/libcrypto/modes/cts128.c28
-rw-r--r--src/lib/libcrypto/modes/gcm128.c196
-rw-r--r--src/lib/libcrypto/modes/modes_lcl.h9
-rw-r--r--src/lib/libcrypto/pariscid.pl41
-rw-r--r--src/lib/libcrypto/pkcs7/bio_pk7.c2
-rw-r--r--src/lib/libcrypto/ppccap.c11
-rw-r--r--src/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl3
-rw-r--r--src/lib/libcrypto/rc4/asm/rc4-parisc.pl3
-rw-r--r--src/lib/libcrypto/rsa/rsa_ameth.c8
-rw-r--r--src/lib/libcrypto/rsa/rsa_pmeth.c2
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-armv4-large.pl2
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-ia64.pl3
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-parisc.pl3
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl2
-rwxr-xr-xsrc/lib/libcrypto/sha/asm/sha1-x86_64.pl7
-rw-r--r--src/lib/libcrypto/sha/asm/sha512-586.pl16
-rw-r--r--src/lib/libcrypto/sha/asm/sha512-mips.pl2
-rwxr-xr-xsrc/lib/libcrypto/sha/asm/sha512-parisc.pl2
-rwxr-xr-xsrc/lib/libcrypto/sha/asm/sha512-x86_64.pl3
-rw-r--r--src/lib/libcrypto/sha/sha256.c6
-rw-r--r--src/lib/libcrypto/sparccpuid.S4
-rw-r--r--src/lib/libcrypto/whrlpool/asm/wp-mmx.pl2
-rw-r--r--src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl3
-rw-r--r--src/lib/libcrypto/x86cpuid.pl6
-rw-r--r--src/lib/libssl/d1_lib.c1
-rw-r--r--src/lib/libssl/d1_srtp.c5
-rw-r--r--src/lib/libssl/test/cms-test.pl4
70 files changed, 639 insertions, 279 deletions
diff --git a/src/lib/libcrypto/aes/asm/aes-mips.pl b/src/lib/libcrypto/aes/asm/aes-mips.pl
index 2ce6deffc8..e52395421b 100644
--- a/src/lib/libcrypto/aes/asm/aes-mips.pl
+++ b/src/lib/libcrypto/aes/asm/aes-mips.pl
@@ -1036,9 +1036,9 @@ _mips_AES_set_encrypt_key:
1036 nop 1036 nop
1037.end _mips_AES_set_encrypt_key 1037.end _mips_AES_set_encrypt_key
1038 1038
1039.globl AES_set_encrypt_key 1039.globl private_AES_set_encrypt_key
1040.ent AES_set_encrypt_key 1040.ent private_AES_set_encrypt_key
1041AES_set_encrypt_key: 1041private_AES_set_encrypt_key:
1042 .frame $sp,$FRAMESIZE,$ra 1042 .frame $sp,$FRAMESIZE,$ra
1043 .mask $SAVED_REGS_MASK,-$SZREG 1043 .mask $SAVED_REGS_MASK,-$SZREG
1044 .set noreorder 1044 .set noreorder
@@ -1060,7 +1060,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
1060___ 1060___
1061$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification 1061$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
1062 .cplocal $Tbl 1062 .cplocal $Tbl
1063 .cpsetup $pf,$zero,AES_set_encrypt_key 1063 .cpsetup $pf,$zero,private_AES_set_encrypt_key
1064___ 1064___
1065$code.=<<___; 1065$code.=<<___;
1066 .set reorder 1066 .set reorder
@@ -1083,7 +1083,7 @@ ___
1083$code.=<<___; 1083$code.=<<___;
1084 jr $ra 1084 jr $ra
1085 $PTR_ADD $sp,$FRAMESIZE 1085 $PTR_ADD $sp,$FRAMESIZE
1086.end AES_set_encrypt_key 1086.end private_AES_set_encrypt_key
1087___ 1087___
1088 1088
1089my ($head,$tail)=($inp,$bits); 1089my ($head,$tail)=($inp,$bits);
@@ -1091,9 +1091,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
1091my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2); 1091my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2);
1092$code.=<<___; 1092$code.=<<___;
1093.align 5 1093.align 5
1094.globl AES_set_decrypt_key 1094.globl private_AES_set_decrypt_key
1095.ent AES_set_decrypt_key 1095.ent private_AES_set_decrypt_key
1096AES_set_decrypt_key: 1096private_AES_set_decrypt_key:
1097 .frame $sp,$FRAMESIZE,$ra 1097 .frame $sp,$FRAMESIZE,$ra
1098 .mask $SAVED_REGS_MASK,-$SZREG 1098 .mask $SAVED_REGS_MASK,-$SZREG
1099 .set noreorder 1099 .set noreorder
@@ -1115,7 +1115,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue
1115___ 1115___
1116$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification 1116$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
1117 .cplocal $Tbl 1117 .cplocal $Tbl
1118 .cpsetup $pf,$zero,AES_set_decrypt_key 1118 .cpsetup $pf,$zero,private_AES_set_decrypt_key
1119___ 1119___
1120$code.=<<___; 1120$code.=<<___;
1121 .set reorder 1121 .set reorder
@@ -1226,7 +1226,7 @@ ___
1226$code.=<<___; 1226$code.=<<___;
1227 jr $ra 1227 jr $ra
1228 $PTR_ADD $sp,$FRAMESIZE 1228 $PTR_ADD $sp,$FRAMESIZE
1229.end AES_set_decrypt_key 1229.end private_AES_set_decrypt_key
1230___ 1230___
1231}}} 1231}}}
1232 1232
diff --git a/src/lib/libcrypto/aes/asm/aes-parisc.pl b/src/lib/libcrypto/aes/asm/aes-parisc.pl
index c36b6a2270..714dcfbbe3 100644
--- a/src/lib/libcrypto/aes/asm/aes-parisc.pl
+++ b/src/lib/libcrypto/aes/asm/aes-parisc.pl
@@ -1015,7 +1015,8 @@ foreach (split("\n",$code)) {
1015 $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2) 1015 $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2)
1016 : sprintf("extrd,u%s,%d,8,",$1,63-$2)/e; 1016 : sprintf("extrd,u%s,%d,8,",$1,63-$2)/e;
1017 1017
1018 s/,\*/,/ if ($SIZE_T==4); 1018 s/,\*/,/ if ($SIZE_T==4);
1019 s/\bbv\b(.*\(%r2\))/bve$1/ if ($SIZE_T==8);
1019 print $_,"\n"; 1020 print $_,"\n";
1020} 1021}
1021close STDOUT; 1022close STDOUT;
diff --git a/src/lib/libcrypto/aes/asm/aes-s390x.pl b/src/lib/libcrypto/aes/asm/aes-s390x.pl
index 445a1e6762..e75dcd0315 100644
--- a/src/lib/libcrypto/aes/asm/aes-s390x.pl
+++ b/src/lib/libcrypto/aes/asm/aes-s390x.pl
@@ -1598,11 +1598,11 @@ $code.=<<___ if(1);
1598 lghi $s1,0x7f 1598 lghi $s1,0x7f
1599 nr $s1,%r0 1599 nr $s1,%r0
1600 lghi %r0,0 # query capability vector 1600 lghi %r0,0 # query capability vector
1601 la %r1,2*$SIZE_T($sp) 1601 la %r1,$tweak-16($sp)
1602 .long 0xb92e0042 # km %r4,%r2 1602 .long 0xb92e0042 # km %r4,%r2
1603 llihh %r1,0x8000 1603 llihh %r1,0x8000
1604 srlg %r1,%r1,32($s1) # check for 32+function code 1604 srlg %r1,%r1,32($s1) # check for 32+function code
1605 ng %r1,2*$SIZE_T($sp) 1605 ng %r1,$tweak-16($sp)
1606 lgr %r0,$s0 # restore the function code 1606 lgr %r0,$s0 # restore the function code
1607 la %r1,0($key1) # restore $key1 1607 la %r1,0($key1) # restore $key1
1608 jz .Lxts_km_vanilla 1608 jz .Lxts_km_vanilla
@@ -1628,7 +1628,7 @@ $code.=<<___ if(1);
1628 1628
1629 lrvg $s0,$tweak+0($sp) # load the last tweak 1629 lrvg $s0,$tweak+0($sp) # load the last tweak
1630 lrvg $s1,$tweak+8($sp) 1630 lrvg $s1,$tweak+8($sp)
1631 stmg %r0,%r3,$tweak-32(%r1) # wipe copy of the key 1631 stmg %r0,%r3,$tweak-32($sp) # wipe copy of the key
1632 1632
1633 nill %r0,0xffdf # switch back to original function code 1633 nill %r0,0xffdf # switch back to original function code
1634 la %r1,0($key1) # restore pointer to $key1 1634 la %r1,0($key1) # restore pointer to $key1
@@ -1684,11 +1684,9 @@ $code.=<<___;
1684 lghi $i1,0x87 1684 lghi $i1,0x87
1685 srag $i2,$s1,63 # broadcast upper bit 1685 srag $i2,$s1,63 # broadcast upper bit
1686 ngr $i1,$i2 # rem 1686 ngr $i1,$i2 # rem
1687 srlg $i2,$s0,63 # carry bit from lower half 1687 algr $s0,$s0
1688 sllg $s0,$s0,1 1688 alcgr $s1,$s1
1689 sllg $s1,$s1,1
1690 xgr $s0,$i1 1689 xgr $s0,$i1
1691 ogr $s1,$i2
1692.Lxts_km_start: 1690.Lxts_km_start:
1693 lrvgr $i1,$s0 # flip byte order 1691 lrvgr $i1,$s0 # flip byte order
1694 lrvgr $i2,$s1 1692 lrvgr $i2,$s1
@@ -1745,11 +1743,9 @@ $code.=<<___;
1745 lghi $i1,0x87 1743 lghi $i1,0x87
1746 srag $i2,$s1,63 # broadcast upper bit 1744 srag $i2,$s1,63 # broadcast upper bit
1747 ngr $i1,$i2 # rem 1745 ngr $i1,$i2 # rem
1748 srlg $i2,$s0,63 # carry bit from lower half 1746 algr $s0,$s0
1749 sllg $s0,$s0,1 1747 alcgr $s1,$s1
1750 sllg $s1,$s1,1
1751 xgr $s0,$i1 1748 xgr $s0,$i1
1752 ogr $s1,$i2
1753 1749
1754 ltr $len,$len # clear zero flag 1750 ltr $len,$len # clear zero flag
1755 br $ra 1751 br $ra
@@ -1781,8 +1777,8 @@ $code.=<<___ if (!$softonly);
1781 clr %r0,%r1 1777 clr %r0,%r1
1782 jl .Lxts_enc_software 1778 jl .Lxts_enc_software
1783 1779
1780 st${g} $ra,5*$SIZE_T($sp)
1784 stm${g} %r6,$s3,6*$SIZE_T($sp) 1781 stm${g} %r6,$s3,6*$SIZE_T($sp)
1785 st${g} $ra,14*$SIZE_T($sp)
1786 1782
1787 sllg $len,$len,4 # $len&=~15 1783 sllg $len,$len,4 # $len&=~15
1788 slgr $out,$inp 1784 slgr $out,$inp
@@ -1830,9 +1826,9 @@ $code.=<<___ if (!$softonly);
1830 stg $i2,8($i3) 1826 stg $i2,8($i3)
1831 1827
1832.Lxts_enc_km_done: 1828.Lxts_enc_km_done:
1833 l${g} $ra,14*$SIZE_T($sp) 1829 stg $sp,$tweak+0($sp) # wipe tweak
1834 st${g} $sp,$tweak($sp) # wipe tweak 1830 stg $sp,$tweak+8($sp)
1835 st${g} $sp,$tweak($sp) 1831 l${g} $ra,5*$SIZE_T($sp)
1836 lm${g} %r6,$s3,6*$SIZE_T($sp) 1832 lm${g} %r6,$s3,6*$SIZE_T($sp)
1837 br $ra 1833 br $ra
1838.align 16 1834.align 16
@@ -1843,12 +1839,11 @@ $code.=<<___;
1843 1839
1844 slgr $out,$inp 1840 slgr $out,$inp
1845 1841
1846 xgr $s0,$s0 # clear upper half 1842 l${g} $s3,$stdframe($sp) # ivp
1847 xgr $s1,$s1 1843 llgf $s0,0($s3) # load iv
1848 lrv $s0,$stdframe+4($sp) # load secno 1844 llgf $s1,4($s3)
1849 lrv $s1,$stdframe+0($sp) 1845 llgf $s2,8($s3)
1850 xgr $s2,$s2 1846 llgf $s3,12($s3)
1851 xgr $s3,$s3
1852 stm${g} %r2,%r5,2*$SIZE_T($sp) 1847 stm${g} %r2,%r5,2*$SIZE_T($sp)
1853 la $key,0($key2) 1848 la $key,0($key2)
1854 larl $tbl,AES_Te 1849 larl $tbl,AES_Te
@@ -1864,11 +1859,9 @@ $code.=<<___;
1864 lghi %r1,0x87 1859 lghi %r1,0x87
1865 srag %r0,$s3,63 # broadcast upper bit 1860 srag %r0,$s3,63 # broadcast upper bit
1866 ngr %r1,%r0 # rem 1861 ngr %r1,%r0 # rem
1867 srlg %r0,$s1,63 # carry bit from lower half 1862 algr $s1,$s1
1868 sllg $s1,$s1,1 1863 alcgr $s3,$s3
1869 sllg $s3,$s3,1
1870 xgr $s1,%r1 1864 xgr $s1,%r1
1871 ogr $s3,%r0
1872 lrvgr $s1,$s1 # flip byte order 1865 lrvgr $s1,$s1 # flip byte order
1873 lrvgr $s3,$s3 1866 lrvgr $s3,$s3
1874 srlg $s0,$s1,32 # smash the tweak to 4x32-bits 1867 srlg $s0,$s1,32 # smash the tweak to 4x32-bits
@@ -1917,11 +1910,9 @@ $code.=<<___;
1917 lghi %r1,0x87 1910 lghi %r1,0x87
1918 srag %r0,$s3,63 # broadcast upper bit 1911 srag %r0,$s3,63 # broadcast upper bit
1919 ngr %r1,%r0 # rem 1912 ngr %r1,%r0 # rem
1920 srlg %r0,$s1,63 # carry bit from lower half 1913 algr $s1,$s1
1921 sllg $s1,$s1,1 1914 alcgr $s3,$s3
1922 sllg $s3,$s3,1
1923 xgr $s1,%r1 1915 xgr $s1,%r1
1924 ogr $s3,%r0
1925 lrvgr $s1,$s1 # flip byte order 1916 lrvgr $s1,$s1 # flip byte order
1926 lrvgr $s3,$s3 1917 lrvgr $s3,$s3
1927 srlg $s0,$s1,32 # smash the tweak to 4x32-bits 1918 srlg $s0,$s1,32 # smash the tweak to 4x32-bits
@@ -1956,7 +1947,8 @@ $code.=<<___;
1956.size AES_xts_encrypt,.-AES_xts_encrypt 1947.size AES_xts_encrypt,.-AES_xts_encrypt
1957___ 1948___
1958# void AES_xts_decrypt(const char *inp,char *out,size_t len, 1949# void AES_xts_decrypt(const char *inp,char *out,size_t len,
1959# const AES_KEY *key1, const AES_KEY *key2,u64 secno); 1950# const AES_KEY *key1, const AES_KEY *key2,
1951# const unsigned char iv[16]);
1960# 1952#
1961$code.=<<___; 1953$code.=<<___;
1962.globl AES_xts_decrypt 1954.globl AES_xts_decrypt
@@ -1988,8 +1980,8 @@ $code.=<<___ if (!$softonly);
1988 clr %r0,%r1 1980 clr %r0,%r1
1989 jl .Lxts_dec_software 1981 jl .Lxts_dec_software
1990 1982
1983 st${g} $ra,5*$SIZE_T($sp)
1991 stm${g} %r6,$s3,6*$SIZE_T($sp) 1984 stm${g} %r6,$s3,6*$SIZE_T($sp)
1992 st${g} $ra,14*$SIZE_T($sp)
1993 1985
1994 nill $len,0xfff0 # $len&=~15 1986 nill $len,0xfff0 # $len&=~15
1995 slgr $out,$inp 1987 slgr $out,$inp
@@ -2028,11 +2020,9 @@ $code.=<<___ if (!$softonly);
2028 lghi $i1,0x87 2020 lghi $i1,0x87
2029 srag $i2,$s1,63 # broadcast upper bit 2021 srag $i2,$s1,63 # broadcast upper bit
2030 ngr $i1,$i2 # rem 2022 ngr $i1,$i2 # rem
2031 srlg $i2,$s0,63 # carry bit from lower half 2023 algr $s0,$s0
2032 sllg $s0,$s0,1 2024 alcgr $s1,$s1
2033 sllg $s1,$s1,1
2034 xgr $s0,$i1 2025 xgr $s0,$i1
2035 ogr $s1,$i2
2036 lrvgr $i1,$s0 # flip byte order 2026 lrvgr $i1,$s0 # flip byte order
2037 lrvgr $i2,$s1 2027 lrvgr $i2,$s1
2038 2028
@@ -2075,9 +2065,9 @@ $code.=<<___ if (!$softonly);
2075 stg $s2,0($i3) 2065 stg $s2,0($i3)
2076 stg $s3,8($i3) 2066 stg $s3,8($i3)
2077.Lxts_dec_km_done: 2067.Lxts_dec_km_done:
2078 l${g} $ra,14*$SIZE_T($sp) 2068 stg $sp,$tweak+0($sp) # wipe tweak
2079 st${g} $sp,$tweak($sp) # wipe tweak 2069 stg $sp,$tweak+8($sp)
2080 st${g} $sp,$tweak($sp) 2070 l${g} $ra,5*$SIZE_T($sp)
2081 lm${g} %r6,$s3,6*$SIZE_T($sp) 2071 lm${g} %r6,$s3,6*$SIZE_T($sp)
2082 br $ra 2072 br $ra
2083.align 16 2073.align 16
@@ -2089,12 +2079,11 @@ $code.=<<___;
2089 srlg $len,$len,4 2079 srlg $len,$len,4
2090 slgr $out,$inp 2080 slgr $out,$inp
2091 2081
2092 xgr $s0,$s0 # clear upper half 2082 l${g} $s3,$stdframe($sp) # ivp
2093 xgr $s1,$s1 2083 llgf $s0,0($s3) # load iv
2094 lrv $s0,$stdframe+4($sp) # load secno 2084 llgf $s1,4($s3)
2095 lrv $s1,$stdframe+0($sp) 2085 llgf $s2,8($s3)
2096 xgr $s2,$s2 2086 llgf $s3,12($s3)
2097 xgr $s3,$s3
2098 stm${g} %r2,%r5,2*$SIZE_T($sp) 2087 stm${g} %r2,%r5,2*$SIZE_T($sp)
2099 la $key,0($key2) 2088 la $key,0($key2)
2100 larl $tbl,AES_Te 2089 larl $tbl,AES_Te
@@ -2113,11 +2102,9 @@ $code.=<<___;
2113 lghi %r1,0x87 2102 lghi %r1,0x87
2114 srag %r0,$s3,63 # broadcast upper bit 2103 srag %r0,$s3,63 # broadcast upper bit
2115 ngr %r1,%r0 # rem 2104 ngr %r1,%r0 # rem
2116 srlg %r0,$s1,63 # carry bit from lower half 2105 algr $s1,$s1
2117 sllg $s1,$s1,1 2106 alcgr $s3,$s3
2118 sllg $s3,$s3,1
2119 xgr $s1,%r1 2107 xgr $s1,%r1
2120 ogr $s3,%r0
2121 lrvgr $s1,$s1 # flip byte order 2108 lrvgr $s1,$s1 # flip byte order
2122 lrvgr $s3,$s3 2109 lrvgr $s3,$s3
2123 srlg $s0,$s1,32 # smash the tweak to 4x32-bits 2110 srlg $s0,$s1,32 # smash the tweak to 4x32-bits
@@ -2156,11 +2143,9 @@ $code.=<<___;
2156 lghi %r1,0x87 2143 lghi %r1,0x87
2157 srag %r0,$s3,63 # broadcast upper bit 2144 srag %r0,$s3,63 # broadcast upper bit
2158 ngr %r1,%r0 # rem 2145 ngr %r1,%r0 # rem
2159 srlg %r0,$s1,63 # carry bit from lower half 2146 algr $s1,$s1
2160 sllg $s1,$s1,1 2147 alcgr $s3,$s3
2161 sllg $s3,$s3,1
2162 xgr $s1,%r1 2148 xgr $s1,%r1
2163 ogr $s3,%r0
2164 lrvgr $i2,$s1 # flip byte order 2149 lrvgr $i2,$s1 # flip byte order
2165 lrvgr $i3,$s3 2150 lrvgr $i3,$s3
2166 stmg $i2,$i3,$tweak($sp) # save the 1st tweak 2151 stmg $i2,$i3,$tweak($sp) # save the 1st tweak
@@ -2176,11 +2161,9 @@ $code.=<<___;
2176 lghi %r1,0x87 2161 lghi %r1,0x87
2177 srag %r0,$s3,63 # broadcast upper bit 2162 srag %r0,$s3,63 # broadcast upper bit
2178 ngr %r1,%r0 # rem 2163 ngr %r1,%r0 # rem
2179 srlg %r0,$s1,63 # carry bit from lower half 2164 algr $s1,$s1
2180 sllg $s1,$s1,1 2165 alcgr $s3,$s3
2181 sllg $s3,$s3,1
2182 xgr $s1,%r1 2166 xgr $s1,%r1
2183 ogr $s3,%r0
2184 lrvgr $s1,$s1 # flip byte order 2167 lrvgr $s1,$s1 # flip byte order
2185 lrvgr $s3,$s3 2168 lrvgr $s3,$s3
2186 srlg $s0,$s1,32 # smash the tweak to 4x32-bits 2169 srlg $s0,$s1,32 # smash the tweak to 4x32-bits
diff --git a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
index c6f6b3334a..3c8f6c19e7 100644
--- a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
@@ -69,7 +69,8 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
69 `ml64 2>&1` =~ /Version ([0-9]+)\./ && 69 `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
70 $1>=10); 70 $1>=10);
71 71
72open STDOUT,"| $^X $xlate $flavour $output"; 72open OUT,"| \"$^X\" $xlate $flavour $output";
73*STDOUT=*OUT;
73 74
74# void aesni_cbc_sha1_enc(const void *inp, 75# void aesni_cbc_sha1_enc(const void *inp,
75# void *out, 76# void *out,
diff --git a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
index c9c6312fa7..41b90f0844 100644
--- a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
@@ -83,9 +83,9 @@
83# Add decryption procedure. Performance in CPU cycles spent to decrypt 83# Add decryption procedure. Performance in CPU cycles spent to decrypt
84# one byte out of 4096-byte buffer with 128-bit key is: 84# one byte out of 4096-byte buffer with 128-bit key is:
85# 85#
86# Core 2 11.0 86# Core 2 9.83
87# Nehalem 9.16 87# Nehalem 7.74
88# Atom 20.9 88# Atom 19.0
89# 89#
90# November 2011. 90# November 2011.
91# 91#
@@ -105,7 +105,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
105( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 105( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
106die "can't locate x86_64-xlate.pl"; 106die "can't locate x86_64-xlate.pl";
107 107
108open STDOUT,"| $^X $xlate $flavour $output"; 108open OUT,"| \"$^X\" $xlate $flavour $output";
109*STDOUT=*OUT;
109 110
110my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx"); 111my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
111my @XMM=map("%xmm$_",(15,0..14)); # best on Atom, +10% over (0..15) 112my @XMM=map("%xmm$_",(15,0..14)); # best on Atom, +10% over (0..15)
@@ -455,6 +456,7 @@ sub MixColumns {
455# modified to emit output in order suitable for feeding back to aesenc[last] 456# modified to emit output in order suitable for feeding back to aesenc[last]
456my @x=@_[0..7]; 457my @x=@_[0..7];
457my @t=@_[8..15]; 458my @t=@_[8..15];
459my $inv=@_[16]; # optional
458$code.=<<___; 460$code.=<<___;
459 pshufd \$0x93, @x[0], @t[0] # x0 <<< 32 461 pshufd \$0x93, @x[0], @t[0] # x0 <<< 32
460 pshufd \$0x93, @x[1], @t[1] 462 pshufd \$0x93, @x[1], @t[1]
@@ -496,7 +498,8 @@ $code.=<<___;
496 pxor @t[4], @t[0] 498 pxor @t[4], @t[0]
497 pshufd \$0x4E, @x[2], @x[6] 499 pshufd \$0x4E, @x[2], @x[6]
498 pxor @t[5], @t[1] 500 pxor @t[5], @t[1]
499 501___
502$code.=<<___ if (!$inv);
500 pxor @t[3], @x[4] 503 pxor @t[3], @x[4]
501 pxor @t[7], @x[5] 504 pxor @t[7], @x[5]
502 pxor @t[6], @x[3] 505 pxor @t[6], @x[3]
@@ -504,9 +507,20 @@ $code.=<<___;
504 pxor @t[2], @x[6] 507 pxor @t[2], @x[6]
505 movdqa @t[1], @x[7] 508 movdqa @t[1], @x[7]
506___ 509___
510$code.=<<___ if ($inv);
511 pxor @x[4], @t[3]
512 pxor @t[7], @x[5]
513 pxor @x[3], @t[6]
514 movdqa @t[0], @x[3]
515 pxor @t[2], @x[6]
516 movdqa @t[6], @x[2]
517 movdqa @t[1], @x[7]
518 movdqa @x[6], @x[4]
519 movdqa @t[3], @x[6]
520___
507} 521}
508 522
509sub InvMixColumns { 523sub InvMixColumns_orig {
510my @x=@_[0..7]; 524my @x=@_[0..7];
511my @t=@_[8..15]; 525my @t=@_[8..15];
512 526
@@ -660,6 +674,54 @@ $code.=<<___;
660___ 674___
661} 675}
662 676
677sub InvMixColumns {
678my @x=@_[0..7];
679my @t=@_[8..15];
680
681# Thanks to Jussi Kivilinna for providing pointer to
682#
683# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 |
684# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
685# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 |
686# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 |
687
688$code.=<<___;
689 # multiplication by 0x05-0x00-0x04-0x00
690 pshufd \$0x4E, @x[0], @t[0]
691 pshufd \$0x4E, @x[6], @t[6]
692 pxor @x[0], @t[0]
693 pshufd \$0x4E, @x[7], @t[7]
694 pxor @x[6], @t[6]
695 pshufd \$0x4E, @x[1], @t[1]
696 pxor @x[7], @t[7]
697 pshufd \$0x4E, @x[2], @t[2]
698 pxor @x[1], @t[1]
699 pshufd \$0x4E, @x[3], @t[3]
700 pxor @x[2], @t[2]
701 pxor @t[6], @x[0]
702 pxor @t[6], @x[1]
703 pshufd \$0x4E, @x[4], @t[4]
704 pxor @x[3], @t[3]
705 pxor @t[0], @x[2]
706 pxor @t[1], @x[3]
707 pshufd \$0x4E, @x[5], @t[5]
708 pxor @x[4], @t[4]
709 pxor @t[7], @x[1]
710 pxor @t[2], @x[4]
711 pxor @x[5], @t[5]
712
713 pxor @t[7], @x[2]
714 pxor @t[6], @x[3]
715 pxor @t[6], @x[4]
716 pxor @t[3], @x[5]
717 pxor @t[4], @x[6]
718 pxor @t[7], @x[4]
719 pxor @t[7], @x[5]
720 pxor @t[5], @x[7]
721___
722 &MixColumns (@x,@t,1); # flipped 2<->3 and 4<->6
723}
724
663sub aesenc { # not used 725sub aesenc { # not used
664my @b=@_[0..7]; 726my @b=@_[0..7];
665my @t=@_[8..15]; 727my @t=@_[8..15];
@@ -2027,6 +2089,8 @@ ___
2027# const unsigned char iv[16]); 2089# const unsigned char iv[16]);
2028# 2090#
2029my ($twmask,$twres,$twtmp)=@XMM[13..15]; 2091my ($twmask,$twres,$twtmp)=@XMM[13..15];
2092$arg6=~s/d$//;
2093
2030$code.=<<___; 2094$code.=<<___;
2031.globl bsaes_xts_encrypt 2095.globl bsaes_xts_encrypt
2032.type bsaes_xts_encrypt,\@abi-omnipotent 2096.type bsaes_xts_encrypt,\@abi-omnipotent
diff --git a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
index 37998db5e1..bd7f45b850 100644
--- a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
@@ -56,7 +56,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
56( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 56( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
57die "can't locate x86_64-xlate.pl"; 57die "can't locate x86_64-xlate.pl";
58 58
59open STDOUT,"| $^X $xlate $flavour $output"; 59open OUT,"| \"$^X\" $xlate $flavour $output";
60*STDOUT=*OUT;
60 61
61$PREFIX="vpaes"; 62$PREFIX="vpaes";
62 63
@@ -1059,7 +1060,7 @@ _vpaes_consts:
1059.Lk_dsbo: # decryption sbox final output 1060.Lk_dsbo: # decryption sbox final output
1060 .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D 1061 .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
1061 .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C 1062 .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
1062.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" 1063.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
1063.align 64 1064.align 64
1064.size _vpaes_consts,.-_vpaes_consts 1065.size _vpaes_consts,.-_vpaes_consts
1065___ 1066___
diff --git a/src/lib/libcrypto/armcap.c b/src/lib/libcrypto/armcap.c
index 5258d2fbdd..9abaf396e5 100644
--- a/src/lib/libcrypto/armcap.c
+++ b/src/lib/libcrypto/armcap.c
@@ -23,7 +23,7 @@ unsigned int _armv7_tick(void);
23 23
24unsigned int OPENSSL_rdtsc(void) 24unsigned int OPENSSL_rdtsc(void)
25 { 25 {
26 if (OPENSSL_armcap_P|ARMV7_TICK) 26 if (OPENSSL_armcap_P & ARMV7_TICK)
27 return _armv7_tick(); 27 return _armv7_tick();
28 else 28 else
29 return 0; 29 return 0;
diff --git a/src/lib/libcrypto/bn/asm/mips-mont.pl b/src/lib/libcrypto/bn/asm/mips-mont.pl
index b944a12b8e..caae04ed3a 100644
--- a/src/lib/libcrypto/bn/asm/mips-mont.pl
+++ b/src/lib/libcrypto/bn/asm/mips-mont.pl
@@ -133,7 +133,7 @@ $code.=<<___;
133 bnez $at,1f 133 bnez $at,1f
134 li $t0,0 134 li $t0,0
135 slt $at,$num,17 # on in-order CPU 135 slt $at,$num,17 # on in-order CPU
136 bnezl $at,bn_mul_mont_internal 136 bnez $at,bn_mul_mont_internal
137 nop 137 nop
1381: jr $ra 1381: jr $ra
139 li $a0,0 139 li $a0,0
diff --git a/src/lib/libcrypto/bn/asm/mips.pl b/src/lib/libcrypto/bn/asm/mips.pl
index c162a3ec23..d2f3ef7bbf 100644
--- a/src/lib/libcrypto/bn/asm/mips.pl
+++ b/src/lib/libcrypto/bn/asm/mips.pl
@@ -140,10 +140,10 @@ $code.=<<___;
140 .set reorder 140 .set reorder
141 li $minus4,-4 141 li $minus4,-4
142 and $ta0,$a2,$minus4 142 and $ta0,$a2,$minus4
143 $LD $t0,0($a1)
144 beqz $ta0,.L_bn_mul_add_words_tail 143 beqz $ta0,.L_bn_mul_add_words_tail
145 144
146.L_bn_mul_add_words_loop: 145.L_bn_mul_add_words_loop:
146 $LD $t0,0($a1)
147 $MULTU $t0,$a3 147 $MULTU $t0,$a3
148 $LD $t1,0($a0) 148 $LD $t1,0($a0)
149 $LD $t2,$BNSZ($a1) 149 $LD $t2,$BNSZ($a1)
@@ -200,10 +200,9 @@ $code.=<<___;
200 $ADDU $v0,$ta2 200 $ADDU $v0,$ta2
201 sltu $at,$ta3,$at 201 sltu $at,$ta3,$at
202 $ST $ta3,-$BNSZ($a0) 202 $ST $ta3,-$BNSZ($a0)
203 $ADDU $v0,$at
204 .set noreorder 203 .set noreorder
205 bgtzl $ta0,.L_bn_mul_add_words_loop 204 bgtz $ta0,.L_bn_mul_add_words_loop
206 $LD $t0,0($a1) 205 $ADDU $v0,$at
207 206
208 beqz $a2,.L_bn_mul_add_words_return 207 beqz $a2,.L_bn_mul_add_words_return
209 nop 208 nop
@@ -300,10 +299,10 @@ $code.=<<___;
300 .set reorder 299 .set reorder
301 li $minus4,-4 300 li $minus4,-4
302 and $ta0,$a2,$minus4 301 and $ta0,$a2,$minus4
303 $LD $t0,0($a1)
304 beqz $ta0,.L_bn_mul_words_tail 302 beqz $ta0,.L_bn_mul_words_tail
305 303
306.L_bn_mul_words_loop: 304.L_bn_mul_words_loop:
305 $LD $t0,0($a1)
307 $MULTU $t0,$a3 306 $MULTU $t0,$a3
308 $LD $t2,$BNSZ($a1) 307 $LD $t2,$BNSZ($a1)
309 $LD $ta0,2*$BNSZ($a1) 308 $LD $ta0,2*$BNSZ($a1)
@@ -341,10 +340,9 @@ $code.=<<___;
341 $ADDU $v0,$at 340 $ADDU $v0,$at
342 sltu $ta3,$v0,$at 341 sltu $ta3,$v0,$at
343 $ST $v0,-$BNSZ($a0) 342 $ST $v0,-$BNSZ($a0)
344 $ADDU $v0,$ta3,$ta2
345 .set noreorder 343 .set noreorder
346 bgtzl $ta0,.L_bn_mul_words_loop 344 bgtz $ta0,.L_bn_mul_words_loop
347 $LD $t0,0($a1) 345 $ADDU $v0,$ta3,$ta2
348 346
349 beqz $a2,.L_bn_mul_words_return 347 beqz $a2,.L_bn_mul_words_return
350 nop 348 nop
@@ -429,10 +427,10 @@ $code.=<<___;
429 .set reorder 427 .set reorder
430 li $minus4,-4 428 li $minus4,-4
431 and $ta0,$a2,$minus4 429 and $ta0,$a2,$minus4
432 $LD $t0,0($a1)
433 beqz $ta0,.L_bn_sqr_words_tail 430 beqz $ta0,.L_bn_sqr_words_tail
434 431
435.L_bn_sqr_words_loop: 432.L_bn_sqr_words_loop:
433 $LD $t0,0($a1)
436 $MULTU $t0,$t0 434 $MULTU $t0,$t0
437 $LD $t2,$BNSZ($a1) 435 $LD $t2,$BNSZ($a1)
438 $LD $ta0,2*$BNSZ($a1) 436 $LD $ta0,2*$BNSZ($a1)
@@ -463,11 +461,10 @@ $code.=<<___;
463 mflo $ta3 461 mflo $ta3
464 mfhi $ta2 462 mfhi $ta2
465 $ST $ta3,-2*$BNSZ($a0) 463 $ST $ta3,-2*$BNSZ($a0)
466 $ST $ta2,-$BNSZ($a0)
467 464
468 .set noreorder 465 .set noreorder
469 bgtzl $ta0,.L_bn_sqr_words_loop 466 bgtz $ta0,.L_bn_sqr_words_loop
470 $LD $t0,0($a1) 467 $ST $ta2,-$BNSZ($a0)
471 468
472 beqz $a2,.L_bn_sqr_words_return 469 beqz $a2,.L_bn_sqr_words_return
473 nop 470 nop
@@ -547,10 +544,10 @@ $code.=<<___;
547 .set reorder 544 .set reorder
548 li $minus4,-4 545 li $minus4,-4
549 and $at,$a3,$minus4 546 and $at,$a3,$minus4
550 $LD $t0,0($a1)
551 beqz $at,.L_bn_add_words_tail 547 beqz $at,.L_bn_add_words_tail
552 548
553.L_bn_add_words_loop: 549.L_bn_add_words_loop:
550 $LD $t0,0($a1)
554 $LD $ta0,0($a2) 551 $LD $ta0,0($a2)
555 subu $a3,4 552 subu $a3,4
556 $LD $t1,$BNSZ($a1) 553 $LD $t1,$BNSZ($a1)
@@ -589,11 +586,10 @@ $code.=<<___;
589 $ADDU $t3,$ta3,$v0 586 $ADDU $t3,$ta3,$v0
590 sltu $v0,$t3,$ta3 587 sltu $v0,$t3,$ta3
591 $ST $t3,-$BNSZ($a0) 588 $ST $t3,-$BNSZ($a0)
592 $ADDU $v0,$t9
593 589
594 .set noreorder 590 .set noreorder
595 bgtzl $at,.L_bn_add_words_loop 591 bgtz $at,.L_bn_add_words_loop
596 $LD $t0,0($a1) 592 $ADDU $v0,$t9
597 593
598 beqz $a3,.L_bn_add_words_return 594 beqz $a3,.L_bn_add_words_return
599 nop 595 nop
@@ -679,10 +675,10 @@ $code.=<<___;
679 .set reorder 675 .set reorder
680 li $minus4,-4 676 li $minus4,-4
681 and $at,$a3,$minus4 677 and $at,$a3,$minus4
682 $LD $t0,0($a1)
683 beqz $at,.L_bn_sub_words_tail 678 beqz $at,.L_bn_sub_words_tail
684 679
685.L_bn_sub_words_loop: 680.L_bn_sub_words_loop:
681 $LD $t0,0($a1)
686 $LD $ta0,0($a2) 682 $LD $ta0,0($a2)
687 subu $a3,4 683 subu $a3,4
688 $LD $t1,$BNSZ($a1) 684 $LD $t1,$BNSZ($a1)
@@ -722,11 +718,10 @@ $code.=<<___;
722 $SUBU $t3,$ta3,$v0 718 $SUBU $t3,$ta3,$v0
723 sgtu $v0,$t3,$ta3 719 sgtu $v0,$t3,$ta3
724 $ST $t3,-$BNSZ($a0) 720 $ST $t3,-$BNSZ($a0)
725 $ADDU $v0,$t9
726 721
727 .set noreorder 722 .set noreorder
728 bgtzl $at,.L_bn_sub_words_loop 723 bgtz $at,.L_bn_sub_words_loop
729 $LD $t0,0($a1) 724 $ADDU $v0,$t9
730 725
731 beqz $a3,.L_bn_sub_words_return 726 beqz $a3,.L_bn_sub_words_return
732 nop 727 nop
@@ -819,7 +814,7 @@ ___
819$code.=<<___; 814$code.=<<___;
820 .set reorder 815 .set reorder
821 move $ta3,$ra 816 move $ta3,$ra
822 bal bn_div_words 817 bal bn_div_words_internal
823 move $ra,$ta3 818 move $ra,$ta3
824 $MULTU $ta2,$v0 819 $MULTU $ta2,$v0
825 $LD $t2,-2*$BNSZ($a3) 820 $LD $t2,-2*$BNSZ($a3)
@@ -840,8 +835,9 @@ $code.=<<___;
840 sltu $ta0,$a1,$a2 835 sltu $ta0,$a1,$a2
841 or $t8,$ta0 836 or $t8,$ta0
842 .set noreorder 837 .set noreorder
843 beqzl $at,.L_bn_div_3_words_inner_loop 838 beqz $at,.L_bn_div_3_words_inner_loop
844 $SUBU $v0,1 839 $SUBU $v0,1
840 $ADDU $v0,1
845 .set reorder 841 .set reorder
846.L_bn_div_3_words_inner_loop_done: 842.L_bn_div_3_words_inner_loop_done:
847 .set noreorder 843 .set noreorder
@@ -902,7 +898,8 @@ $code.=<<___;
902 and $t2,$a0 898 and $t2,$a0
903 $SRL $at,$a1,$t1 899 $SRL $at,$a1,$t1
904 .set noreorder 900 .set noreorder
905 bnezl $t2,.+8 901 beqz $t2,.+12
902 nop
906 break 6 # signal overflow 903 break 6 # signal overflow
907 .set reorder 904 .set reorder
908 $SLL $a0,$t9 905 $SLL $a0,$t9
@@ -917,7 +914,8 @@ $code.=<<___;
917 $SRL $DH,$a2,4*$BNSZ # bits 914 $SRL $DH,$a2,4*$BNSZ # bits
918 sgeu $at,$a0,$a2 915 sgeu $at,$a0,$a2
919 .set noreorder 916 .set noreorder
920 bnezl $at,.+8 917 beqz $at,.+12
918 nop
921 $SUBU $a0,$a2 919 $SUBU $a0,$a2
922 .set reorder 920 .set reorder
923 921
diff --git a/src/lib/libcrypto/bn/asm/modexp512-x86_64.pl b/src/lib/libcrypto/bn/asm/modexp512-x86_64.pl
index 54aeb01921..bfd6e97541 100644
--- a/src/lib/libcrypto/bn/asm/modexp512-x86_64.pl
+++ b/src/lib/libcrypto/bn/asm/modexp512-x86_64.pl
@@ -68,7 +68,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
68( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 68( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
69die "can't locate x86_64-xlate.pl"; 69die "can't locate x86_64-xlate.pl";
70 70
71open STDOUT,"| $^X $xlate $flavour $output"; 71open OUT,"| \"$^X\" $xlate $flavour $output";
72*STDOUT=*OUT;
72 73
73use strict; 74use strict;
74my $code=".text\n\n"; 75my $code=".text\n\n";
diff --git a/src/lib/libcrypto/bn/asm/parisc-mont.pl b/src/lib/libcrypto/bn/asm/parisc-mont.pl
index 4a766a87fb..c02ef6f014 100644
--- a/src/lib/libcrypto/bn/asm/parisc-mont.pl
+++ b/src/lib/libcrypto/bn/asm/parisc-mont.pl
@@ -40,7 +40,7 @@
40# of arithmetic operations, most notably multiplications. It requires 40# of arithmetic operations, most notably multiplications. It requires
41# more memory references, most notably to tp[num], but this doesn't 41# more memory references, most notably to tp[num], but this doesn't
42# seem to exhaust memory port capacity. And indeed, dedicated PA-RISC 42# seem to exhaust memory port capacity. And indeed, dedicated PA-RISC
43# 2.0 code path, provides virtually same performance as pa-risc2[W].s: 43# 2.0 code path provides virtually same performance as pa-risc2[W].s:
44# it's ~10% better for shortest key length and ~10% worse for longest 44# it's ~10% better for shortest key length and ~10% worse for longest
45# one. 45# one.
46# 46#
@@ -988,6 +988,8 @@ foreach (split("\n",$code)) {
988 # assemble 2.0 instructions in 32-bit mode... 988 # assemble 2.0 instructions in 32-bit mode...
989 s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4); 989 s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4);
990 990
991 s/\bbv\b/bve/gm if ($SIZE_T==8);
992
991 print $_,"\n"; 993 print $_,"\n";
992} 994}
993close STDOUT; 995close STDOUT;
diff --git a/src/lib/libcrypto/bn/asm/x86_64-gf2m.pl b/src/lib/libcrypto/bn/asm/x86_64-gf2m.pl
index 1658acbbdd..226c66c35e 100644
--- a/src/lib/libcrypto/bn/asm/x86_64-gf2m.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-gf2m.pl
@@ -31,7 +31,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
31( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 31( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
32die "can't locate x86_64-xlate.pl"; 32die "can't locate x86_64-xlate.pl";
33 33
34open STDOUT,"| $^X $xlate $flavour $output"; 34open OUT,"| \"$^X\" $xlate $flavour $output";
35*STDOUT=*OUT;
35 36
36($lo,$hi)=("%rax","%rdx"); $a=$lo; 37($lo,$hi)=("%rax","%rdx"); $a=$lo;
37($i0,$i1)=("%rsi","%rdi"); 38($i0,$i1)=("%rsi","%rdi");
diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont.pl b/src/lib/libcrypto/bn/asm/x86_64-mont.pl
index 5d79b35e1c..17fb94c84c 100755
--- a/src/lib/libcrypto/bn/asm/x86_64-mont.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-mont.pl
@@ -40,7 +40,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
40( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 40( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
41die "can't locate x86_64-xlate.pl"; 41die "can't locate x86_64-xlate.pl";
42 42
43open STDOUT,"| $^X $xlate $flavour $output"; 43open OUT,"| \"$^X\" $xlate $flavour $output";
44*STDOUT=*OUT;
44 45
45# int bn_mul_mont( 46# int bn_mul_mont(
46$rp="%rdi"; # BN_ULONG *rp, 47$rp="%rdi"; # BN_ULONG *rp,
diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
index 057cda28aa..dae0fe2453 100755
--- a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
@@ -28,7 +28,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
28( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 28( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
29die "can't locate x86_64-xlate.pl"; 29die "can't locate x86_64-xlate.pl";
30 30
31open STDOUT,"| $^X $xlate $flavour $output"; 31open OUT,"| \"$^X\" $xlate $flavour $output";
32*STDOUT=*OUT;
32 33
33# int bn_mul_mont_gather5( 34# int bn_mul_mont_gather5(
34$rp="%rdi"; # BN_ULONG *rp, 35$rp="%rdi"; # BN_ULONG *rp,
@@ -900,8 +901,8 @@ $code.=<<___;
900 jnz .Lgather 901 jnz .Lgather
901___ 902___
902$code.=<<___ if ($win64); 903$code.=<<___ if ($win64);
903 movaps %xmm6,(%rsp) 904 movaps (%rsp),%xmm6
904 movaps %xmm7,0x10(%rsp) 905 movaps 0x10(%rsp),%xmm7
905 lea 0x28(%rsp),%rsp 906 lea 0x28(%rsp),%rsp
906___ 907___
907$code.=<<___; 908$code.=<<___;
diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
index 76955e4726..9f4b82fa48 100644
--- a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
+++ b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
@@ -40,7 +40,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
40( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 40( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
41die "can't locate x86_64-xlate.pl"; 41die "can't locate x86_64-xlate.pl";
42 42
43open STDOUT,"| $^X $xlate $flavour $output"; 43open OUT,"| \"$^X\" $xlate $flavour $output";
44*STDOUT=*OUT;
44 45
45sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } 46sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
46sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; 47sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
diff --git a/src/lib/libcrypto/cms/cms_cd.c b/src/lib/libcrypto/cms/cms_cd.c
index a5fc2c4e2b..2021688101 100644
--- a/src/lib/libcrypto/cms/cms_cd.c
+++ b/src/lib/libcrypto/cms/cms_cd.c
@@ -58,7 +58,9 @@
58#include <openssl/err.h> 58#include <openssl/err.h>
59#include <openssl/cms.h> 59#include <openssl/cms.h>
60#include <openssl/bio.h> 60#include <openssl/bio.h>
61#ifndef OPENSSL_NO_COMP
61#include <openssl/comp.h> 62#include <openssl/comp.h>
63#endif
62#include "cms_lcl.h" 64#include "cms_lcl.h"
63 65
64DECLARE_ASN1_ITEM(CMS_CompressedData) 66DECLARE_ASN1_ITEM(CMS_CompressedData)
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
index f873ce3794..bebeaf29c7 100644
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -74,7 +74,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
74 X509_ALGOR *calg = ec->contentEncryptionAlgorithm; 74 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
75 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; 75 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
76 unsigned char *tkey = NULL; 76 unsigned char *tkey = NULL;
77 size_t tkeylen; 77 size_t tkeylen = 0;
78 78
79 int ok = 0; 79 int ok = 0;
80 80
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
index f88e8f3b52..ba08279a04 100644
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -411,9 +411,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
411 * algorithm OID instead of digest. 411 * algorithm OID instead of digest.
412 */ 412 */
413 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) 413 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
414 {
415 return EVP_MD_CTX_copy_ex(mctx, mtmp); 414 return EVP_MD_CTX_copy_ex(mctx, mtmp);
416 }
417 chain = BIO_next(chain); 415 chain = BIO_next(chain);
418 } 416 }
419 } 417 }
@@ -467,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
467 pcerts = cms_get0_certificate_choices(cms); 465 pcerts = cms_get0_certificate_choices(cms);
468 if (!pcerts) 466 if (!pcerts)
469 return 0; 467 return 0;
470 if (!pcerts)
471 return 0;
472 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) 468 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
473 { 469 {
474 cch = sk_CMS_CertificateChoices_value(*pcerts, i); 470 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
index f2f455990f..13b91f1e6e 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
@@ -117,7 +117,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
117L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, 117L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
118L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 118L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
119L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 119L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
120L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, 120L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
121L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 121L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
122L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 122L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>
123 123
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
index 42b2a8c44e..847983237b 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
@@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
83L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, 83L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
84L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 84L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
85L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 85L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
86L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, 86L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
87L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 87L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
88 88
89=head1 HISTORY 89=head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_derive.pod b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
index d9d6d76c72..27464be571 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
@@ -84,7 +84,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
84L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, 84L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
85L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 85L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
86L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 86L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
87L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, 87L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
88 88
89=head1 HISTORY 89=head1 HISTORY
90 90
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
index 91c9c5d0a5..e495a81242 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
@@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
83L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, 83L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
84L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 84L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
85L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 85L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
86L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, 86L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
87L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 87L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
88 88
89=head1 HISTORY 89=head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod b/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
index 1a9c7954c5..8ff597d44a 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
@@ -32,7 +32,7 @@ public key algorithm.
32L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, 32L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
33L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 33L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
34L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 34L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
35L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, 35L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
36 36
37=head1 HISTORY 37=head1 HISTORY
38 38
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
index 37c6fe9503..fd431ace6d 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
@@ -151,7 +151,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
151L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, 151L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
152L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 152L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
153L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 153L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
154L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, 154L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
155L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 155L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
156 156
157=head1 HISTORY 157=head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_sign.pod b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
index 2fb52c3486..a044f2c131 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
@@ -86,7 +86,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
86L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, 86L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
87L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, 87L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
88L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 88L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
89L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, 89L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
90L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 90L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
91 91
92=head1 HISTORY 92=head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
index f93e5fc6c3..90612ba2f0 100644
--- a/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
+++ b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
@@ -81,7 +81,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
81L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, 81L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
82L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, 82L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
83L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, 83L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
84L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, 84L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
85L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 85L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
86 86
87=head1 HISTORY 87=head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
new file mode 100644
index 0000000000..23a28a9c43
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
@@ -0,0 +1,103 @@
1=pod
2
3=head1 NAME
4
5EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm
6
7=head1 SYNOPSIS
8
9 #include <openssl/evp.h>
10
11 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
12 int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
13 unsigned char *rout, size_t *routlen,
14 const unsigned char *sig, size_t siglen);
15
16=head1 DESCRIPTION
17
18The EVP_PKEY_verify_recover_init() function initializes a public key algorithm
19context using key B<pkey> for a verify recover operation.
20
21The EVP_PKEY_verify_recover() function recovers signed data
22using B<ctx>. The signature is specified using the B<sig> and
23B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output
24buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then
25before the call the B<routlen> parameter should contain the length of the
26B<rout> buffer, if the call is successful recovered data is written to
27B<rout> and the amount of data written to B<routlen>.
28
29=head1 NOTES
30
31Normally an application is only interested in whether a signature verification
32operation is successful in those cases the EVP_verify() function should be
33used.
34
35Sometimes however it is useful to obtain the data originally signed using a
36signing operation. Only certain public key algorithms can recover a signature
37in this way (for example RSA in PKCS padding mode).
38
39After the call to EVP_PKEY_verify_recover_init() algorithm specific control
40operations can be performed to set any appropriate parameters for the
41operation.
42
43The function EVP_PKEY_verify_recover() can be called more than once on the same
44context if several operations are performed using the same parameters.
45
46=head1 RETURN VALUES
47
48EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success
49and 0 or a negative value for failure. In particular a return value of -2
50indicates the operation is not supported by the public key algorithm.
51
52=head1 EXAMPLE
53
54Recover digest originally signed using PKCS#1 and SHA256 digest:
55
56 #include <openssl/evp.h>
57 #include <openssl/rsa.h>
58
59 EVP_PKEY_CTX *ctx;
60 unsigned char *rout, *sig;
61 size_t routlen, siglen;
62 EVP_PKEY *verify_key;
63 /* NB: assumes verify_key, sig and siglen are already set up
64 * and that verify_key is an RSA public key
65 */
66 ctx = EVP_PKEY_CTX_new(verify_key);
67 if (!ctx)
68 /* Error occurred */
69 if (EVP_PKEY_verify_recover_init(ctx) <= 0)
70 /* Error */
71 if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
72 /* Error */
73 if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
74 /* Error */
75
76 /* Determine buffer length */
77 if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
78 /* Error */
79
80 rout = OPENSSL_malloc(routlen);
81
82 if (!rout)
83 /* malloc failure */
84
85 if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
86 /* Error */
87
88 /* Recovered data is routlen bytes written to buffer rout */
89
90=head1 SEE ALSO
91
92L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
93L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
94L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
95L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
96L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
97L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>
98
99=head1 HISTORY
100
101These functions were first added to OpenSSL 1.0.0.
102
103=cut
diff --git a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
index b68eece033..46cac2bea2 100644
--- a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
+++ b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
@@ -113,7 +113,7 @@ a special status code is set to the verification callback. This permits it
113to examine the valid policy tree and perform additional checks or simply 113to examine the valid policy tree and perform additional checks or simply
114log it for debugging purposes. 114log it for debugging purposes.
115 115
116By default some addtional features such as indirect CRLs and CRLs signed by 116By default some additional features such as indirect CRLs and CRLs signed by
117different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set 117different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
118they are enabled. 118they are enabled.
119 119
diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c
index 26f4a783fc..1c575dc47a 100644
--- a/src/lib/libcrypto/ec/ec2_mult.c
+++ b/src/lib/libcrypto/ec/ec2_mult.c
@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
208 return ret; 208 return ret;
209 } 209 }
210 210
211
211/* Computes scalar*point and stores the result in r. 212/* Computes scalar*point and stores the result in r.
212 * point can not equal r. 213 * point can not equal r.
213 * Uses algorithm 2P of 214 * Uses a modified algorithm 2P of
214 * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over 215 * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
215 * GF(2^m) without precomputation" (CHES '99, LNCS 1717). 216 * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
217 *
218 * To protect against side-channel attack the function uses constant time swap,
219 * avoiding conditional branches.
216 */ 220 */
217static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 221static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
218 const EC_POINT *point, BN_CTX *ctx) 222 const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
246 x2 = &r->X; 250 x2 = &r->X;
247 z2 = &r->Y; 251 z2 = &r->Y;
248 252
253 bn_wexpand(x1, group->field.top);
254 bn_wexpand(z1, group->field.top);
255 bn_wexpand(x2, group->field.top);
256 bn_wexpand(z2, group->field.top);
257
249 if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ 258 if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
250 if (!BN_one(z1)) goto err; /* z1 = 1 */ 259 if (!BN_one(z1)) goto err; /* z1 = 1 */
251 if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ 260 if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
270 word = scalar->d[i]; 279 word = scalar->d[i];
271 while (mask) 280 while (mask)
272 { 281 {
273 if (word & mask) 282 BN_consttime_swap(word & mask, x1, x2, group->field.top);
274 { 283 BN_consttime_swap(word & mask, z1, z2, group->field.top);
275 if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; 284 if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
276 if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; 285 if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
277 } 286 BN_consttime_swap(word & mask, x1, x2, group->field.top);
278 else 287 BN_consttime_swap(word & mask, z1, z2, group->field.top);
279 {
280 if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
281 if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
282 }
283 mask >>= 1; 288 mask >>= 1;
284 } 289 }
285 mask = BN_TBIT; 290 mask = BN_TBIT;
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 83909c1853..0ce4524076 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -88,7 +88,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
88 if (!pstr) 88 if (!pstr)
89 return 0; 89 return 0;
90 pstr->length = i2d_ECParameters(ec_key, &pstr->data); 90 pstr->length = i2d_ECParameters(ec_key, &pstr->data);
91 if (pstr->length < 0) 91 if (pstr->length <= 0)
92 { 92 {
93 ASN1_STRING_free(pstr); 93 ASN1_STRING_free(pstr);
94 ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); 94 ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c
index 175eec5342..145807b611 100644
--- a/src/lib/libcrypto/ec/ec_asn1.c
+++ b/src/lib/libcrypto/ec/ec_asn1.c
@@ -89,7 +89,8 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
89 if (group == NULL) 89 if (group == NULL)
90 return 0; 90 return 0;
91 91
92 if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve 92 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
93 NID_X9_62_characteristic_two_field
93 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) 94 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
94 { 95 {
95 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 96 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -107,7 +108,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
107 if (group == NULL) 108 if (group == NULL)
108 return 0; 109 return 0;
109 110
110 if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve 111 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
112 NID_X9_62_characteristic_two_field
111 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) 113 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
112 { 114 {
113 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 115 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index bf9fd2dc2c..7fa247593d 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -520,18 +520,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
520void *EC_KEY_get_key_method_data(EC_KEY *key, 520void *EC_KEY_get_key_method_data(EC_KEY *key,
521 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) 521 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
522 { 522 {
523 return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); 523 void *ret;
524
525 CRYPTO_r_lock(CRYPTO_LOCK_EC);
526 ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
527 CRYPTO_r_unlock(CRYPTO_LOCK_EC);
528
529 return ret;
524 } 530 }
525 531
526void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, 532void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
527 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) 533 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
528 { 534 {
529 EC_EXTRA_DATA *ex_data; 535 EC_EXTRA_DATA *ex_data;
536
530 CRYPTO_w_lock(CRYPTO_LOCK_EC); 537 CRYPTO_w_lock(CRYPTO_LOCK_EC);
531 ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); 538 ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
532 if (ex_data == NULL) 539 if (ex_data == NULL)
533 EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); 540 EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
534 CRYPTO_w_unlock(CRYPTO_LOCK_EC); 541 CRYPTO_w_unlock(CRYPTO_LOCK_EC);
542
543 return ex_data;
535 } 544 }
536 545
537void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) 546void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
index d1ed66c37e..66ee397d86 100644
--- a/src/lib/libcrypto/ec/ec_pmeth.c
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
188 188
189 pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); 189 pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
190 190
191 /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is 191 /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
192 * not an error, the result is truncated. 192 * not an error, the result is truncated.
193 */ 193 */
194 194
diff --git a/src/lib/libcrypto/ecdh/ech_key.c b/src/lib/libcrypto/ecdh/ech_key.c
index f44da9298b..2988899ea2 100644
--- a/src/lib/libcrypto/ecdh/ech_key.c
+++ b/src/lib/libcrypto/ecdh/ech_key.c
@@ -68,9 +68,6 @@
68 */ 68 */
69 69
70#include "ech_locl.h" 70#include "ech_locl.h"
71#ifndef OPENSSL_NO_ENGINE
72#include <openssl/engine.h>
73#endif
74 71
75int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, 72int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
76 EC_KEY *eckey, 73 EC_KEY *eckey,
diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c
index dadbfd3c49..0644431b75 100644
--- a/src/lib/libcrypto/ecdh/ech_lib.c
+++ b/src/lib/libcrypto/ecdh/ech_lib.c
@@ -222,8 +222,15 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
222 ecdh_data = (ECDH_DATA *)ecdh_data_new(); 222 ecdh_data = (ECDH_DATA *)ecdh_data_new();
223 if (ecdh_data == NULL) 223 if (ecdh_data == NULL)
224 return NULL; 224 return NULL;
225 EC_KEY_insert_key_method_data(key, (void *)ecdh_data, 225 data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
226 ecdh_data_dup, ecdh_data_free, ecdh_data_free); 226 ecdh_data_dup, ecdh_data_free, ecdh_data_free);
227 if (data != NULL)
228 {
229 /* Another thread raced us to install the key_method
230 * data and won. */
231 ecdh_data_free(ecdh_data);
232 ecdh_data = (ECDH_DATA *)data;
233 }
227 } 234 }
228 else 235 else
229 ecdh_data = (ECDH_DATA *)data; 236 ecdh_data = (ECDH_DATA *)data;
diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c
index e477da430b..814a6bf404 100644
--- a/src/lib/libcrypto/ecdsa/ecs_lib.c
+++ b/src/lib/libcrypto/ecdsa/ecs_lib.c
@@ -200,8 +200,15 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
200 ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); 200 ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
201 if (ecdsa_data == NULL) 201 if (ecdsa_data == NULL)
202 return NULL; 202 return NULL;
203 EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, 203 data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
204 ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); 204 ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
205 if (data != NULL)
206 {
207 /* Another thread raced us to install the key_method
208 * data and won. */
209 ecdsa_data_free(ecdsa_data);
210 ecdsa_data = (ECDSA_DATA *)data;
211 }
205 } 212 }
206 else 213 else
207 ecdsa_data = (ECDSA_DATA *)data; 214 ecdsa_data = (ECDSA_DATA *)data;
diff --git a/src/lib/libcrypto/md5/asm/md5-x86_64.pl b/src/lib/libcrypto/md5/asm/md5-x86_64.pl
index 867885435e..f11224d172 100755
--- a/src/lib/libcrypto/md5/asm/md5-x86_64.pl
+++ b/src/lib/libcrypto/md5/asm/md5-x86_64.pl
@@ -120,7 +120,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
120die "can't locate x86_64-xlate.pl"; 120die "can't locate x86_64-xlate.pl";
121 121
122no warnings qw(uninitialized); 122no warnings qw(uninitialized);
123open STDOUT,"| $^X $xlate $flavour $output"; 123open OUT,"| \"$^X\" $xlate $flavour $output";
124*STDOUT=*OUT;
124 125
125$code .= <<EOF; 126$code .= <<EOF;
126.text 127.text
diff --git a/src/lib/libcrypto/modes/asm/ghash-alpha.pl b/src/lib/libcrypto/modes/asm/ghash-alpha.pl
index 6358b2750f..aa36029386 100644
--- a/src/lib/libcrypto/modes/asm/ghash-alpha.pl
+++ b/src/lib/libcrypto/modes/asm/ghash-alpha.pl
@@ -266,8 +266,8 @@ gcm_gmult_4bit:
266 ldq $Xlo,8($Xi) 266 ldq $Xlo,8($Xi)
267 ldq $Xhi,0($Xi) 267 ldq $Xhi,0($Xi)
268 268
269 br $rem_4bit,.Lpic1 269 bsr $t0,picmeup
270.Lpic1: lda $rem_4bit,rem_4bit-.Lpic1($rem_4bit) 270 nop
271___ 271___
272 272
273 &loop(); 273 &loop();
@@ -341,8 +341,8 @@ gcm_ghash_4bit:
341 ldq $Xhi,0($Xi) 341 ldq $Xhi,0($Xi)
342 ldq $Xlo,8($Xi) 342 ldq $Xlo,8($Xi)
343 343
344 br $rem_4bit,.Lpic2 344 bsr $t0,picmeup
345.Lpic2: lda $rem_4bit,rem_4bit-.Lpic2($rem_4bit) 345 nop
346 346
347.Louter: 347.Louter:
348 extql $inhi,$inp,$inhi 348 extql $inhi,$inp,$inhi
@@ -436,11 +436,20 @@ $code.=<<___;
436.end gcm_ghash_4bit 436.end gcm_ghash_4bit
437 437
438.align 4 438.align 4
439.ent picmeup
440picmeup:
441 .frame sp,0,$t0
442 .prologue 0
443 br $rem_4bit,.Lpic
444.Lpic: lda $rem_4bit,12($rem_4bit)
445 ret ($t0)
446.end picmeup
447 nop
439rem_4bit: 448rem_4bit:
440 .quad 0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48 449 .long 0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16
441 .quad 0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48 450 .long 0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16
442 .quad 0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48 451 .long 0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16
443 .quad 0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48 452 .long 0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16
444.ascii "GHASH for Alpha, CRYPTOGAMS by <appro\@openssl.org>" 453.ascii "GHASH for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
445.align 4 454.align 4
446 455
diff --git a/src/lib/libcrypto/modes/asm/ghash-parisc.pl b/src/lib/libcrypto/modes/asm/ghash-parisc.pl
index 8c7454ee93..d5ad96b403 100644
--- a/src/lib/libcrypto/modes/asm/ghash-parisc.pl
+++ b/src/lib/libcrypto/modes/asm/ghash-parisc.pl
@@ -724,6 +724,7 @@ foreach (split("\n",$code)) {
724 s/cmpb,\*/comb,/; 724 s/cmpb,\*/comb,/;
725 s/,\*/,/; 725 s/,\*/,/;
726 } 726 }
727 s/\bbv\b/bve/ if ($SIZE_T==8);
727 print $_,"\n"; 728 print $_,"\n";
728} 729}
729 730
diff --git a/src/lib/libcrypto/modes/asm/ghash-x86.pl b/src/lib/libcrypto/modes/asm/ghash-x86.pl
index 6b09669d47..83c727e07f 100644
--- a/src/lib/libcrypto/modes/asm/ghash-x86.pl
+++ b/src/lib/libcrypto/modes/asm/ghash-x86.pl
@@ -635,7 +635,7 @@ sub mmx_loop() {
635 { my @lo = ("mm0","mm1","mm2"); 635 { my @lo = ("mm0","mm1","mm2");
636 my @hi = ("mm3","mm4","mm5"); 636 my @hi = ("mm3","mm4","mm5");
637 my @tmp = ("mm6","mm7"); 637 my @tmp = ("mm6","mm7");
638 my $off1=0,$off2=0,$i; 638 my ($off1,$off2,$i) = (0,0,);
639 639
640 &add ($Htbl,128); # optimize for size 640 &add ($Htbl,128); # optimize for size
641 &lea ("edi",&DWP(16+128,"esp")); 641 &lea ("edi",&DWP(16+128,"esp"));
@@ -883,7 +883,7 @@ sub reduction_alg9 { # 17/13 times faster than Intel version
883my ($Xhi,$Xi) = @_; 883my ($Xhi,$Xi) = @_;
884 884
885 # 1st phase 885 # 1st phase
886 &movdqa ($T1,$Xi) # 886 &movdqa ($T1,$Xi); #
887 &psllq ($Xi,1); 887 &psllq ($Xi,1);
888 &pxor ($Xi,$T1); # 888 &pxor ($Xi,$T1); #
889 &psllq ($Xi,5); # 889 &psllq ($Xi,5); #
@@ -1019,7 +1019,7 @@ my ($Xhi,$Xi) = @_;
1019 &movdqa ($Xhn,$Xn); 1019 &movdqa ($Xhn,$Xn);
1020 &pxor ($Xhi,$T1); # "Ii+Xi", consume early 1020 &pxor ($Xhi,$T1); # "Ii+Xi", consume early
1021 1021
1022 &movdqa ($T1,$Xi) #&reduction_alg9($Xhi,$Xi); 1st phase 1022 &movdqa ($T1,$Xi); #&reduction_alg9($Xhi,$Xi); 1st phase
1023 &psllq ($Xi,1); 1023 &psllq ($Xi,1);
1024 &pxor ($Xi,$T1); # 1024 &pxor ($Xi,$T1); #
1025 &psllq ($Xi,5); # 1025 &psllq ($Xi,5); #
diff --git a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
index a5ae180882..38d779edbc 100644
--- a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
+++ b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
@@ -50,7 +50,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
50( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 50( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
51die "can't locate x86_64-xlate.pl"; 51die "can't locate x86_64-xlate.pl";
52 52
53open STDOUT,"| $^X $xlate $flavour $output"; 53open OUT,"| \"$^X\" $xlate $flavour $output";
54*STDOUT=*OUT;
54 55
55# common register layout 56# common register layout
56$nlo="%rax"; 57$nlo="%rax";
diff --git a/src/lib/libcrypto/modes/cbc128.c b/src/lib/libcrypto/modes/cbc128.c
index 3d3782cbe1..0e54f75470 100644
--- a/src/lib/libcrypto/modes/cbc128.c
+++ b/src/lib/libcrypto/modes/cbc128.c
@@ -117,7 +117,7 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
117 unsigned char ivec[16], block128_f block) 117 unsigned char ivec[16], block128_f block)
118{ 118{
119 size_t n; 119 size_t n;
120 union { size_t align; unsigned char c[16]; } tmp; 120 union { size_t t[16/sizeof(size_t)]; unsigned char c[16]; } tmp;
121 121
122 assert(in && out && key && ivec); 122 assert(in && out && key && ivec);
123 123
@@ -137,11 +137,13 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
137 out += 16; 137 out += 16;
138 } 138 }
139 } 139 }
140 else { 140 else if (16%sizeof(size_t) == 0) { /* always true */
141 while (len>=16) { 141 while (len>=16) {
142 size_t *out_t=(size_t *)out, *iv_t=(size_t *)iv;
143
142 (*block)(in, out, key); 144 (*block)(in, out, key);
143 for(n=0; n<16; n+=sizeof(size_t)) 145 for(n=0; n<16/sizeof(size_t); n++)
144 *(size_t *)(out+n) ^= *(size_t *)(iv+n); 146 out_t[n] ^= iv_t[n];
145 iv = in; 147 iv = in;
146 len -= 16; 148 len -= 16;
147 in += 16; 149 in += 16;
@@ -165,15 +167,16 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
165 out += 16; 167 out += 16;
166 } 168 }
167 } 169 }
168 else { 170 else if (16%sizeof(size_t) == 0) { /* always true */
169 size_t c;
170 while (len>=16) { 171 while (len>=16) {
172 size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec;
173 const size_t *in_t=(const size_t *)in;
174
171 (*block)(in, tmp.c, key); 175 (*block)(in, tmp.c, key);
172 for(n=0; n<16; n+=sizeof(size_t)) { 176 for(n=0; n<16/sizeof(size_t); n++) {
173 c = *(size_t *)(in+n); 177 c = in_t[n];
174 *(size_t *)(out+n) = 178 out_t[n] = tmp.t[n] ^ ivec_t[n];
175 *(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n); 179 ivec_t[n] = c;
176 *(size_t *)(ivec+n) = c;
177 } 180 }
178 len -= 16; 181 len -= 16;
179 in += 16; 182 in += 16;
diff --git a/src/lib/libcrypto/modes/ccm128.c b/src/lib/libcrypto/modes/ccm128.c
index c9b35e5b35..3ce11d0d98 100644
--- a/src/lib/libcrypto/modes/ccm128.c
+++ b/src/lib/libcrypto/modes/ccm128.c
@@ -87,7 +87,7 @@ int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
87 ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8))); 87 ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8)));
88 } 88 }
89 else 89 else
90 *(u32*)(&ctx->nonce.c[8]) = 0; 90 ctx->nonce.u[1] = 0;
91 91
92 ctx->nonce.c[12] = (u8)(mlen>>24); 92 ctx->nonce.c[12] = (u8)(mlen>>24);
93 ctx->nonce.c[13] = (u8)(mlen>>16); 93 ctx->nonce.c[13] = (u8)(mlen>>16);
diff --git a/src/lib/libcrypto/modes/cts128.c b/src/lib/libcrypto/modes/cts128.c
index c0e1f3696c..2d583de6f6 100644
--- a/src/lib/libcrypto/modes/cts128.c
+++ b/src/lib/libcrypto/modes/cts128.c
@@ -108,12 +108,8 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
108 (*cbc)(in,out-16,residue,key,ivec,1); 108 (*cbc)(in,out-16,residue,key,ivec,1);
109 memcpy(out,tmp.c,residue); 109 memcpy(out,tmp.c,residue);
110#else 110#else
111 { 111 memset(tmp.c,0,sizeof(tmp));
112 size_t n;
113 for (n=0; n<16; n+=sizeof(size_t))
114 *(size_t *)(tmp.c+n) = 0;
115 memcpy(tmp.c,in,residue); 112 memcpy(tmp.c,in,residue);
116 }
117 memcpy(out,out-16,residue); 113 memcpy(out,out-16,residue);
118 (*cbc)(tmp.c,out-16,16,key,ivec,1); 114 (*cbc)(tmp.c,out-16,16,key,ivec,1);
119#endif 115#endif
@@ -144,12 +140,8 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
144#if defined(CBC_HANDLES_TRUNCATED_IO) 140#if defined(CBC_HANDLES_TRUNCATED_IO)
145 (*cbc)(in,out-16+residue,residue,key,ivec,1); 141 (*cbc)(in,out-16+residue,residue,key,ivec,1);
146#else 142#else
147 { 143 memset(tmp.c,0,sizeof(tmp));
148 size_t n;
149 for (n=0; n<16; n+=sizeof(size_t))
150 *(size_t *)(tmp.c+n) = 0;
151 memcpy(tmp.c,in,residue); 144 memcpy(tmp.c,in,residue);
152 }
153 (*cbc)(tmp.c,out-16+residue,16,key,ivec,1); 145 (*cbc)(tmp.c,out-16+residue,16,key,ivec,1);
154#endif 146#endif
155 return len+residue; 147 return len+residue;
@@ -177,8 +169,7 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
177 169
178 (*block)(in,tmp.c+16,key); 170 (*block)(in,tmp.c+16,key);
179 171
180 for (n=0; n<16; n+=sizeof(size_t)) 172 memcpy(tmp.c,tmp.c+16,16);
181 *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
182 memcpy(tmp.c,in+16,residue); 173 memcpy(tmp.c,in+16,residue);
183 (*block)(tmp.c,tmp.c,key); 174 (*block)(tmp.c,tmp.c,key);
184 175
@@ -220,8 +211,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
220 211
221 (*block)(in+residue,tmp.c+16,key); 212 (*block)(in+residue,tmp.c+16,key);
222 213
223 for (n=0; n<16; n+=sizeof(size_t)) 214 memcpy(tmp.c,tmp.c+16,16);
224 *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
225 memcpy(tmp.c,in,residue); 215 memcpy(tmp.c,in,residue);
226 (*block)(tmp.c,tmp.c,key); 216 (*block)(tmp.c,tmp.c,key);
227 217
@@ -240,7 +230,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
240size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, 230size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
241 size_t len, const void *key, 231 size_t len, const void *key,
242 unsigned char ivec[16], cbc128_f cbc) 232 unsigned char ivec[16], cbc128_f cbc)
243{ size_t residue, n; 233{ size_t residue;
244 union { size_t align; unsigned char c[32]; } tmp; 234 union { size_t align; unsigned char c[32]; } tmp;
245 235
246 assert (in && out && key && ivec); 236 assert (in && out && key && ivec);
@@ -257,8 +247,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
257 out += len; 247 out += len;
258 } 248 }
259 249
260 for (n=16; n<32; n+=sizeof(size_t)) 250 memset(tmp.c,0,sizeof(tmp));
261 *(size_t *)(tmp.c+n) = 0;
262 /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ 251 /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
263 (*cbc)(in,tmp.c,16,key,tmp.c+16,0); 252 (*cbc)(in,tmp.c,16,key,tmp.c+16,0);
264 253
@@ -275,7 +264,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
275size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, 264size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
276 size_t len, const void *key, 265 size_t len, const void *key,
277 unsigned char ivec[16], cbc128_f cbc) 266 unsigned char ivec[16], cbc128_f cbc)
278{ size_t residue, n; 267{ size_t residue;
279 union { size_t align; unsigned char c[32]; } tmp; 268 union { size_t align; unsigned char c[32]; } tmp;
280 269
281 assert (in && out && key && ivec); 270 assert (in && out && key && ivec);
@@ -297,8 +286,7 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
297 out += len; 286 out += len;
298 } 287 }
299 288
300 for (n=16; n<32; n+=sizeof(size_t)) 289 memset(tmp.c,0,sizeof(tmp));
301 *(size_t *)(tmp.c+n) = 0;
302 /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ 290 /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
303 (*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0); 291 (*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0);
304 292
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index 7d6d034970..e1dc2b0f47 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -723,7 +723,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block)
723# endif 723# endif
724 gcm_init_4bit(ctx->Htable,ctx->H.u); 724 gcm_init_4bit(ctx->Htable,ctx->H.u);
725# if defined(GHASH_ASM_X86) /* x86 only */ 725# if defined(GHASH_ASM_X86) /* x86 only */
726# if defined(OPENSSL_IA32_SSE2) 726# if defined(OPENSSL_IA32_SSE2)
727 if (OPENSSL_ia32cap_P[0]&(1<<25)) { /* check SSE bit */ 727 if (OPENSSL_ia32cap_P[0]&(1<<25)) { /* check SSE bit */
728# else 728# else
729 if (OPENSSL_ia32cap_P[0]&(1<<23)) { /* check MMX bit */ 729 if (OPENSSL_ia32cap_P[0]&(1<<23)) { /* check MMX bit */
@@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
810 GCM_MUL(ctx,Yi); 810 GCM_MUL(ctx,Yi);
811 811
812 if (is_endian.little) 812 if (is_endian.little)
813#ifdef BSWAP4
814 ctr = BSWAP4(ctx->Yi.d[3]);
815#else
813 ctr = GETU32(ctx->Yi.c+12); 816 ctr = GETU32(ctx->Yi.c+12);
817#endif
814 else 818 else
815 ctr = ctx->Yi.d[3]; 819 ctr = ctx->Yi.d[3];
816 } 820 }
@@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
818 (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key); 822 (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
819 ++ctr; 823 ++ctr;
820 if (is_endian.little) 824 if (is_endian.little)
825#ifdef BSWAP4
826 ctx->Yi.d[3] = BSWAP4(ctr);
827#else
821 PUTU32(ctx->Yi.c+12,ctr); 828 PUTU32(ctx->Yi.c+12,ctr);
829#endif
822 else 830 else
823 ctx->Yi.d[3] = ctr; 831 ctx->Yi.d[3] = ctr;
824} 832}
@@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
913 } 921 }
914 922
915 if (is_endian.little) 923 if (is_endian.little)
924#ifdef BSWAP4
925 ctr = BSWAP4(ctx->Yi.d[3]);
926#else
916 ctr = GETU32(ctx->Yi.c+12); 927 ctr = GETU32(ctx->Yi.c+12);
928#endif
917 else 929 else
918 ctr = ctx->Yi.d[3]; 930 ctr = ctx->Yi.d[3];
919 931
@@ -941,15 +953,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
941 size_t j=GHASH_CHUNK; 953 size_t j=GHASH_CHUNK;
942 954
943 while (j) { 955 while (j) {
956 size_t *out_t=(size_t *)out;
957 const size_t *in_t=(const size_t *)in;
958
944 (*block)(ctx->Yi.c,ctx->EKi.c,key); 959 (*block)(ctx->Yi.c,ctx->EKi.c,key);
945 ++ctr; 960 ++ctr;
946 if (is_endian.little) 961 if (is_endian.little)
962#ifdef BSWAP4
963 ctx->Yi.d[3] = BSWAP4(ctr);
964#else
947 PUTU32(ctx->Yi.c+12,ctr); 965 PUTU32(ctx->Yi.c+12,ctr);
966#endif
948 else 967 else
949 ctx->Yi.d[3] = ctr; 968 ctx->Yi.d[3] = ctr;
950 for (i=0; i<16; i+=sizeof(size_t)) 969 for (i=0; i<16/sizeof(size_t); ++i)
951 *(size_t *)(out+i) = 970 out_t[i] = in_t[i] ^ ctx->EKi.t[i];
952 *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
953 out += 16; 971 out += 16;
954 in += 16; 972 in += 16;
955 j -= 16; 973 j -= 16;
@@ -961,15 +979,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
961 size_t j=i; 979 size_t j=i;
962 980
963 while (len>=16) { 981 while (len>=16) {
982 size_t *out_t=(size_t *)out;
983 const size_t *in_t=(const size_t *)in;
984
964 (*block)(ctx->Yi.c,ctx->EKi.c,key); 985 (*block)(ctx->Yi.c,ctx->EKi.c,key);
965 ++ctr; 986 ++ctr;
966 if (is_endian.little) 987 if (is_endian.little)
988#ifdef BSWAP4
989 ctx->Yi.d[3] = BSWAP4(ctr);
990#else
967 PUTU32(ctx->Yi.c+12,ctr); 991 PUTU32(ctx->Yi.c+12,ctr);
992#endif
968 else 993 else
969 ctx->Yi.d[3] = ctr; 994 ctx->Yi.d[3] = ctr;
970 for (i=0; i<16; i+=sizeof(size_t)) 995 for (i=0; i<16/sizeof(size_t); ++i)
971 *(size_t *)(out+i) = 996 out_t[i] = in_t[i] ^ ctx->EKi.t[i];
972 *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
973 out += 16; 997 out += 16;
974 in += 16; 998 in += 16;
975 len -= 16; 999 len -= 16;
@@ -978,16 +1002,22 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
978 } 1002 }
979#else 1003#else
980 while (len>=16) { 1004 while (len>=16) {
1005 size_t *out_t=(size_t *)out;
1006 const size_t *in_t=(const size_t *)in;
1007
981 (*block)(ctx->Yi.c,ctx->EKi.c,key); 1008 (*block)(ctx->Yi.c,ctx->EKi.c,key);
982 ++ctr; 1009 ++ctr;
983 if (is_endian.little) 1010 if (is_endian.little)
1011#ifdef BSWAP4
1012 ctx->Yi.d[3] = BSWAP4(ctr);
1013#else
984 PUTU32(ctx->Yi.c+12,ctr); 1014 PUTU32(ctx->Yi.c+12,ctr);
1015#endif
985 else 1016 else
986 ctx->Yi.d[3] = ctr; 1017 ctx->Yi.d[3] = ctr;
987 for (i=0; i<16; i+=sizeof(size_t)) 1018 for (i=0; i<16/sizeof(size_t); ++i)
988 *(size_t *)(ctx->Xi.c+i) ^= 1019 ctx->Xi.t[i] ^=
989 *(size_t *)(out+i) = 1020 out_t[i] = in_t[i]^ctx->EKi.t[i];
990 *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
991 GCM_MUL(ctx,Xi); 1021 GCM_MUL(ctx,Xi);
992 out += 16; 1022 out += 16;
993 in += 16; 1023 in += 16;
@@ -998,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
998 (*block)(ctx->Yi.c,ctx->EKi.c,key); 1028 (*block)(ctx->Yi.c,ctx->EKi.c,key);
999 ++ctr; 1029 ++ctr;
1000 if (is_endian.little) 1030 if (is_endian.little)
1031#ifdef BSWAP4
1032 ctx->Yi.d[3] = BSWAP4(ctr);
1033#else
1001 PUTU32(ctx->Yi.c+12,ctr); 1034 PUTU32(ctx->Yi.c+12,ctr);
1035#endif
1002 else 1036 else
1003 ctx->Yi.d[3] = ctr; 1037 ctx->Yi.d[3] = ctr;
1004 while (len--) { 1038 while (len--) {
@@ -1016,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
1016 (*block)(ctx->Yi.c,ctx->EKi.c,key); 1050 (*block)(ctx->Yi.c,ctx->EKi.c,key);
1017 ++ctr; 1051 ++ctr;
1018 if (is_endian.little) 1052 if (is_endian.little)
1053#ifdef BSWAP4
1054 ctx->Yi.d[3] = BSWAP4(ctr);
1055#else
1019 PUTU32(ctx->Yi.c+12,ctr); 1056 PUTU32(ctx->Yi.c+12,ctr);
1057#endif
1020 else 1058 else
1021 ctx->Yi.d[3] = ctr; 1059 ctx->Yi.d[3] = ctr;
1022 } 1060 }
@@ -1060,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
1060 } 1098 }
1061 1099
1062 if (is_endian.little) 1100 if (is_endian.little)
1101#ifdef BSWAP4
1102 ctr = BSWAP4(ctx->Yi.d[3]);
1103#else
1063 ctr = GETU32(ctx->Yi.c+12); 1104 ctr = GETU32(ctx->Yi.c+12);
1105#endif
1064 else 1106 else
1065 ctr = ctx->Yi.d[3]; 1107 ctr = ctx->Yi.d[3];
1066 1108
@@ -1091,15 +1133,21 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
1091 1133
1092 GHASH(ctx,in,GHASH_CHUNK); 1134 GHASH(ctx,in,GHASH_CHUNK);
1093 while (j) { 1135 while (j) {
1136 size_t *out_t=(size_t *)out;
1137 const size_t *in_t=(const size_t *)in;
1138
1094 (*block)(ctx->Yi.c,ctx->EKi.c,key); 1139 (*block)(ctx->Yi.c,ctx->EKi.c,key);
1095 ++ctr; 1140 ++ctr;
1096 if (is_endian.little) 1141 if (is_endian.little)
1142#ifdef BSWAP4
1143 ctx->Yi.d[3] = BSWAP4(ctr);
1144#else
1097 PUTU32(ctx->Yi.c+12,ctr); 1145 PUTU32(ctx->Yi.c+12,ctr);
1146#endif
1098 else 1147 else
1099 ctx->Yi.d[3] = ctr; 1148 ctx->Yi.d[3] = ctr;
1100 for (i=0; i<16; i+=sizeof(size_t)) 1149 for (i=0; i<16/sizeof(size_t); ++i)
1101 *(size_t *)(out+i) = 1150 out_t[i] = in_t[i]^ctx->EKi.t[i];
1102 *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
1103 out += 16; 1151 out += 16;
1104 in += 16; 1152 in += 16;
1105 j -= 16; 1153 j -= 16;
@@ -1109,15 +1157,21 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
1109 if ((i = (len&(size_t)-16))) { 1157 if ((i = (len&(size_t)-16))) {
1110 GHASH(ctx,in,i); 1158 GHASH(ctx,in,i);
1111 while (len>=16) { 1159 while (len>=16) {
1160 size_t *out_t=(size_t *)out;
1161 const size_t *in_t=(const size_t *)in;
1162
1112 (*block)(ctx->Yi.c,ctx->EKi.c,key); 1163 (*block)(ctx->Yi.c,ctx->EKi.c,key);
1113 ++ctr; 1164 ++ctr;
1114 if (is_endian.little) 1165 if (is_endian.little)
1166#ifdef BSWAP4
1167 ctx->Yi.d[3] = BSWAP4(ctr);
1168#else
1115 PUTU32(ctx->Yi.c+12,ctr); 1169 PUTU32(ctx->Yi.c+12,ctr);
1170#endif
1116 else 1171 else
1117 ctx->Yi.d[3] = ctr; 1172 ctx->Yi.d[3] = ctr;
1118 for (i=0; i<16; i+=sizeof(size_t)) 1173 for (i=0; i<16/sizeof(size_t); ++i)
1119 *(size_t *)(out+i) = 1174 out_t[i] = in_t[i]^ctx->EKi.t[i];
1120 *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
1121 out += 16; 1175 out += 16;
1122 in += 16; 1176 in += 16;
1123 len -= 16; 1177 len -= 16;
@@ -1125,16 +1179,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
1125 } 1179 }
1126#else 1180#else
1127 while (len>=16) { 1181 while (len>=16) {
1182 size_t *out_t=(size_t *)out;
1183 const size_t *in_t=(const size_t *)in;
1184
1128 (*block)(ctx->Yi.c,ctx->EKi.c,key); 1185 (*block)(ctx->Yi.c,ctx->EKi.c,key);
1129 ++ctr; 1186 ++ctr;
1130 if (is_endian.little) 1187 if (is_endian.little)
1188#ifdef BSWAP4
1189 ctx->Yi.d[3] = BSWAP4(ctr);
1190#else
1131 PUTU32(ctx->Yi.c+12,ctr); 1191 PUTU32(ctx->Yi.c+12,ctr);
1192#endif
1132 else 1193 else
1133 ctx->Yi.d[3] = ctr; 1194 ctx->Yi.d[3] = ctr;
1134 for (i=0; i<16; i+=sizeof(size_t)) { 1195 for (i=0; i<16/sizeof(size_t); ++i) {
1135 size_t c = *(size_t *)(in+i); 1196 size_t c = in[i];
1136 *(size_t *)(out+i) = c^*(size_t *)(ctx->EKi.c+i); 1197 out[i] = c^ctx->EKi.t[i];
1137 *(size_t *)(ctx->Xi.c+i) ^= c; 1198 ctx->Xi.t[i] ^= c;
1138 } 1199 }
1139 GCM_MUL(ctx,Xi); 1200 GCM_MUL(ctx,Xi);
1140 out += 16; 1201 out += 16;
@@ -1146,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
1146 (*block)(ctx->Yi.c,ctx->EKi.c,key); 1207 (*block)(ctx->Yi.c,ctx->EKi.c,key);
1147 ++ctr; 1208 ++ctr;
1148 if (is_endian.little) 1209 if (is_endian.little)
1210#ifdef BSWAP4
1211 ctx->Yi.d[3] = BSWAP4(ctr);
1212#else
1149 PUTU32(ctx->Yi.c+12,ctr); 1213 PUTU32(ctx->Yi.c+12,ctr);
1214#endif
1150 else 1215 else
1151 ctx->Yi.d[3] = ctr; 1216 ctx->Yi.d[3] = ctr;
1152 while (len--) { 1217 while (len--) {
@@ -1167,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
1167 (*block)(ctx->Yi.c,ctx->EKi.c,key); 1232 (*block)(ctx->Yi.c,ctx->EKi.c,key);
1168 ++ctr; 1233 ++ctr;
1169 if (is_endian.little) 1234 if (is_endian.little)
1235#ifdef BSWAP4
1236 ctx->Yi.d[3] = BSWAP4(ctr);
1237#else
1170 PUTU32(ctx->Yi.c+12,ctr); 1238 PUTU32(ctx->Yi.c+12,ctr);
1239#endif
1171 else 1240 else
1172 ctx->Yi.d[3] = ctr; 1241 ctx->Yi.d[3] = ctr;
1173 } 1242 }
@@ -1212,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
1212 } 1281 }
1213 1282
1214 if (is_endian.little) 1283 if (is_endian.little)
1284#ifdef BSWAP4
1285 ctr = BSWAP4(ctx->Yi.d[3]);
1286#else
1215 ctr = GETU32(ctx->Yi.c+12); 1287 ctr = GETU32(ctx->Yi.c+12);
1288#endif
1216 else 1289 else
1217 ctr = ctx->Yi.d[3]; 1290 ctr = ctx->Yi.d[3];
1218 1291
@@ -1234,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
1234 (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); 1307 (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
1235 ctr += GHASH_CHUNK/16; 1308 ctr += GHASH_CHUNK/16;
1236 if (is_endian.little) 1309 if (is_endian.little)
1310#ifdef BSWAP4
1311 ctx->Yi.d[3] = BSWAP4(ctr);
1312#else
1237 PUTU32(ctx->Yi.c+12,ctr); 1313 PUTU32(ctx->Yi.c+12,ctr);
1314#endif
1238 else 1315 else
1239 ctx->Yi.d[3] = ctr; 1316 ctx->Yi.d[3] = ctr;
1240 GHASH(ctx,out,GHASH_CHUNK); 1317 GHASH(ctx,out,GHASH_CHUNK);
@@ -1249,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
1249 (*stream)(in,out,j,key,ctx->Yi.c); 1326 (*stream)(in,out,j,key,ctx->Yi.c);
1250 ctr += (unsigned int)j; 1327 ctr += (unsigned int)j;
1251 if (is_endian.little) 1328 if (is_endian.little)
1329#ifdef BSWAP4
1330 ctx->Yi.d[3] = BSWAP4(ctr);
1331#else
1252 PUTU32(ctx->Yi.c+12,ctr); 1332 PUTU32(ctx->Yi.c+12,ctr);
1333#endif
1253 else 1334 else
1254 ctx->Yi.d[3] = ctr; 1335 ctx->Yi.d[3] = ctr;
1255 in += i; 1336 in += i;
@@ -1269,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
1269 (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); 1350 (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
1270 ++ctr; 1351 ++ctr;
1271 if (is_endian.little) 1352 if (is_endian.little)
1353#ifdef BSWAP4
1354 ctx->Yi.d[3] = BSWAP4(ctr);
1355#else
1272 PUTU32(ctx->Yi.c+12,ctr); 1356 PUTU32(ctx->Yi.c+12,ctr);
1357#endif
1273 else 1358 else
1274 ctx->Yi.d[3] = ctr; 1359 ctx->Yi.d[3] = ctr;
1275 while (len--) { 1360 while (len--) {
@@ -1311,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
1311 } 1396 }
1312 1397
1313 if (is_endian.little) 1398 if (is_endian.little)
1399#ifdef BSWAP4
1400 ctr = BSWAP4(ctx->Yi.d[3]);
1401#else
1314 ctr = GETU32(ctx->Yi.c+12); 1402 ctr = GETU32(ctx->Yi.c+12);
1403#endif
1315 else 1404 else
1316 ctr = ctx->Yi.d[3]; 1405 ctr = ctx->Yi.d[3];
1317 1406
@@ -1336,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
1336 (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); 1425 (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
1337 ctr += GHASH_CHUNK/16; 1426 ctr += GHASH_CHUNK/16;
1338 if (is_endian.little) 1427 if (is_endian.little)
1428#ifdef BSWAP4
1429 ctx->Yi.d[3] = BSWAP4(ctr);
1430#else
1339 PUTU32(ctx->Yi.c+12,ctr); 1431 PUTU32(ctx->Yi.c+12,ctr);
1432#endif
1340 else 1433 else
1341 ctx->Yi.d[3] = ctr; 1434 ctx->Yi.d[3] = ctr;
1342 out += GHASH_CHUNK; 1435 out += GHASH_CHUNK;
@@ -1362,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
1362 (*stream)(in,out,j,key,ctx->Yi.c); 1455 (*stream)(in,out,j,key,ctx->Yi.c);
1363 ctr += (unsigned int)j; 1456 ctr += (unsigned int)j;
1364 if (is_endian.little) 1457 if (is_endian.little)
1458#ifdef BSWAP4
1459 ctx->Yi.d[3] = BSWAP4(ctr);
1460#else
1365 PUTU32(ctx->Yi.c+12,ctr); 1461 PUTU32(ctx->Yi.c+12,ctr);
1462#endif
1366 else 1463 else
1367 ctx->Yi.d[3] = ctr; 1464 ctx->Yi.d[3] = ctr;
1368 out += i; 1465 out += i;
@@ -1373,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
1373 (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); 1470 (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
1374 ++ctr; 1471 ++ctr;
1375 if (is_endian.little) 1472 if (is_endian.little)
1473#ifdef BSWAP4
1474 ctx->Yi.d[3] = BSWAP4(ctr);
1475#else
1376 PUTU32(ctx->Yi.c+12,ctr); 1476 PUTU32(ctx->Yi.c+12,ctr);
1477#endif
1377 else 1478 else
1378 ctx->Yi.d[3] = ctr; 1479 ctx->Yi.d[3] = ctr;
1379 while (len--) { 1480 while (len--) {
@@ -1398,7 +1499,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
1398 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; 1499 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
1399#endif 1500#endif
1400 1501
1401 if (ctx->mres) 1502 if (ctx->mres || ctx->ares)
1402 GCM_MUL(ctx,Xi); 1503 GCM_MUL(ctx,Xi);
1403 1504
1404 if (is_endian.little) { 1505 if (is_endian.little) {
@@ -1669,6 +1770,46 @@ static const u8 IV18[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0
1669 0xa2,0x41,0x89,0x97,0x20,0x0e,0xf8,0x2e,0x44,0xae,0x7e,0x3f}, 1770 0xa2,0x41,0x89,0x97,0x20,0x0e,0xf8,0x2e,0x44,0xae,0x7e,0x3f},
1670 T18[]= {0xa4,0x4a,0x82,0x66,0xee,0x1c,0x8e,0xb0,0xc8,0xb5,0xd4,0xcf,0x5a,0xe9,0xf1,0x9a}; 1771 T18[]= {0xa4,0x4a,0x82,0x66,0xee,0x1c,0x8e,0xb0,0xc8,0xb5,0xd4,0xcf,0x5a,0xe9,0xf1,0x9a};
1671 1772
1773/* Test Case 19 */
1774#define K19 K1
1775#define P19 P1
1776#define IV19 IV1
1777#define C19 C1
1778static const u8 A19[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
1779 0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
1780 0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
1781 0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55,
1782 0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d,
1783 0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa,
1784 0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38,
1785 0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62,0x89,0x80,0x15,0xad},
1786 T19[]= {0x5f,0xea,0x79,0x3a,0x2d,0x6f,0x97,0x4d,0x37,0xe6,0x8e,0x0c,0xb8,0xff,0x94,0x92};
1787
1788/* Test Case 20 */
1789#define K20 K1
1790#define A20 A1
1791static const u8 IV20[64]={0xff,0xff,0xff,0xff}, /* this results in 0xff in counter LSB */
1792 P20[288],
1793 C20[]= {0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,0x2b,0x64,0xfe,0x1e,0x9a,0x17,0xb6,0x14,
1794 0x25,0xf1,0x0d,0x47,0xa7,0x5a,0x5f,0xce,0x13,0xef,0xc6,0xbc,0x78,0x4a,0xf2,0x4f,
1795 0x41,0x41,0xbd,0xd4,0x8c,0xf7,0xc7,0x70,0x88,0x7a,0xfd,0x57,0x3c,0xca,0x54,0x18,
1796 0xa9,0xae,0xff,0xcd,0x7c,0x5c,0xed,0xdf,0xc6,0xa7,0x83,0x97,0xb9,0xa8,0x5b,0x49,
1797 0x9d,0xa5,0x58,0x25,0x72,0x67,0xca,0xab,0x2a,0xd0,0xb2,0x3c,0xa4,0x76,0xa5,0x3c,
1798 0xb1,0x7f,0xb4,0x1c,0x4b,0x8b,0x47,0x5c,0xb4,0xf3,0xf7,0x16,0x50,0x94,0xc2,0x29,
1799 0xc9,0xe8,0xc4,0xdc,0x0a,0x2a,0x5f,0xf1,0x90,0x3e,0x50,0x15,0x11,0x22,0x13,0x76,
1800 0xa1,0xcd,0xb8,0x36,0x4c,0x50,0x61,0xa2,0x0c,0xae,0x74,0xbc,0x4a,0xcd,0x76,0xce,
1801 0xb0,0xab,0xc9,0xfd,0x32,0x17,0xef,0x9f,0x8c,0x90,0xbe,0x40,0x2d,0xdf,0x6d,0x86,
1802 0x97,0xf4,0xf8,0x80,0xdf,0xf1,0x5b,0xfb,0x7a,0x6b,0x28,0x24,0x1e,0xc8,0xfe,0x18,
1803 0x3c,0x2d,0x59,0xe3,0xf9,0xdf,0xff,0x65,0x3c,0x71,0x26,0xf0,0xac,0xb9,0xe6,0x42,
1804 0x11,0xf4,0x2b,0xae,0x12,0xaf,0x46,0x2b,0x10,0x70,0xbe,0xf1,0xab,0x5e,0x36,0x06,
1805 0x87,0x2c,0xa1,0x0d,0xee,0x15,0xb3,0x24,0x9b,0x1a,0x1b,0x95,0x8f,0x23,0x13,0x4c,
1806 0x4b,0xcc,0xb7,0xd0,0x32,0x00,0xbc,0xe4,0x20,0xa2,0xf8,0xeb,0x66,0xdc,0xf3,0x64,
1807 0x4d,0x14,0x23,0xc1,0xb5,0x69,0x90,0x03,0xc1,0x3e,0xce,0xf4,0xbf,0x38,0xa3,0xb6,
1808 0x0e,0xed,0xc3,0x40,0x33,0xba,0xc1,0x90,0x27,0x83,0xdc,0x6d,0x89,0xe2,0xe7,0x74,
1809 0x18,0x8a,0x43,0x9c,0x7e,0xbc,0xc0,0x67,0x2d,0xbd,0xa4,0xdd,0xcf,0xb2,0x79,0x46,
1810 0x13,0xb0,0xbe,0x41,0x31,0x5e,0xf7,0x78,0x70,0x8a,0x70,0xee,0x7d,0x75,0x16,0x5c},
1811 T20[]= {0x8b,0x30,0x7f,0x6b,0x33,0x28,0x6d,0x0a,0xb0,0x26,0xa9,0xed,0x3f,0xe1,0xe8,0x5f};
1812
1672#define TEST_CASE(n) do { \ 1813#define TEST_CASE(n) do { \
1673 u8 out[sizeof(P##n)]; \ 1814 u8 out[sizeof(P##n)]; \
1674 AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key); \ 1815 AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key); \
@@ -1713,6 +1854,8 @@ int main()
1713 TEST_CASE(16); 1854 TEST_CASE(16);
1714 TEST_CASE(17); 1855 TEST_CASE(17);
1715 TEST_CASE(18); 1856 TEST_CASE(18);
1857 TEST_CASE(19);
1858 TEST_CASE(20);
1716 1859
1717#ifdef OPENSSL_CPUID_OBJ 1860#ifdef OPENSSL_CPUID_OBJ
1718 { 1861 {
@@ -1743,11 +1886,16 @@ int main()
1743 ctr_t/(double)sizeof(buf), 1886 ctr_t/(double)sizeof(buf),
1744 (gcm_t-ctr_t)/(double)sizeof(buf)); 1887 (gcm_t-ctr_t)/(double)sizeof(buf));
1745#ifdef GHASH 1888#ifdef GHASH
1746 GHASH(&ctx,buf.c,sizeof(buf)); 1889 {
1890 void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
1891 const u8 *inp,size_t len) = ctx.ghash;
1892
1893 GHASH((&ctx),buf.c,sizeof(buf));
1747 start = OPENSSL_rdtsc(); 1894 start = OPENSSL_rdtsc();
1748 for (i=0;i<100;++i) GHASH(&ctx,buf.c,sizeof(buf)); 1895 for (i=0;i<100;++i) GHASH((&ctx),buf.c,sizeof(buf));
1749 gcm_t = OPENSSL_rdtsc() - start; 1896 gcm_t = OPENSSL_rdtsc() - start;
1750 printf("%.2f\n",gcm_t/(double)sizeof(buf)/(double)i); 1897 printf("%.2f\n",gcm_t/(double)sizeof(buf)/(double)i);
1898 }
1751#endif 1899#endif
1752 } 1900 }
1753#endif 1901#endif
diff --git a/src/lib/libcrypto/modes/modes_lcl.h b/src/lib/libcrypto/modes/modes_lcl.h
index b6dc3c336f..9d83e12844 100644
--- a/src/lib/libcrypto/modes/modes_lcl.h
+++ b/src/lib/libcrypto/modes/modes_lcl.h
@@ -29,10 +29,7 @@ typedef unsigned char u8;
29#if defined(__i386) || defined(__i386__) || \ 29#if defined(__i386) || defined(__i386__) || \
30 defined(__x86_64) || defined(__x86_64__) || \ 30 defined(__x86_64) || defined(__x86_64__) || \
31 defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ 31 defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
32 defined(__s390__) || defined(__s390x__) || \ 32 defined(__s390__) || defined(__s390x__)
33 ( (defined(__arm__) || defined(__arm)) && \
34 (defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \
35 defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)) )
36# undef STRICT_ALIGNMENT 33# undef STRICT_ALIGNMENT
37#endif 34#endif
38 35
@@ -101,8 +98,8 @@ typedef struct { u64 hi,lo; } u128;
101 98
102struct gcm128_context { 99struct gcm128_context {
103 /* Following 6 names follow names in GCM specification */ 100 /* Following 6 names follow names in GCM specification */
104 union { u64 u[2]; u32 d[4]; u8 c[16]; } Yi,EKi,EK0,len, 101 union { u64 u[2]; u32 d[4]; u8 c[16]; size_t t[16/sizeof(size_t)]; }
105 Xi,H; 102 Yi,EKi,EK0,len,Xi,H;
106 /* Relative position of Xi, H and pre-computed Htable is used 103 /* Relative position of Xi, H and pre-computed Htable is used
107 * in some assembler modules, i.e. don't change the order! */ 104 * in some assembler modules, i.e. don't change the order! */
108#if TABLE_BITS==8 105#if TABLE_BITS==8
diff --git a/src/lib/libcrypto/pariscid.pl b/src/lib/libcrypto/pariscid.pl
index 477ec9b87d..bfc56fdc7f 100644
--- a/src/lib/libcrypto/pariscid.pl
+++ b/src/lib/libcrypto/pariscid.pl
@@ -97,33 +97,33 @@ OPENSSL_cleanse
97 .PROC 97 .PROC
98 .CALLINFO NO_CALLS 98 .CALLINFO NO_CALLS
99 .ENTRY 99 .ENTRY
100 cmpib,*= 0,$len,Ldone 100 cmpib,*= 0,$len,L\$done
101 nop 101 nop
102 cmpib,*>>= 15,$len,Little 102 cmpib,*>>= 15,$len,L\$ittle
103 ldi $SIZE_T-1,%r1 103 ldi $SIZE_T-1,%r1
104 104
105Lalign 105L\$align
106 and,*<> $inp,%r1,%r28 106 and,*<> $inp,%r1,%r28
107 b,n Laligned 107 b,n L\$aligned
108 stb %r0,0($inp) 108 stb %r0,0($inp)
109 ldo -1($len),$len 109 ldo -1($len),$len
110 b Lalign 110 b L\$align
111 ldo 1($inp),$inp 111 ldo 1($inp),$inp
112 112
113Laligned 113L\$aligned
114 andcm $len,%r1,%r28 114 andcm $len,%r1,%r28
115Lot 115L\$ot
116 $ST %r0,0($inp) 116 $ST %r0,0($inp)
117 addib,*<> -$SIZE_T,%r28,Lot 117 addib,*<> -$SIZE_T,%r28,L\$ot
118 ldo $SIZE_T($inp),$inp 118 ldo $SIZE_T($inp),$inp
119 119
120 and,*<> $len,%r1,$len 120 and,*<> $len,%r1,$len
121 b,n Ldone 121 b,n L\$done
122Little 122L\$ittle
123 stb %r0,0($inp) 123 stb %r0,0($inp)
124 addib,*<> -1,$len,Little 124 addib,*<> -1,$len,L\$ittle
125 ldo 1($inp),$inp 125 ldo 1($inp),$inp
126Ldone 126L\$done
127 bv ($rp) 127 bv ($rp)
128 .EXIT 128 .EXIT
129 nop 129 nop
@@ -151,7 +151,7 @@ OPENSSL_instrument_bus
151 ldw 0($out),$tick 151 ldw 0($out),$tick
152 add $diff,$tick,$tick 152 add $diff,$tick,$tick
153 stw $tick,0($out) 153 stw $tick,0($out)
154Loop 154L\$oop
155 mfctl %cr16,$tick 155 mfctl %cr16,$tick
156 sub $tick,$lasttick,$diff 156 sub $tick,$lasttick,$diff
157 copy $tick,$lasttick 157 copy $tick,$lasttick
@@ -161,7 +161,7 @@ Loop
161 add $diff,$tick,$tick 161 add $diff,$tick,$tick
162 stw $tick,0($out) 162 stw $tick,0($out)
163 163
164 addib,<> -1,$cnt,Loop 164 addib,<> -1,$cnt,L\$oop
165 addi 4,$out,$out 165 addi 4,$out,$out
166 166
167 bv ($rp) 167 bv ($rp)
@@ -190,14 +190,14 @@ OPENSSL_instrument_bus2
190 mfctl %cr16,$tick 190 mfctl %cr16,$tick
191 sub $tick,$lasttick,$diff 191 sub $tick,$lasttick,$diff
192 copy $tick,$lasttick 192 copy $tick,$lasttick
193Loop2 193L\$oop2
194 copy $diff,$lastdiff 194 copy $diff,$lastdiff
195 fdc 0($out) 195 fdc 0($out)
196 ldw 0($out),$tick 196 ldw 0($out),$tick
197 add $diff,$tick,$tick 197 add $diff,$tick,$tick
198 stw $tick,0($out) 198 stw $tick,0($out)
199 199
200 addib,= -1,$max,Ldone2 200 addib,= -1,$max,L\$done2
201 nop 201 nop
202 202
203 mfctl %cr16,$tick 203 mfctl %cr16,$tick
@@ -208,17 +208,18 @@ Loop2
208 208
209 ldi 1,%r1 209 ldi 1,%r1
210 xor %r1,$tick,$tick 210 xor %r1,$tick,$tick
211 addb,<> $tick,$cnt,Loop2 211 addb,<> $tick,$cnt,L\$oop2
212 shladd,l $tick,2,$out,$out 212 shladd,l $tick,2,$out,$out
213Ldone2 213L\$done2
214 bv ($rp) 214 bv ($rp)
215 .EXIT 215 .EXIT
216 add $rv,$cnt,$rv 216 add $rv,$cnt,$rv
217 .PROCEND 217 .PROCEND
218___ 218___
219} 219}
220$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); 220$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
221$code =~ s/,\*/,/gm if ($SIZE_T==4); 221$code =~ s/,\*/,/gm if ($SIZE_T==4);
222$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8);
222print $code; 223print $code;
223close STDOUT; 224close STDOUT;
224 225
diff --git a/src/lib/libcrypto/pkcs7/bio_pk7.c b/src/lib/libcrypto/pkcs7/bio_pk7.c
index c8d06d6cdc..0fd31e730f 100644
--- a/src/lib/libcrypto/pkcs7/bio_pk7.c
+++ b/src/lib/libcrypto/pkcs7/bio_pk7.c
@@ -56,7 +56,7 @@
56#include <openssl/pkcs7.h> 56#include <openssl/pkcs7.h>
57#include <openssl/bio.h> 57#include <openssl/bio.h>
58 58
59#ifndef OPENSSL_SYSNAME_NETWARE 59#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS)
60#include <memory.h> 60#include <memory.h>
61#endif 61#endif
62#include <stdio.h> 62#include <stdio.h>
diff --git a/src/lib/libcrypto/ppccap.c b/src/lib/libcrypto/ppccap.c
index ab89ccaa12..f71ba66aa3 100644
--- a/src/lib/libcrypto/ppccap.c
+++ b/src/lib/libcrypto/ppccap.c
@@ -3,6 +3,7 @@
3#include <string.h> 3#include <string.h>
4#include <setjmp.h> 4#include <setjmp.h>
5#include <signal.h> 5#include <signal.h>
6#include <unistd.h>
6#include <crypto.h> 7#include <crypto.h>
7#include <openssl/bn.h> 8#include <openssl/bn.h>
8 9
@@ -53,6 +54,7 @@ static sigjmp_buf ill_jmp;
53static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } 54static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
54 55
55void OPENSSL_ppc64_probe(void); 56void OPENSSL_ppc64_probe(void);
57void OPENSSL_altivec_probe(void);
56 58
57void OPENSSL_cpuid_setup(void) 59void OPENSSL_cpuid_setup(void)
58 { 60 {
@@ -82,6 +84,15 @@ void OPENSSL_cpuid_setup(void)
82 84
83 OPENSSL_ppccap_P = 0; 85 OPENSSL_ppccap_P = 0;
84 86
87#if defined(_AIX)
88 if (sizeof(size_t)==4
89# if defined(_SC_AIX_KERNEL_BITMODE)
90 && sysconf(_SC_AIX_KERNEL_BITMODE)!=64
91# endif
92 )
93 return;
94#endif
95
85 memset(&ill_act,0,sizeof(ill_act)); 96 memset(&ill_act,0,sizeof(ill_act));
86 ill_act.sa_handler = ill_handler; 97 ill_act.sa_handler = ill_handler;
87 ill_act.sa_mask = all_masked; 98 ill_act.sa_mask = all_masked;
diff --git a/src/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl b/src/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl
index 7f684092d4..272fa91e1a 100644
--- a/src/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl
@@ -51,7 +51,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
51( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 51( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
52die "can't locate x86_64-xlate.pl"; 52die "can't locate x86_64-xlate.pl";
53 53
54open STDOUT,"| $^X $xlate $flavour $output"; 54open OUT,"| \"$^X\" $xlate $flavour $output";
55*STDOUT=*OUT;
55 56
56my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs); 57my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
57 58
diff --git a/src/lib/libcrypto/rc4/asm/rc4-parisc.pl b/src/lib/libcrypto/rc4/asm/rc4-parisc.pl
index 9165067080..ad7e65651c 100644
--- a/src/lib/libcrypto/rc4/asm/rc4-parisc.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-parisc.pl
@@ -307,7 +307,8 @@ L\$opts
307 .STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>" 307 .STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
308___ 308___
309$code =~ s/\`([^\`]*)\`/eval $1/gem; 309$code =~ s/\`([^\`]*)\`/eval $1/gem;
310$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); 310$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
311$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8);
311 312
312print $code; 313print $code;
313close STDOUT; 314close STDOUT;
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index 2460910ab2..5a2062f903 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -351,27 +351,27 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
351 351
352 if (!BIO_indent(bp, indent, 128)) 352 if (!BIO_indent(bp, indent, 128))
353 goto err; 353 goto err;
354 if (BIO_puts(bp, "Salt Length: ") <= 0) 354 if (BIO_puts(bp, "Salt Length: 0x") <= 0)
355 goto err; 355 goto err;
356 if (pss->saltLength) 356 if (pss->saltLength)
357 { 357 {
358 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) 358 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
359 goto err; 359 goto err;
360 } 360 }
361 else if (BIO_puts(bp, "20 (default)") <= 0) 361 else if (BIO_puts(bp, "0x14 (default)") <= 0)
362 goto err; 362 goto err;
363 BIO_puts(bp, "\n"); 363 BIO_puts(bp, "\n");
364 364
365 if (!BIO_indent(bp, indent, 128)) 365 if (!BIO_indent(bp, indent, 128))
366 goto err; 366 goto err;
367 if (BIO_puts(bp, "Trailer Field: ") <= 0) 367 if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
368 goto err; 368 goto err;
369 if (pss->trailerField) 369 if (pss->trailerField)
370 { 370 {
371 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) 371 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
372 goto err; 372 goto err;
373 } 373 }
374 else if (BIO_puts(bp, "0xbc (default)") <= 0) 374 else if (BIO_puts(bp, "BC (default)") <= 0)
375 goto err; 375 goto err;
376 BIO_puts(bp, "\n"); 376 BIO_puts(bp, "\n");
377 377
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 5b2ecf56ad..157aa5c41d 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -611,6 +611,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
611 pm = RSA_NO_PADDING; 611 pm = RSA_NO_PADDING;
612 else if (!strcmp(value, "oeap")) 612 else if (!strcmp(value, "oeap"))
613 pm = RSA_PKCS1_OAEP_PADDING; 613 pm = RSA_PKCS1_OAEP_PADDING;
614 else if (!strcmp(value, "oaep"))
615 pm = RSA_PKCS1_OAEP_PADDING;
614 else if (!strcmp(value, "x931")) 616 else if (!strcmp(value, "x931"))
615 pm = RSA_X931_PADDING; 617 pm = RSA_X931_PADDING;
616 else if (!strcmp(value, "pss")) 618 else if (!strcmp(value, "pss"))
diff --git a/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl b/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl
index fe8207f77f..33da3e0e3c 100644
--- a/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl
@@ -177,6 +177,7 @@ for($i=0;$i<5;$i++) {
177$code.=<<___; 177$code.=<<___;
178 teq $Xi,sp 178 teq $Xi,sp
179 bne .L_00_15 @ [((11+4)*5+2)*3] 179 bne .L_00_15 @ [((11+4)*5+2)*3]
180 sub sp,sp,#25*4
180___ 181___
181 &BODY_00_15(@V); unshift(@V,pop(@V)); 182 &BODY_00_15(@V); unshift(@V,pop(@V));
182 &BODY_16_19(@V); unshift(@V,pop(@V)); 183 &BODY_16_19(@V); unshift(@V,pop(@V));
@@ -186,7 +187,6 @@ ___
186$code.=<<___; 187$code.=<<___;
187 188
188 ldr $K,.LK_20_39 @ [+15+16*4] 189 ldr $K,.LK_20_39 @ [+15+16*4]
189 sub sp,sp,#25*4
190 cmn sp,#0 @ [+3], clear carry to denote 20_39 190 cmn sp,#0 @ [+3], clear carry to denote 20_39
191.L_20_39_or_60_79: 191.L_20_39_or_60_79:
192___ 192___
diff --git a/src/lib/libcrypto/sha/asm/sha1-ia64.pl b/src/lib/libcrypto/sha/asm/sha1-ia64.pl
index db28f0805a..02d35d1614 100644
--- a/src/lib/libcrypto/sha/asm/sha1-ia64.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-ia64.pl
@@ -271,7 +271,8 @@ tmp6=loc13;
271 271
272___ 272___
273 273
274{ my $i,@V=($A,$B,$C,$D,$E); 274{ my $i;
275 my @V=($A,$B,$C,$D,$E);
275 276
276 for($i=0;$i<16;$i++) { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); } 277 for($i=0;$i<16;$i++) { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
277 for(;$i<20;$i++) { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); } 278 for(;$i<20;$i++) { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
diff --git a/src/lib/libcrypto/sha/asm/sha1-parisc.pl b/src/lib/libcrypto/sha/asm/sha1-parisc.pl
index 6d7bf495b2..6e5a328a6f 100644
--- a/src/lib/libcrypto/sha/asm/sha1-parisc.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-parisc.pl
@@ -254,6 +254,7 @@ $code.=<<___;
254___ 254___
255 255
256$code =~ s/\`([^\`]*)\`/eval $1/gem; 256$code =~ s/\`([^\`]*)\`/eval $1/gem;
257$code =~ s/,\*/,/gm if ($SIZE_T==4); 257$code =~ s/,\*/,/gm if ($SIZE_T==4);
258$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8);
258print $code; 259print $code;
259close STDOUT; 260close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl b/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl
index 85e8d68086..e65291bbd9 100644
--- a/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl
@@ -549,7 +549,7 @@ ___
549# programmer detect if current CPU is VIS capable at run-time. 549# programmer detect if current CPU is VIS capable at run-time.
550sub unvis { 550sub unvis {
551my ($mnemonic,$rs1,$rs2,$rd)=@_; 551my ($mnemonic,$rs1,$rs2,$rd)=@_;
552my $ref,$opf; 552my ($ref,$opf);
553my %visopf = ( "fmul8ulx16" => 0x037, 553my %visopf = ( "fmul8ulx16" => 0x037,
554 "faligndata" => 0x048, 554 "faligndata" => 0x048,
555 "fpadd32" => 0x052, 555 "fpadd32" => 0x052,
diff --git a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
index f27c1e3fb0..f15c7ec39b 100755
--- a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
@@ -82,7 +82,8 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
82 `ml64 2>&1` =~ /Version ([0-9]+)\./ && 82 `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
83 $1>=10); 83 $1>=10);
84 84
85open STDOUT,"| $^X $xlate $flavour $output"; 85open OUT,"| \"$^X\" $xlate $flavour $output";
86*STDOUT=*OUT;
86 87
87$ctx="%rdi"; # 1st arg 88$ctx="%rdi"; # 1st arg
88$inp="%rsi"; # 2nd arg 89$inp="%rsi"; # 2nd arg
@@ -744,7 +745,7 @@ $code.=<<___;
744 mov %rdi,$ctx # reassigned argument 745 mov %rdi,$ctx # reassigned argument
745 mov %rsi,$inp # reassigned argument 746 mov %rsi,$inp # reassigned argument
746 mov %rdx,$num # reassigned argument 747 mov %rdx,$num # reassigned argument
747 vzeroall 748 vzeroupper
748 749
749 shl \$6,$num 750 shl \$6,$num
750 add $inp,$num 751 add $inp,$num
@@ -1037,7 +1038,7 @@ ___
1037 &Xtail_avx(\&body_20_39); 1038 &Xtail_avx(\&body_20_39);
1038 1039
1039$code.=<<___; 1040$code.=<<___;
1040 vzeroall 1041 vzeroupper
1041 1042
1042 add 0($ctx),$A # update context 1043 add 0($ctx),$A # update context
1043 add 4($ctx),@T[0] 1044 add 4($ctx),@T[0]
diff --git a/src/lib/libcrypto/sha/asm/sha512-586.pl b/src/lib/libcrypto/sha/asm/sha512-586.pl
index 5b9f3337ad..7eab6a5b88 100644
--- a/src/lib/libcrypto/sha/asm/sha512-586.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-586.pl
@@ -142,9 +142,9 @@ sub BODY_00_15_x86 {
142 &mov ("edx",$Ehi); 142 &mov ("edx",$Ehi);
143 &mov ("esi","ecx"); 143 &mov ("esi","ecx");
144 144
145 &shr ("ecx",9) # lo>>9 145 &shr ("ecx",9); # lo>>9
146 &mov ("edi","edx"); 146 &mov ("edi","edx");
147 &shr ("edx",9) # hi>>9 147 &shr ("edx",9); # hi>>9
148 &mov ("ebx","ecx"); 148 &mov ("ebx","ecx");
149 &shl ("esi",14); # lo<<14 149 &shl ("esi",14); # lo<<14
150 &mov ("eax","edx"); 150 &mov ("eax","edx");
@@ -207,9 +207,9 @@ sub BODY_00_15_x86 {
207 &mov ($Dhi,"ebx"); 207 &mov ($Dhi,"ebx");
208 &mov ("esi","ecx"); 208 &mov ("esi","ecx");
209 209
210 &shr ("ecx",2) # lo>>2 210 &shr ("ecx",2); # lo>>2
211 &mov ("edi","edx"); 211 &mov ("edi","edx");
212 &shr ("edx",2) # hi>>2 212 &shr ("edx",2); # hi>>2
213 &mov ("ebx","ecx"); 213 &mov ("ebx","ecx");
214 &shl ("esi",4); # lo<<4 214 &shl ("esi",4); # lo<<4
215 &mov ("eax","edx"); 215 &mov ("eax","edx");
@@ -452,9 +452,9 @@ if ($sse2) {
452 &mov ("edx",&DWP(8*(9+15+16-1)+4,"esp")); 452 &mov ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
453 &mov ("esi","ecx"); 453 &mov ("esi","ecx");
454 454
455 &shr ("ecx",1) # lo>>1 455 &shr ("ecx",1); # lo>>1
456 &mov ("edi","edx"); 456 &mov ("edi","edx");
457 &shr ("edx",1) # hi>>1 457 &shr ("edx",1); # hi>>1
458 &mov ("eax","ecx"); 458 &mov ("eax","ecx");
459 &shl ("esi",24); # lo<<24 459 &shl ("esi",24); # lo<<24
460 &mov ("ebx","edx"); 460 &mov ("ebx","edx");
@@ -488,9 +488,9 @@ if ($sse2) {
488 &mov ("edx",&DWP(8*(9+15+16-14)+4,"esp")); 488 &mov ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
489 &mov ("esi","ecx"); 489 &mov ("esi","ecx");
490 490
491 &shr ("ecx",6) # lo>>6 491 &shr ("ecx",6); # lo>>6
492 &mov ("edi","edx"); 492 &mov ("edi","edx");
493 &shr ("edx",6) # hi>>6 493 &shr ("edx",6); # hi>>6
494 &mov ("eax","ecx"); 494 &mov ("eax","ecx");
495 &shl ("esi",3); # lo<<3 495 &shl ("esi",3); # lo<<3
496 &mov ("ebx","edx"); 496 &mov ("ebx","edx");
diff --git a/src/lib/libcrypto/sha/asm/sha512-mips.pl b/src/lib/libcrypto/sha/asm/sha512-mips.pl
index ba5b250890..ffa053bb7d 100644
--- a/src/lib/libcrypto/sha/asm/sha512-mips.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-mips.pl
@@ -351,7 +351,7 @@ $code.=<<___;
351 $ST $G,6*$SZ($ctx) 351 $ST $G,6*$SZ($ctx)
352 $ST $H,7*$SZ($ctx) 352 $ST $H,7*$SZ($ctx)
353 353
354 bnel $inp,@X[15],.Loop 354 bne $inp,@X[15],.Loop
355 $PTR_SUB $Ktbl,`($rounds-16)*$SZ` # rewind $Ktbl 355 $PTR_SUB $Ktbl,`($rounds-16)*$SZ` # rewind $Ktbl
356 356
357 $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) 357 $REG_L $ra,$FRAMESIZE-1*$SZREG($sp)
diff --git a/src/lib/libcrypto/sha/asm/sha512-parisc.pl b/src/lib/libcrypto/sha/asm/sha512-parisc.pl
index e24ee58ae9..fc0e15b3c0 100755
--- a/src/lib/libcrypto/sha/asm/sha512-parisc.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-parisc.pl
@@ -785,6 +785,8 @@ foreach (split("\n",$code)) {
785 785
786 s/cmpb,\*/comb,/ if ($SIZE_T==4); 786 s/cmpb,\*/comb,/ if ($SIZE_T==4);
787 787
788 s/\bbv\b/bve/ if ($SIZE_T==8);
789
788 print $_,"\n"; 790 print $_,"\n";
789} 791}
790 792
diff --git a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
index f611a2d898..8d51678557 100755
--- a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
@@ -51,7 +51,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
51( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 51( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
52die "can't locate x86_64-xlate.pl"; 52die "can't locate x86_64-xlate.pl";
53 53
54open STDOUT,"| $^X $xlate $flavour $output"; 54open OUT,"| \"$^X\" $xlate $flavour $output";
55*STDOUT=*OUT;
55 56
56if ($output =~ /512/) { 57if ($output =~ /512/) {
57 $func="sha512_block_data_order"; 58 $func="sha512_block_data_order";
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index f88d3d6dad..4eae074849 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -88,17 +88,17 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c)
88 switch ((c)->md_len) \ 88 switch ((c)->md_len) \
89 { case SHA224_DIGEST_LENGTH: \ 89 { case SHA224_DIGEST_LENGTH: \
90 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \ 90 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \
91 { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ 91 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
92 break; \ 92 break; \
93 case SHA256_DIGEST_LENGTH: \ 93 case SHA256_DIGEST_LENGTH: \
94 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \ 94 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \
95 { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ 95 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
96 break; \ 96 break; \
97 default: \ 97 default: \
98 if ((c)->md_len > SHA256_DIGEST_LENGTH) \ 98 if ((c)->md_len > SHA256_DIGEST_LENGTH) \
99 return 0; \ 99 return 0; \
100 for (nn=0;nn<(c)->md_len/4;nn++) \ 100 for (nn=0;nn<(c)->md_len/4;nn++) \
101 { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ 101 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
102 break; \ 102 break; \
103 } \ 103 } \
104 } while (0) 104 } while (0)
diff --git a/src/lib/libcrypto/sparccpuid.S b/src/lib/libcrypto/sparccpuid.S
index ae61f7f5ce..0cc247e489 100644
--- a/src/lib/libcrypto/sparccpuid.S
+++ b/src/lib/libcrypto/sparccpuid.S
@@ -235,10 +235,10 @@ _sparcv9_rdtick:
235.global _sparcv9_vis1_probe 235.global _sparcv9_vis1_probe
236.align 8 236.align 8
237_sparcv9_vis1_probe: 237_sparcv9_vis1_probe:
238 .word 0x81b00d80 !fxor %f0,%f0,%f0
239 add %sp,BIAS+2,%o1 238 add %sp,BIAS+2,%o1
240 retl
241 .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0 239 .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0
240 retl
241 .word 0x81b00d80 !fxor %f0,%f0,%f0
242.type _sparcv9_vis1_probe,#function 242.type _sparcv9_vis1_probe,#function
243.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe 243.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
244 244
diff --git a/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl b/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl
index 32cf16380b..cb2381c22b 100644
--- a/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl
+++ b/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl
@@ -119,7 +119,7 @@ $tbl="ebp";
119 &mov ("eax",&DWP(0,"esp")); 119 &mov ("eax",&DWP(0,"esp"));
120 &mov ("ebx",&DWP(4,"esp")); 120 &mov ("ebx",&DWP(4,"esp"));
121for($i=0;$i<8;$i++) { 121for($i=0;$i<8;$i++) {
122 my $func = ($i==0)? movq : pxor; 122 my $func = ($i==0)? \&movq : \&pxor;
123 &movb (&LB("ecx"),&LB("eax")); 123 &movb (&LB("ecx"),&LB("eax"));
124 &movb (&LB("edx"),&HB("eax")); 124 &movb (&LB("edx"),&HB("eax"));
125 &scale ("esi","ecx"); 125 &scale ("esi","ecx");
diff --git a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
index 87c0843dc1..24b2ff60c3 100644
--- a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
+++ b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
@@ -41,7 +41,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
41( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 41( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
42die "can't locate x86_64-xlate.pl"; 42die "can't locate x86_64-xlate.pl";
43 43
44open STDOUT,"| $^X $xlate $flavour $output"; 44open OUT,"| \"$^X\" $xlate $flavour $output";
45*STDOUT=*OUT;
45 46
46sub L() { $code.=".byte ".join(',',@_)."\n"; } 47sub L() { $code.=".byte ".join(',',@_)."\n"; }
47sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; } 48sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; }
diff --git a/src/lib/libcrypto/x86cpuid.pl b/src/lib/libcrypto/x86cpuid.pl
index 39fd8f2293..b270b44337 100644
--- a/src/lib/libcrypto/x86cpuid.pl
+++ b/src/lib/libcrypto/x86cpuid.pl
@@ -67,6 +67,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
67 &inc ("esi"); # number of cores 67 &inc ("esi"); # number of cores
68 68
69 &mov ("eax",1); 69 &mov ("eax",1);
70 &xor ("ecx","ecx");
70 &cpuid (); 71 &cpuid ();
71 &bt ("edx",28); 72 &bt ("edx",28);
72 &jnc (&label("generic")); 73 &jnc (&label("generic"));
@@ -91,6 +92,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
91 92
92&set_label("nocacheinfo"); 93&set_label("nocacheinfo");
93 &mov ("eax",1); 94 &mov ("eax",1);
95 &xor ("ecx","ecx");
94 &cpuid (); 96 &cpuid ();
95 &and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0 97 &and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0
96 &cmp ("ebp",0); 98 &cmp ("ebp",0);
@@ -165,7 +167,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
165 &jnz (&label("nohalt")); # not enough privileges 167 &jnz (&label("nohalt")); # not enough privileges
166 168
167 &pushf (); 169 &pushf ();
168 &pop ("eax") 170 &pop ("eax");
169 &bt ("eax",9); 171 &bt ("eax",9);
170 &jnc (&label("nohalt")); # interrupts are disabled 172 &jnc (&label("nohalt")); # interrupts are disabled
171 173
@@ -280,7 +282,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
280# arguments is 1 or 2! 282# arguments is 1 or 2!
281&function_begin_B("OPENSSL_indirect_call"); 283&function_begin_B("OPENSSL_indirect_call");
282 { 284 {
283 my $i,$max=7; # $max has to be chosen as 4*n-1 285 my ($max,$i)=(7,); # $max has to be chosen as 4*n-1
284 # in order to preserve eventual 286 # in order to preserve eventual
285 # stack alignment 287 # stack alignment
286 &push ("ebp"); 288 &push ("ebp");
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index f61f718183..106939f241 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
196 pqueue_free(s->d1->buffered_app_data.q); 196 pqueue_free(s->d1->buffered_app_data.q);
197 197
198 OPENSSL_free(s->d1); 198 OPENSSL_free(s->d1);
199 s->d1 = NULL;
199 } 200 }
200 201
201void dtls1_clear(SSL *s) 202void dtls1_clear(SSL *s)
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 928935bd8b..ab9c41922c 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -115,11 +115,12 @@
115 Copyright (C) 2011, RTFM, Inc. 115 Copyright (C) 2011, RTFM, Inc.
116*/ 116*/
117 117
118#ifndef OPENSSL_NO_SRTP
119
120#include <stdio.h> 118#include <stdio.h>
121#include <openssl/objects.h> 119#include <openssl/objects.h>
122#include "ssl_locl.h" 120#include "ssl_locl.h"
121
122#ifndef OPENSSL_NO_SRTP
123
123#include "srtp.h" 124#include "srtp.h"
124 125
125 126
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
index c938bcf00d..dfef799be2 100644
--- a/src/lib/libssl/test/cms-test.pl
+++ b/src/lib/libssl/test/cms-test.pl
@@ -415,8 +415,10 @@ sub run_smime_tests {
415} 415}
416 416
417sub cmp_files { 417sub cmp_files {
418 use FileHandle;
418 my ( $f1, $f2 ) = @_; 419 my ( $f1, $f2 ) = @_;
419 my ( $fp1, $fp2 ); 420 my $fp1 = FileHandle->new();
421 my $fp2 = FileHandle->new();
420 422
421 my ( $rd1, $rd2 ); 423 my ( $rd1, $rd2 );
422 424
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:17:57 +0000