From 293732ea9d538daf81033ab02d62cbe188088510 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Thu, 14 Feb 2013 15:11:47 +0000 Subject: This commit was manufactured by cvs2git to create branch 'OPENSSL'. --- src/lib/libssl/src/ssl/s3_cbc.c | 790 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 790 insertions(+) create mode 100644 src/lib/libssl/src/ssl/s3_cbc.c diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c new file mode 100644 index 0000000000..443a31e746 --- /dev/null +++ b/src/lib/libssl/src/ssl/s3_cbc.c @@ -0,0 +1,790 @@ +/* ssl/s3_cbc.c */ +/* ==================================================================== + * Copyright (c) 2012 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ssl_locl.h" + +#include +#include + +/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length + * field. (SHA-384/512 have 128-bit length.) */ +#define MAX_HASH_BIT_COUNT_BYTES 16 + +/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support. + * Currently SHA-384/512 has a 128-byte block size and that's the largest + * supported by TLS.) */ +#define MAX_HASH_BLOCK_SIZE 128 + +/* Some utility functions are needed: + * + * These macros return the given value with the MSB copied to all the other + * bits. They use the fact that arithmetic shift shifts-in the sign bit. + * However, this is not ensured by the C standard so you may need to replace + * them with something else on odd CPUs. */ +#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) +#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) + +/* constant_time_lt returns 0xff if a=b and 0x00 otherwise. */ +static unsigned constant_time_ge(unsigned a, unsigned b) + { + a -= b; + return DUPLICATE_MSB_TO_ALL(~a); + } + +/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ +static unsigned char constant_time_eq_8(unsigned a, unsigned b) + { + unsigned c = a ^ b; + c--; + return DUPLICATE_MSB_TO_ALL_8(c); + } + +/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC + * record in |rec| by updating |rec->length| in constant time. + * + * block_size: the block size of the cipher used to encrypt the record. + * returns: + * 0: (in non-constant time) if the record is publicly invalid. + * 1: if the padding was valid + * -1: otherwise. */ +int ssl3_cbc_remove_padding(const SSL* s, + SSL3_RECORD *rec, + unsigned block_size, + unsigned mac_size) + { + unsigned padding_length, good; + const unsigned overhead = 1 /* padding length byte */ + mac_size; + + /* These lengths are all public so we can test them in non-constant + * time. */ + if (overhead > rec->length) + return 0; + + padding_length = rec->data[rec->length-1]; + good = constant_time_ge(rec->length, padding_length+overhead); + /* SSLv3 requires that the padding is minimal. */ + good &= constant_time_ge(block_size, padding_length+1); + padding_length = good & (padding_length+1); + rec->length -= padding_length; + rec->type |= padding_length<<8; /* kludge: pass padding length */ + return (int)((good & 1) | (~good & -1)); +} + +/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC + * record in |rec| in constant time and returns 1 if the padding is valid and + * -1 otherwise. It also removes any explicit IV from the start of the record + * without leaking any timing about whether there was enough space after the + * padding was removed. + * + * block_size: the block size of the cipher used to encrypt the record. + * returns: + * 0: (in non-constant time) if the record is publicly invalid. + * 1: if the padding was valid + * -1: otherwise. */ +int tls1_cbc_remove_padding(const SSL* s, + SSL3_RECORD *rec, + unsigned block_size, + unsigned mac_size) + { + unsigned padding_length, good, to_check, i; + const unsigned overhead = 1 /* padding length byte */ + mac_size; + /* Check if version requires explicit IV */ + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) + { + /* These lengths are all public so we can test them in + * non-constant time. + */ + if (overhead + block_size > rec->length) + return 0; + /* We can now safely skip explicit IV */ + rec->data += block_size; + rec->input += block_size; + rec->length -= block_size; + } + else if (overhead > rec->length) + return 0; + + padding_length = rec->data[rec->length-1]; + + /* NB: if compression is in operation the first packet may not be of + * even length so the padding bug check cannot be performed. This bug + * workaround has been around since SSLeay so hopefully it is either + * fixed now or no buggy implementation supports compression [steve] + */ + if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) + { + /* First packet is even in size, so check */ + if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && + !(padding_length & 1)) + { + s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; + } + if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && + padding_length > 0) + { + padding_length--; + } + } + + if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) + { + /* padding is already verified */ + rec->length -= padding_length + 1; + return 1; + } + + good = constant_time_ge(rec->length, overhead+padding_length); + /* The padding consists of a length byte at the end of the record and + * then that many bytes of padding, all with the same value as the + * length byte. Thus, with the length byte included, there are i+1 + * bytes of padding. + * + * We can't check just |padding_length+1| bytes because that leaks + * decrypted information. Therefore we always have to check the maximum + * amount of padding possible. (Again, the length of the record is + * public information so we can use it.) */ + to_check = 255; /* maximum amount of padding. */ + if (to_check > rec->length-1) + to_check = rec->length-1; + + for (i = 0; i < to_check; i++) + { + unsigned char mask = constant_time_ge(padding_length, i); + unsigned char b = rec->data[rec->length-1-i]; + /* The final |padding_length+1| bytes should all have the value + * |padding_length|. Therefore the XOR should be zero. */ + good &= ~(mask&(padding_length ^ b)); + } + + /* If any of the final |padding_length+1| bytes had the wrong value, + * one or more of the lower eight bits of |good| will be cleared. We + * AND the bottom 8 bits together and duplicate the result to all the + * bits. */ + good &= good >> 4; + good &= good >> 2; + good &= good >> 1; + good <<= sizeof(good)*8-1; + good = DUPLICATE_MSB_TO_ALL(good); + + padding_length = good & (padding_length+1); + rec->length -= padding_length; + rec->type |= padding_length<<8; /* kludge: pass padding length */ + + return (int)((good & 1) | (~good & -1)); + } + +/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in + * constant time (independent of the concrete value of rec->length, which may + * vary within a 256-byte window). + * + * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to + * this function. + * + * On entry: + * rec->orig_len >= md_size + * md_size <= EVP_MAX_MD_SIZE + * + * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with + * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into + * a single or pair of cache-lines, then the variable memory accesses don't + * actually affect the timing. CPUs with smaller cache-lines [if any] are + * not multi-core and are not considered vulnerable to cache-timing attacks. + */ +#define CBC_MAC_ROTATE_IN_PLACE + +void ssl3_cbc_copy_mac(unsigned char* out, + const SSL3_RECORD *rec, + unsigned md_size,unsigned orig_len) + { +#if defined(CBC_MAC_ROTATE_IN_PLACE) + unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE]; + unsigned char *rotated_mac; +#else + unsigned char rotated_mac[EVP_MAX_MD_SIZE]; +#endif + + /* mac_end is the index of |rec->data| just after the end of the MAC. */ + unsigned mac_end = rec->length; + unsigned mac_start = mac_end - md_size; + /* scan_start contains the number of bytes that we can ignore because + * the MAC's position can only vary by 255 bytes. */ + unsigned scan_start = 0; + unsigned i, j; + unsigned div_spoiler; + unsigned rotate_offset; + + OPENSSL_assert(orig_len >= md_size); + OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); + +#if defined(CBC_MAC_ROTATE_IN_PLACE) + rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63); +#endif + + /* This information is public so it's safe to branch based on it. */ + if (orig_len > md_size + 255 + 1) + scan_start = orig_len - (md_size + 255 + 1); + /* div_spoiler contains a multiple of md_size that is used to cause the + * modulo operation to be constant time. Without this, the time varies + * based on the amount of padding when running on Intel chips at least. + * + * The aim of right-shifting md_size is so that the compiler doesn't + * figure out that it can remove div_spoiler as that would require it + * to prove that md_size is always even, which I hope is beyond it. */ + div_spoiler = md_size >> 1; + div_spoiler <<= (sizeof(div_spoiler)-1)*8; + rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; + + memset(rotated_mac, 0, md_size); + for (i = scan_start, j = 0; i < orig_len; i++) + { + unsigned char mac_started = constant_time_ge(i, mac_start); + unsigned char mac_ended = constant_time_ge(i, mac_end); + unsigned char b = rec->data[i]; + rotated_mac[j++] |= b & mac_started & ~mac_ended; + j &= constant_time_lt(j,md_size); + } + + /* Now rotate the MAC */ +#if defined(CBC_MAC_ROTATE_IN_PLACE) + j = 0; + for (i = 0; i < md_size; i++) + { + /* in case cache-line is 32 bytes, touch second line */ + ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; + out[j++] = rotated_mac[rotate_offset++]; + rotate_offset &= constant_time_lt(rotate_offset,md_size); + } +#else + memset(out, 0, md_size); + rotate_offset = md_size - rotate_offset; + rotate_offset &= constant_time_lt(rotate_offset,md_size); + for (i = 0; i < md_size; i++) + { + for (j = 0; j < md_size; j++) + out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); + rotate_offset++; + rotate_offset &= constant_time_lt(rotate_offset,md_size); + } +#endif + } + +/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in + * little-endian order. The value of p is advanced by four. */ +#define u32toLE(n, p) \ + (*((p)++)=(unsigned char)(n), \ + *((p)++)=(unsigned char)(n>>8), \ + *((p)++)=(unsigned char)(n>>16), \ + *((p)++)=(unsigned char)(n>>24)) + +/* These functions serialize the state of a hash and thus perform the standard + * "final" operation without adding the padding and length that such a function + * typically does. */ +static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) + { + MD5_CTX *md5 = ctx; + u32toLE(md5->A, md_out); + u32toLE(md5->B, md_out); + u32toLE(md5->C, md_out); + u32toLE(md5->D, md_out); + } + +static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) + { + SHA_CTX *sha1 = ctx; + l2n(sha1->h0, md_out); + l2n(sha1->h1, md_out); + l2n(sha1->h2, md_out); + l2n(sha1->h3, md_out); + l2n(sha1->h4, md_out); + } +#define LARGEST_DIGEST_CTX SHA_CTX + +#ifndef OPENSSL_NO_SHA256 +static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) + { + SHA256_CTX *sha256 = ctx; + unsigned i; + + for (i = 0; i < 8; i++) + { + l2n(sha256->h[i], md_out); + } + } +#undef LARGEST_DIGEST_CTX +#define LARGEST_DIGEST_CTX SHA256_CTX +#endif + +#ifndef OPENSSL_NO_SHA512 +static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) + { + SHA512_CTX *sha512 = ctx; + unsigned i; + + for (i = 0; i < 8; i++) + { + l2n8(sha512->h[i], md_out); + } + } +#undef LARGEST_DIGEST_CTX +#define LARGEST_DIGEST_CTX SHA512_CTX +#endif + +/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function + * which ssl3_cbc_digest_record supports. */ +char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return 0; +#endif + switch (EVP_MD_CTX_type(ctx)) + { + case NID_md5: + case NID_sha1: +#ifndef OPENSSL_NO_SHA256 + case NID_sha224: + case NID_sha256: +#endif +#ifndef OPENSSL_NO_SHA512 + case NID_sha384: + case NID_sha512: +#endif + return 1; + default: + return 0; + } + } + +/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS + * record. + * + * ctx: the EVP_MD_CTX from which we take the hash function. + * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX. + * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written. + * md_out_size: if non-NULL, the number of output bytes is written here. + * header: the 13-byte, TLS record header. + * data: the record data itself, less any preceeding explicit IV. + * data_plus_mac_size: the secret, reported length of the data and MAC + * once the padding has been removed. + * data_plus_mac_plus_padding_size: the public length of the whole + * record, including padding. + * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS. + * + * On entry: by virtue of having been through one of the remove_padding + * functions, above, we know that data_plus_mac_size is large enough to contain + * a padding byte and MAC. (If the padding was invalid, it might contain the + * padding too. ) */ +void ssl3_cbc_digest_record( + const EVP_MD_CTX *ctx, + unsigned char* md_out, + size_t* md_out_size, + const unsigned char header[13], + const unsigned char *data, + size_t data_plus_mac_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + unsigned mac_secret_length, + char is_sslv3) + { + union { double align; + unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; + void (*md_final_raw)(void *ctx, unsigned char *md_out); + void (*md_transform)(void *ctx, const unsigned char *block); + unsigned md_size, md_block_size = 64; + unsigned sslv3_pad_length = 40, header_length, variance_blocks, + len, max_mac_bytes, num_blocks, + num_starting_blocks, k, mac_end_offset, c, index_a, index_b; + unsigned int bits; /* at most 18 bits */ + unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; + /* hmac_pad is the masked HMAC key. */ + unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; + unsigned char first_block[MAX_HASH_BLOCK_SIZE]; + unsigned char mac_out[EVP_MAX_MD_SIZE]; + unsigned i, j, md_out_size_u; + EVP_MD_CTX md_ctx; + /* mdLengthSize is the number of bytes in the length field that terminates + * the hash. */ + unsigned md_length_size = 8; + char length_is_big_endian = 1; + + /* This is a, hopefully redundant, check that allows us to forget about + * many possible overflows later in this function. */ + OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); + + switch (EVP_MD_CTX_type(ctx)) + { + case NID_md5: + MD5_Init((MD5_CTX*)md_state.c); + md_final_raw = tls1_md5_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; + md_size = 16; + sslv3_pad_length = 48; + length_is_big_endian = 0; + break; + case NID_sha1: + SHA1_Init((SHA_CTX*)md_state.c); + md_final_raw = tls1_sha1_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; + md_size = 20; + break; +#ifndef OPENSSL_NO_SHA256 + case NID_sha224: + SHA224_Init((SHA256_CTX*)md_state.c); + md_final_raw = tls1_sha256_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; + md_size = 224/8; + break; + case NID_sha256: + SHA256_Init((SHA256_CTX*)md_state.c); + md_final_raw = tls1_sha256_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; + md_size = 32; + break; +#endif +#ifndef OPENSSL_NO_SHA512 + case NID_sha384: + SHA384_Init((SHA512_CTX*)md_state.c); + md_final_raw = tls1_sha512_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; + md_size = 384/8; + md_block_size = 128; + md_length_size = 16; + break; + case NID_sha512: + SHA512_Init((SHA512_CTX*)md_state.c); + md_final_raw = tls1_sha512_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; + md_size = 64; + md_block_size = 128; + md_length_size = 16; + break; +#endif + default: + /* ssl3_cbc_record_digest_supported should have been + * called first to check that the hash function is + * supported. */ + OPENSSL_assert(0); + if (md_out_size) + *md_out_size = -1; + return; + } + + OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); + OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); + OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); + + header_length = 13; + if (is_sslv3) + { + header_length = + mac_secret_length + + sslv3_pad_length + + 8 /* sequence number */ + + 1 /* record type */ + + 2 /* record length */; + } + + /* variance_blocks is the number of blocks of the hash that we have to + * calculate in constant time because they could be altered by the + * padding value. + * + * In SSLv3, the padding must be minimal so the end of the plaintext + * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that + * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash + * termination (0x80 + 64-bit length) don't fit in the final block, we + * say that the final two blocks can vary based on the padding. + * + * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not + * required to be minimal. Therefore we say that the final six blocks + * can vary based on the padding. + * + * Later in the function, if the message is short and there obviously + * cannot be this many blocks then variance_blocks can be reduced. */ + variance_blocks = is_sslv3 ? 2 : 6; + /* From now on we're dealing with the MAC, which conceptually has 13 + * bytes of `header' before the start of the data (TLS) or 71/75 bytes + * (SSLv3) */ + len = data_plus_mac_plus_padding_size + header_length; + /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including + * |header|, assuming that there's no padding. */ + max_mac_bytes = len - md_size - 1; + /* num_blocks is the maximum number of hash blocks. */ + num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; + /* In order to calculate the MAC in constant time we have to handle + * the final blocks specially because the padding value could cause the + * end to appear somewhere in the final |variance_blocks| blocks and we + * can't leak where. However, |num_starting_blocks| worth of data can + * be hashed right away because no padding value can affect whether + * they are plaintext. */ + num_starting_blocks = 0; + /* k is the starting byte offset into the conceptual header||data where + * we start processing. */ + k = 0; + /* mac_end_offset is the index just past the end of the data to be + * MACed. */ + mac_end_offset = data_plus_mac_size + header_length - md_size; + /* c is the index of the 0x80 byte in the final hash block that + * contains application data. */ + c = mac_end_offset % md_block_size; + /* index_a is the hash block number that contains the 0x80 terminating + * value. */ + index_a = mac_end_offset / md_block_size; + /* index_b is the hash block number that contains the 64-bit hash + * length, in bits. */ + index_b = (mac_end_offset + md_length_size) / md_block_size; + /* bits is the hash-length in bits. It includes the additional hash + * block for the masked HMAC key, or whole of |header| in the case of + * SSLv3. */ + + /* For SSLv3, if we're going to have any starting blocks then we need + * at least two because the header is larger than a single block. */ + if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) + { + num_starting_blocks = num_blocks - variance_blocks; + k = md_block_size*num_starting_blocks; + } + + bits = 8*mac_end_offset; + if (!is_sslv3) + { + /* Compute the initial HMAC block. For SSLv3, the padding and + * secret bytes are included in |header| because they take more + * than a single block. */ + bits += 8*md_block_size; + memset(hmac_pad, 0, md_block_size); + OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad)); + memcpy(hmac_pad, mac_secret, mac_secret_length); + for (i = 0; i < md_block_size; i++) + hmac_pad[i] ^= 0x36; + + md_transform(md_state.c, hmac_pad); + } + + if (length_is_big_endian) + { + memset(length_bytes,0,md_length_size-4); + length_bytes[md_length_size-4] = (unsigned char)(bits>>24); + length_bytes[md_length_size-3] = (unsigned char)(bits>>16); + length_bytes[md_length_size-2] = (unsigned char)(bits>>8); + length_bytes[md_length_size-1] = (unsigned char)bits; + } + else + { + memset(length_bytes,0,md_length_size); + length_bytes[md_length_size-5] = (unsigned char)(bits>>24); + length_bytes[md_length_size-6] = (unsigned char)(bits>>16); + length_bytes[md_length_size-7] = (unsigned char)(bits>>8); + length_bytes[md_length_size-8] = (unsigned char)bits; + } + + if (k > 0) + { + if (is_sslv3) + { + /* The SSLv3 header is larger than a single block. + * overhang is the number of bytes beyond a single + * block that the header consumes: either 7 bytes + * (SHA1) or 11 bytes (MD5). */ + unsigned overhang = header_length-md_block_size; + md_transform(md_state.c, header); + memcpy(first_block, header + md_block_size, overhang); + memcpy(first_block + overhang, data, md_block_size-overhang); + md_transform(md_state.c, first_block); + for (i = 1; i < k/md_block_size - 1; i++) + md_transform(md_state.c, data + md_block_size*i - overhang); + } + else + { + /* k is a multiple of md_block_size. */ + memcpy(first_block, header, 13); + memcpy(first_block+13, data, md_block_size-13); + md_transform(md_state.c, first_block); + for (i = 1; i < k/md_block_size; i++) + md_transform(md_state.c, data + md_block_size*i - 13); + } + } + + memset(mac_out, 0, sizeof(mac_out)); + + /* We now process the final hash blocks. For each block, we construct + * it in constant time. If the |i==index_a| then we'll include the 0x80 + * bytes and zero pad etc. For each block we selectively copy it, in + * constant time, to |mac_out|. */ + for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++) + { + unsigned char block[MAX_HASH_BLOCK_SIZE]; + unsigned char is_block_a = constant_time_eq_8(i, index_a); + unsigned char is_block_b = constant_time_eq_8(i, index_b); + for (j = 0; j < md_block_size; j++) + { + unsigned char b = 0, is_past_c, is_past_cp1; + if (k < header_length) + b = header[k]; + else if (k < data_plus_mac_plus_padding_size + header_length) + b = data[k-header_length]; + k++; + + is_past_c = is_block_a & constant_time_ge(j, c); + is_past_cp1 = is_block_a & constant_time_ge(j, c+1); + /* If this is the block containing the end of the + * application data, and we are at the offset for the + * 0x80 value, then overwrite b with 0x80. */ + b = (b&~is_past_c) | (0x80&is_past_c); + /* If this the the block containing the end of the + * application data and we're past the 0x80 value then + * just write zero. */ + b = b&~is_past_cp1; + /* If this is index_b (the final block), but not + * index_a (the end of the data), then the 64-bit + * length didn't fit into index_a and we're having to + * add an extra block of zeros. */ + b &= ~is_block_b | is_block_a; + + /* The final bytes of one of the blocks contains the + * length. */ + if (j >= md_block_size - md_length_size) + { + /* If this is index_b, write a length byte. */ + b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); + } + block[j] = b; + } + + md_transform(md_state.c, block); + md_final_raw(md_state.c, block); + /* If this is index_b, copy the hash value to |mac_out|. */ + for (j = 0; j < md_size; j++) + mac_out[j] |= block[j]&is_block_b; + } + + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); + if (is_sslv3) + { + /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ + memset(hmac_pad, 0x5c, sslv3_pad_length); + + EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); + EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); + EVP_DigestUpdate(&md_ctx, mac_out, md_size); + } + else + { + /* Complete the HMAC in the standard manner. */ + for (i = 0; i < md_block_size; i++) + hmac_pad[i] ^= 0x6a; + + EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); + EVP_DigestUpdate(&md_ctx, mac_out, md_size); + } + EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); + if (md_out_size) + *md_out_size = md_out_size_u; + EVP_MD_CTX_cleanup(&md_ctx); + } + +#ifdef OPENSSL_FIPS + +/* Due to the need to use EVP in FIPS mode we can't reimplement digests but + * we can ensure the number of blocks processed is equal for all cases + * by digesting additional data. + */ + +void tls_fips_digest_extra( + const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, + const unsigned char *data, size_t data_len, size_t orig_len) + { + size_t block_size, digest_pad, blocks_data, blocks_orig; + if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) + return; + block_size = EVP_MD_CTX_block_size(mac_ctx); + /* We are in FIPS mode if we get this far so we know we have only SHA* + * digests and TLS to deal with. + * Minimum digest padding length is 17 for SHA384/SHA512 and 9 + * otherwise. + * Additional header is 13 bytes. To get the number of digest blocks + * processed round up the amount of data plus padding to the nearest + * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. + * So we have: + * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size + * equivalently: + * blocks = (payload_len + digest_pad + 12)/block_size + 1 + * HMAC adds a constant overhead. + * We're ultimately only interested in differences so this becomes + * blocks = (payload_len + 29)/128 + * for SHA384/SHA512 and + * blocks = (payload_len + 21)/64 + * otherwise. + */ + digest_pad = block_size == 64 ? 21 : 29; + blocks_orig = (orig_len + digest_pad)/block_size; + blocks_data = (data_len + digest_pad)/block_size; + /* MAC enough blocks to make up the difference between the original + * and actual lengths plus one extra block to ensure this is never a + * no op. The "data" pointer should always have enough space to + * perform this operation as it is large enough for a maximum + * length TLS buffer. + */ + EVP_DigestSignUpdate(mac_ctx, data, + (blocks_orig - blocks_data + 1) * block_size); + } +#endif -- cgit v1.2.3-55-g6feb From fea4fc3d16f04ff054803f9276895492961ab5e2 Mon Sep 17 00:00:00 2001 From: miod <> Date: Sun, 13 Apr 2014 15:16:38 +0000 Subject: Import OpenSSL 1.0.1g --- src/lib/libcrypto/ecdh/Makefile | 17 +- src/lib/libcrypto/engine/eng_rdrand.c | 1 + src/lib/libcrypto/mdc2/mdc2dgst.c | 2 +- src/lib/libcrypto/modes/Makefile | 5 +- src/lib/libcrypto/perlasm/x86masm.pl | 1 + src/lib/libcrypto/rc5/asm/rc5-586.pl | 3 +- src/lib/libcrypto/rc5/rc5_ecb.c | 80 ++ src/lib/libcrypto/rc5/rc5_enc.c | 215 ++++++ src/lib/libcrypto/rc5/rc5_skey.c | 113 +++ src/lib/libcrypto/rc5/rc5cfb64.c | 122 +++ src/lib/libcrypto/rc5/rc5ofb64.c | 111 +++ src/lib/libcrypto/rc5/rc5speed.c | 277 +++++++ src/lib/libcrypto/srp/srp_grps.h | 816 ++++++++++----------- src/lib/libcrypto/srp/srp_lib.c | 18 +- src/lib/libcrypto/srp/srp_vfy.c | 5 +- src/lib/libssl/src/apps/cms.c | 4 + src/lib/libssl/src/apps/ecparam.c | 4 +- src/lib/libssl/src/apps/srp.c | 30 +- src/lib/libssl/src/crypto/aes/asm/aes-mips.pl | 20 +- src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl | 3 +- src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl | 95 +-- src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl | 3 +- .../libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl | 3 +- src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl | 3 +- src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl | 76 +- src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl | 5 +- src/lib/libssl/src/crypto/armcap.c | 2 +- src/lib/libssl/src/crypto/bio/bss_dgram.c | 91 ++- src/lib/libssl/src/crypto/bn/asm/mips-mont.pl | 2 +- src/lib/libssl/src/crypto/bn/asm/mips.pl | 46 +- .../libssl/src/crypto/bn/asm/modexp512-x86_64.pl | 3 +- src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl | 4 +- src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl | 3 +- src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl | 3 +- src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl | 7 +- src/lib/libssl/src/crypto/bn/bn_nist.c | 55 +- .../libssl/src/crypto/camellia/asm/cmll-x86_64.pl | 3 +- src/lib/libssl/src/crypto/cms/cms_cd.c | 2 + src/lib/libssl/src/crypto/cms/cms_enc.c | 2 +- src/lib/libssl/src/crypto/cms/cms_lib.c | 4 - src/lib/libssl/src/crypto/ec/ec2_mult.c | 27 +- src/lib/libssl/src/crypto/ec/ec_ameth.c | 2 +- src/lib/libssl/src/crypto/ec/ec_asn1.c | 6 +- src/lib/libssl/src/crypto/ec/ec_key.c | 13 +- src/lib/libssl/src/crypto/ec/ec_pmeth.c | 2 +- src/lib/libssl/src/crypto/ecdh/Makefile | 17 +- src/lib/libssl/src/crypto/ecdh/ech_key.c | 3 - src/lib/libssl/src/crypto/ecdh/ech_lib.c | 11 +- src/lib/libssl/src/crypto/ecdsa/ecs_lib.c | 11 +- src/lib/libssl/src/crypto/engine/eng_rdrand.c | 1 + .../libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c | 217 +++++- src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl | 3 +- src/lib/libssl/src/crypto/mdc2/mdc2dgst.c | 2 +- src/lib/libssl/src/crypto/modes/Makefile | 5 +- src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl | 25 +- .../libssl/src/crypto/modes/asm/ghash-parisc.pl | 1 + src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl | 6 +- .../libssl/src/crypto/modes/asm/ghash-x86_64.pl | 3 +- src/lib/libssl/src/crypto/modes/cbc128.c | 25 +- src/lib/libssl/src/crypto/modes/ccm128.c | 2 +- src/lib/libssl/src/crypto/modes/cts128.c | 28 +- src/lib/libssl/src/crypto/modes/gcm128.c | 196 ++++- src/lib/libssl/src/crypto/modes/modes_lcl.h | 9 +- src/lib/libssl/src/crypto/pariscid.pl | 41 +- src/lib/libssl/src/crypto/perlasm/x86masm.pl | 1 + src/lib/libssl/src/crypto/pkcs7/bio_pk7.c | 2 +- src/lib/libssl/src/crypto/ppccap.c | 11 + .../libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl | 3 +- src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl | 3 +- src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl | 3 +- src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl | 3 +- src/lib/libssl/src/crypto/rc5/rc5_ecb.c | 80 ++ src/lib/libssl/src/crypto/rc5/rc5_enc.c | 215 ++++++ src/lib/libssl/src/crypto/rc5/rc5_skey.c | 113 +++ src/lib/libssl/src/crypto/rc5/rc5cfb64.c | 122 +++ src/lib/libssl/src/crypto/rc5/rc5ofb64.c | 111 +++ src/lib/libssl/src/crypto/rc5/rc5speed.c | 277 +++++++ src/lib/libssl/src/crypto/rsa/rsa_ameth.c | 8 +- src/lib/libssl/src/crypto/rsa/rsa_pmeth.c | 2 + .../libssl/src/crypto/sha/asm/sha1-armv4-large.pl | 2 +- src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl | 3 +- src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl | 2 +- src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl | 7 +- src/lib/libssl/src/crypto/sha/asm/sha512-586.pl | 16 +- src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl | 2 +- src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl | 2 + src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl | 3 +- src/lib/libssl/src/crypto/sha/sha256.c | 6 +- src/lib/libssl/src/crypto/sha/sha512.c | 9 +- src/lib/libssl/src/crypto/sparccpuid.S | 4 +- src/lib/libssl/src/crypto/srp/srp_grps.h | 816 ++++++++++----------- src/lib/libssl/src/crypto/srp/srp_lib.c | 18 +- src/lib/libssl/src/crypto/srp/srp_vfy.c | 5 +- src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl | 2 +- .../libssl/src/crypto/whrlpool/asm/wp-x86_64.pl | 3 +- src/lib/libssl/src/crypto/x86_64cpuid.pl | 3 +- src/lib/libssl/src/crypto/x86cpuid.pl | 6 +- src/lib/libssl/src/demos/cms/cms_comp.c | 2 +- src/lib/libssl/src/demos/cms/cms_dec.c | 2 +- src/lib/libssl/src/demos/cms/cms_sign.c | 2 +- src/lib/libssl/src/doc/apps/ec.pod | 2 +- src/lib/libssl/src/doc/apps/ts.pod | 4 +- src/lib/libssl/src/doc/apps/tsget.pod | 2 +- src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod | 2 +- .../libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod | 2 +- src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod | 2 +- src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod | 2 +- src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod | 2 +- .../src/doc/crypto/EVP_PKEY_get_default_digest.pod | 2 +- src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod | 2 +- src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod | 2 +- src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod | 2 +- .../src/doc/crypto/EVP_PKEY_verify_recover.pod | 103 +++ .../src/doc/crypto/X509_STORE_CTX_get_error.pod | 2 + .../src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 2 +- src/lib/libssl/src/doc/crypto/ecdsa.pod | 10 +- .../src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 4 + src/lib/libssl/src/engines/ccgost/gost89.c | 14 +- src/lib/libssl/src/engines/ccgost/gost89.h | 4 - src/lib/libssl/src/engines/ccgost/gost_crypt.c | 29 +- src/lib/libssl/src/engines/ccgost/gost_eng.c | 17 +- src/lib/libssl/src/engines/ccgost/gost_lcl.h | 4 +- src/lib/libssl/src/engines/ccgost/gosthash.c | 21 +- src/lib/libssl/src/engines/e_capi.c | 5 +- src/lib/libssl/src/ssl/d1_both.c | 39 +- src/lib/libssl/src/ssl/d1_clnt.c | 36 +- src/lib/libssl/src/ssl/d1_enc.c | 59 +- src/lib/libssl/src/ssl/d1_lib.c | 1 + src/lib/libssl/src/ssl/d1_pkt.c | 98 ++- src/lib/libssl/src/ssl/d1_srtp.c | 5 +- src/lib/libssl/src/ssl/d1_srvr.c | 29 +- src/lib/libssl/src/ssl/dtls1.h | 8 +- src/lib/libssl/src/ssl/tls_srp.c | 3 +- src/lib/libssl/src/test/cms-test.pl | 4 +- 134 files changed, 3912 insertions(+), 1395 deletions(-) create mode 100644 src/lib/libcrypto/rc5/rc5_ecb.c create mode 100644 src/lib/libcrypto/rc5/rc5_enc.c create mode 100644 src/lib/libcrypto/rc5/rc5_skey.c create mode 100644 src/lib/libcrypto/rc5/rc5cfb64.c create mode 100644 src/lib/libcrypto/rc5/rc5ofb64.c create mode 100644 src/lib/libcrypto/rc5/rc5speed.c create mode 100644 src/lib/libssl/src/crypto/rc5/rc5_ecb.c create mode 100644 src/lib/libssl/src/crypto/rc5/rc5_enc.c create mode 100644 src/lib/libssl/src/crypto/rc5/rc5_skey.c create mode 100644 src/lib/libssl/src/crypto/rc5/rc5cfb64.c create mode 100644 src/lib/libssl/src/crypto/rc5/rc5ofb64.c create mode 100644 src/lib/libssl/src/crypto/rc5/rc5speed.c create mode 100644 src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile index 65d8904ee8..ba05fea05c 100644 --- a/src/lib/libcrypto/ecdh/Makefile +++ b/src/lib/libcrypto/ecdh/Makefile @@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ech_err.o: ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_key.o: ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/src/lib/libcrypto/engine/eng_rdrand.c b/src/lib/libcrypto/engine/eng_rdrand.c index a9ba5ae6f9..4e9e91d54b 100644 --- a/src/lib/libcrypto/engine/eng_rdrand.c +++ b/src/lib/libcrypto/engine/eng_rdrand.c @@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_e_rdrand_id) || !ENGINE_set_name(e, engine_e_rdrand_name) || + !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || !ENGINE_set_init_function(e, rdrand_init) || !ENGINE_set_RAND(e, &rdrand_meth) ) return 0; diff --git a/src/lib/libcrypto/mdc2/mdc2dgst.c b/src/lib/libcrypto/mdc2/mdc2dgst.c index b74bb1a759..d66ed6a1c6 100644 --- a/src/lib/libcrypto/mdc2/mdc2dgst.c +++ b/src/lib/libcrypto/mdc2/mdc2dgst.c @@ -59,9 +59,9 @@ #include #include #include +#include #include #include -#include #undef c2l #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ diff --git a/src/lib/libcrypto/modes/Makefile b/src/lib/libcrypto/modes/Makefile index c825b12f25..3d8bafd571 100644 --- a/src/lib/libcrypto/modes/Makefile +++ b/src/lib/libcrypto/modes/Makefile @@ -53,7 +53,10 @@ ghash-x86_64.s: asm/ghash-x86_64.pl ghash-sparcv9.s: asm/ghash-sparcv9.pl $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS) ghash-alpha.s: asm/ghash-alpha.pl - $(PERL) $< | $(CC) -E - | tee $@ > /dev/null + (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ + $(PERL) asm/ghash-alpha.pl > $$preproc && \ + $(CC) -E $$preproc > $@ && rm $$preproc) + ghash-parisc.s: asm/ghash-parisc.pl $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@ diff --git a/src/lib/libcrypto/perlasm/x86masm.pl b/src/lib/libcrypto/perlasm/x86masm.pl index 96b1b73e1a..f937d07c87 100644 --- a/src/lib/libcrypto/perlasm/x86masm.pl +++ b/src/lib/libcrypto/perlasm/x86masm.pl @@ -33,6 +33,7 @@ sub ::generic sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } sub ::call_ptr { &::emit("call",@_); } sub ::jmp_ptr { &::emit("jmp",@_); } +sub ::lock { &::data_byte(0xf0); } sub get_mem { my($size,$addr,$reg1,$reg2,$idx)=@_; diff --git a/src/lib/libcrypto/rc5/asm/rc5-586.pl b/src/lib/libcrypto/rc5/asm/rc5-586.pl index edff1d1e64..61ac6effc6 100644 --- a/src/lib/libcrypto/rc5/asm/rc5-586.pl +++ b/src/lib/libcrypto/rc5/asm/rc5-586.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; require "cbc.pl"; diff --git a/src/lib/libcrypto/rc5/rc5_ecb.c b/src/lib/libcrypto/rc5/rc5_ecb.c new file mode 100644 index 0000000000..e72b535507 --- /dev/null +++ b/src/lib/libcrypto/rc5/rc5_ecb.c @@ -0,0 +1,80 @@ +/* crypto/rc5/rc5_ecb.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rc5_locl.h" +#include + +const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT; + +void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC5_32_KEY *ks, int encrypt) + { + unsigned long l,d[2]; + + c2l(in,l); d[0]=l; + c2l(in,l); d[1]=l; + if (encrypt) + RC5_32_encrypt(d,ks); + else + RC5_32_decrypt(d,ks); + l=d[0]; l2c(l,out); + l=d[1]; l2c(l,out); + l=d[0]=d[1]=0; + } + diff --git a/src/lib/libcrypto/rc5/rc5_enc.c b/src/lib/libcrypto/rc5/rc5_enc.c new file mode 100644 index 0000000000..f327d32a76 --- /dev/null +++ b/src/lib/libcrypto/rc5/rc5_enc.c @@ -0,0 +1,215 @@ +/* crypto/rc5/rc5_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "rc5_locl.h" + +void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *ks, unsigned char *iv, + int encrypt) + { + register unsigned long tin0,tin1; + register unsigned long tout0,tout1,xor0,xor1; + register long l=length; + unsigned long tin[2]; + + if (encrypt) + { + c2l(iv,tout0); + c2l(iv,tout1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + c2l(in,tin0); + c2l(in,tin1); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + RC5_32_encrypt(tin,ks); + tout0=tin[0]; l2c(tout0,out); + tout1=tin[1]; l2c(tout1,out); + } + if (l != -8) + { + c2ln(in,tin0,tin1,l+8); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + RC5_32_encrypt(tin,ks); + tout0=tin[0]; l2c(tout0,out); + tout1=tin[1]; l2c(tout1,out); + } + l2c(tout0,iv); + l2c(tout1,iv); + } + else + { + c2l(iv,xor0); + c2l(iv,xor1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + c2l(in,tin0); tin[0]=tin0; + c2l(in,tin1); tin[1]=tin1; + RC5_32_decrypt(tin,ks); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2c(tout0,out); + l2c(tout1,out); + xor0=tin0; + xor1=tin1; + } + if (l != -8) + { + c2l(in,tin0); tin[0]=tin0; + c2l(in,tin1); tin[1]=tin1; + RC5_32_decrypt(tin,ks); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2cn(tout0,tout1,out,l+8); + xor0=tin0; + xor1=tin1; + } + l2c(xor0,iv); + l2c(xor1,iv); + } + tin0=tin1=tout0=tout1=xor0=xor1=0; + tin[0]=tin[1]=0; + } + +void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key) + { + RC5_32_INT a,b,*s; + + s=key->data; + + a=d[0]+s[0]; + b=d[1]+s[1]; + E_RC5_32(a,b,s, 2); + E_RC5_32(a,b,s, 4); + E_RC5_32(a,b,s, 6); + E_RC5_32(a,b,s, 8); + E_RC5_32(a,b,s,10); + E_RC5_32(a,b,s,12); + E_RC5_32(a,b,s,14); + E_RC5_32(a,b,s,16); + if (key->rounds == 12) + { + E_RC5_32(a,b,s,18); + E_RC5_32(a,b,s,20); + E_RC5_32(a,b,s,22); + E_RC5_32(a,b,s,24); + } + else if (key->rounds == 16) + { + /* Do a full expansion to avoid a jump */ + E_RC5_32(a,b,s,18); + E_RC5_32(a,b,s,20); + E_RC5_32(a,b,s,22); + E_RC5_32(a,b,s,24); + E_RC5_32(a,b,s,26); + E_RC5_32(a,b,s,28); + E_RC5_32(a,b,s,30); + E_RC5_32(a,b,s,32); + } + d[0]=a; + d[1]=b; + } + +void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key) + { + RC5_32_INT a,b,*s; + + s=key->data; + + a=d[0]; + b=d[1]; + if (key->rounds == 16) + { + D_RC5_32(a,b,s,32); + D_RC5_32(a,b,s,30); + D_RC5_32(a,b,s,28); + D_RC5_32(a,b,s,26); + /* Do a full expansion to avoid a jump */ + D_RC5_32(a,b,s,24); + D_RC5_32(a,b,s,22); + D_RC5_32(a,b,s,20); + D_RC5_32(a,b,s,18); + } + else if (key->rounds == 12) + { + D_RC5_32(a,b,s,24); + D_RC5_32(a,b,s,22); + D_RC5_32(a,b,s,20); + D_RC5_32(a,b,s,18); + } + D_RC5_32(a,b,s,16); + D_RC5_32(a,b,s,14); + D_RC5_32(a,b,s,12); + D_RC5_32(a,b,s,10); + D_RC5_32(a,b,s, 8); + D_RC5_32(a,b,s, 6); + D_RC5_32(a,b,s, 4); + D_RC5_32(a,b,s, 2); + d[0]=a-s[0]; + d[1]=b-s[1]; + } + diff --git a/src/lib/libcrypto/rc5/rc5_skey.c b/src/lib/libcrypto/rc5/rc5_skey.c new file mode 100644 index 0000000000..a2e00a41c5 --- /dev/null +++ b/src/lib/libcrypto/rc5/rc5_skey.c @@ -0,0 +1,113 @@ +/* crypto/rc5/rc5_skey.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rc5_locl.h" + +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds) + { + RC5_32_INT L[64],l,ll,A,B,*S,k; + int i,j,m,c,t,ii,jj; + + if ( (rounds != RC5_16_ROUNDS) && + (rounds != RC5_12_ROUNDS) && + (rounds != RC5_8_ROUNDS)) + rounds=RC5_16_ROUNDS; + + key->rounds=rounds; + S= &(key->data[0]); + j=0; + for (i=0; i<=(len-8); i+=8) + { + c2l(data,l); + L[j++]=l; + c2l(data,l); + L[j++]=l; + } + ii=len-i; + if (ii) + { + k=len&0x07; + c2ln(data,l,ll,k); + L[j+0]=l; + L[j+1]=ll; + } + + c=(len+3)/4; + t=(rounds+1)*2; + S[0]=RC5_32_P; + for (i=1; ic)?t:c; + j*=3; + ii=jj=0; + A=B=0; + for (i=0; i= t) ii=0; + if (++jj >= c) jj=0; + } + } + diff --git a/src/lib/libcrypto/rc5/rc5cfb64.c b/src/lib/libcrypto/rc5/rc5cfb64.c new file mode 100644 index 0000000000..3a8b60bc7a --- /dev/null +++ b/src/lib/libcrypto/rc5/rc5cfb64.c @@ -0,0 +1,122 @@ +/* crypto/rc5/rc5cfb64.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rc5_locl.h" + +/* The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int encrypt) + { + register unsigned long v0,v1,t; + register int n= *num; + register long l=length; + unsigned long ti[2]; + unsigned char *iv,c,cc; + + iv=(unsigned char *)ivec; + if (encrypt) + { + while (l--) + { + if (n == 0) + { + c2l(iv,v0); ti[0]=v0; + c2l(iv,v1); ti[1]=v1; + RC5_32_encrypt((unsigned long *)ti,schedule); + iv=(unsigned char *)ivec; + t=ti[0]; l2c(t,iv); + t=ti[1]; l2c(t,iv); + iv=(unsigned char *)ivec; + } + c= *(in++)^iv[n]; + *(out++)=c; + iv[n]=c; + n=(n+1)&0x07; + } + } + else + { + while (l--) + { + if (n == 0) + { + c2l(iv,v0); ti[0]=v0; + c2l(iv,v1); ti[1]=v1; + RC5_32_encrypt((unsigned long *)ti,schedule); + iv=(unsigned char *)ivec; + t=ti[0]; l2c(t,iv); + t=ti[1]; l2c(t,iv); + iv=(unsigned char *)ivec; + } + cc= *(in++); + c=iv[n]; + iv[n]=cc; + *(out++)=c^cc; + n=(n+1)&0x07; + } + } + v0=v1=ti[0]=ti[1]=t=c=cc=0; + *num=n; + } + diff --git a/src/lib/libcrypto/rc5/rc5ofb64.c b/src/lib/libcrypto/rc5/rc5ofb64.c new file mode 100644 index 0000000000..d412215f3c --- /dev/null +++ b/src/lib/libcrypto/rc5/rc5ofb64.c @@ -0,0 +1,111 @@ +/* crypto/rc5/rc5ofb64.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rc5_locl.h" + +/* The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num) + { + register unsigned long v0,v1,t; + register int n= *num; + register long l=length; + unsigned char d[8]; + register char *dp; + unsigned long ti[2]; + unsigned char *iv; + int save=0; + + iv=(unsigned char *)ivec; + c2l(iv,v0); + c2l(iv,v1); + ti[0]=v0; + ti[1]=v1; + dp=(char *)d; + l2c(v0,dp); + l2c(v1,dp); + while (l--) + { + if (n == 0) + { + RC5_32_encrypt((unsigned long *)ti,schedule); + dp=(char *)d; + t=ti[0]; l2c(t,dp); + t=ti[1]; l2c(t,dp); + save++; + } + *(out++)= *(in++)^d[n]; + n=(n+1)&0x07; + } + if (save) + { + v0=ti[0]; + v1=ti[1]; + iv=(unsigned char *)ivec; + l2c(v0,iv); + l2c(v1,iv); + } + t=v0=v1=ti[0]=ti[1]=0; + *num=n; + } + diff --git a/src/lib/libcrypto/rc5/rc5speed.c b/src/lib/libcrypto/rc5/rc5speed.c new file mode 100644 index 0000000000..8e363be535 --- /dev/null +++ b/src/lib/libcrypto/rc5/rc5speed.c @@ -0,0 +1,277 @@ +/* crypto/rc5/rc5speed.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ +/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ + +#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) +#define TIMES +#endif + +#include + +#include +#include OPENSSL_UNISTD_IO +OPENSSL_DECLARE_EXIT + +#ifndef OPENSSL_SYS_NETWARE +#include +#endif + +#ifndef _IRIX +#include +#endif +#ifdef TIMES +#include +#include +#endif + +/* Depending on the VMS version, the tms structure is perhaps defined. + The __TMS macro will show if it was. If it wasn't defined, we should + undefine TIMES, since that tells the rest of the program how things + should be handled. -- Richard Levitte */ +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) +#undef TIMES +#endif + +#ifndef TIMES +#include +#endif + +#if defined(sun) || defined(__ultrix) +#define _POSIX_SOURCE +#include +#include +#endif + +#include + +/* The following if from times(3) man page. It may need to be changed */ +#ifndef HZ +#ifndef CLK_TCK +#define HZ 100.0 +#else /* CLK_TCK */ +#define HZ ((double)CLK_TCK) +#endif +#endif + +#define BUFSIZE ((long)1024) +long run=0; + +double Time_F(int s); +#ifdef SIGALRM +#if defined(__STDC__) || defined(sgi) || defined(_AIX) +#define SIGRETTYPE void +#else +#define SIGRETTYPE int +#endif + +SIGRETTYPE sig_done(int sig); +SIGRETTYPE sig_done(int sig) + { + signal(SIGALRM,sig_done); + run=0; +#ifdef LINT + sig=sig; +#endif + } +#endif + +#define START 0 +#define STOP 1 + +double Time_F(int s) + { + double ret; +#ifdef TIMES + static struct tms tstart,tend; + + if (s == START) + { + times(&tstart); + return(0); + } + else + { + times(&tend); + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + return((ret == 0.0)?1e-6:ret); + } +#else /* !times() */ + static struct timeb tstart,tend; + long i; + + if (s == START) + { + ftime(&tstart); + return(0); + } + else + { + ftime(&tend); + i=(long)tend.millitm-(long)tstart.millitm; + ret=((double)(tend.time-tstart.time))+((double)i)/1e3; + return((ret == 0.0)?1e-6:ret); + } +#endif + } + +int main(int argc, char **argv) + { + long count; + static unsigned char buf[BUFSIZE]; + static unsigned char key[] ={ + 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + }; + RC5_32_KEY sch; + double a,b,c,d; +#ifndef SIGALRM + long ca,cb,cc; +#endif + +#ifndef TIMES + printf("To get the most accurate results, try to run this\n"); + printf("program when this computer is idle.\n"); +#endif + +#ifndef SIGALRM + printf("First we calculate the approximate speed ...\n"); + RC5_32_set_key(&sch,16,key,12); + count=10; + do { + long i; + unsigned long data[2]; + + count*=2; + Time_F(START); + for (i=count; i; i--) + RC5_32_encrypt(data,&sch); + d=Time_F(STOP); + } while (d < 3.0); + ca=count/512; + cb=count; + cc=count*8/BUFSIZE+1; + printf("Doing RC5_32_set_key %ld times\n",ca); +#define COND(d) (count != (d)) +#define COUNT(d) (d) +#else +#define COND(c) (run) +#define COUNT(d) (count) + signal(SIGALRM,sig_done); + printf("Doing RC5_32_set_key for 10 seconds\n"); + alarm(10); +#endif + + Time_F(START); + for (count=0,run=1; COND(ca); count+=4) + { + RC5_32_set_key(&sch,16,key,12); + RC5_32_set_key(&sch,16,key,12); + RC5_32_set_key(&sch,16,key,12); + RC5_32_set_key(&sch,16,key,12); + } + d=Time_F(STOP); + printf("%ld RC5_32_set_key's in %.2f seconds\n",count,d); + a=((double)COUNT(ca))/d; + +#ifdef SIGALRM + printf("Doing RC5_32_encrypt's for 10 seconds\n"); + alarm(10); +#else + printf("Doing RC5_32_encrypt %ld times\n",cb); +#endif + Time_F(START); + for (count=0,run=1; COND(cb); count+=4) + { + unsigned long data[2]; + + RC5_32_encrypt(data,&sch); + RC5_32_encrypt(data,&sch); + RC5_32_encrypt(data,&sch); + RC5_32_encrypt(data,&sch); + } + d=Time_F(STOP); + printf("%ld RC5_32_encrypt's in %.2f second\n",count,d); + b=((double)COUNT(cb)*8)/d; + +#ifdef SIGALRM + printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n", + BUFSIZE); + alarm(10); +#else + printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n",cc, + BUFSIZE); +#endif + Time_F(START); + for (count=0,run=1; COND(cc); count++) + RC5_32_cbc_encrypt(buf,buf,BUFSIZE,&sch, + &(key[0]),RC5_ENCRYPT); + d=Time_F(STOP); + printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n", + count,BUFSIZE,d); + c=((double)COUNT(cc)*BUFSIZE)/d; + + printf("RC5_32/12/16 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a); + printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b); + printf("RC5_32/12/16 cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); + exit(0); +#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) + return(0); +#endif + } diff --git a/src/lib/libcrypto/srp/srp_grps.h b/src/lib/libcrypto/srp/srp_grps.h index d77c9fff4b..8e3c35e3f5 100644 --- a/src/lib/libcrypto/srp/srp_grps.h +++ b/src/lib/libcrypto/srp/srp_grps.h @@ -1,22 +1,22 @@ /* start of generated data */ static BN_ULONG bn_group_1024_value[] = { - bn_pack4(9FC6,1D2F,C0EB,06E3), - bn_pack4(FD51,38FE,8376,435B), - bn_pack4(2FD4,CBF4,976E,AA9A), - bn_pack4(68ED,BC3C,0572,6CC0), - bn_pack4(C529,F566,660E,57EC), - bn_pack4(8255,9B29,7BCF,1885), - bn_pack4(CE8E,F4AD,69B1,5D49), - bn_pack4(5DC7,D7B4,6154,D6B6), - bn_pack4(8E49,5C1D,6089,DAD1), - bn_pack4(E0D5,D8E2,50B9,8BE4), - bn_pack4(383B,4813,D692,C6E0), - bn_pack4(D674,DF74,96EA,81D3), - bn_pack4(9EA2,314C,9C25,6576), - bn_pack4(6072,6187,75FF,3C0B), - bn_pack4(9C33,F80A,FA8F,C5E8), - bn_pack4(EEAF,0AB9,ADB3,8DD6) + bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3), + bn_pack4(0xFD51,0x38FE,0x8376,0x435B), + bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A), + bn_pack4(0x68ED,0xBC3C,0x0572,0x6CC0), + bn_pack4(0xC529,0xF566,0x660E,0x57EC), + bn_pack4(0x8255,0x9B29,0x7BCF,0x1885), + bn_pack4(0xCE8E,0xF4AD,0x69B1,0x5D49), + bn_pack4(0x5DC7,0xD7B4,0x6154,0xD6B6), + bn_pack4(0x8E49,0x5C1D,0x6089,0xDAD1), + bn_pack4(0xE0D5,0xD8E2,0x50B9,0x8BE4), + bn_pack4(0x383B,0x4813,0xD692,0xC6E0), + bn_pack4(0xD674,0xDF74,0x96EA,0x81D3), + bn_pack4(0x9EA2,0x314C,0x9C25,0x6576), + bn_pack4(0x6072,0x6187,0x75FF,0x3C0B), + bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8), + bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6) }; static BIGNUM bn_group_1024 = { bn_group_1024_value, @@ -27,30 +27,30 @@ static BIGNUM bn_group_1024 = { }; static BN_ULONG bn_group_1536_value[] = { - bn_pack4(CF76,E3FE,D135,F9BB), - bn_pack4(1518,0F93,499A,234D), - bn_pack4(8CE7,A28C,2442,C6F3), - bn_pack4(5A02,1FFF,5E91,479E), - bn_pack4(7F8A,2FE9,B8B5,292E), - bn_pack4(837C,264A,E3A9,BEB8), - bn_pack4(E442,734A,F7CC,B7AE), - bn_pack4(6577,2E43,7D6C,7F8C), - bn_pack4(DB2F,D53D,24B7,C486), - bn_pack4(6EDF,0195,3934,9627), - bn_pack4(158B,FD3E,2B9C,8CF5), - bn_pack4(764E,3F4B,53DD,9DA1), - bn_pack4(4754,8381,DBC5,B1FC), - bn_pack4(9B60,9E0B,E3BA,B63D), - bn_pack4(8134,B1C8,B979,8914), - bn_pack4(DF02,8A7C,EC67,F0D0), - bn_pack4(80B6,55BB,9A22,E8DC), - bn_pack4(1558,903B,A0D0,F843), - bn_pack4(51C6,A94B,E460,7A29), - bn_pack4(5F4F,5F55,6E27,CBDE), - bn_pack4(BEEE,A961,4B19,CC4D), - bn_pack4(DBA5,1DF4,99AC,4C80), - bn_pack4(B1F1,2A86,17A4,7BBB), - bn_pack4(9DEF,3CAF,B939,277A) + bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB), + bn_pack4(0x1518,0x0F93,0x499A,0x234D), + bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3), + bn_pack4(0x5A02,0x1FFF,0x5E91,0x479E), + bn_pack4(0x7F8A,0x2FE9,0xB8B5,0x292E), + bn_pack4(0x837C,0x264A,0xE3A9,0xBEB8), + bn_pack4(0xE442,0x734A,0xF7CC,0xB7AE), + bn_pack4(0x6577,0x2E43,0x7D6C,0x7F8C), + bn_pack4(0xDB2F,0xD53D,0x24B7,0xC486), + bn_pack4(0x6EDF,0x0195,0x3934,0x9627), + bn_pack4(0x158B,0xFD3E,0x2B9C,0x8CF5), + bn_pack4(0x764E,0x3F4B,0x53DD,0x9DA1), + bn_pack4(0x4754,0x8381,0xDBC5,0xB1FC), + bn_pack4(0x9B60,0x9E0B,0xE3BA,0xB63D), + bn_pack4(0x8134,0xB1C8,0xB979,0x8914), + bn_pack4(0xDF02,0x8A7C,0xEC67,0xF0D0), + bn_pack4(0x80B6,0x55BB,0x9A22,0xE8DC), + bn_pack4(0x1558,0x903B,0xA0D0,0xF843), + bn_pack4(0x51C6,0xA94B,0xE460,0x7A29), + bn_pack4(0x5F4F,0x5F55,0x6E27,0xCBDE), + bn_pack4(0xBEEE,0xA961,0x4B19,0xCC4D), + bn_pack4(0xDBA5,0x1DF4,0x99AC,0x4C80), + bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB), + bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A) }; static BIGNUM bn_group_1536 = { bn_group_1536_value, @@ -61,38 +61,38 @@ static BIGNUM bn_group_1536 = { }; static BN_ULONG bn_group_2048_value[] = { - bn_pack4(0FA7,111F,9E4A,FF73), - bn_pack4(9B65,E372,FCD6,8EF2), - bn_pack4(35DE,236D,525F,5475), - bn_pack4(94B5,C803,D89F,7AE4), - bn_pack4(71AE,35F8,E9DB,FBB6), - bn_pack4(2A56,98F3,A8D0,C382), - bn_pack4(9CCC,041C,7BC3,08D8), - bn_pack4(AF87,4E73,03CE,5329), - bn_pack4(6160,2790,04E5,7AE6), - bn_pack4(032C,FBDB,F52F,B378), - bn_pack4(5EA7,7A27,75D2,ECFA), - bn_pack4(5445,23B5,24B0,D57D), - bn_pack4(5B9D,32E6,88F8,7748), - bn_pack4(F1D2,B907,8717,461A), - bn_pack4(76BD,207A,436C,6481), - bn_pack4(CA97,B43A,23FB,8016), - bn_pack4(1D28,1E44,6B14,773B), - bn_pack4(7359,D041,D5C3,3EA7), - bn_pack4(A80D,740A,DBF4,FF74), - bn_pack4(55F9,7993,EC97,5EEA), - bn_pack4(2918,A996,2F0B,93B8), - bn_pack4(661A,05FB,D5FA,AAE8), - bn_pack4(CF60,9517,9A16,3AB3), - bn_pack4(E808,3969,EDB7,67B0), - bn_pack4(CD7F,48A9,DA04,FD50), - bn_pack4(D523,12AB,4B03,310D), - bn_pack4(8193,E075,7767,A13D), - bn_pack4(A373,29CB,B4A0,99ED), - bn_pack4(FC31,9294,3DB5,6050), - bn_pack4(AF72,B665,1987,EE07), - bn_pack4(F166,DE5E,1389,582F), - bn_pack4(AC6B,DB41,324A,9A9B) + bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73), + bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2), + bn_pack4(0x35DE,0x236D,0x525F,0x5475), + bn_pack4(0x94B5,0xC803,0xD89F,0x7AE4), + bn_pack4(0x71AE,0x35F8,0xE9DB,0xFBB6), + bn_pack4(0x2A56,0x98F3,0xA8D0,0xC382), + bn_pack4(0x9CCC,0x041C,0x7BC3,0x08D8), + bn_pack4(0xAF87,0x4E73,0x03CE,0x5329), + bn_pack4(0x6160,0x2790,0x04E5,0x7AE6), + bn_pack4(0x032C,0xFBDB,0xF52F,0xB378), + bn_pack4(0x5EA7,0x7A27,0x75D2,0xECFA), + bn_pack4(0x5445,0x23B5,0x24B0,0xD57D), + bn_pack4(0x5B9D,0x32E6,0x88F8,0x7748), + bn_pack4(0xF1D2,0xB907,0x8717,0x461A), + bn_pack4(0x76BD,0x207A,0x436C,0x6481), + bn_pack4(0xCA97,0xB43A,0x23FB,0x8016), + bn_pack4(0x1D28,0x1E44,0x6B14,0x773B), + bn_pack4(0x7359,0xD041,0xD5C3,0x3EA7), + bn_pack4(0xA80D,0x740A,0xDBF4,0xFF74), + bn_pack4(0x55F9,0x7993,0xEC97,0x5EEA), + bn_pack4(0x2918,0xA996,0x2F0B,0x93B8), + bn_pack4(0x661A,0x05FB,0xD5FA,0xAAE8), + bn_pack4(0xCF60,0x9517,0x9A16,0x3AB3), + bn_pack4(0xE808,0x3969,0xEDB7,0x67B0), + bn_pack4(0xCD7F,0x48A9,0xDA04,0xFD50), + bn_pack4(0xD523,0x12AB,0x4B03,0x310D), + bn_pack4(0x8193,0xE075,0x7767,0xA13D), + bn_pack4(0xA373,0x29CB,0xB4A0,0x99ED), + bn_pack4(0xFC31,0x9294,0x3DB5,0x6050), + bn_pack4(0xAF72,0xB665,0x1987,0xEE07), + bn_pack4(0xF166,0xDE5E,0x1389,0x582F), + bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B) }; static BIGNUM bn_group_2048 = { bn_group_2048_value, @@ -103,54 +103,54 @@ static BIGNUM bn_group_2048 = { }; static BN_ULONG bn_group_3072_value[] = { - bn_pack4(FFFF,FFFF,FFFF,FFFF), - bn_pack4(4B82,D120,A93A,D2CA), - bn_pack4(43DB,5BFC,E0FD,108E), - bn_pack4(08E2,4FA0,74E5,AB31), - bn_pack4(7709,88C0,BAD9,46E2), - bn_pack4(BBE1,1757,7A61,5D6C), - bn_pack4(521F,2B18,177B,200C), - bn_pack4(D876,0273,3EC8,6A64), - bn_pack4(F12F,FA06,D98A,0864), - bn_pack4(CEE3,D226,1AD2,EE6B), - bn_pack4(1E8C,94E0,4A25,619D), - bn_pack4(ABF5,AE8C,DB09,33D7), - bn_pack4(B397,0F85,A6E1,E4C7), - bn_pack4(8AEA,7157,5D06,0C7D), - bn_pack4(ECFB,8504,58DB,EF0A), - bn_pack4(A855,21AB,DF1C,BA64), - bn_pack4(AD33,170D,0450,7A33), - bn_pack4(1572,8E5A,8AAA,C42D), - bn_pack4(15D2,2618,98FA,0510), - bn_pack4(3995,497C,EA95,6AE5), - bn_pack4(DE2B,CBF6,9558,1718), - bn_pack4(B5C5,5DF0,6F4C,52C9), - bn_pack4(9B27,83A2,EC07,A28F), - bn_pack4(E39E,772C,180E,8603), - bn_pack4(3290,5E46,2E36,CE3B), - bn_pack4(F174,6C08,CA18,217C), - bn_pack4(670C,354E,4ABC,9804), - bn_pack4(9ED5,2907,7096,966D), - bn_pack4(1C62,F356,2085,52BB), - bn_pack4(8365,5D23,DCA3,AD96), - bn_pack4(6916,3FA8,FD24,CF5F), - bn_pack4(98DA,4836,1C55,D39A), - bn_pack4(C200,7CB8,A163,BF05), - bn_pack4(4928,6651,ECE4,5B3D), - bn_pack4(AE9F,2411,7C4B,1FE6), - bn_pack4(EE38,6BFB,5A89,9FA5), - bn_pack4(0BFF,5CB6,F406,B7ED), - bn_pack4(F44C,42E9,A637,ED6B), - bn_pack4(E485,B576,625E,7EC6), - bn_pack4(4FE1,356D,6D51,C245), - bn_pack4(302B,0A6D,F25F,1437), - bn_pack4(EF95,19B3,CD3A,431B), - bn_pack4(514A,0879,8E34,04DD), - bn_pack4(020B,BEA6,3B13,9B22), - bn_pack4(2902,4E08,8A67,CC74), - bn_pack4(C4C6,628B,80DC,1CD1), - bn_pack4(C90F,DAA2,2168,C234), - bn_pack4(FFFF,FFFF,FFFF,FFFF) + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF), + bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA), + bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E), + bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31), + bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2), + bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C), + bn_pack4(0x521F,0x2B18,0x177B,0x200C), + bn_pack4(0xD876,0x0273,0x3EC8,0x6A64), + bn_pack4(0xF12F,0xFA06,0xD98A,0x0864), + bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B), + bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D), + bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7), + bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7), + bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D), + bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A), + bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64), + bn_pack4(0xAD33,0x170D,0x0450,0x7A33), + bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D), + bn_pack4(0x15D2,0x2618,0x98FA,0x0510), + bn_pack4(0x3995,0x497C,0xEA95,0x6AE5), + bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718), + bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9), + bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F), + bn_pack4(0xE39E,0x772C,0x180E,0x8603), + bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B), + bn_pack4(0xF174,0x6C08,0xCA18,0x217C), + bn_pack4(0x670C,0x354E,0x4ABC,0x9804), + bn_pack4(0x9ED5,0x2907,0x7096,0x966D), + bn_pack4(0x1C62,0xF356,0x2085,0x52BB), + bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96), + bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F), + bn_pack4(0x98DA,0x4836,0x1C55,0xD39A), + bn_pack4(0xC200,0x7CB8,0xA163,0xBF05), + bn_pack4(0x4928,0x6651,0xECE4,0x5B3D), + bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6), + bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5), + bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED), + bn_pack4(0xF44C,0x42E9,0xA637,0xED6B), + bn_pack4(0xE485,0xB576,0x625E,0x7EC6), + bn_pack4(0x4FE1,0x356D,0x6D51,0xC245), + bn_pack4(0x302B,0x0A6D,0xF25F,0x1437), + bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B), + bn_pack4(0x514A,0x0879,0x8E34,0x04DD), + bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22), + bn_pack4(0x2902,0x4E08,0x8A67,0xCC74), + bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1), + bn_pack4(0xC90F,0xDAA2,0x2168,0xC234), + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF) }; static BIGNUM bn_group_3072 = { bn_group_3072_value, @@ -161,70 +161,70 @@ static BIGNUM bn_group_3072 = { }; static BN_ULONG bn_group_4096_value[] = { - bn_pack4(FFFF,FFFF,FFFF,FFFF), - bn_pack4(4DF4,35C9,3406,3199), - bn_pack4(86FF,B7DC,90A6,C08F), - bn_pack4(93B4,EA98,8D8F,DDC1), - bn_pack4(D006,9127,D5B0,5AA9), - bn_pack4(B81B,DD76,2170,481C), - bn_pack4(1F61,2970,CEE2,D7AF), - bn_pack4(233B,A186,515B,E7ED), - bn_pack4(99B2,964F,A090,C3A2), - bn_pack4(287C,5947,4E6B,C05D), - bn_pack4(2E8E,FC14,1FBE,CAA6), - bn_pack4(DBBB,C2DB,04DE,8EF9), - bn_pack4(2583,E9CA,2AD4,4CE8), - bn_pack4(1A94,6834,B615,0BDA), - bn_pack4(99C3,2718,6AF4,E23C), - bn_pack4(8871,9A10,BDBA,5B26), - bn_pack4(1A72,3C12,A787,E6D7), - bn_pack4(4B82,D120,A921,0801), - bn_pack4(43DB,5BFC,E0FD,108E), - bn_pack4(08E2,4FA0,74E5,AB31), - bn_pack4(7709,88C0,BAD9,46E2), - bn_pack4(BBE1,1757,7A61,5D6C), - bn_pack4(521F,2B18,177B,200C), - bn_pack4(D876,0273,3EC8,6A64), - bn_pack4(F12F,FA06,D98A,0864), - bn_pack4(CEE3,D226,1AD2,EE6B), - bn_pack4(1E8C,94E0,4A25,619D), - bn_pack4(ABF5,AE8C,DB09,33D7), - bn_pack4(B397,0F85,A6E1,E4C7), - bn_pack4(8AEA,7157,5D06,0C7D), - bn_pack4(ECFB,8504,58DB,EF0A), - bn_pack4(A855,21AB,DF1C,BA64), - bn_pack4(AD33,170D,0450,7A33), - bn_pack4(1572,8E5A,8AAA,C42D), - bn_pack4(15D2,2618,98FA,0510), - bn_pack4(3995,497C,EA95,6AE5), - bn_pack4(DE2B,CBF6,9558,1718), - bn_pack4(B5C5,5DF0,6F4C,52C9), - bn_pack4(9B27,83A2,EC07,A28F), - bn_pack4(E39E,772C,180E,8603), - bn_pack4(3290,5E46,2E36,CE3B), - bn_pack4(F174,6C08,CA18,217C), - bn_pack4(670C,354E,4ABC,9804), - bn_pack4(9ED5,2907,7096,966D), - bn_pack4(1C62,F356,2085,52BB), - bn_pack4(8365,5D23,DCA3,AD96), - bn_pack4(6916,3FA8,FD24,CF5F), - bn_pack4(98DA,4836,1C55,D39A), - bn_pack4(C200,7CB8,A163,BF05), - bn_pack4(4928,6651,ECE4,5B3D), - bn_pack4(AE9F,2411,7C4B,1FE6), - bn_pack4(EE38,6BFB,5A89,9FA5), - bn_pack4(0BFF,5CB6,F406,B7ED), - bn_pack4(F44C,42E9,A637,ED6B), - bn_pack4(E485,B576,625E,7EC6), - bn_pack4(4FE1,356D,6D51,C245), - bn_pack4(302B,0A6D,F25F,1437), - bn_pack4(EF95,19B3,CD3A,431B), - bn_pack4(514A,0879,8E34,04DD), - bn_pack4(020B,BEA6,3B13,9B22), - bn_pack4(2902,4E08,8A67,CC74), - bn_pack4(C4C6,628B,80DC,1CD1), - bn_pack4(C90F,DAA2,2168,C234), - bn_pack4(FFFF,FFFF,FFFF,FFFF) + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF), + bn_pack4(0x4DF4,0x35C9,0x3406,0x3199), + bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F), + bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1), + bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9), + bn_pack4(0xB81B,0xDD76,0x2170,0x481C), + bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF), + bn_pack4(0x233B,0xA186,0x515B,0xE7ED), + bn_pack4(0x99B2,0x964F,0xA090,0xC3A2), + bn_pack4(0x287C,0x5947,0x4E6B,0xC05D), + bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6), + bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9), + bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8), + bn_pack4(0x1A94,0x6834,0xB615,0x0BDA), + bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C), + bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26), + bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7), + bn_pack4(0x4B82,0xD120,0xA921,0x0801), + bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E), + bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31), + bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2), + bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C), + bn_pack4(0x521F,0x2B18,0x177B,0x200C), + bn_pack4(0xD876,0x0273,0x3EC8,0x6A64), + bn_pack4(0xF12F,0xFA06,0xD98A,0x0864), + bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B), + bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D), + bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7), + bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7), + bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D), + bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A), + bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64), + bn_pack4(0xAD33,0x170D,0x0450,0x7A33), + bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D), + bn_pack4(0x15D2,0x2618,0x98FA,0x0510), + bn_pack4(0x3995,0x497C,0xEA95,0x6AE5), + bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718), + bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9), + bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F), + bn_pack4(0xE39E,0x772C,0x180E,0x8603), + bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B), + bn_pack4(0xF174,0x6C08,0xCA18,0x217C), + bn_pack4(0x670C,0x354E,0x4ABC,0x9804), + bn_pack4(0x9ED5,0x2907,0x7096,0x966D), + bn_pack4(0x1C62,0xF356,0x2085,0x52BB), + bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96), + bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F), + bn_pack4(0x98DA,0x4836,0x1C55,0xD39A), + bn_pack4(0xC200,0x7CB8,0xA163,0xBF05), + bn_pack4(0x4928,0x6651,0xECE4,0x5B3D), + bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6), + bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5), + bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED), + bn_pack4(0xF44C,0x42E9,0xA637,0xED6B), + bn_pack4(0xE485,0xB576,0x625E,0x7EC6), + bn_pack4(0x4FE1,0x356D,0x6D51,0xC245), + bn_pack4(0x302B,0x0A6D,0xF25F,0x1437), + bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B), + bn_pack4(0x514A,0x0879,0x8E34,0x04DD), + bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22), + bn_pack4(0x2902,0x4E08,0x8A67,0xCC74), + bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1), + bn_pack4(0xC90F,0xDAA2,0x2168,0xC234), + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF) }; static BIGNUM bn_group_4096 = { bn_group_4096_value, @@ -235,102 +235,102 @@ static BIGNUM bn_group_4096 = { }; static BN_ULONG bn_group_6144_value[] = { - bn_pack4(FFFF,FFFF,FFFF,FFFF), - bn_pack4(E694,F91E,6DCC,4024), - bn_pack4(12BF,2D5B,0B74,74D6), - bn_pack4(043E,8F66,3F48,60EE), - bn_pack4(387F,E8D7,6E3C,0468), - bn_pack4(DA56,C9EC,2EF2,9632), - bn_pack4(EB19,CCB1,A313,D55C), - bn_pack4(F550,AA3D,8A1F,BFF0), - bn_pack4(06A1,D58B,B7C5,DA76), - bn_pack4(A797,15EE,F29B,E328), - bn_pack4(14CC,5ED2,0F80,37E0), - bn_pack4(CC8F,6D7E,BF48,E1D8), - bn_pack4(4BD4,07B2,2B41,54AA), - bn_pack4(0F1D,45B7,FF58,5AC5), - bn_pack4(23A9,7A7E,36CC,88BE), - bn_pack4(59E7,C97F,BEC7,E8F3), - bn_pack4(B5A8,4031,900B,1C9E), - bn_pack4(D55E,702F,4698,0C82), - bn_pack4(F482,D7CE,6E74,FEF6), - bn_pack4(F032,EA15,D172,1D03), - bn_pack4(5983,CA01,C64B,92EC), - bn_pack4(6FB8,F401,378C,D2BF), - bn_pack4(3320,5151,2BD7,AF42), - bn_pack4(DB7F,1447,E6CC,254B), - bn_pack4(44CE,6CBA,CED4,BB1B), - bn_pack4(DA3E,DBEB,CF9B,14ED), - bn_pack4(1797,27B0,865A,8918), - bn_pack4(B06A,53ED,9027,D831), - bn_pack4(E5DB,382F,4130,01AE), - bn_pack4(F8FF,9406,AD9E,530E), - bn_pack4(C975,1E76,3DBA,37BD), - bn_pack4(C1D4,DCB2,6026,46DE), - bn_pack4(36C3,FAB4,D27C,7026), - bn_pack4(4DF4,35C9,3402,8492), - bn_pack4(86FF,B7DC,90A6,C08F), - bn_pack4(93B4,EA98,8D8F,DDC1), - bn_pack4(D006,9127,D5B0,5AA9), - bn_pack4(B81B,DD76,2170,481C), - bn_pack4(1F61,2970,CEE2,D7AF), - bn_pack4(233B,A186,515B,E7ED), - bn_pack4(99B2,964F,A090,C3A2), - bn_pack4(287C,5947,4E6B,C05D), - bn_pack4(2E8E,FC14,1FBE,CAA6), - bn_pack4(DBBB,C2DB,04DE,8EF9), - bn_pack4(2583,E9CA,2AD4,4CE8), - bn_pack4(1A94,6834,B615,0BDA), - bn_pack4(99C3,2718,6AF4,E23C), - bn_pack4(8871,9A10,BDBA,5B26), - bn_pack4(1A72,3C12,A787,E6D7), - bn_pack4(4B82,D120,A921,0801), - bn_pack4(43DB,5BFC,E0FD,108E), - bn_pack4(08E2,4FA0,74E5,AB31), - bn_pack4(7709,88C0,BAD9,46E2), - bn_pack4(BBE1,1757,7A61,5D6C), - bn_pack4(521F,2B18,177B,200C), - bn_pack4(D876,0273,3EC8,6A64), - bn_pack4(F12F,FA06,D98A,0864), - bn_pack4(CEE3,D226,1AD2,EE6B), - bn_pack4(1E8C,94E0,4A25,619D), - bn_pack4(ABF5,AE8C,DB09,33D7), - bn_pack4(B397,0F85,A6E1,E4C7), - bn_pack4(8AEA,7157,5D06,0C7D), - bn_pack4(ECFB,8504,58DB,EF0A), - bn_pack4(A855,21AB,DF1C,BA64), - bn_pack4(AD33,170D,0450,7A33), - bn_pack4(1572,8E5A,8AAA,C42D), - bn_pack4(15D2,2618,98FA,0510), - bn_pack4(3995,497C,EA95,6AE5), - bn_pack4(DE2B,CBF6,9558,1718), - bn_pack4(B5C5,5DF0,6F4C,52C9), - bn_pack4(9B27,83A2,EC07,A28F), - bn_pack4(E39E,772C,180E,8603), - bn_pack4(3290,5E46,2E36,CE3B), - bn_pack4(F174,6C08,CA18,217C), - bn_pack4(670C,354E,4ABC,9804), - bn_pack4(9ED5,2907,7096,966D), - bn_pack4(1C62,F356,2085,52BB), - bn_pack4(8365,5D23,DCA3,AD96), - bn_pack4(6916,3FA8,FD24,CF5F), - bn_pack4(98DA,4836,1C55,D39A), - bn_pack4(C200,7CB8,A163,BF05), - bn_pack4(4928,6651,ECE4,5B3D), - bn_pack4(AE9F,2411,7C4B,1FE6), - bn_pack4(EE38,6BFB,5A89,9FA5), - bn_pack4(0BFF,5CB6,F406,B7ED), - bn_pack4(F44C,42E9,A637,ED6B), - bn_pack4(E485,B576,625E,7EC6), - bn_pack4(4FE1,356D,6D51,C245), - bn_pack4(302B,0A6D,F25F,1437), - bn_pack4(EF95,19B3,CD3A,431B), - bn_pack4(514A,0879,8E34,04DD), - bn_pack4(020B,BEA6,3B13,9B22), - bn_pack4(2902,4E08,8A67,CC74), - bn_pack4(C4C6,628B,80DC,1CD1), - bn_pack4(C90F,DAA2,2168,C234), - bn_pack4(FFFF,FFFF,FFFF,FFFF) + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF), + bn_pack4(0xE694,0xF91E,0x6DCC,0x4024), + bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6), + bn_pack4(0x043E,0x8F66,0x3F48,0x60EE), + bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468), + bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632), + bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C), + bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0), + bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76), + bn_pack4(0xA797,0x15EE,0xF29B,0xE328), + bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0), + bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8), + bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA), + bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5), + bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE), + bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3), + bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E), + bn_pack4(0xD55E,0x702F,0x4698,0x0C82), + bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6), + bn_pack4(0xF032,0xEA15,0xD172,0x1D03), + bn_pack4(0x5983,0xCA01,0xC64B,0x92EC), + bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF), + bn_pack4(0x3320,0x5151,0x2BD7,0xAF42), + bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B), + bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B), + bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED), + bn_pack4(0x1797,0x27B0,0x865A,0x8918), + bn_pack4(0xB06A,0x53ED,0x9027,0xD831), + bn_pack4(0xE5DB,0x382F,0x4130,0x01AE), + bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E), + bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD), + bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE), + bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026), + bn_pack4(0x4DF4,0x35C9,0x3402,0x8492), + bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F), + bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1), + bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9), + bn_pack4(0xB81B,0xDD76,0x2170,0x481C), + bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF), + bn_pack4(0x233B,0xA186,0x515B,0xE7ED), + bn_pack4(0x99B2,0x964F,0xA090,0xC3A2), + bn_pack4(0x287C,0x5947,0x4E6B,0xC05D), + bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6), + bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9), + bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8), + bn_pack4(0x1A94,0x6834,0xB615,0x0BDA), + bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C), + bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26), + bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7), + bn_pack4(0x4B82,0xD120,0xA921,0x0801), + bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E), + bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31), + bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2), + bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C), + bn_pack4(0x521F,0x2B18,0x177B,0x200C), + bn_pack4(0xD876,0x0273,0x3EC8,0x6A64), + bn_pack4(0xF12F,0xFA06,0xD98A,0x0864), + bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B), + bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D), + bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7), + bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7), + bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D), + bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A), + bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64), + bn_pack4(0xAD33,0x170D,0x0450,0x7A33), + bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D), + bn_pack4(0x15D2,0x2618,0x98FA,0x0510), + bn_pack4(0x3995,0x497C,0xEA95,0x6AE5), + bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718), + bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9), + bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F), + bn_pack4(0xE39E,0x772C,0x180E,0x8603), + bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B), + bn_pack4(0xF174,0x6C08,0xCA18,0x217C), + bn_pack4(0x670C,0x354E,0x4ABC,0x9804), + bn_pack4(0x9ED5,0x2907,0x7096,0x966D), + bn_pack4(0x1C62,0xF356,0x2085,0x52BB), + bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96), + bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F), + bn_pack4(0x98DA,0x4836,0x1C55,0xD39A), + bn_pack4(0xC200,0x7CB8,0xA163,0xBF05), + bn_pack4(0x4928,0x6651,0xECE4,0x5B3D), + bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6), + bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5), + bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED), + bn_pack4(0xF44C,0x42E9,0xA637,0xED6B), + bn_pack4(0xE485,0xB576,0x625E,0x7EC6), + bn_pack4(0x4FE1,0x356D,0x6D51,0xC245), + bn_pack4(0x302B,0x0A6D,0xF25F,0x1437), + bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B), + bn_pack4(0x514A,0x0879,0x8E34,0x04DD), + bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22), + bn_pack4(0x2902,0x4E08,0x8A67,0xCC74), + bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1), + bn_pack4(0xC90F,0xDAA2,0x2168,0xC234), + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF) }; static BIGNUM bn_group_6144 = { bn_group_6144_value, @@ -341,134 +341,134 @@ static BIGNUM bn_group_6144 = { }; static BN_ULONG bn_group_8192_value[] = { - bn_pack4(FFFF,FFFF,FFFF,FFFF), - bn_pack4(60C9,80DD,98ED,D3DF), - bn_pack4(C81F,56E8,80B9,6E71), - bn_pack4(9E30,50E2,7656,94DF), - bn_pack4(9558,E447,5677,E9AA), - bn_pack4(C919,0DA6,FC02,6E47), - bn_pack4(889A,002E,D5EE,382B), - bn_pack4(4009,438B,481C,6CD7), - bn_pack4(3590,46F4,EB87,9F92), - bn_pack4(FAF3,6BC3,1ECF,A268), - bn_pack4(B1D5,10BD,7EE7,4D73), - bn_pack4(F9AB,4819,5DED,7EA1), - bn_pack4(64F3,1CC5,0846,851D), - bn_pack4(4597,E899,A025,5DC1), - bn_pack4(DF31,0EE0,74AB,6A36), - bn_pack4(6D2A,13F8,3F44,F82D), - bn_pack4(062B,3CF5,B3A2,78A6), - bn_pack4(7968,3303,ED5B,DD3A), - bn_pack4(FA9D,4B7F,A2C0,87E8), - bn_pack4(4BCB,C886,2F83,85DD), - bn_pack4(3473,FC64,6CEA,306B), - bn_pack4(13EB,57A8,1A23,F0C7), - bn_pack4(2222,2E04,A403,7C07), - bn_pack4(E3FD,B8BE,FC84,8AD9), - bn_pack4(238F,16CB,E39D,652D), - bn_pack4(3423,B474,2BF1,C978), - bn_pack4(3AAB,639C,5AE4,F568), - bn_pack4(2576,F693,6BA4,2466), - bn_pack4(741F,A7BF,8AFC,47ED), - bn_pack4(3BC8,32B6,8D9D,D300), - bn_pack4(D8BE,C4D0,73B9,31BA), - bn_pack4(3877,7CB6,A932,DF8C), - bn_pack4(74A3,926F,12FE,E5E4), - bn_pack4(E694,F91E,6DBE,1159), - bn_pack4(12BF,2D5B,0B74,74D6), - bn_pack4(043E,8F66,3F48,60EE), - bn_pack4(387F,E8D7,6E3C,0468), - bn_pack4(DA56,C9EC,2EF2,9632), - bn_pack4(EB19,CCB1,A313,D55C), - bn_pack4(F550,AA3D,8A1F,BFF0), - bn_pack4(06A1,D58B,B7C5,DA76), - bn_pack4(A797,15EE,F29B,E328), - bn_pack4(14CC,5ED2,0F80,37E0), - bn_pack4(CC8F,6D7E,BF48,E1D8), - bn_pack4(4BD4,07B2,2B41,54AA), - bn_pack4(0F1D,45B7,FF58,5AC5), - bn_pack4(23A9,7A7E,36CC,88BE), - bn_pack4(59E7,C97F,BEC7,E8F3), - bn_pack4(B5A8,4031,900B,1C9E), - bn_pack4(D55E,702F,4698,0C82), - bn_pack4(F482,D7CE,6E74,FEF6), - bn_pack4(F032,EA15,D172,1D03), - bn_pack4(5983,CA01,C64B,92EC), - bn_pack4(6FB8,F401,378C,D2BF), - bn_pack4(3320,5151,2BD7,AF42), - bn_pack4(DB7F,1447,E6CC,254B), - bn_pack4(44CE,6CBA,CED4,BB1B), - bn_pack4(DA3E,DBEB,CF9B,14ED), - bn_pack4(1797,27B0,865A,8918), - bn_pack4(B06A,53ED,9027,D831), - bn_pack4(E5DB,382F,4130,01AE), - bn_pack4(F8FF,9406,AD9E,530E), - bn_pack4(C975,1E76,3DBA,37BD), - bn_pack4(C1D4,DCB2,6026,46DE), - bn_pack4(36C3,FAB4,D27C,7026), - bn_pack4(4DF4,35C9,3402,8492), - bn_pack4(86FF,B7DC,90A6,C08F), - bn_pack4(93B4,EA98,8D8F,DDC1), - bn_pack4(D006,9127,D5B0,5AA9), - bn_pack4(B81B,DD76,2170,481C), - bn_pack4(1F61,2970,CEE2,D7AF), - bn_pack4(233B,A186,515B,E7ED), - bn_pack4(99B2,964F,A090,C3A2), - bn_pack4(287C,5947,4E6B,C05D), - bn_pack4(2E8E,FC14,1FBE,CAA6), - bn_pack4(DBBB,C2DB,04DE,8EF9), - bn_pack4(2583,E9CA,2AD4,4CE8), - bn_pack4(1A94,6834,B615,0BDA), - bn_pack4(99C3,2718,6AF4,E23C), - bn_pack4(8871,9A10,BDBA,5B26), - bn_pack4(1A72,3C12,A787,E6D7), - bn_pack4(4B82,D120,A921,0801), - bn_pack4(43DB,5BFC,E0FD,108E), - bn_pack4(08E2,4FA0,74E5,AB31), - bn_pack4(7709,88C0,BAD9,46E2), - bn_pack4(BBE1,1757,7A61,5D6C), - bn_pack4(521F,2B18,177B,200C), - bn_pack4(D876,0273,3EC8,6A64), - bn_pack4(F12F,FA06,D98A,0864), - bn_pack4(CEE3,D226,1AD2,EE6B), - bn_pack4(1E8C,94E0,4A25,619D), - bn_pack4(ABF5,AE8C,DB09,33D7), - bn_pack4(B397,0F85,A6E1,E4C7), - bn_pack4(8AEA,7157,5D06,0C7D), - bn_pack4(ECFB,8504,58DB,EF0A), - bn_pack4(A855,21AB,DF1C,BA64), - bn_pack4(AD33,170D,0450,7A33), - bn_pack4(1572,8E5A,8AAA,C42D), - bn_pack4(15D2,2618,98FA,0510), - bn_pack4(3995,497C,EA95,6AE5), - bn_pack4(DE2B,CBF6,9558,1718), - bn_pack4(B5C5,5DF0,6F4C,52C9), - bn_pack4(9B27,83A2,EC07,A28F), - bn_pack4(E39E,772C,180E,8603), - bn_pack4(3290,5E46,2E36,CE3B), - bn_pack4(F174,6C08,CA18,217C), - bn_pack4(670C,354E,4ABC,9804), - bn_pack4(9ED5,2907,7096,966D), - bn_pack4(1C62,F356,2085,52BB), - bn_pack4(8365,5D23,DCA3,AD96), - bn_pack4(6916,3FA8,FD24,CF5F), - bn_pack4(98DA,4836,1C55,D39A), - bn_pack4(C200,7CB8,A163,BF05), - bn_pack4(4928,6651,ECE4,5B3D), - bn_pack4(AE9F,2411,7C4B,1FE6), - bn_pack4(EE38,6BFB,5A89,9FA5), - bn_pack4(0BFF,5CB6,F406,B7ED), - bn_pack4(F44C,42E9,A637,ED6B), - bn_pack4(E485,B576,625E,7EC6), - bn_pack4(4FE1,356D,6D51,C245), - bn_pack4(302B,0A6D,F25F,1437), - bn_pack4(EF95,19B3,CD3A,431B), - bn_pack4(514A,0879,8E34,04DD), - bn_pack4(020B,BEA6,3B13,9B22), - bn_pack4(2902,4E08,8A67,CC74), - bn_pack4(C4C6,628B,80DC,1CD1), - bn_pack4(C90F,DAA2,2168,C234), - bn_pack4(FFFF,FFFF,FFFF,FFFF) + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF), + bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF), + bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71), + bn_pack4(0x9E30,0x50E2,0x7656,0x94DF), + bn_pack4(0x9558,0xE447,0x5677,0xE9AA), + bn_pack4(0xC919,0x0DA6,0xFC02,0x6E47), + bn_pack4(0x889A,0x002E,0xD5EE,0x382B), + bn_pack4(0x4009,0x438B,0x481C,0x6CD7), + bn_pack4(0x3590,0x46F4,0xEB87,0x9F92), + bn_pack4(0xFAF3,0x6BC3,0x1ECF,0xA268), + bn_pack4(0xB1D5,0x10BD,0x7EE7,0x4D73), + bn_pack4(0xF9AB,0x4819,0x5DED,0x7EA1), + bn_pack4(0x64F3,0x1CC5,0x0846,0x851D), + bn_pack4(0x4597,0xE899,0xA025,0x5DC1), + bn_pack4(0xDF31,0x0EE0,0x74AB,0x6A36), + bn_pack4(0x6D2A,0x13F8,0x3F44,0xF82D), + bn_pack4(0x062B,0x3CF5,0xB3A2,0x78A6), + bn_pack4(0x7968,0x3303,0xED5B,0xDD3A), + bn_pack4(0xFA9D,0x4B7F,0xA2C0,0x87E8), + bn_pack4(0x4BCB,0xC886,0x2F83,0x85DD), + bn_pack4(0x3473,0xFC64,0x6CEA,0x306B), + bn_pack4(0x13EB,0x57A8,0x1A23,0xF0C7), + bn_pack4(0x2222,0x2E04,0xA403,0x7C07), + bn_pack4(0xE3FD,0xB8BE,0xFC84,0x8AD9), + bn_pack4(0x238F,0x16CB,0xE39D,0x652D), + bn_pack4(0x3423,0xB474,0x2BF1,0xC978), + bn_pack4(0x3AAB,0x639C,0x5AE4,0xF568), + bn_pack4(0x2576,0xF693,0x6BA4,0x2466), + bn_pack4(0x741F,0xA7BF,0x8AFC,0x47ED), + bn_pack4(0x3BC8,0x32B6,0x8D9D,0xD300), + bn_pack4(0xD8BE,0xC4D0,0x73B9,0x31BA), + bn_pack4(0x3877,0x7CB6,0xA932,0xDF8C), + bn_pack4(0x74A3,0x926F,0x12FE,0xE5E4), + bn_pack4(0xE694,0xF91E,0x6DBE,0x1159), + bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6), + bn_pack4(0x043E,0x8F66,0x3F48,0x60EE), + bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468), + bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632), + bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C), + bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0), + bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76), + bn_pack4(0xA797,0x15EE,0xF29B,0xE328), + bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0), + bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8), + bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA), + bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5), + bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE), + bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3), + bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E), + bn_pack4(0xD55E,0x702F,0x4698,0x0C82), + bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6), + bn_pack4(0xF032,0xEA15,0xD172,0x1D03), + bn_pack4(0x5983,0xCA01,0xC64B,0x92EC), + bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF), + bn_pack4(0x3320,0x5151,0x2BD7,0xAF42), + bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B), + bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B), + bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED), + bn_pack4(0x1797,0x27B0,0x865A,0x8918), + bn_pack4(0xB06A,0x53ED,0x9027,0xD831), + bn_pack4(0xE5DB,0x382F,0x4130,0x01AE), + bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E), + bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD), + bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE), + bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026), + bn_pack4(0x4DF4,0x35C9,0x3402,0x8492), + bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F), + bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1), + bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9), + bn_pack4(0xB81B,0xDD76,0x2170,0x481C), + bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF), + bn_pack4(0x233B,0xA186,0x515B,0xE7ED), + bn_pack4(0x99B2,0x964F,0xA090,0xC3A2), + bn_pack4(0x287C,0x5947,0x4E6B,0xC05D), + bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6), + bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9), + bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8), + bn_pack4(0x1A94,0x6834,0xB615,0x0BDA), + bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C), + bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26), + bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7), + bn_pack4(0x4B82,0xD120,0xA921,0x0801), + bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E), + bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31), + bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2), + bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C), + bn_pack4(0x521F,0x2B18,0x177B,0x200C), + bn_pack4(0xD876,0x0273,0x3EC8,0x6A64), + bn_pack4(0xF12F,0xFA06,0xD98A,0x0864), + bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B), + bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D), + bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7), + bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7), + bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D), + bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A), + bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64), + bn_pack4(0xAD33,0x170D,0x0450,0x7A33), + bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D), + bn_pack4(0x15D2,0x2618,0x98FA,0x0510), + bn_pack4(0x3995,0x497C,0xEA95,0x6AE5), + bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718), + bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9), + bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F), + bn_pack4(0xE39E,0x772C,0x180E,0x8603), + bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B), + bn_pack4(0xF174,0x6C08,0xCA18,0x217C), + bn_pack4(0x670C,0x354E,0x4ABC,0x9804), + bn_pack4(0x9ED5,0x2907,0x7096,0x966D), + bn_pack4(0x1C62,0xF356,0x2085,0x52BB), + bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96), + bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F), + bn_pack4(0x98DA,0x4836,0x1C55,0xD39A), + bn_pack4(0xC200,0x7CB8,0xA163,0xBF05), + bn_pack4(0x4928,0x6651,0xECE4,0x5B3D), + bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6), + bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5), + bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED), + bn_pack4(0xF44C,0x42E9,0xA637,0xED6B), + bn_pack4(0xE485,0xB576,0x625E,0x7EC6), + bn_pack4(0x4FE1,0x356D,0x6D51,0xC245), + bn_pack4(0x302B,0x0A6D,0xF25F,0x1437), + bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B), + bn_pack4(0x514A,0x0879,0x8E34,0x04DD), + bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22), + bn_pack4(0x2902,0x4E08,0x8A67,0xCC74), + bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1), + bn_pack4(0xC90F,0xDAA2,0x2168,0xC234), + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF) }; static BIGNUM bn_group_8192 = { bn_group_8192_value, diff --git a/src/lib/libcrypto/srp/srp_lib.c b/src/lib/libcrypto/srp/srp_lib.c index 92cea98dcd..7c1dcc5111 100644 --- a/src/lib/libcrypto/srp/srp_lib.c +++ b/src/lib/libcrypto/srp/srp_lib.c @@ -63,13 +63,17 @@ #include #if (BN_BYTES == 8) -#define bn_pack4(a1,a2,a3,a4) 0x##a1##a2##a3##a4##ul -#endif -#if (BN_BYTES == 4) -#define bn_pack4(a1,a2,a3,a4) 0x##a3##a4##ul, 0x##a1##a2##ul -#endif -#if (BN_BYTES == 2) -#define bn_pack4(a1,a2,a3,a4) 0x##a4##u,0x##a3##u,0x##a2##u,0x##a1##u +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) +# elif defined(__arch64__) +# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) +# else +# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) +# endif +#elif (BN_BYTES == 4) +# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) +#else +# error "unsupported BN_BYTES" #endif diff --git a/src/lib/libcrypto/srp/srp_vfy.c b/src/lib/libcrypto/srp/srp_vfy.c index c8be907d7f..4a3d13edf6 100644 --- a/src/lib/libcrypto/srp/srp_vfy.c +++ b/src/lib/libcrypto/srp/srp_vfy.c @@ -390,7 +390,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) } for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(tmpdb->data,i); + pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i); if (pp[DB_srptype][0] == DB_SRP_INDEX) { /*we add this couple in the internal Stack */ @@ -581,7 +581,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, if (*salt == NULL) { char *tmp_salt; - if ((tmp_salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) + + if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) { OPENSSL_free(vf); goto err; diff --git a/src/lib/libssl/src/apps/cms.c b/src/lib/libssl/src/apps/cms.c index d754140987..5f77f8fbb0 100644 --- a/src/lib/libssl/src/apps/cms.c +++ b/src/lib/libssl/src/apps/cms.c @@ -233,6 +233,8 @@ int MAIN(int argc, char **argv) else if (!strcmp(*args,"-camellia256")) cipher = EVP_camellia_256_cbc(); #endif + else if (!strcmp (*args, "-debug_decrypt")) + flags |= CMS_DEBUG_DECRYPT; else if (!strcmp (*args, "-text")) flags |= CMS_TEXT; else if (!strcmp (*args, "-nointern")) @@ -1039,6 +1041,8 @@ int MAIN(int argc, char **argv) ret = 4; if (operation == SMIME_DECRYPT) { + if (flags & CMS_DEBUG_DECRYPT) + CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); if (secret_key) { diff --git a/src/lib/libssl/src/apps/ecparam.c b/src/lib/libssl/src/apps/ecparam.c index 465480bedd..976ebef12b 100644 --- a/src/lib/libssl/src/apps/ecparam.c +++ b/src/lib/libssl/src/apps/ecparam.c @@ -105,7 +105,7 @@ * in the asn1 der encoding * possible values: named_curve (default) * explicit - * -no_seed - if 'explicit' parameters are choosen do not use the seed + * -no_seed - if 'explicit' parameters are chosen do not use the seed * -genkey - generate ec key * -rand file - files to use for random number input * -engine e - use engine e, possibly a hardware device @@ -286,7 +286,7 @@ bad: BIO_printf(bio_err, " " " explicit\n"); BIO_printf(bio_err, " -no_seed if 'explicit'" - " parameters are choosen do not" + " parameters are chosen do not" " use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" " key\n"); diff --git a/src/lib/libssl/src/apps/srp.c b/src/lib/libssl/src/apps/srp.c index 80e1b8a660..9c7ae184db 100644 --- a/src/lib/libssl/src/apps/srp.c +++ b/src/lib/libssl/src/apps/srp.c @@ -125,13 +125,13 @@ static int get_index(CA_DB *db, char* id, char type) if (type == DB_SRP_INDEX) for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i); - if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid])) + pp = sk_OPENSSL_PSTRING_value(db->db->data,i); + if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) return i; } else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i); + pp = sk_OPENSSL_PSTRING_value(db->db->data,i); if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) return i; @@ -145,7 +145,7 @@ static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s) if (indx >= 0 && verbose) { int j; - char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, indx); + char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]); for (j = 0; j < DB_NUMBER; j++) { @@ -163,7 +163,7 @@ static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose) { if (verbose > 0) { - char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex); if (pp[DB_srptype][0] != 'I') { @@ -517,7 +517,7 @@ bad: /* Lets check some fields */ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i); + pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] == DB_SRP_INDEX) { @@ -533,8 +533,8 @@ bad: if (gNindex >= 0) { - gNrow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, gNindex); - print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N") ; + gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex); + print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N"); } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { @@ -587,7 +587,7 @@ bad: if (userindex >= 0) { /* reactivation of a new user */ - char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); row[DB_srptype][0] = 'V'; @@ -634,7 +634,7 @@ bad: else { - char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); char type = row[DB_srptype][0]; if (type == 'v') { @@ -664,9 +664,9 @@ bad: if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose))) { - BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user); - errors++; - goto err; + BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user); + errors++; + goto err; } row[DB_srptype][0] = 'v'; @@ -689,7 +689,7 @@ bad: } else { - char **xpp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex); BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); xpp[DB_srptype][0] = 'R'; @@ -714,7 +714,7 @@ bad: /* Lets check some fields */ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i); + pp = sk_OPENSSL_PSTRING_value(db->db->data,i); if (pp[DB_srptype][0] == 'v') { diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-mips.pl b/src/lib/libssl/src/crypto/aes/asm/aes-mips.pl index 2ce6deffc8..e52395421b 100644 --- a/src/lib/libssl/src/crypto/aes/asm/aes-mips.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aes-mips.pl @@ -1036,9 +1036,9 @@ _mips_AES_set_encrypt_key: nop .end _mips_AES_set_encrypt_key -.globl AES_set_encrypt_key -.ent AES_set_encrypt_key -AES_set_encrypt_key: +.globl private_AES_set_encrypt_key +.ent private_AES_set_encrypt_key +private_AES_set_encrypt_key: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -1060,7 +1060,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,AES_set_encrypt_key + .cpsetup $pf,$zero,private_AES_set_encrypt_key ___ $code.=<<___; .set reorder @@ -1083,7 +1083,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end AES_set_encrypt_key +.end private_AES_set_encrypt_key ___ my ($head,$tail)=($inp,$bits); @@ -1091,9 +1091,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3); my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2); $code.=<<___; .align 5 -.globl AES_set_decrypt_key -.ent AES_set_decrypt_key -AES_set_decrypt_key: +.globl private_AES_set_decrypt_key +.ent private_AES_set_decrypt_key +private_AES_set_decrypt_key: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -1115,7 +1115,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,AES_set_decrypt_key + .cpsetup $pf,$zero,private_AES_set_decrypt_key ___ $code.=<<___; .set reorder @@ -1226,7 +1226,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end AES_set_decrypt_key +.end private_AES_set_decrypt_key ___ }}} diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl b/src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl index c36b6a2270..714dcfbbe3 100644 --- a/src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl @@ -1015,7 +1015,8 @@ foreach (split("\n",$code)) { $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2) : sprintf("extrd,u%s,%d,8,",$1,63-$2)/e; - s/,\*/,/ if ($SIZE_T==4); + s/,\*/,/ if ($SIZE_T==4); + s/\bbv\b(.*\(%r2\))/bve$1/ if ($SIZE_T==8); print $_,"\n"; } close STDOUT; diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl b/src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl index 445a1e6762..e75dcd0315 100644 --- a/src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl @@ -1598,11 +1598,11 @@ $code.=<<___ if(1); lghi $s1,0x7f nr $s1,%r0 lghi %r0,0 # query capability vector - la %r1,2*$SIZE_T($sp) + la %r1,$tweak-16($sp) .long 0xb92e0042 # km %r4,%r2 llihh %r1,0x8000 srlg %r1,%r1,32($s1) # check for 32+function code - ng %r1,2*$SIZE_T($sp) + ng %r1,$tweak-16($sp) lgr %r0,$s0 # restore the function code la %r1,0($key1) # restore $key1 jz .Lxts_km_vanilla @@ -1628,7 +1628,7 @@ $code.=<<___ if(1); lrvg $s0,$tweak+0($sp) # load the last tweak lrvg $s1,$tweak+8($sp) - stmg %r0,%r3,$tweak-32(%r1) # wipe copy of the key + stmg %r0,%r3,$tweak-32($sp) # wipe copy of the key nill %r0,0xffdf # switch back to original function code la %r1,0($key1) # restore pointer to $key1 @@ -1684,11 +1684,9 @@ $code.=<<___; lghi $i1,0x87 srag $i2,$s1,63 # broadcast upper bit ngr $i1,$i2 # rem - srlg $i2,$s0,63 # carry bit from lower half - sllg $s0,$s0,1 - sllg $s1,$s1,1 + algr $s0,$s0 + alcgr $s1,$s1 xgr $s0,$i1 - ogr $s1,$i2 .Lxts_km_start: lrvgr $i1,$s0 # flip byte order lrvgr $i2,$s1 @@ -1745,11 +1743,9 @@ $code.=<<___; lghi $i1,0x87 srag $i2,$s1,63 # broadcast upper bit ngr $i1,$i2 # rem - srlg $i2,$s0,63 # carry bit from lower half - sllg $s0,$s0,1 - sllg $s1,$s1,1 + algr $s0,$s0 + alcgr $s1,$s1 xgr $s0,$i1 - ogr $s1,$i2 ltr $len,$len # clear zero flag br $ra @@ -1781,8 +1777,8 @@ $code.=<<___ if (!$softonly); clr %r0,%r1 jl .Lxts_enc_software + st${g} $ra,5*$SIZE_T($sp) stm${g} %r6,$s3,6*$SIZE_T($sp) - st${g} $ra,14*$SIZE_T($sp) sllg $len,$len,4 # $len&=~15 slgr $out,$inp @@ -1830,9 +1826,9 @@ $code.=<<___ if (!$softonly); stg $i2,8($i3) .Lxts_enc_km_done: - l${g} $ra,14*$SIZE_T($sp) - st${g} $sp,$tweak($sp) # wipe tweak - st${g} $sp,$tweak($sp) + stg $sp,$tweak+0($sp) # wipe tweak + stg $sp,$tweak+8($sp) + l${g} $ra,5*$SIZE_T($sp) lm${g} %r6,$s3,6*$SIZE_T($sp) br $ra .align 16 @@ -1843,12 +1839,11 @@ $code.=<<___; slgr $out,$inp - xgr $s0,$s0 # clear upper half - xgr $s1,$s1 - lrv $s0,$stdframe+4($sp) # load secno - lrv $s1,$stdframe+0($sp) - xgr $s2,$s2 - xgr $s3,$s3 + l${g} $s3,$stdframe($sp) # ivp + llgf $s0,0($s3) # load iv + llgf $s1,4($s3) + llgf $s2,8($s3) + llgf $s3,12($s3) stm${g} %r2,%r5,2*$SIZE_T($sp) la $key,0($key2) larl $tbl,AES_Te @@ -1864,11 +1859,9 @@ $code.=<<___; lghi %r1,0x87 srag %r0,$s3,63 # broadcast upper bit ngr %r1,%r0 # rem - srlg %r0,$s1,63 # carry bit from lower half - sllg $s1,$s1,1 - sllg $s3,$s3,1 + algr $s1,$s1 + alcgr $s3,$s3 xgr $s1,%r1 - ogr $s3,%r0 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 srlg $s0,$s1,32 # smash the tweak to 4x32-bits @@ -1917,11 +1910,9 @@ $code.=<<___; lghi %r1,0x87 srag %r0,$s3,63 # broadcast upper bit ngr %r1,%r0 # rem - srlg %r0,$s1,63 # carry bit from lower half - sllg $s1,$s1,1 - sllg $s3,$s3,1 + algr $s1,$s1 + alcgr $s3,$s3 xgr $s1,%r1 - ogr $s3,%r0 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 srlg $s0,$s1,32 # smash the tweak to 4x32-bits @@ -1956,7 +1947,8 @@ $code.=<<___; .size AES_xts_encrypt,.-AES_xts_encrypt ___ # void AES_xts_decrypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2,u64 secno); +# const AES_KEY *key1, const AES_KEY *key2, +# const unsigned char iv[16]); # $code.=<<___; .globl AES_xts_decrypt @@ -1988,8 +1980,8 @@ $code.=<<___ if (!$softonly); clr %r0,%r1 jl .Lxts_dec_software + st${g} $ra,5*$SIZE_T($sp) stm${g} %r6,$s3,6*$SIZE_T($sp) - st${g} $ra,14*$SIZE_T($sp) nill $len,0xfff0 # $len&=~15 slgr $out,$inp @@ -2028,11 +2020,9 @@ $code.=<<___ if (!$softonly); lghi $i1,0x87 srag $i2,$s1,63 # broadcast upper bit ngr $i1,$i2 # rem - srlg $i2,$s0,63 # carry bit from lower half - sllg $s0,$s0,1 - sllg $s1,$s1,1 + algr $s0,$s0 + alcgr $s1,$s1 xgr $s0,$i1 - ogr $s1,$i2 lrvgr $i1,$s0 # flip byte order lrvgr $i2,$s1 @@ -2075,9 +2065,9 @@ $code.=<<___ if (!$softonly); stg $s2,0($i3) stg $s3,8($i3) .Lxts_dec_km_done: - l${g} $ra,14*$SIZE_T($sp) - st${g} $sp,$tweak($sp) # wipe tweak - st${g} $sp,$tweak($sp) + stg $sp,$tweak+0($sp) # wipe tweak + stg $sp,$tweak+8($sp) + l${g} $ra,5*$SIZE_T($sp) lm${g} %r6,$s3,6*$SIZE_T($sp) br $ra .align 16 @@ -2089,12 +2079,11 @@ $code.=<<___; srlg $len,$len,4 slgr $out,$inp - xgr $s0,$s0 # clear upper half - xgr $s1,$s1 - lrv $s0,$stdframe+4($sp) # load secno - lrv $s1,$stdframe+0($sp) - xgr $s2,$s2 - xgr $s3,$s3 + l${g} $s3,$stdframe($sp) # ivp + llgf $s0,0($s3) # load iv + llgf $s1,4($s3) + llgf $s2,8($s3) + llgf $s3,12($s3) stm${g} %r2,%r5,2*$SIZE_T($sp) la $key,0($key2) larl $tbl,AES_Te @@ -2113,11 +2102,9 @@ $code.=<<___; lghi %r1,0x87 srag %r0,$s3,63 # broadcast upper bit ngr %r1,%r0 # rem - srlg %r0,$s1,63 # carry bit from lower half - sllg $s1,$s1,1 - sllg $s3,$s3,1 + algr $s1,$s1 + alcgr $s3,$s3 xgr $s1,%r1 - ogr $s3,%r0 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 srlg $s0,$s1,32 # smash the tweak to 4x32-bits @@ -2156,11 +2143,9 @@ $code.=<<___; lghi %r1,0x87 srag %r0,$s3,63 # broadcast upper bit ngr %r1,%r0 # rem - srlg %r0,$s1,63 # carry bit from lower half - sllg $s1,$s1,1 - sllg $s3,$s3,1 + algr $s1,$s1 + alcgr $s3,$s3 xgr $s1,%r1 - ogr $s3,%r0 lrvgr $i2,$s1 # flip byte order lrvgr $i3,$s3 stmg $i2,$i3,$tweak($sp) # save the 1st tweak @@ -2176,11 +2161,9 @@ $code.=<<___; lghi %r1,0x87 srag %r0,$s3,63 # broadcast upper bit ngr %r1,%r0 # rem - srlg %r0,$s1,63 # carry bit from lower half - sllg $s1,$s1,1 - sllg $s3,$s3,1 + algr $s1,$s1 + alcgr $s3,$s3 xgr $s1,%r1 - ogr $s3,%r0 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 srlg $s0,$s1,32 # smash the tweak to 4x32-bits diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl index 48fa857d5b..34cbb5d844 100755 --- a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl @@ -36,7 +36,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $verticalspin=1; # unlike 32-bit version $verticalspin performs # ~15% better on both AMD and Intel cores diff --git a/src/lib/libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl index c6f6b3334a..3c8f6c19e7 100644 --- a/src/lib/libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -69,7 +69,8 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && `ml64 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; # void aesni_cbc_sha1_enc(const void *inp, # void *out, diff --git a/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl index 499f3b3f42..0dbb194b8d 100644 --- a/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl @@ -172,7 +172,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $movkey = $PREFIX eq "aesni" ? "movups" : "movups"; @_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order diff --git a/src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl index c9c6312fa7..41b90f0844 100644 --- a/src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl +++ b/src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl @@ -83,9 +83,9 @@ # Add decryption procedure. Performance in CPU cycles spent to decrypt # one byte out of 4096-byte buffer with 128-bit key is: # -# Core 2 11.0 -# Nehalem 9.16 -# Atom 20.9 +# Core 2 9.83 +# Nehalem 7.74 +# Atom 19.0 # # November 2011. # @@ -105,7 +105,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx"); my @XMM=map("%xmm$_",(15,0..14)); # best on Atom, +10% over (0..15) @@ -455,6 +456,7 @@ sub MixColumns { # modified to emit output in order suitable for feeding back to aesenc[last] my @x=@_[0..7]; my @t=@_[8..15]; +my $inv=@_[16]; # optional $code.=<<___; pshufd \$0x93, @x[0], @t[0] # x0 <<< 32 pshufd \$0x93, @x[1], @t[1] @@ -496,7 +498,8 @@ $code.=<<___; pxor @t[4], @t[0] pshufd \$0x4E, @x[2], @x[6] pxor @t[5], @t[1] - +___ +$code.=<<___ if (!$inv); pxor @t[3], @x[4] pxor @t[7], @x[5] pxor @t[6], @x[3] @@ -504,9 +507,20 @@ $code.=<<___; pxor @t[2], @x[6] movdqa @t[1], @x[7] ___ +$code.=<<___ if ($inv); + pxor @x[4], @t[3] + pxor @t[7], @x[5] + pxor @x[3], @t[6] + movdqa @t[0], @x[3] + pxor @t[2], @x[6] + movdqa @t[6], @x[2] + movdqa @t[1], @x[7] + movdqa @x[6], @x[4] + movdqa @t[3], @x[6] +___ } -sub InvMixColumns { +sub InvMixColumns_orig { my @x=@_[0..7]; my @t=@_[8..15]; @@ -660,6 +674,54 @@ $code.=<<___; ___ } +sub InvMixColumns { +my @x=@_[0..7]; +my @t=@_[8..15]; + +# Thanks to Jussi Kivilinna for providing pointer to +# +# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 | +# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 | +# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 | +# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 | + +$code.=<<___; + # multiplication by 0x05-0x00-0x04-0x00 + pshufd \$0x4E, @x[0], @t[0] + pshufd \$0x4E, @x[6], @t[6] + pxor @x[0], @t[0] + pshufd \$0x4E, @x[7], @t[7] + pxor @x[6], @t[6] + pshufd \$0x4E, @x[1], @t[1] + pxor @x[7], @t[7] + pshufd \$0x4E, @x[2], @t[2] + pxor @x[1], @t[1] + pshufd \$0x4E, @x[3], @t[3] + pxor @x[2], @t[2] + pxor @t[6], @x[0] + pxor @t[6], @x[1] + pshufd \$0x4E, @x[4], @t[4] + pxor @x[3], @t[3] + pxor @t[0], @x[2] + pxor @t[1], @x[3] + pshufd \$0x4E, @x[5], @t[5] + pxor @x[4], @t[4] + pxor @t[7], @x[1] + pxor @t[2], @x[4] + pxor @x[5], @t[5] + + pxor @t[7], @x[2] + pxor @t[6], @x[3] + pxor @t[6], @x[4] + pxor @t[3], @x[5] + pxor @t[4], @x[6] + pxor @t[7], @x[4] + pxor @t[7], @x[5] + pxor @t[5], @x[7] +___ + &MixColumns (@x,@t,1); # flipped 2<->3 and 4<->6 +} + sub aesenc { # not used my @b=@_[0..7]; my @t=@_[8..15]; @@ -2027,6 +2089,8 @@ ___ # const unsigned char iv[16]); # my ($twmask,$twres,$twtmp)=@XMM[13..15]; +$arg6=~s/d$//; + $code.=<<___; .globl bsaes_xts_encrypt .type bsaes_xts_encrypt,\@abi-omnipotent diff --git a/src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl index 37998db5e1..bd7f45b850 100644 --- a/src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl +++ b/src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl @@ -56,7 +56,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $PREFIX="vpaes"; @@ -1059,7 +1060,7 @@ _vpaes_consts: .Lk_dsbo: # decryption sbox final output .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C -.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" +.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" .align 64 .size _vpaes_consts,.-_vpaes_consts ___ diff --git a/src/lib/libssl/src/crypto/armcap.c b/src/lib/libssl/src/crypto/armcap.c index 5258d2fbdd..9abaf396e5 100644 --- a/src/lib/libssl/src/crypto/armcap.c +++ b/src/lib/libssl/src/crypto/armcap.c @@ -23,7 +23,7 @@ unsigned int _armv7_tick(void); unsigned int OPENSSL_rdtsc(void) { - if (OPENSSL_armcap_P|ARMV7_TICK) + if (OPENSSL_armcap_P & ARMV7_TICK) return _armv7_tick(); else return 0; diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c index 1b1e4bec81..54c012c47d 100644 --- a/src/lib/libssl/src/crypto/bio/bss_dgram.c +++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c @@ -77,10 +77,20 @@ #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 #endif -#ifdef OPENSSL_SYS_LINUX +#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) #define IP_MTU 14 /* linux is lame */ #endif +#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) +/* Standard definition causes type-punning problems. */ +#undef IN6_IS_ADDR_V4MAPPED +#define s6_addr32 __u6_addr.__u6_addr32 +#define IN6_IS_ADDR_V4MAPPED(a) \ + (((a)->s6_addr32[0] == 0) && \ + ((a)->s6_addr32[1] == 0) && \ + ((a)->s6_addr32[2] == htonl(0x0000ffff))) +#endif + #ifdef WATT32 #define sock_write SockWrite /* Watt-32 uses same names */ #define sock_read SockRead @@ -255,7 +265,7 @@ static void dgram_adjust_rcv_timeout(BIO *b) { #if defined(SO_RCVTIMEO) bio_dgram_data *data = (bio_dgram_data *)b->ptr; - int sz = sizeof(int); + union { size_t s; int i; } sz = {0}; /* Is a timer active? */ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) @@ -265,8 +275,10 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Read current socket timeout */ #ifdef OPENSSL_SYS_WINDOWS int timeout; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void*)&timeout, &sz) < 0) + (void*)&timeout, &sz.i) < 0) { perror("getsockopt"); } else { @@ -274,9 +286,12 @@ static void dgram_adjust_rcv_timeout(BIO *b) data->socket_timeout.tv_usec = (timeout % 1000) * 1000; } #else + sz.i = sizeof(data->socket_timeout); if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), (void *)&sz) < 0) { perror("getsockopt"); } + else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0) + OPENSSL_assert(sz.s<=sizeof(data->socket_timeout)); #endif /* Get current time */ @@ -445,11 +460,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) int *ip; struct sockaddr *to = NULL; bio_dgram_data *data = NULL; -#if defined(IP_MTU_DISCOVER) || defined(IP_MTU) - long sockopt_val = 0; - unsigned int sockopt_len = 0; -#endif -#ifdef OPENSSL_SYS_LINUX +#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) + int sockopt_val = 0; + socklen_t sockopt_len; /* assume that system supporting IP_MTU is + * modern enough to define socklen_t */ socklen_t addr_len; union { struct sockaddr sa; @@ -531,7 +545,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) break; /* (Linux)kernel sets DF bit on outgoing IP packets */ case BIO_CTRL_DGRAM_MTU_DISCOVER: -#ifdef OPENSSL_SYS_LINUX +#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) addr_len = (socklen_t)sizeof(addr); memset((void *)&addr, 0, sizeof(addr)); if (getsockname(b->num, &addr.sa, &addr_len) < 0) @@ -539,7 +553,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - sockopt_len = sizeof(sockopt_val); switch (addr.sa.sa_family) { case AF_INET: @@ -548,7 +561,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) &sockopt_val, sizeof(sockopt_val))) < 0) perror("setsockopt"); break; -#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) +#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) case AF_INET6: sockopt_val = IPV6_PMTUDISC_DO; if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, @@ -565,7 +578,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) break; #endif case BIO_CTRL_DGRAM_QUERY_MTU: -#ifdef OPENSSL_SYS_LINUX +#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) addr_len = (socklen_t)sizeof(addr); memset((void *)&addr, 0, sizeof(addr)); if (getsockname(b->num, &addr.sa, &addr_len) < 0) @@ -727,12 +740,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) #endif break; case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: -#ifdef OPENSSL_SYS_WINDOWS { - int timeout, sz = sizeof(timeout); + union { size_t s; int i; } sz = {0}; +#ifdef OPENSSL_SYS_WINDOWS + int timeout; struct timeval *tv = (struct timeval *)ptr; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void*)&timeout, &sz) < 0) + (void*)&timeout, &sz.i) < 0) { perror("getsockopt"); ret = -1; } else { @@ -740,12 +756,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) tv->tv_usec = (timeout % 1000) * 1000; ret = sizeof(*tv); } - } #else + sz.i = sizeof(struct timeval); if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - ptr, (void *)&ret) < 0) + ptr, (void *)&sz) < 0) { perror("getsockopt"); ret = -1; } + else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0) + { + OPENSSL_assert(sz.s<=sizeof(struct timeval)); + ret = (int)sz.s; + } + else + ret = sz.i; #endif + } break; #endif #if defined(SO_SNDTIMEO) @@ -765,12 +789,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) #endif break; case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: -#ifdef OPENSSL_SYS_WINDOWS { - int timeout, sz = sizeof(timeout); + union { size_t s; int i; } sz = {0}; +#ifdef OPENSSL_SYS_WINDOWS + int timeout; struct timeval *tv = (struct timeval *)ptr; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - (void*)&timeout, &sz) < 0) + (void*)&timeout, &sz.i) < 0) { perror("getsockopt"); ret = -1; } else { @@ -778,12 +805,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) tv->tv_usec = (timeout % 1000) * 1000; ret = sizeof(*tv); } - } #else + sz.i = sizeof(struct timeval); if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - ptr, (void *)&ret) < 0) + ptr, (void *)&sz) < 0) { perror("getsockopt"); ret = -1; } + else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0) + { + OPENSSL_assert(sz.s<=sizeof(struct timeval)); + ret = (int)sz.s; + } + else + ret = sz.i; #endif + } break; #endif case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: @@ -871,8 +906,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) memset(authchunks, 0, sizeof(sockopt_len)); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); OPENSSL_assert(ret >= 0); - - for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t); + + for (p = (unsigned char*) authchunks->gauth_chunks; p < (unsigned char*) authchunks + sockopt_len; p += sizeof(uint8_t)) { @@ -955,7 +990,6 @@ static int dgram_sctp_free(BIO *a) #ifdef SCTP_AUTHENTICATION_EVENT void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp) { - unsigned int sockopt_len = 0; int ret; struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event; @@ -965,9 +999,8 @@ void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp) /* delete key */ authkeyid.scact_keynumber = authkeyevent->auth_keynumber; - sockopt_len = sizeof(struct sctp_authkeyid); ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, - &authkeyid, sockopt_len); + &authkeyid, sizeof(struct sctp_authkeyid)); } } #endif @@ -1164,7 +1197,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); OPENSSL_assert(ii >= 0); - for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t); + for (p = (unsigned char*) authchunks->gauth_chunks; p < (unsigned char*) authchunks + optlen; p += sizeof(uint8_t)) { @@ -1298,7 +1331,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret=1; bio_dgram_sctp_data *data = NULL; - unsigned int sockopt_len = 0; + socklen_t sockopt_len = 0; struct sctp_authkeyid authkeyid; struct sctp_authkey *authkey; diff --git a/src/lib/libssl/src/crypto/bn/asm/mips-mont.pl b/src/lib/libssl/src/crypto/bn/asm/mips-mont.pl index b944a12b8e..caae04ed3a 100644 --- a/src/lib/libssl/src/crypto/bn/asm/mips-mont.pl +++ b/src/lib/libssl/src/crypto/bn/asm/mips-mont.pl @@ -133,7 +133,7 @@ $code.=<<___; bnez $at,1f li $t0,0 slt $at,$num,17 # on in-order CPU - bnezl $at,bn_mul_mont_internal + bnez $at,bn_mul_mont_internal nop 1: jr $ra li $a0,0 diff --git a/src/lib/libssl/src/crypto/bn/asm/mips.pl b/src/lib/libssl/src/crypto/bn/asm/mips.pl index c162a3ec23..d2f3ef7bbf 100644 --- a/src/lib/libssl/src/crypto/bn/asm/mips.pl +++ b/src/lib/libssl/src/crypto/bn/asm/mips.pl @@ -140,10 +140,10 @@ $code.=<<___; .set reorder li $minus4,-4 and $ta0,$a2,$minus4 - $LD $t0,0($a1) beqz $ta0,.L_bn_mul_add_words_tail .L_bn_mul_add_words_loop: + $LD $t0,0($a1) $MULTU $t0,$a3 $LD $t1,0($a0) $LD $t2,$BNSZ($a1) @@ -200,10 +200,9 @@ $code.=<<___; $ADDU $v0,$ta2 sltu $at,$ta3,$at $ST $ta3,-$BNSZ($a0) - $ADDU $v0,$at .set noreorder - bgtzl $ta0,.L_bn_mul_add_words_loop - $LD $t0,0($a1) + bgtz $ta0,.L_bn_mul_add_words_loop + $ADDU $v0,$at beqz $a2,.L_bn_mul_add_words_return nop @@ -300,10 +299,10 @@ $code.=<<___; .set reorder li $minus4,-4 and $ta0,$a2,$minus4 - $LD $t0,0($a1) beqz $ta0,.L_bn_mul_words_tail .L_bn_mul_words_loop: + $LD $t0,0($a1) $MULTU $t0,$a3 $LD $t2,$BNSZ($a1) $LD $ta0,2*$BNSZ($a1) @@ -341,10 +340,9 @@ $code.=<<___; $ADDU $v0,$at sltu $ta3,$v0,$at $ST $v0,-$BNSZ($a0) - $ADDU $v0,$ta3,$ta2 .set noreorder - bgtzl $ta0,.L_bn_mul_words_loop - $LD $t0,0($a1) + bgtz $ta0,.L_bn_mul_words_loop + $ADDU $v0,$ta3,$ta2 beqz $a2,.L_bn_mul_words_return nop @@ -429,10 +427,10 @@ $code.=<<___; .set reorder li $minus4,-4 and $ta0,$a2,$minus4 - $LD $t0,0($a1) beqz $ta0,.L_bn_sqr_words_tail .L_bn_sqr_words_loop: + $LD $t0,0($a1) $MULTU $t0,$t0 $LD $t2,$BNSZ($a1) $LD $ta0,2*$BNSZ($a1) @@ -463,11 +461,10 @@ $code.=<<___; mflo $ta3 mfhi $ta2 $ST $ta3,-2*$BNSZ($a0) - $ST $ta2,-$BNSZ($a0) .set noreorder - bgtzl $ta0,.L_bn_sqr_words_loop - $LD $t0,0($a1) + bgtz $ta0,.L_bn_sqr_words_loop + $ST $ta2,-$BNSZ($a0) beqz $a2,.L_bn_sqr_words_return nop @@ -547,10 +544,10 @@ $code.=<<___; .set reorder li $minus4,-4 and $at,$a3,$minus4 - $LD $t0,0($a1) beqz $at,.L_bn_add_words_tail .L_bn_add_words_loop: + $LD $t0,0($a1) $LD $ta0,0($a2) subu $a3,4 $LD $t1,$BNSZ($a1) @@ -589,11 +586,10 @@ $code.=<<___; $ADDU $t3,$ta3,$v0 sltu $v0,$t3,$ta3 $ST $t3,-$BNSZ($a0) - $ADDU $v0,$t9 .set noreorder - bgtzl $at,.L_bn_add_words_loop - $LD $t0,0($a1) + bgtz $at,.L_bn_add_words_loop + $ADDU $v0,$t9 beqz $a3,.L_bn_add_words_return nop @@ -679,10 +675,10 @@ $code.=<<___; .set reorder li $minus4,-4 and $at,$a3,$minus4 - $LD $t0,0($a1) beqz $at,.L_bn_sub_words_tail .L_bn_sub_words_loop: + $LD $t0,0($a1) $LD $ta0,0($a2) subu $a3,4 $LD $t1,$BNSZ($a1) @@ -722,11 +718,10 @@ $code.=<<___; $SUBU $t3,$ta3,$v0 sgtu $v0,$t3,$ta3 $ST $t3,-$BNSZ($a0) - $ADDU $v0,$t9 .set noreorder - bgtzl $at,.L_bn_sub_words_loop - $LD $t0,0($a1) + bgtz $at,.L_bn_sub_words_loop + $ADDU $v0,$t9 beqz $a3,.L_bn_sub_words_return nop @@ -819,7 +814,7 @@ ___ $code.=<<___; .set reorder move $ta3,$ra - bal bn_div_words + bal bn_div_words_internal move $ra,$ta3 $MULTU $ta2,$v0 $LD $t2,-2*$BNSZ($a3) @@ -840,8 +835,9 @@ $code.=<<___; sltu $ta0,$a1,$a2 or $t8,$ta0 .set noreorder - beqzl $at,.L_bn_div_3_words_inner_loop + beqz $at,.L_bn_div_3_words_inner_loop $SUBU $v0,1 + $ADDU $v0,1 .set reorder .L_bn_div_3_words_inner_loop_done: .set noreorder @@ -902,7 +898,8 @@ $code.=<<___; and $t2,$a0 $SRL $at,$a1,$t1 .set noreorder - bnezl $t2,.+8 + beqz $t2,.+12 + nop break 6 # signal overflow .set reorder $SLL $a0,$t9 @@ -917,7 +914,8 @@ $code.=<<___; $SRL $DH,$a2,4*$BNSZ # bits sgeu $at,$a0,$a2 .set noreorder - bnezl $at,.+8 + beqz $at,.+12 + nop $SUBU $a0,$a2 .set reorder diff --git a/src/lib/libssl/src/crypto/bn/asm/modexp512-x86_64.pl b/src/lib/libssl/src/crypto/bn/asm/modexp512-x86_64.pl index 54aeb01921..bfd6e97541 100644 --- a/src/lib/libssl/src/crypto/bn/asm/modexp512-x86_64.pl +++ b/src/lib/libssl/src/crypto/bn/asm/modexp512-x86_64.pl @@ -68,7 +68,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; use strict; my $code=".text\n\n"; diff --git a/src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl b/src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl index 4a766a87fb..c02ef6f014 100644 --- a/src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl +++ b/src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl @@ -40,7 +40,7 @@ # of arithmetic operations, most notably multiplications. It requires # more memory references, most notably to tp[num], but this doesn't # seem to exhaust memory port capacity. And indeed, dedicated PA-RISC -# 2.0 code path, provides virtually same performance as pa-risc2[W].s: +# 2.0 code path provides virtually same performance as pa-risc2[W].s: # it's ~10% better for shortest key length and ~10% worse for longest # one. # @@ -988,6 +988,8 @@ foreach (split("\n",$code)) { # assemble 2.0 instructions in 32-bit mode... s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4); + s/\bbv\b/bve/gm if ($SIZE_T==8); + print $_,"\n"; } close STDOUT; diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl b/src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl index 1658acbbdd..226c66c35e 100644 --- a/src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl +++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl @@ -31,7 +31,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; ($lo,$hi)=("%rax","%rdx"); $a=$lo; ($i0,$i1)=("%rsi","%rdi"); diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl b/src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl index 5d79b35e1c..17fb94c84c 100755 --- a/src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl +++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl @@ -40,7 +40,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; # int bn_mul_mont( $rp="%rdi"; # BN_ULONG *rp, diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl b/src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl index 057cda28aa..dae0fe2453 100755 --- a/src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl +++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl @@ -28,7 +28,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; # int bn_mul_mont_gather5( $rp="%rdi"; # BN_ULONG *rp, @@ -900,8 +901,8 @@ $code.=<<___; jnz .Lgather ___ $code.=<<___ if ($win64); - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) + movaps (%rsp),%xmm6 + movaps 0x10(%rsp),%xmm7 lea 0x28(%rsp),%rsp ___ $code.=<<___; diff --git a/src/lib/libssl/src/crypto/bn/bn_nist.c b/src/lib/libssl/src/crypto/bn/bn_nist.c index 43caee4770..e22968d4a3 100644 --- a/src/lib/libssl/src/crypto/bn/bn_nist.c +++ b/src/lib/libssl/src/crypto/bn/bn_nist.c @@ -286,26 +286,25 @@ const BIGNUM *BN_get0_nist_prime_521(void) } -static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) +static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max) { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); #ifdef BN_DEBUG OPENSSL_assert(top <= max); #endif - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; - for (i = (max) - (top); i != 0; i--) - *_tmp1++ = (BN_ULONG) 0; + for (i = 0; i < top; i++) + dst[i] = src[i]; + for (; i < max; i++) + dst[i] = 0; } -static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) +static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; + + for (i = 0; i < top; i++) + dst[i] = src[i]; } #if BN_BITS2 == 64 @@ -451,8 +450,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, */ mask = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); mask &= 0-(PTR_SIZE_INT)carry; + res = c_d; res = (BN_ULONG *) - (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask)); + (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); @@ -479,8 +479,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, int top = a->top, i; int carry; BN_ULONG *r_d, *a_d = a->d; - BN_ULONG buf[BN_NIST_224_TOP], - c_d[BN_NIST_224_TOP], + union { + BN_ULONG bn[BN_NIST_224_TOP]; + unsigned int ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)]; + } buf; + BN_ULONG c_d[BN_NIST_224_TOP], *res; PTR_SIZE_INT mask; union { bn_addsub_f f; PTR_SIZE_INT p; } u; @@ -519,18 +522,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /* copy upper 256 bits of 448 bit number ... */ nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP); /* ... and right shift by 32 to obtain upper 224 bits */ - nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8); + nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8); /* truncate lower part to 224 bits too */ r_d[BN_NIST_224_TOP-1] &= BN_MASK2l; #else - nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); + nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); #endif #if defined(NIST_INT64) && BN_BITS2!=64 { NIST_INT64 acc; /* accumulator */ unsigned int *rp=(unsigned int *)r_d; - const unsigned int *bp=(const unsigned int *)buf; + const unsigned int *bp=(const unsigned int *)buf.ui; acc = rp[0]; acc -= bp[7-7]; acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32; @@ -565,13 +568,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, { BN_ULONG t_d[BN_NIST_224_TOP]; - nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); + nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0); carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); + nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0); carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); + nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); + nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11); carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); #if BN_BITS2==64 @@ -606,7 +609,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /* otherwise it's effectively same as in BN_nist_mod_192... */ mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); mask &= 0-(PTR_SIZE_INT)carry; - res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + res = c_d; + res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_224_TOP); r->top = BN_NIST_224_TOP; @@ -805,7 +809,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); mask &= 0-(PTR_SIZE_INT)carry; - res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + res = c_d; + res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); r->top = BN_NIST_256_TOP; @@ -1026,7 +1031,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, mask = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); mask &= 0-(PTR_SIZE_INT)carry; - res = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) | + res = c_d; + res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_384_TOP); r->top = BN_NIST_384_TOP; @@ -1092,7 +1098,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); - res = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) | + res = t_d; + res = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask)); nist_cp_bn(r_d,res,BN_NIST_521_TOP); r->top = BN_NIST_521_TOP; diff --git a/src/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl b/src/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl index 76955e4726..9f4b82fa48 100644 --- a/src/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl +++ b/src/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl @@ -40,7 +40,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; diff --git a/src/lib/libssl/src/crypto/cms/cms_cd.c b/src/lib/libssl/src/crypto/cms/cms_cd.c index a5fc2c4e2b..2021688101 100644 --- a/src/lib/libssl/src/crypto/cms/cms_cd.c +++ b/src/lib/libssl/src/crypto/cms/cms_cd.c @@ -58,7 +58,9 @@ #include #include #include +#ifndef OPENSSL_NO_COMP #include +#endif #include "cms_lcl.h" DECLARE_ASN1_ITEM(CMS_CompressedData) diff --git a/src/lib/libssl/src/crypto/cms/cms_enc.c b/src/lib/libssl/src/crypto/cms/cms_enc.c index f873ce3794..bebeaf29c7 100644 --- a/src/lib/libssl/src/crypto/cms/cms_enc.c +++ b/src/lib/libssl/src/crypto/cms/cms_enc.c @@ -74,7 +74,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) X509_ALGOR *calg = ec->contentEncryptionAlgorithm; unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; unsigned char *tkey = NULL; - size_t tkeylen; + size_t tkeylen = 0; int ok = 0; diff --git a/src/lib/libssl/src/crypto/cms/cms_lib.c b/src/lib/libssl/src/crypto/cms/cms_lib.c index f88e8f3b52..ba08279a04 100644 --- a/src/lib/libssl/src/crypto/cms/cms_lib.c +++ b/src/lib/libssl/src/crypto/cms/cms_lib.c @@ -411,9 +411,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, * algorithm OID instead of digest. */ || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) - { return EVP_MD_CTX_copy_ex(mctx, mtmp); - } chain = BIO_next(chain); } } @@ -465,8 +463,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) STACK_OF(CMS_CertificateChoices) **pcerts; int i; pcerts = cms_get0_certificate_choices(cms); - if (!pcerts) - return 0; if (!pcerts) return 0; for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) diff --git a/src/lib/libssl/src/crypto/ec/ec2_mult.c b/src/lib/libssl/src/crypto/ec/ec2_mult.c index 26f4a783fc..1c575dc47a 100644 --- a/src/lib/libssl/src/crypto/ec/ec2_mult.c +++ b/src/lib/libssl/src/crypto/ec/ec2_mult.c @@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG return ret; } + /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + * + * To protect against side-channel attack the function uses constant time swap, + * avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, word = scalar->d[i]; while (mask) { - if (word & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); mask >>= 1; } mask = BN_TBIT; diff --git a/src/lib/libssl/src/crypto/ec/ec_ameth.c b/src/lib/libssl/src/crypto/ec/ec_ameth.c index 83909c1853..0ce4524076 100644 --- a/src/lib/libssl/src/crypto/ec/ec_ameth.c +++ b/src/lib/libssl/src/crypto/ec/ec_ameth.c @@ -88,7 +88,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) if (!pstr) return 0; pstr->length = i2d_ECParameters(ec_key, &pstr->data); - if (pstr->length < 0) + if (pstr->length <= 0) { ASN1_STRING_free(pstr); ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); diff --git a/src/lib/libssl/src/crypto/ec/ec_asn1.c b/src/lib/libssl/src/crypto/ec/ec_asn1.c index 175eec5342..145807b611 100644 --- a/src/lib/libssl/src/crypto/ec/ec_asn1.c +++ b/src/lib/libssl/src/crypto/ec/ec_asn1.c @@ -89,7 +89,8 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) if (group == NULL) return 0; - if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_characteristic_two_field || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) { ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -107,7 +108,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, if (group == NULL) return 0; - if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_characteristic_two_field || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) { ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); diff --git a/src/lib/libssl/src/crypto/ec/ec_key.c b/src/lib/libssl/src/crypto/ec/ec_key.c index bf9fd2dc2c..7fa247593d 100644 --- a/src/lib/libssl/src/crypto/ec/ec_key.c +++ b/src/lib/libssl/src/crypto/ec/ec_key.c @@ -520,18 +520,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) void *EC_KEY_get_key_method_data(EC_KEY *key, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + void *ret; + + CRYPTO_r_lock(CRYPTO_LOCK_EC); + ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + CRYPTO_r_unlock(CRYPTO_LOCK_EC); + + return ret; } -void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, +void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { EC_EXTRA_DATA *ex_data; + CRYPTO_w_lock(CRYPTO_LOCK_EC); ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); if (ex_data == NULL) EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); CRYPTO_w_unlock(CRYPTO_LOCK_EC); + + return ex_data; } void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) diff --git a/src/lib/libssl/src/crypto/ec/ec_pmeth.c b/src/lib/libssl/src/crypto/ec/ec_pmeth.c index d1ed66c37e..66ee397d86 100644 --- a/src/lib/libssl/src/crypto/ec/ec_pmeth.c +++ b/src/lib/libssl/src/crypto/ec/ec_pmeth.c @@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); - /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is + /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is * not an error, the result is truncated. */ diff --git a/src/lib/libssl/src/crypto/ecdh/Makefile b/src/lib/libssl/src/crypto/ecdh/Makefile index 65d8904ee8..ba05fea05c 100644 --- a/src/lib/libssl/src/crypto/ecdh/Makefile +++ b/src/lib/libssl/src/crypto/ecdh/Makefile @@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ech_err.o: ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_key.o: ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/src/lib/libssl/src/crypto/ecdh/ech_key.c b/src/lib/libssl/src/crypto/ecdh/ech_key.c index f44da9298b..2988899ea2 100644 --- a/src/lib/libssl/src/crypto/ecdh/ech_key.c +++ b/src/lib/libssl/src/crypto/ecdh/ech_key.c @@ -68,9 +68,6 @@ */ #include "ech_locl.h" -#ifndef OPENSSL_NO_ENGINE -#include -#endif int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *eckey, diff --git a/src/lib/libssl/src/crypto/ecdh/ech_lib.c b/src/lib/libssl/src/crypto/ecdh/ech_lib.c index dadbfd3c49..0644431b75 100644 --- a/src/lib/libssl/src/crypto/ecdh/ech_lib.c +++ b/src/lib/libssl/src/crypto/ecdh/ech_lib.c @@ -222,8 +222,15 @@ ECDH_DATA *ecdh_check(EC_KEY *key) ecdh_data = (ECDH_DATA *)ecdh_data_new(); if (ecdh_data == NULL) return NULL; - EC_KEY_insert_key_method_data(key, (void *)ecdh_data, - ecdh_data_dup, ecdh_data_free, ecdh_data_free); + data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, + ecdh_data_dup, ecdh_data_free, ecdh_data_free); + if (data != NULL) + { + /* Another thread raced us to install the key_method + * data and won. */ + ecdh_data_free(ecdh_data); + ecdh_data = (ECDH_DATA *)data; + } } else ecdh_data = (ECDH_DATA *)data; diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c index e477da430b..814a6bf404 100644 --- a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c +++ b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c @@ -200,8 +200,15 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); if (ecdsa_data == NULL) return NULL; - EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, - ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); + data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, + ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); + if (data != NULL) + { + /* Another thread raced us to install the key_method + * data and won. */ + ecdsa_data_free(ecdsa_data); + ecdsa_data = (ECDSA_DATA *)data; + } } else ecdsa_data = (ECDSA_DATA *)data; diff --git a/src/lib/libssl/src/crypto/engine/eng_rdrand.c b/src/lib/libssl/src/crypto/engine/eng_rdrand.c index a9ba5ae6f9..4e9e91d54b 100644 --- a/src/lib/libssl/src/crypto/engine/eng_rdrand.c +++ b/src/lib/libssl/src/crypto/engine/eng_rdrand.c @@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_e_rdrand_id) || !ENGINE_set_name(e, engine_e_rdrand_name) || + !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || !ENGINE_set_init_function(e, rdrand_init) || !ENGINE_set_RAND(e, &rdrand_meth) ) return 0; diff --git a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c index 710fb79baf..fb2c884a78 100644 --- a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -90,6 +90,10 @@ typedef struct defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) +#if defined(__GNUC__) && __GNUC__>=2 && !defined(PEDANTIC) +# define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; }) +#endif + extern unsigned int OPENSSL_ia32cap_P[2]; #define AESNI_CAPABLE (1<<(57-32)) @@ -167,6 +171,9 @@ static void sha1_update(SHA_CTX *c,const void *data,size_t len) SHA1_Update(c,ptr,res); } +#ifdef SHA1_Update +#undef SHA1_Update +#endif #define SHA1_Update sha1_update static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -184,6 +191,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, sha_off = SHA_CBLOCK-key->md.num; #endif + key->payload_length = NO_PAYLOAD_LENGTH; + if (len%AES_BLOCK_SIZE) return 0; if (ctx->encrypt) { @@ -234,47 +243,211 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, &key->ks,ctx->iv,1); } } else { - unsigned char mac[SHA_DIGEST_LENGTH]; + union { unsigned int u[SHA_DIGEST_LENGTH/sizeof(unsigned int)]; + unsigned char c[32+SHA_DIGEST_LENGTH]; } mac, *pmac; + + /* arrange cache line alignment */ + pmac = (void *)(((size_t)mac.c+31)&((size_t)0-32)); /* decrypt HMAC|padding at once */ aesni_cbc_encrypt(in,out,len, &key->ks,ctx->iv,0); if (plen) { /* "TLS" mode of operation */ - /* figure out payload length */ - if (len<(size_t)(out[len-1]+1+SHA_DIGEST_LENGTH)) - return 0; - - len -= (out[len-1]+1+SHA_DIGEST_LENGTH); + size_t inp_len, mask, j, i; + unsigned int res, maxpad, pad, bitlen; + int ret = 1; + union { unsigned int u[SHA_LBLOCK]; + unsigned char c[SHA_CBLOCK]; } + *data = (void *)key->md.data; if ((key->aux.tls_aad[plen-4]<<8|key->aux.tls_aad[plen-3]) - >= TLS1_1_VERSION) { - len -= AES_BLOCK_SIZE; + >= TLS1_1_VERSION) iv = AES_BLOCK_SIZE; - } - key->aux.tls_aad[plen-2] = len>>8; - key->aux.tls_aad[plen-1] = len; + if (len<(iv+SHA_DIGEST_LENGTH+1)) + return 0; + + /* omit explicit iv */ + out += iv; + len -= iv; + + /* figure out payload length */ + pad = out[len-1]; + maxpad = len-(SHA_DIGEST_LENGTH+1); + maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8); + maxpad &= 255; + + inp_len = len - (SHA_DIGEST_LENGTH+pad+1); + mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1))); + inp_len &= mask; + ret &= (int)mask; + + key->aux.tls_aad[plen-2] = inp_len>>8; + key->aux.tls_aad[plen-1] = inp_len; - /* calculate HMAC and verify it */ + /* calculate HMAC */ key->md = key->head; SHA1_Update(&key->md,key->aux.tls_aad,plen); - SHA1_Update(&key->md,out+iv,len); - SHA1_Final(mac,&key->md); +#if 1 + len -= SHA_DIGEST_LENGTH; /* amend mac */ + if (len>=(256+SHA_CBLOCK)) { + j = (len-(256+SHA_CBLOCK))&(0-SHA_CBLOCK); + j += SHA_CBLOCK-key->md.num; + SHA1_Update(&key->md,out,j); + out += j; + len -= j; + inp_len -= j; + } + + /* but pretend as if we hashed padded payload */ + bitlen = key->md.Nl+(inp_len<<3); /* at most 18 bits */ +#ifdef BSWAP + bitlen = BSWAP(bitlen); +#else + mac.c[0] = 0; + mac.c[1] = (unsigned char)(bitlen>>16); + mac.c[2] = (unsigned char)(bitlen>>8); + mac.c[3] = (unsigned char)bitlen; + bitlen = mac.u[0]; +#endif + + pmac->u[0]=0; + pmac->u[1]=0; + pmac->u[2]=0; + pmac->u[3]=0; + pmac->u[4]=0; + + for (res=key->md.num, j=0;j>(sizeof(j)*8-8); + c &= mask; + c |= 0x80&~mask&~((inp_len-j)>>(sizeof(j)*8-8)); + data->c[res++]=(unsigned char)c; + + if (res!=SHA_CBLOCK) continue; + + /* j is not incremented yet */ + mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1)); + data->u[SHA_LBLOCK-1] |= bitlen&mask; + sha1_block_data_order(&key->md,data,1); + mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1)); + pmac->u[0] |= key->md.h0 & mask; + pmac->u[1] |= key->md.h1 & mask; + pmac->u[2] |= key->md.h2 & mask; + pmac->u[3] |= key->md.h3 & mask; + pmac->u[4] |= key->md.h4 & mask; + res=0; + } + + for(i=res;ic[i]=0; + + if (res>SHA_CBLOCK-8) { + mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1)); + data->u[SHA_LBLOCK-1] |= bitlen&mask; + sha1_block_data_order(&key->md,data,1); + mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1)); + pmac->u[0] |= key->md.h0 & mask; + pmac->u[1] |= key->md.h1 & mask; + pmac->u[2] |= key->md.h2 & mask; + pmac->u[3] |= key->md.h3 & mask; + pmac->u[4] |= key->md.h4 & mask; + + memset(data,0,SHA_CBLOCK); + j+=64; + } + data->u[SHA_LBLOCK-1] = bitlen; + sha1_block_data_order(&key->md,data,1); + mask = 0-((j-inp_len-73)>>(sizeof(j)*8-1)); + pmac->u[0] |= key->md.h0 & mask; + pmac->u[1] |= key->md.h1 & mask; + pmac->u[2] |= key->md.h2 & mask; + pmac->u[3] |= key->md.h3 & mask; + pmac->u[4] |= key->md.h4 & mask; + +#ifdef BSWAP + pmac->u[0] = BSWAP(pmac->u[0]); + pmac->u[1] = BSWAP(pmac->u[1]); + pmac->u[2] = BSWAP(pmac->u[2]); + pmac->u[3] = BSWAP(pmac->u[3]); + pmac->u[4] = BSWAP(pmac->u[4]); +#else + for (i=0;i<5;i++) { + res = pmac->u[i]; + pmac->c[4*i+0]=(unsigned char)(res>>24); + pmac->c[4*i+1]=(unsigned char)(res>>16); + pmac->c[4*i+2]=(unsigned char)(res>>8); + pmac->c[4*i+3]=(unsigned char)res; + } +#endif + len += SHA_DIGEST_LENGTH; +#else + SHA1_Update(&key->md,out,inp_len); + res = key->md.num; + SHA1_Final(pmac->c,&key->md); + + { + unsigned int inp_blocks, pad_blocks; + + /* but pretend as if we hashed padded payload */ + inp_blocks = 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1)); + res += (unsigned int)(len-inp_len); + pad_blocks = res / SHA_CBLOCK; + res %= SHA_CBLOCK; + pad_blocks += 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1)); + for (;inp_blocksmd,data,1); + } +#endif key->md = key->tail; - SHA1_Update(&key->md,mac,SHA_DIGEST_LENGTH); - SHA1_Final(mac,&key->md); + SHA1_Update(&key->md,pmac->c,SHA_DIGEST_LENGTH); + SHA1_Final(pmac->c,&key->md); - if (memcmp(out+iv+len,mac,SHA_DIGEST_LENGTH)) - return 0; + /* verify HMAC */ + out += inp_len; + len -= inp_len; +#if 1 + { + unsigned char *p = out+len-1-maxpad-SHA_DIGEST_LENGTH; + size_t off = out-p; + unsigned int c, cmask; + + maxpad += SHA_DIGEST_LENGTH; + for (res=0,i=0,j=0;j>(sizeof(int)*8-1); + res |= (c^pad)&~cmask; /* ... and padding */ + cmask &= ((int)(off-1-j))>>(sizeof(int)*8-1); + res |= (c^pmac->c[i])&cmask; + i += 1&cmask; + } + maxpad -= SHA_DIGEST_LENGTH; + + res = 0-((0-res)>>(sizeof(res)*8-1)); + ret &= (int)~res; + } +#else + for (res=0,i=0;ic[i]; + res = 0-((0-res)>>(sizeof(res)*8-1)); + ret &= (int)~res; + + /* verify padding */ + pad = (pad&~res) | (maxpad&res); + out = out+len-1-pad; + for (res=0,i=0;i>(sizeof(res)*8-1); + ret &= (int)~res; +#endif + return ret; } else { SHA1_Update(&key->md,out,len); } } - key->payload_length = NO_PAYLOAD_LENGTH; - return 1; } @@ -309,6 +482,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void SHA1_Init(&key->tail); SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key)); + OPENSSL_cleanse(hmac_key,sizeof(hmac_key)); + return 1; } case EVP_CTRL_AEAD_TLS1_AAD: diff --git a/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl b/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl index 867885435e..f11224d172 100755 --- a/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl +++ b/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl @@ -120,7 +120,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; die "can't locate x86_64-xlate.pl"; no warnings qw(uninitialized); -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $code .= < #include #include +#include #include #include -#include #undef c2l #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ diff --git a/src/lib/libssl/src/crypto/modes/Makefile b/src/lib/libssl/src/crypto/modes/Makefile index c825b12f25..3d8bafd571 100644 --- a/src/lib/libssl/src/crypto/modes/Makefile +++ b/src/lib/libssl/src/crypto/modes/Makefile @@ -53,7 +53,10 @@ ghash-x86_64.s: asm/ghash-x86_64.pl ghash-sparcv9.s: asm/ghash-sparcv9.pl $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS) ghash-alpha.s: asm/ghash-alpha.pl - $(PERL) $< | $(CC) -E - | tee $@ > /dev/null + (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \ + $(PERL) asm/ghash-alpha.pl > $$preproc && \ + $(CC) -E $$preproc > $@ && rm $$preproc) + ghash-parisc.s: asm/ghash-parisc.pl $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@ diff --git a/src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl b/src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl index 6358b2750f..aa36029386 100644 --- a/src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl +++ b/src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl @@ -266,8 +266,8 @@ gcm_gmult_4bit: ldq $Xlo,8($Xi) ldq $Xhi,0($Xi) - br $rem_4bit,.Lpic1 -.Lpic1: lda $rem_4bit,rem_4bit-.Lpic1($rem_4bit) + bsr $t0,picmeup + nop ___ &loop(); @@ -341,8 +341,8 @@ gcm_ghash_4bit: ldq $Xhi,0($Xi) ldq $Xlo,8($Xi) - br $rem_4bit,.Lpic2 -.Lpic2: lda $rem_4bit,rem_4bit-.Lpic2($rem_4bit) + bsr $t0,picmeup + nop .Louter: extql $inhi,$inp,$inhi @@ -436,11 +436,20 @@ $code.=<<___; .end gcm_ghash_4bit .align 4 +.ent picmeup +picmeup: + .frame sp,0,$t0 + .prologue 0 + br $rem_4bit,.Lpic +.Lpic: lda $rem_4bit,12($rem_4bit) + ret ($t0) +.end picmeup + nop rem_4bit: - .quad 0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48 - .quad 0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48 - .quad 0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48 - .quad 0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48 + .long 0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16 + .long 0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16 + .long 0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16 + .long 0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16 .ascii "GHASH for Alpha, CRYPTOGAMS by " .align 4 diff --git a/src/lib/libssl/src/crypto/modes/asm/ghash-parisc.pl b/src/lib/libssl/src/crypto/modes/asm/ghash-parisc.pl index 8c7454ee93..d5ad96b403 100644 --- a/src/lib/libssl/src/crypto/modes/asm/ghash-parisc.pl +++ b/src/lib/libssl/src/crypto/modes/asm/ghash-parisc.pl @@ -724,6 +724,7 @@ foreach (split("\n",$code)) { s/cmpb,\*/comb,/; s/,\*/,/; } + s/\bbv\b/bve/ if ($SIZE_T==8); print $_,"\n"; } diff --git a/src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl b/src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl index 6b09669d47..83c727e07f 100644 --- a/src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl +++ b/src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl @@ -635,7 +635,7 @@ sub mmx_loop() { { my @lo = ("mm0","mm1","mm2"); my @hi = ("mm3","mm4","mm5"); my @tmp = ("mm6","mm7"); - my $off1=0,$off2=0,$i; + my ($off1,$off2,$i) = (0,0,); &add ($Htbl,128); # optimize for size &lea ("edi",&DWP(16+128,"esp")); @@ -883,7 +883,7 @@ sub reduction_alg9 { # 17/13 times faster than Intel version my ($Xhi,$Xi) = @_; # 1st phase - &movdqa ($T1,$Xi) # + &movdqa ($T1,$Xi); # &psllq ($Xi,1); &pxor ($Xi,$T1); # &psllq ($Xi,5); # @@ -1019,7 +1019,7 @@ my ($Xhi,$Xi) = @_; &movdqa ($Xhn,$Xn); &pxor ($Xhi,$T1); # "Ii+Xi", consume early - &movdqa ($T1,$Xi) #&reduction_alg9($Xhi,$Xi); 1st phase + &movdqa ($T1,$Xi); #&reduction_alg9($Xhi,$Xi); 1st phase &psllq ($Xi,1); &pxor ($Xi,$T1); # &psllq ($Xi,5); # diff --git a/src/lib/libssl/src/crypto/modes/asm/ghash-x86_64.pl b/src/lib/libssl/src/crypto/modes/asm/ghash-x86_64.pl index a5ae180882..38d779edbc 100644 --- a/src/lib/libssl/src/crypto/modes/asm/ghash-x86_64.pl +++ b/src/lib/libssl/src/crypto/modes/asm/ghash-x86_64.pl @@ -50,7 +50,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; # common register layout $nlo="%rax"; diff --git a/src/lib/libssl/src/crypto/modes/cbc128.c b/src/lib/libssl/src/crypto/modes/cbc128.c index 3d3782cbe1..0e54f75470 100644 --- a/src/lib/libssl/src/crypto/modes/cbc128.c +++ b/src/lib/libssl/src/crypto/modes/cbc128.c @@ -117,7 +117,7 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, unsigned char ivec[16], block128_f block) { size_t n; - union { size_t align; unsigned char c[16]; } tmp; + union { size_t t[16/sizeof(size_t)]; unsigned char c[16]; } tmp; assert(in && out && key && ivec); @@ -137,11 +137,13 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, out += 16; } } - else { + else if (16%sizeof(size_t) == 0) { /* always true */ while (len>=16) { + size_t *out_t=(size_t *)out, *iv_t=(size_t *)iv; + (*block)(in, out, key); - for(n=0; n<16; n+=sizeof(size_t)) - *(size_t *)(out+n) ^= *(size_t *)(iv+n); + for(n=0; n<16/sizeof(size_t); n++) + out_t[n] ^= iv_t[n]; iv = in; len -= 16; in += 16; @@ -165,15 +167,16 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, out += 16; } } - else { - size_t c; + else if (16%sizeof(size_t) == 0) { /* always true */ while (len>=16) { + size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec; + const size_t *in_t=(const size_t *)in; + (*block)(in, tmp.c, key); - for(n=0; n<16; n+=sizeof(size_t)) { - c = *(size_t *)(in+n); - *(size_t *)(out+n) = - *(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n); - *(size_t *)(ivec+n) = c; + for(n=0; n<16/sizeof(size_t); n++) { + c = in_t[n]; + out_t[n] = tmp.t[n] ^ ivec_t[n]; + ivec_t[n] = c; } len -= 16; in += 16; diff --git a/src/lib/libssl/src/crypto/modes/ccm128.c b/src/lib/libssl/src/crypto/modes/ccm128.c index c9b35e5b35..3ce11d0d98 100644 --- a/src/lib/libssl/src/crypto/modes/ccm128.c +++ b/src/lib/libssl/src/crypto/modes/ccm128.c @@ -87,7 +87,7 @@ int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8))); } else - *(u32*)(&ctx->nonce.c[8]) = 0; + ctx->nonce.u[1] = 0; ctx->nonce.c[12] = (u8)(mlen>>24); ctx->nonce.c[13] = (u8)(mlen>>16); diff --git a/src/lib/libssl/src/crypto/modes/cts128.c b/src/lib/libssl/src/crypto/modes/cts128.c index c0e1f3696c..2d583de6f6 100644 --- a/src/lib/libssl/src/crypto/modes/cts128.c +++ b/src/lib/libssl/src/crypto/modes/cts128.c @@ -108,12 +108,8 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, (*cbc)(in,out-16,residue,key,ivec,1); memcpy(out,tmp.c,residue); #else - { - size_t n; - for (n=0; n<16; n+=sizeof(size_t)) - *(size_t *)(tmp.c+n) = 0; + memset(tmp.c,0,sizeof(tmp)); memcpy(tmp.c,in,residue); - } memcpy(out,out-16,residue); (*cbc)(tmp.c,out-16,16,key,ivec,1); #endif @@ -144,12 +140,8 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, #if defined(CBC_HANDLES_TRUNCATED_IO) (*cbc)(in,out-16+residue,residue,key,ivec,1); #else - { - size_t n; - for (n=0; n<16; n+=sizeof(size_t)) - *(size_t *)(tmp.c+n) = 0; + memset(tmp.c,0,sizeof(tmp)); memcpy(tmp.c,in,residue); - } (*cbc)(tmp.c,out-16+residue,16,key,ivec,1); #endif return len+residue; @@ -177,8 +169,7 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out, (*block)(in,tmp.c+16,key); - for (n=0; n<16; n+=sizeof(size_t)) - *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n); + memcpy(tmp.c,tmp.c+16,16); memcpy(tmp.c,in+16,residue); (*block)(tmp.c,tmp.c,key); @@ -220,8 +211,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o (*block)(in+residue,tmp.c+16,key); - for (n=0; n<16; n+=sizeof(size_t)) - *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n); + memcpy(tmp.c,tmp.c+16,16); memcpy(tmp.c,in,residue); (*block)(tmp.c,tmp.c,key); @@ -240,7 +230,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], cbc128_f cbc) -{ size_t residue, n; +{ size_t residue; union { size_t align; unsigned char c[32]; } tmp; assert (in && out && key && ivec); @@ -257,8 +247,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, out += len; } - for (n=16; n<32; n+=sizeof(size_t)) - *(size_t *)(tmp.c+n) = 0; + memset(tmp.c,0,sizeof(tmp)); /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ (*cbc)(in,tmp.c,16,key,tmp.c+16,0); @@ -275,7 +264,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], cbc128_f cbc) -{ size_t residue, n; +{ size_t residue; union { size_t align; unsigned char c[32]; } tmp; assert (in && out && key && ivec); @@ -297,8 +286,7 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, out += len; } - for (n=16; n<32; n+=sizeof(size_t)) - *(size_t *)(tmp.c+n) = 0; + memset(tmp.c,0,sizeof(tmp)); /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ (*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0); diff --git a/src/lib/libssl/src/crypto/modes/gcm128.c b/src/lib/libssl/src/crypto/modes/gcm128.c index 7d6d034970..e1dc2b0f47 100644 --- a/src/lib/libssl/src/crypto/modes/gcm128.c +++ b/src/lib/libssl/src/crypto/modes/gcm128.c @@ -723,7 +723,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) # endif gcm_init_4bit(ctx->Htable,ctx->H.u); # if defined(GHASH_ASM_X86) /* x86 only */ -# if defined(OPENSSL_IA32_SSE2) +# if defined(OPENSSL_IA32_SSE2) if (OPENSSL_ia32cap_P[0]&(1<<25)) { /* check SSE bit */ # else if (OPENSSL_ia32cap_P[0]&(1<<23)) { /* check MMX bit */ @@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) GCM_MUL(ctx,Yi); if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; } @@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -941,15 +953,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j=GHASH_CHUNK; while (j) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; - for (i=0; i<16; i+=sizeof(size_t)) - *(size_t *)(out+i) = - *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i); + for (i=0; i<16/sizeof(size_t); ++i) + out_t[i] = in_t[i] ^ ctx->EKi.t[i]; out += 16; in += 16; j -= 16; @@ -961,15 +979,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j=i; while (len>=16) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; - for (i=0; i<16; i+=sizeof(size_t)) - *(size_t *)(out+i) = - *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i); + for (i=0; i<16/sizeof(size_t); ++i) + out_t[i] = in_t[i] ^ ctx->EKi.t[i]; out += 16; in += 16; len -= 16; @@ -978,16 +1002,22 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, } #else while (len>=16) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; - for (i=0; i<16; i+=sizeof(size_t)) - *(size_t *)(ctx->Xi.c+i) ^= - *(size_t *)(out+i) = - *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i); + for (i=0; i<16/sizeof(size_t); ++i) + ctx->Xi.t[i] ^= + out_t[i] = in_t[i]^ctx->EKi.t[i]; GCM_MUL(ctx,Xi); out += 16; in += 16; @@ -998,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1016,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -1060,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1091,15 +1133,21 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, GHASH(ctx,in,GHASH_CHUNK); while (j) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; - for (i=0; i<16; i+=sizeof(size_t)) - *(size_t *)(out+i) = - *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i); + for (i=0; i<16/sizeof(size_t); ++i) + out_t[i] = in_t[i]^ctx->EKi.t[i]; out += 16; in += 16; j -= 16; @@ -1109,15 +1157,21 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if ((i = (len&(size_t)-16))) { GHASH(ctx,in,i); while (len>=16) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; - for (i=0; i<16; i+=sizeof(size_t)) - *(size_t *)(out+i) = - *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i); + for (i=0; i<16/sizeof(size_t); ++i) + out_t[i] = in_t[i]^ctx->EKi.t[i]; out += 16; in += 16; len -= 16; @@ -1125,16 +1179,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, } #else while (len>=16) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; - for (i=0; i<16; i+=sizeof(size_t)) { - size_t c = *(size_t *)(in+i); - *(size_t *)(out+i) = c^*(size_t *)(ctx->EKi.c+i); - *(size_t *)(ctx->Xi.c+i) ^= c; + for (i=0; i<16/sizeof(size_t); ++i) { + size_t c = in[i]; + out[i] = c^ctx->EKi.t[i]; + ctx->Xi.t[i] ^= c; } GCM_MUL(ctx,Xi); out += 16; @@ -1146,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1167,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -1212,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1234,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); ctr += GHASH_CHUNK/16; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; GHASH(ctx,out,GHASH_CHUNK); @@ -1249,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, (*stream)(in,out,j,key,ctx->Yi.c); ctr += (unsigned int)j; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; in += i; @@ -1269,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1311,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1336,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); ctr += GHASH_CHUNK/16; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; out += GHASH_CHUNK; @@ -1362,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, (*stream)(in,out,j,key,ctx->Yi.c); ctr += (unsigned int)j; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; out += i; @@ -1373,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1398,7 +1499,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; #endif - if (ctx->mres) + if (ctx->mres || ctx->ares) GCM_MUL(ctx,Xi); if (is_endian.little) { @@ -1669,6 +1770,46 @@ static const u8 IV18[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0 0xa2,0x41,0x89,0x97,0x20,0x0e,0xf8,0x2e,0x44,0xae,0x7e,0x3f}, T18[]= {0xa4,0x4a,0x82,0x66,0xee,0x1c,0x8e,0xb0,0xc8,0xb5,0xd4,0xcf,0x5a,0xe9,0xf1,0x9a}; +/* Test Case 19 */ +#define K19 K1 +#define P19 P1 +#define IV19 IV1 +#define C19 C1 +static const u8 A19[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a, + 0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72, + 0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25, + 0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55, + 0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d, + 0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa, + 0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38, + 0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62,0x89,0x80,0x15,0xad}, + T19[]= {0x5f,0xea,0x79,0x3a,0x2d,0x6f,0x97,0x4d,0x37,0xe6,0x8e,0x0c,0xb8,0xff,0x94,0x92}; + +/* Test Case 20 */ +#define K20 K1 +#define A20 A1 +static const u8 IV20[64]={0xff,0xff,0xff,0xff}, /* this results in 0xff in counter LSB */ + P20[288], + C20[]= {0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,0x2b,0x64,0xfe,0x1e,0x9a,0x17,0xb6,0x14, + 0x25,0xf1,0x0d,0x47,0xa7,0x5a,0x5f,0xce,0x13,0xef,0xc6,0xbc,0x78,0x4a,0xf2,0x4f, + 0x41,0x41,0xbd,0xd4,0x8c,0xf7,0xc7,0x70,0x88,0x7a,0xfd,0x57,0x3c,0xca,0x54,0x18, + 0xa9,0xae,0xff,0xcd,0x7c,0x5c,0xed,0xdf,0xc6,0xa7,0x83,0x97,0xb9,0xa8,0x5b,0x49, + 0x9d,0xa5,0x58,0x25,0x72,0x67,0xca,0xab,0x2a,0xd0,0xb2,0x3c,0xa4,0x76,0xa5,0x3c, + 0xb1,0x7f,0xb4,0x1c,0x4b,0x8b,0x47,0x5c,0xb4,0xf3,0xf7,0x16,0x50,0x94,0xc2,0x29, + 0xc9,0xe8,0xc4,0xdc,0x0a,0x2a,0x5f,0xf1,0x90,0x3e,0x50,0x15,0x11,0x22,0x13,0x76, + 0xa1,0xcd,0xb8,0x36,0x4c,0x50,0x61,0xa2,0x0c,0xae,0x74,0xbc,0x4a,0xcd,0x76,0xce, + 0xb0,0xab,0xc9,0xfd,0x32,0x17,0xef,0x9f,0x8c,0x90,0xbe,0x40,0x2d,0xdf,0x6d,0x86, + 0x97,0xf4,0xf8,0x80,0xdf,0xf1,0x5b,0xfb,0x7a,0x6b,0x28,0x24,0x1e,0xc8,0xfe,0x18, + 0x3c,0x2d,0x59,0xe3,0xf9,0xdf,0xff,0x65,0x3c,0x71,0x26,0xf0,0xac,0xb9,0xe6,0x42, + 0x11,0xf4,0x2b,0xae,0x12,0xaf,0x46,0x2b,0x10,0x70,0xbe,0xf1,0xab,0x5e,0x36,0x06, + 0x87,0x2c,0xa1,0x0d,0xee,0x15,0xb3,0x24,0x9b,0x1a,0x1b,0x95,0x8f,0x23,0x13,0x4c, + 0x4b,0xcc,0xb7,0xd0,0x32,0x00,0xbc,0xe4,0x20,0xa2,0xf8,0xeb,0x66,0xdc,0xf3,0x64, + 0x4d,0x14,0x23,0xc1,0xb5,0x69,0x90,0x03,0xc1,0x3e,0xce,0xf4,0xbf,0x38,0xa3,0xb6, + 0x0e,0xed,0xc3,0x40,0x33,0xba,0xc1,0x90,0x27,0x83,0xdc,0x6d,0x89,0xe2,0xe7,0x74, + 0x18,0x8a,0x43,0x9c,0x7e,0xbc,0xc0,0x67,0x2d,0xbd,0xa4,0xdd,0xcf,0xb2,0x79,0x46, + 0x13,0xb0,0xbe,0x41,0x31,0x5e,0xf7,0x78,0x70,0x8a,0x70,0xee,0x7d,0x75,0x16,0x5c}, + T20[]= {0x8b,0x30,0x7f,0x6b,0x33,0x28,0x6d,0x0a,0xb0,0x26,0xa9,0xed,0x3f,0xe1,0xe8,0x5f}; + #define TEST_CASE(n) do { \ u8 out[sizeof(P##n)]; \ AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key); \ @@ -1713,6 +1854,8 @@ int main() TEST_CASE(16); TEST_CASE(17); TEST_CASE(18); + TEST_CASE(19); + TEST_CASE(20); #ifdef OPENSSL_CPUID_OBJ { @@ -1743,11 +1886,16 @@ int main() ctr_t/(double)sizeof(buf), (gcm_t-ctr_t)/(double)sizeof(buf)); #ifdef GHASH - GHASH(&ctx,buf.c,sizeof(buf)); + { + void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16], + const u8 *inp,size_t len) = ctx.ghash; + + GHASH((&ctx),buf.c,sizeof(buf)); start = OPENSSL_rdtsc(); - for (i=0;i<100;++i) GHASH(&ctx,buf.c,sizeof(buf)); + for (i=0;i<100;++i) GHASH((&ctx),buf.c,sizeof(buf)); gcm_t = OPENSSL_rdtsc() - start; printf("%.2f\n",gcm_t/(double)sizeof(buf)/(double)i); + } #endif } #endif diff --git a/src/lib/libssl/src/crypto/modes/modes_lcl.h b/src/lib/libssl/src/crypto/modes/modes_lcl.h index b6dc3c336f..9d83e12844 100644 --- a/src/lib/libssl/src/crypto/modes/modes_lcl.h +++ b/src/lib/libssl/src/crypto/modes/modes_lcl.h @@ -29,10 +29,7 @@ typedef unsigned char u8; #if defined(__i386) || defined(__i386__) || \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ - ( (defined(__arm__) || defined(__arm)) && \ - (defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)) ) + defined(__s390__) || defined(__s390x__) # undef STRICT_ALIGNMENT #endif @@ -101,8 +98,8 @@ typedef struct { u64 hi,lo; } u128; struct gcm128_context { /* Following 6 names follow names in GCM specification */ - union { u64 u[2]; u32 d[4]; u8 c[16]; } Yi,EKi,EK0,len, - Xi,H; + union { u64 u[2]; u32 d[4]; u8 c[16]; size_t t[16/sizeof(size_t)]; } + Yi,EKi,EK0,len,Xi,H; /* Relative position of Xi, H and pre-computed Htable is used * in some assembler modules, i.e. don't change the order! */ #if TABLE_BITS==8 diff --git a/src/lib/libssl/src/crypto/pariscid.pl b/src/lib/libssl/src/crypto/pariscid.pl index 477ec9b87d..bfc56fdc7f 100644 --- a/src/lib/libssl/src/crypto/pariscid.pl +++ b/src/lib/libssl/src/crypto/pariscid.pl @@ -97,33 +97,33 @@ OPENSSL_cleanse .PROC .CALLINFO NO_CALLS .ENTRY - cmpib,*= 0,$len,Ldone + cmpib,*= 0,$len,L\$done nop - cmpib,*>>= 15,$len,Little + cmpib,*>>= 15,$len,L\$ittle ldi $SIZE_T-1,%r1 -Lalign +L\$align and,*<> $inp,%r1,%r28 - b,n Laligned + b,n L\$aligned stb %r0,0($inp) ldo -1($len),$len - b Lalign + b L\$align ldo 1($inp),$inp -Laligned +L\$aligned andcm $len,%r1,%r28 -Lot +L\$ot $ST %r0,0($inp) - addib,*<> -$SIZE_T,%r28,Lot + addib,*<> -$SIZE_T,%r28,L\$ot ldo $SIZE_T($inp),$inp and,*<> $len,%r1,$len - b,n Ldone -Little + b,n L\$done +L\$ittle stb %r0,0($inp) - addib,*<> -1,$len,Little + addib,*<> -1,$len,L\$ittle ldo 1($inp),$inp -Ldone +L\$done bv ($rp) .EXIT nop @@ -151,7 +151,7 @@ OPENSSL_instrument_bus ldw 0($out),$tick add $diff,$tick,$tick stw $tick,0($out) -Loop +L\$oop mfctl %cr16,$tick sub $tick,$lasttick,$diff copy $tick,$lasttick @@ -161,7 +161,7 @@ Loop add $diff,$tick,$tick stw $tick,0($out) - addib,<> -1,$cnt,Loop + addib,<> -1,$cnt,L\$oop addi 4,$out,$out bv ($rp) @@ -190,14 +190,14 @@ OPENSSL_instrument_bus2 mfctl %cr16,$tick sub $tick,$lasttick,$diff copy $tick,$lasttick -Loop2 +L\$oop2 copy $diff,$lastdiff fdc 0($out) ldw 0($out),$tick add $diff,$tick,$tick stw $tick,0($out) - addib,= -1,$max,Ldone2 + addib,= -1,$max,L\$done2 nop mfctl %cr16,$tick @@ -208,17 +208,18 @@ Loop2 ldi 1,%r1 xor %r1,$tick,$tick - addb,<> $tick,$cnt,Loop2 + addb,<> $tick,$cnt,L\$oop2 shladd,l $tick,2,$out,$out -Ldone2 +L\$done2 bv ($rp) .EXIT add $rv,$cnt,$rv .PROCEND ___ } -$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); -$code =~ s/,\*/,/gm if ($SIZE_T==4); +$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); +$code =~ s/,\*/,/gm if ($SIZE_T==4); +$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); print $code; close STDOUT; diff --git a/src/lib/libssl/src/crypto/perlasm/x86masm.pl b/src/lib/libssl/src/crypto/perlasm/x86masm.pl index 96b1b73e1a..f937d07c87 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86masm.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86masm.pl @@ -33,6 +33,7 @@ sub ::generic sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } sub ::call_ptr { &::emit("call",@_); } sub ::jmp_ptr { &::emit("jmp",@_); } +sub ::lock { &::data_byte(0xf0); } sub get_mem { my($size,$addr,$reg1,$reg2,$idx)=@_; diff --git a/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c b/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c index c8d06d6cdc..0fd31e730f 100644 --- a/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c +++ b/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c @@ -56,7 +56,7 @@ #include #include -#ifndef OPENSSL_SYSNAME_NETWARE +#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS) #include #endif #include diff --git a/src/lib/libssl/src/crypto/ppccap.c b/src/lib/libssl/src/crypto/ppccap.c index ab89ccaa12..f71ba66aa3 100644 --- a/src/lib/libssl/src/crypto/ppccap.c +++ b/src/lib/libssl/src/crypto/ppccap.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include @@ -53,6 +54,7 @@ static sigjmp_buf ill_jmp; static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } void OPENSSL_ppc64_probe(void); +void OPENSSL_altivec_probe(void); void OPENSSL_cpuid_setup(void) { @@ -82,6 +84,15 @@ void OPENSSL_cpuid_setup(void) OPENSSL_ppccap_P = 0; +#if defined(_AIX) + if (sizeof(size_t)==4 +# if defined(_SC_AIX_KERNEL_BITMODE) + && sysconf(_SC_AIX_KERNEL_BITMODE)!=64 +# endif + ) + return; +#endif + memset(&ill_act,0,sizeof(ill_act)); ill_act.sa_handler = ill_handler; ill_act.sa_mask = all_masked; diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl index 7f684092d4..272fa91e1a 100644 --- a/src/lib/libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl +++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl @@ -51,7 +51,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs); diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl index 9165067080..ad7e65651c 100644 --- a/src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl +++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl @@ -307,7 +307,8 @@ L\$opts .STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by " ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); +$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); +$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); print $code; close STDOUT; diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl index d6eac205e9..75750dbf33 100755 --- a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl +++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl @@ -112,7 +112,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $dat="%rdi"; # arg1 $len="%rsi"; # arg2 diff --git a/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl b/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl index edff1d1e64..61ac6effc6 100644 --- a/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl +++ b/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; require "cbc.pl"; diff --git a/src/lib/libssl/src/crypto/rc5/rc5_ecb.c b/src/lib/libssl/src/crypto/rc5/rc5_ecb.c new file mode 100644 index 0000000000..e72b535507 --- /dev/null +++ b/src/lib/libssl/src/crypto/rc5/rc5_ecb.c @@ -0,0 +1,80 @@ +/* crypto/rc5/rc5_ecb.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rc5_locl.h" +#include + +const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT; + +void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC5_32_KEY *ks, int encrypt) + { + unsigned long l,d[2]; + + c2l(in,l); d[0]=l; + c2l(in,l); d[1]=l; + if (encrypt) + RC5_32_encrypt(d,ks); + else + RC5_32_decrypt(d,ks); + l=d[0]; l2c(l,out); + l=d[1]; l2c(l,out); + l=d[0]=d[1]=0; + } + diff --git a/src/lib/libssl/src/crypto/rc5/rc5_enc.c b/src/lib/libssl/src/crypto/rc5/rc5_enc.c new file mode 100644 index 0000000000..f327d32a76 --- /dev/null +++ b/src/lib/libssl/src/crypto/rc5/rc5_enc.c @@ -0,0 +1,215 @@ +/* crypto/rc5/rc5_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "rc5_locl.h" + +void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *ks, unsigned char *iv, + int encrypt) + { + register unsigned long tin0,tin1; + register unsigned long tout0,tout1,xor0,xor1; + register long l=length; + unsigned long tin[2]; + + if (encrypt) + { + c2l(iv,tout0); + c2l(iv,tout1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + c2l(in,tin0); + c2l(in,tin1); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + RC5_32_encrypt(tin,ks); + tout0=tin[0]; l2c(tout0,out); + tout1=tin[1]; l2c(tout1,out); + } + if (l != -8) + { + c2ln(in,tin0,tin1,l+8); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + RC5_32_encrypt(tin,ks); + tout0=tin[0]; l2c(tout0,out); + tout1=tin[1]; l2c(tout1,out); + } + l2c(tout0,iv); + l2c(tout1,iv); + } + else + { + c2l(iv,xor0); + c2l(iv,xor1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + c2l(in,tin0); tin[0]=tin0; + c2l(in,tin1); tin[1]=tin1; + RC5_32_decrypt(tin,ks); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2c(tout0,out); + l2c(tout1,out); + xor0=tin0; + xor1=tin1; + } + if (l != -8) + { + c2l(in,tin0); tin[0]=tin0; + c2l(in,tin1); tin[1]=tin1; + RC5_32_decrypt(tin,ks); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2cn(tout0,tout1,out,l+8); + xor0=tin0; + xor1=tin1; + } + l2c(xor0,iv); + l2c(xor1,iv); + } + tin0=tin1=tout0=tout1=xor0=xor1=0; + tin[0]=tin[1]=0; + } + +void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key) + { + RC5_32_INT a,b,*s; + + s=key->data; + + a=d[0]+s[0]; + b=d[1]+s[1]; + E_RC5_32(a,b,s, 2); + E_RC5_32(a,b,s, 4); + E_RC5_32(a,b,s, 6); + E_RC5_32(a,b,s, 8); + E_RC5_32(a,b,s,10); + E_RC5_32(a,b,s,12); + E_RC5_32(a,b,s,14); + E_RC5_32(a,b,s,16); + if (key->rounds == 12) + { + E_RC5_32(a,b,s,18); + E_RC5_32(a,b,s,20); + E_RC5_32(a,b,s,22); + E_RC5_32(a,b,s,24); + } + else if (key->rounds == 16) + { + /* Do a full expansion to avoid a jump */ + E_RC5_32(a,b,s,18); + E_RC5_32(a,b,s,20); + E_RC5_32(a,b,s,22); + E_RC5_32(a,b,s,24); + E_RC5_32(a,b,s,26); + E_RC5_32(a,b,s,28); + E_RC5_32(a,b,s,30); + E_RC5_32(a,b,s,32); + } + d[0]=a; + d[1]=b; + } + +void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key) + { + RC5_32_INT a,b,*s; + + s=key->data; + + a=d[0]; + b=d[1]; + if (key->rounds == 16) + { + D_RC5_32(a,b,s,32); + D_RC5_32(a,b,s,30); + D_RC5_32(a,b,s,28); + D_RC5_32(a,b,s,26); + /* Do a full expansion to avoid a jump */ + D_RC5_32(a,b,s,24); + D_RC5_32(a,b,s,22); + D_RC5_32(a,b,s,20); + D_RC5_32(a,b,s,18); + } + else if (key->rounds == 12) + { + D_RC5_32(a,b,s,24); + D_RC5_32(a,b,s,22); + D_RC5_32(a,b,s,20); + D_RC5_32(a,b,s,18); + } + D_RC5_32(a,b,s,16); + D_RC5_32(a,b,s,14); + D_RC5_32(a,b,s,12); + D_RC5_32(a,b,s,10); + D_RC5_32(a,b,s, 8); + D_RC5_32(a,b,s, 6); + D_RC5_32(a,b,s, 4); + D_RC5_32(a,b,s, 2); + d[0]=a-s[0]; + d[1]=b-s[1]; + } + diff --git a/src/lib/libssl/src/crypto/rc5/rc5_skey.c b/src/lib/libssl/src/crypto/rc5/rc5_skey.c new file mode 100644 index 0000000000..a2e00a41c5 --- /dev/null +++ b/src/lib/libssl/src/crypto/rc5/rc5_skey.c @@ -0,0 +1,113 @@ +/* crypto/rc5/rc5_skey.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rc5_locl.h" + +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds) + { + RC5_32_INT L[64],l,ll,A,B,*S,k; + int i,j,m,c,t,ii,jj; + + if ( (rounds != RC5_16_ROUNDS) && + (rounds != RC5_12_ROUNDS) && + (rounds != RC5_8_ROUNDS)) + rounds=RC5_16_ROUNDS; + + key->rounds=rounds; + S= &(key->data[0]); + j=0; + for (i=0; i<=(len-8); i+=8) + { + c2l(data,l); + L[j++]=l; + c2l(data,l); + L[j++]=l; + } + ii=len-i; + if (ii) + { + k=len&0x07; + c2ln(data,l,ll,k); + L[j+0]=l; + L[j+1]=ll; + } + + c=(len+3)/4; + t=(rounds+1)*2; + S[0]=RC5_32_P; + for (i=1; ic)?t:c; + j*=3; + ii=jj=0; + A=B=0; + for (i=0; i= t) ii=0; + if (++jj >= c) jj=0; + } + } + diff --git a/src/lib/libssl/src/crypto/rc5/rc5cfb64.c b/src/lib/libssl/src/crypto/rc5/rc5cfb64.c new file mode 100644 index 0000000000..3a8b60bc7a --- /dev/null +++ b/src/lib/libssl/src/crypto/rc5/rc5cfb64.c @@ -0,0 +1,122 @@ +/* crypto/rc5/rc5cfb64.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rc5_locl.h" + +/* The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int encrypt) + { + register unsigned long v0,v1,t; + register int n= *num; + register long l=length; + unsigned long ti[2]; + unsigned char *iv,c,cc; + + iv=(unsigned char *)ivec; + if (encrypt) + { + while (l--) + { + if (n == 0) + { + c2l(iv,v0); ti[0]=v0; + c2l(iv,v1); ti[1]=v1; + RC5_32_encrypt((unsigned long *)ti,schedule); + iv=(unsigned char *)ivec; + t=ti[0]; l2c(t,iv); + t=ti[1]; l2c(t,iv); + iv=(unsigned char *)ivec; + } + c= *(in++)^iv[n]; + *(out++)=c; + iv[n]=c; + n=(n+1)&0x07; + } + } + else + { + while (l--) + { + if (n == 0) + { + c2l(iv,v0); ti[0]=v0; + c2l(iv,v1); ti[1]=v1; + RC5_32_encrypt((unsigned long *)ti,schedule); + iv=(unsigned char *)ivec; + t=ti[0]; l2c(t,iv); + t=ti[1]; l2c(t,iv); + iv=(unsigned char *)ivec; + } + cc= *(in++); + c=iv[n]; + iv[n]=cc; + *(out++)=c^cc; + n=(n+1)&0x07; + } + } + v0=v1=ti[0]=ti[1]=t=c=cc=0; + *num=n; + } + diff --git a/src/lib/libssl/src/crypto/rc5/rc5ofb64.c b/src/lib/libssl/src/crypto/rc5/rc5ofb64.c new file mode 100644 index 0000000000..d412215f3c --- /dev/null +++ b/src/lib/libssl/src/crypto/rc5/rc5ofb64.c @@ -0,0 +1,111 @@ +/* crypto/rc5/rc5ofb64.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "rc5_locl.h" + +/* The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num) + { + register unsigned long v0,v1,t; + register int n= *num; + register long l=length; + unsigned char d[8]; + register char *dp; + unsigned long ti[2]; + unsigned char *iv; + int save=0; + + iv=(unsigned char *)ivec; + c2l(iv,v0); + c2l(iv,v1); + ti[0]=v0; + ti[1]=v1; + dp=(char *)d; + l2c(v0,dp); + l2c(v1,dp); + while (l--) + { + if (n == 0) + { + RC5_32_encrypt((unsigned long *)ti,schedule); + dp=(char *)d; + t=ti[0]; l2c(t,dp); + t=ti[1]; l2c(t,dp); + save++; + } + *(out++)= *(in++)^d[n]; + n=(n+1)&0x07; + } + if (save) + { + v0=ti[0]; + v1=ti[1]; + iv=(unsigned char *)ivec; + l2c(v0,iv); + l2c(v1,iv); + } + t=v0=v1=ti[0]=ti[1]=0; + *num=n; + } + diff --git a/src/lib/libssl/src/crypto/rc5/rc5speed.c b/src/lib/libssl/src/crypto/rc5/rc5speed.c new file mode 100644 index 0000000000..8e363be535 --- /dev/null +++ b/src/lib/libssl/src/crypto/rc5/rc5speed.c @@ -0,0 +1,277 @@ +/* crypto/rc5/rc5speed.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ +/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ + +#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) +#define TIMES +#endif + +#include + +#include +#include OPENSSL_UNISTD_IO +OPENSSL_DECLARE_EXIT + +#ifndef OPENSSL_SYS_NETWARE +#include +#endif + +#ifndef _IRIX +#include +#endif +#ifdef TIMES +#include +#include +#endif + +/* Depending on the VMS version, the tms structure is perhaps defined. + The __TMS macro will show if it was. If it wasn't defined, we should + undefine TIMES, since that tells the rest of the program how things + should be handled. -- Richard Levitte */ +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) +#undef TIMES +#endif + +#ifndef TIMES +#include +#endif + +#if defined(sun) || defined(__ultrix) +#define _POSIX_SOURCE +#include +#include +#endif + +#include + +/* The following if from times(3) man page. It may need to be changed */ +#ifndef HZ +#ifndef CLK_TCK +#define HZ 100.0 +#else /* CLK_TCK */ +#define HZ ((double)CLK_TCK) +#endif +#endif + +#define BUFSIZE ((long)1024) +long run=0; + +double Time_F(int s); +#ifdef SIGALRM +#if defined(__STDC__) || defined(sgi) || defined(_AIX) +#define SIGRETTYPE void +#else +#define SIGRETTYPE int +#endif + +SIGRETTYPE sig_done(int sig); +SIGRETTYPE sig_done(int sig) + { + signal(SIGALRM,sig_done); + run=0; +#ifdef LINT + sig=sig; +#endif + } +#endif + +#define START 0 +#define STOP 1 + +double Time_F(int s) + { + double ret; +#ifdef TIMES + static struct tms tstart,tend; + + if (s == START) + { + times(&tstart); + return(0); + } + else + { + times(&tend); + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + return((ret == 0.0)?1e-6:ret); + } +#else /* !times() */ + static struct timeb tstart,tend; + long i; + + if (s == START) + { + ftime(&tstart); + return(0); + } + else + { + ftime(&tend); + i=(long)tend.millitm-(long)tstart.millitm; + ret=((double)(tend.time-tstart.time))+((double)i)/1e3; + return((ret == 0.0)?1e-6:ret); + } +#endif + } + +int main(int argc, char **argv) + { + long count; + static unsigned char buf[BUFSIZE]; + static unsigned char key[] ={ + 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + }; + RC5_32_KEY sch; + double a,b,c,d; +#ifndef SIGALRM + long ca,cb,cc; +#endif + +#ifndef TIMES + printf("To get the most accurate results, try to run this\n"); + printf("program when this computer is idle.\n"); +#endif + +#ifndef SIGALRM + printf("First we calculate the approximate speed ...\n"); + RC5_32_set_key(&sch,16,key,12); + count=10; + do { + long i; + unsigned long data[2]; + + count*=2; + Time_F(START); + for (i=count; i; i--) + RC5_32_encrypt(data,&sch); + d=Time_F(STOP); + } while (d < 3.0); + ca=count/512; + cb=count; + cc=count*8/BUFSIZE+1; + printf("Doing RC5_32_set_key %ld times\n",ca); +#define COND(d) (count != (d)) +#define COUNT(d) (d) +#else +#define COND(c) (run) +#define COUNT(d) (count) + signal(SIGALRM,sig_done); + printf("Doing RC5_32_set_key for 10 seconds\n"); + alarm(10); +#endif + + Time_F(START); + for (count=0,run=1; COND(ca); count+=4) + { + RC5_32_set_key(&sch,16,key,12); + RC5_32_set_key(&sch,16,key,12); + RC5_32_set_key(&sch,16,key,12); + RC5_32_set_key(&sch,16,key,12); + } + d=Time_F(STOP); + printf("%ld RC5_32_set_key's in %.2f seconds\n",count,d); + a=((double)COUNT(ca))/d; + +#ifdef SIGALRM + printf("Doing RC5_32_encrypt's for 10 seconds\n"); + alarm(10); +#else + printf("Doing RC5_32_encrypt %ld times\n",cb); +#endif + Time_F(START); + for (count=0,run=1; COND(cb); count+=4) + { + unsigned long data[2]; + + RC5_32_encrypt(data,&sch); + RC5_32_encrypt(data,&sch); + RC5_32_encrypt(data,&sch); + RC5_32_encrypt(data,&sch); + } + d=Time_F(STOP); + printf("%ld RC5_32_encrypt's in %.2f second\n",count,d); + b=((double)COUNT(cb)*8)/d; + +#ifdef SIGALRM + printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n", + BUFSIZE); + alarm(10); +#else + printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n",cc, + BUFSIZE); +#endif + Time_F(START); + for (count=0,run=1; COND(cc); count++) + RC5_32_cbc_encrypt(buf,buf,BUFSIZE,&sch, + &(key[0]),RC5_ENCRYPT); + d=Time_F(STOP); + printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n", + count,BUFSIZE,d); + c=((double)COUNT(cc)*BUFSIZE)/d; + + printf("RC5_32/12/16 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a); + printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b); + printf("RC5_32/12/16 cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); + exit(0); +#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) + return(0); +#endif + } diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c index 2460910ab2..5a2062f903 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c @@ -351,27 +351,27 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, if (!BIO_indent(bp, indent, 128)) goto err; - if (BIO_puts(bp, "Salt Length: ") <= 0) + if (BIO_puts(bp, "Salt Length: 0x") <= 0) goto err; if (pss->saltLength) { if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) goto err; } - else if (BIO_puts(bp, "20 (default)") <= 0) + else if (BIO_puts(bp, "0x14 (default)") <= 0) goto err; BIO_puts(bp, "\n"); if (!BIO_indent(bp, indent, 128)) goto err; - if (BIO_puts(bp, "Trailer Field: ") <= 0) + if (BIO_puts(bp, "Trailer Field: 0x") <= 0) goto err; if (pss->trailerField) { if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) goto err; } - else if (BIO_puts(bp, "0xbc (default)") <= 0) + else if (BIO_puts(bp, "BC (default)") <= 0) goto err; BIO_puts(bp, "\n"); diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c index 5b2ecf56ad..157aa5c41d 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c @@ -611,6 +611,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, pm = RSA_NO_PADDING; else if (!strcmp(value, "oeap")) pm = RSA_PKCS1_OAEP_PADDING; + else if (!strcmp(value, "oaep")) + pm = RSA_PKCS1_OAEP_PADDING; else if (!strcmp(value, "x931")) pm = RSA_X931_PADDING; else if (!strcmp(value, "pss")) diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl index fe8207f77f..33da3e0e3c 100644 --- a/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl @@ -177,6 +177,7 @@ for($i=0;$i<5;$i++) { $code.=<<___; teq $Xi,sp bne .L_00_15 @ [((11+4)*5+2)*3] + sub sp,sp,#25*4 ___ &BODY_00_15(@V); unshift(@V,pop(@V)); &BODY_16_19(@V); unshift(@V,pop(@V)); @@ -186,7 +187,6 @@ ___ $code.=<<___; ldr $K,.LK_20_39 @ [+15+16*4] - sub sp,sp,#25*4 cmn sp,#0 @ [+3], clear carry to denote 20_39 .L_20_39_or_60_79: ___ diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl index 6d7bf495b2..6e5a328a6f 100644 --- a/src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl @@ -254,6 +254,7 @@ $code.=<<___; ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/,\*/,/gm if ($SIZE_T==4); +$code =~ s/,\*/,/gm if ($SIZE_T==4); +$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); print $code; close STDOUT; diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl index 85e8d68086..e65291bbd9 100644 --- a/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl @@ -549,7 +549,7 @@ ___ # programmer detect if current CPU is VIS capable at run-time. sub unvis { my ($mnemonic,$rs1,$rs2,$rd)=@_; -my $ref,$opf; +my ($ref,$opf); my %visopf = ( "fmul8ulx16" => 0x037, "faligndata" => 0x048, "fpadd32" => 0x052, diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl index f27c1e3fb0..f15c7ec39b 100755 --- a/src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl @@ -82,7 +82,8 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && `ml64 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $ctx="%rdi"; # 1st arg $inp="%rsi"; # 2nd arg @@ -744,7 +745,7 @@ $code.=<<___; mov %rdi,$ctx # reassigned argument mov %rsi,$inp # reassigned argument mov %rdx,$num # reassigned argument - vzeroall + vzeroupper shl \$6,$num add $inp,$num @@ -1037,7 +1038,7 @@ ___ &Xtail_avx(\&body_20_39); $code.=<<___; - vzeroall + vzeroupper add 0($ctx),$A # update context add 4($ctx),@T[0] diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-586.pl index 5b9f3337ad..7eab6a5b88 100644 --- a/src/lib/libssl/src/crypto/sha/asm/sha512-586.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha512-586.pl @@ -142,9 +142,9 @@ sub BODY_00_15_x86 { &mov ("edx",$Ehi); &mov ("esi","ecx"); - &shr ("ecx",9) # lo>>9 + &shr ("ecx",9); # lo>>9 &mov ("edi","edx"); - &shr ("edx",9) # hi>>9 + &shr ("edx",9); # hi>>9 &mov ("ebx","ecx"); &shl ("esi",14); # lo<<14 &mov ("eax","edx"); @@ -207,9 +207,9 @@ sub BODY_00_15_x86 { &mov ($Dhi,"ebx"); &mov ("esi","ecx"); - &shr ("ecx",2) # lo>>2 + &shr ("ecx",2); # lo>>2 &mov ("edi","edx"); - &shr ("edx",2) # hi>>2 + &shr ("edx",2); # hi>>2 &mov ("ebx","ecx"); &shl ("esi",4); # lo<<4 &mov ("eax","edx"); @@ -452,9 +452,9 @@ if ($sse2) { &mov ("edx",&DWP(8*(9+15+16-1)+4,"esp")); &mov ("esi","ecx"); - &shr ("ecx",1) # lo>>1 + &shr ("ecx",1); # lo>>1 &mov ("edi","edx"); - &shr ("edx",1) # hi>>1 + &shr ("edx",1); # hi>>1 &mov ("eax","ecx"); &shl ("esi",24); # lo<<24 &mov ("ebx","edx"); @@ -488,9 +488,9 @@ if ($sse2) { &mov ("edx",&DWP(8*(9+15+16-14)+4,"esp")); &mov ("esi","ecx"); - &shr ("ecx",6) # lo>>6 + &shr ("ecx",6); # lo>>6 &mov ("edi","edx"); - &shr ("edx",6) # hi>>6 + &shr ("edx",6); # hi>>6 &mov ("eax","ecx"); &shl ("esi",3); # lo<<3 &mov ("ebx","edx"); diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl index ba5b250890..ffa053bb7d 100644 --- a/src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl @@ -351,7 +351,7 @@ $code.=<<___; $ST $G,6*$SZ($ctx) $ST $H,7*$SZ($ctx) - bnel $inp,@X[15],.Loop + bne $inp,@X[15],.Loop $PTR_SUB $Ktbl,`($rounds-16)*$SZ` # rewind $Ktbl $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl index e24ee58ae9..fc0e15b3c0 100755 --- a/src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl @@ -785,6 +785,8 @@ foreach (split("\n",$code)) { s/cmpb,\*/comb,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); + print $_,"\n"; } diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl index f611a2d898..8d51678557 100755 --- a/src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl @@ -51,7 +51,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; if ($output =~ /512/) { $func="sha512_block_data_order"; diff --git a/src/lib/libssl/src/crypto/sha/sha256.c b/src/lib/libssl/src/crypto/sha/sha256.c index f88d3d6dad..4eae074849 100644 --- a/src/lib/libssl/src/crypto/sha/sha256.c +++ b/src/lib/libssl/src/crypto/sha/sha256.c @@ -88,17 +88,17 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) switch ((c)->md_len) \ { case SHA224_DIGEST_LENGTH: \ for (nn=0;nnh[nn]; HOST_l2c(ll,(s)); } \ + { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ break; \ case SHA256_DIGEST_LENGTH: \ for (nn=0;nnh[nn]; HOST_l2c(ll,(s)); } \ + { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ break; \ default: \ if ((c)->md_len > SHA256_DIGEST_LENGTH) \ return 0; \ for (nn=0;nn<(c)->md_len/4;nn++) \ - { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ + { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ break; \ } \ } while (0) diff --git a/src/lib/libssl/src/crypto/sha/sha512.c b/src/lib/libssl/src/crypto/sha/sha512.c index 50dd7dc744..50c229ddeb 100644 --- a/src/lib/libssl/src/crypto/sha/sha512.c +++ b/src/lib/libssl/src/crypto/sha/sha512.c @@ -232,7 +232,14 @@ int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) { return SHA512_Update (c,data,len); } void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) -{ sha512_block_data_order (c,data,1); } + { +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data%sizeof(c->u.d[0]) != 0) + memcpy(c->u.p,data,sizeof(c->u.p)), + data = c->u.p; +#endif + sha512_block_data_order (c,data,1); + } unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) { diff --git a/src/lib/libssl/src/crypto/sparccpuid.S b/src/lib/libssl/src/crypto/sparccpuid.S index ae61f7f5ce..0cc247e489 100644 --- a/src/lib/libssl/src/crypto/sparccpuid.S +++ b/src/lib/libssl/src/crypto/sparccpuid.S @@ -235,10 +235,10 @@ _sparcv9_rdtick: .global _sparcv9_vis1_probe .align 8 _sparcv9_vis1_probe: - .word 0x81b00d80 !fxor %f0,%f0,%f0 add %sp,BIAS+2,%o1 - retl .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0 + retl + .word 0x81b00d80 !fxor %f0,%f0,%f0 .type _sparcv9_vis1_probe,#function .size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe diff --git a/src/lib/libssl/src/crypto/srp/srp_grps.h b/src/lib/libssl/src/crypto/srp/srp_grps.h index d77c9fff4b..8e3c35e3f5 100644 --- a/src/lib/libssl/src/crypto/srp/srp_grps.h +++ b/src/lib/libssl/src/crypto/srp/srp_grps.h @@ -1,22 +1,22 @@ /* start of generated data */ static BN_ULONG bn_group_1024_value[] = { - bn_pack4(9FC6,1D2F,C0EB,06E3), - bn_pack4(FD51,38FE,8376,435B), - bn_pack4(2FD4,CBF4,976E,AA9A), - bn_pack4(68ED,BC3C,0572,6CC0), - bn_pack4(C529,F566,660E,57EC), - bn_pack4(8255,9B29,7BCF,1885), - bn_pack4(CE8E,F4AD,69B1,5D49), - bn_pack4(5DC7,D7B4,6154,D6B6), - bn_pack4(8E49,5C1D,6089,DAD1), - bn_pack4(E0D5,D8E2,50B9,8BE4), - bn_pack4(383B,4813,D692,C6E0), - bn_pack4(D674,DF74,96EA,81D3), - bn_pack4(9EA2,314C,9C25,6576), - bn_pack4(6072,6187,75FF,3C0B), - bn_pack4(9C33,F80A,FA8F,C5E8), - bn_pack4(EEAF,0AB9,ADB3,8DD6) + bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3), + bn_pack4(0xFD51,0x38FE,0x8376,0x435B), + bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A), + bn_pack4(0x68ED,0xBC3C,0x0572,0x6CC0), + bn_pack4(0xC529,0xF566,0x660E,0x57EC), + bn_pack4(0x8255,0x9B29,0x7BCF,0x1885), + bn_pack4(0xCE8E,0xF4AD,0x69B1,0x5D49), + bn_pack4(0x5DC7,0xD7B4,0x6154,0xD6B6), + bn_pack4(0x8E49,0x5C1D,0x6089,0xDAD1), + bn_pack4(0xE0D5,0xD8E2,0x50B9,0x8BE4), + bn_pack4(0x383B,0x4813,0xD692,0xC6E0), + bn_pack4(0xD674,0xDF74,0x96EA,0x81D3), + bn_pack4(0x9EA2,0x314C,0x9C25,0x6576), + bn_pack4(0x6072,0x6187,0x75FF,0x3C0B), + bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8), + bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6) }; static BIGNUM bn_group_1024 = { bn_group_1024_value, @@ -27,30 +27,30 @@ static BIGNUM bn_group_1024 = { }; static BN_ULONG bn_group_1536_value[] = { - bn_pack4(CF76,E3FE,D135,F9BB), - bn_pack4(1518,0F93,499A,234D), - bn_pack4(8CE7,A28C,2442,C6F3), - bn_pack4(5A02,1FFF,5E91,479E), - bn_pack4(7F8A,2FE9,B8B5,292E), - bn_pack4(837C,264A,E3A9,BEB8), - bn_pack4(E442,734A,F7CC,B7AE), - bn_pack4(6577,2E43,7D6C,7F8C), - bn_pack4(DB2F,D53D,24B7,C486), - bn_pack4(6EDF,0195,3934,9627), - bn_pack4(158B,FD3E,2B9C,8CF5), - bn_pack4(764E,3F4B,53DD,9DA1), - bn_pack4(4754,8381,DBC5,B1FC), - bn_pack4(9B60,9E0B,E3BA,B63D), - bn_pack4(8134,B1C8,B979,8914), - bn_pack4(DF02,8A7C,EC67,F0D0), - bn_pack4(80B6,55BB,9A22,E8DC), - bn_pack4(1558,903B,A0D0,F843), - bn_pack4(51C6,A94B,E460,7A29), - bn_pack4(5F4F,5F55,6E27,CBDE), - bn_pack4(BEEE,A961,4B19,CC4D), - bn_pack4(DBA5,1DF4,99AC,4C80), - bn_pack4(B1F1,2A86,17A4,7BBB), - bn_pack4(9DEF,3CAF,B939,277A) + bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB), + bn_pack4(0x1518,0x0F93,0x499A,0x234D), + bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3), + bn_pack4(0x5A02,0x1FFF,0x5E91,0x479E), + bn_pack4(0x7F8A,0x2FE9,0xB8B5,0x292E), + bn_pack4(0x837C,0x264A,0xE3A9,0xBEB8), + bn_pack4(0xE442,0x734A,0xF7CC,0xB7AE), + bn_pack4(0x6577,0x2E43,0x7D6C,0x7F8C), + bn_pack4(0xDB2F,0xD53D,0x24B7,0xC486), + bn_pack4(0x6EDF,0x0195,0x3934,0x9627), + bn_pack4(0x158B,0xFD3E,0x2B9C,0x8CF5), + bn_pack4(0x764E,0x3F4B,0x53DD,0x9DA1), + bn_pack4(0x4754,0x8381,0xDBC5,0xB1FC), + bn_pack4(0x9B60,0x9E0B,0xE3BA,0xB63D), + bn_pack4(0x8134,0xB1C8,0xB979,0x8914), + bn_pack4(0xDF02,0x8A7C,0xEC67,0xF0D0), + bn_pack4(0x80B6,0x55BB,0x9A22,0xE8DC), + bn_pack4(0x1558,0x903B,0xA0D0,0xF843), + bn_pack4(0x51C6,0xA94B,0xE460,0x7A29), + bn_pack4(0x5F4F,0x5F55,0x6E27,0xCBDE), + bn_pack4(0xBEEE,0xA961,0x4B19,0xCC4D), + bn_pack4(0xDBA5,0x1DF4,0x99AC,0x4C80), + bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB), + bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A) }; static BIGNUM bn_group_1536 = { bn_group_1536_value, @@ -61,38 +61,38 @@ static BIGNUM bn_group_1536 = { }; static BN_ULONG bn_group_2048_value[] = { - bn_pack4(0FA7,111F,9E4A,FF73), - bn_pack4(9B65,E372,FCD6,8EF2), - bn_pack4(35DE,236D,525F,5475), - bn_pack4(94B5,C803,D89F,7AE4), - bn_pack4(71AE,35F8,E9DB,FBB6), - bn_pack4(2A56,98F3,A8D0,C382), - bn_pack4(9CCC,041C,7BC3,08D8), - bn_pack4(AF87,4E73,03CE,5329), - bn_pack4(6160,2790,04E5,7AE6), - bn_pack4(032C,FBDB,F52F,B378), - bn_pack4(5EA7,7A27,75D2,ECFA), - bn_pack4(5445,23B5,24B0,D57D), - bn_pack4(5B9D,32E6,88F8,7748), - bn_pack4(F1D2,B907,8717,461A), - bn_pack4(76BD,207A,436C,6481), - bn_pack4(CA97,B43A,23FB,8016), - bn_pack4(1D28,1E44,6B14,773B), - bn_pack4(7359,D041,D5C3,3EA7), - bn_pack4(A80D,740A,DBF4,FF74), - bn_pack4(55F9,7993,EC97,5EEA), - bn_pack4(2918,A996,2F0B,93B8), - bn_pack4(661A,05FB,D5FA,AAE8), - bn_pack4(CF60,9517,9A16,3AB3), - bn_pack4(E808,3969,EDB7,67B0), - bn_pack4(CD7F,48A9,DA04,FD50), - bn_pack4(D523,12AB,4B03,310D), - bn_pack4(8193,E075,7767,A13D), - bn_pack4(A373,29CB,B4A0,99ED), - bn_pack4(FC31,9294,3DB5,6050), - bn_pack4(AF72,B665,1987,EE07), - bn_pack4(F166,DE5E,1389,582F), - bn_pack4(AC6B,DB41,324A,9A9B) + bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73), + bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2), + bn_pack4(0x35DE,0x236D,0x525F,0x5475), + bn_pack4(0x94B5,0xC803,0xD89F,0x7AE4), + bn_pack4(0x71AE,0x35F8,0xE9DB,0xFBB6), + bn_pack4(0x2A56,0x98F3,0xA8D0,0xC382), + bn_pack4(0x9CCC,0x041C,0x7BC3,0x08D8), + bn_pack4(0xAF87,0x4E73,0x03CE,0x5329), + bn_pack4(0x6160,0x2790,0x04E5,0x7AE6), + bn_pack4(0x032C,0xFBDB,0xF52F,0xB378), + bn_pack4(0x5EA7,0x7A27,0x75D2,0xECFA), + bn_pack4(0x5445,0x23B5,0x24B0,0xD57D), + bn_pack4(0x5B9D,0x32E6,0x88F8,0x7748), + bn_pack4(0xF1D2,0xB907,0x8717,0x461A), + bn_pack4(0x76BD,0x207A,0x436C,0x6481), + bn_pack4(0xCA97,0xB43A,0x23FB,0x8016), + bn_pack4(0x1D28,0x1E44,0x6B14,0x773B), + bn_pack4(0x7359,0xD041,0xD5C3,0x3EA7), + bn_pack4(0xA80D,0x740A,0xDBF4,0xFF74), + bn_pack4(0x55F9,0x7993,0xEC97,0x5EEA), + bn_pack4(0x2918,0xA996,0x2F0B,0x93B8), + bn_pack4(0x661A,0x05FB,0xD5FA,0xAAE8), + bn_pack4(0xCF60,0x9517,0x9A16,0x3AB3), + bn_pack4(0xE808,0x3969,0xEDB7,0x67B0), + bn_pack4(0xCD7F,0x48A9,0xDA04,0xFD50), + bn_pack4(0xD523,0x12AB,0x4B03,0x310D), + bn_pack4(0x8193,0xE075,0x7767,0xA13D), + bn_pack4(0xA373,0x29CB,0xB4A0,0x99ED), + bn_pack4(0xFC31,0x9294,0x3DB5,0x6050), + bn_pack4(0xAF72,0xB665,0x1987,0xEE07), + bn_pack4(0xF166,0xDE5E,0x1389,0x582F), + bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B) }; static BIGNUM bn_group_2048 = { bn_group_2048_value, @@ -103,54 +103,54 @@ static BIGNUM bn_group_2048 = { }; static BN_ULONG bn_group_3072_value[] = { - bn_pack4(FFFF,FFFF,FFFF,FFFF), - bn_pack4(4B82,D120,A93A,D2CA), - bn_pack4(43DB,5BFC,E0FD,108E), - bn_pack4(08E2,4FA0,74E5,AB31), - bn_pack4(7709,88C0,BAD9,46E2), - bn_pack4(BBE1,1757,7A61,5D6C), - bn_pack4(521F,2B18,177B,200C), - bn_pack4(D876,0273,3EC8,6A64), - bn_pack4(F12F,FA06,D98A,0864), - bn_pack4(CEE3,D226,1AD2,EE6B), - bn_pack4(1E8C,94E0,4A25,619D), - bn_pack4(ABF5,AE8C,DB09,33D7), - bn_pack4(B397,0F85,A6E1,E4C7), - bn_pack4(8AEA,7157,5D06,0C7D), - bn_pack4(ECFB,8504,58DB,EF0A), - bn_pack4(A855,21AB,DF1C,BA64), - bn_pack4(AD33,170D,0450,7A33), - bn_pack4(1572,8E5A,8AAA,C42D), - bn_pack4(15D2,2618,98FA,0510), - bn_pack4(3995,497C,EA95,6AE5), - bn_pack4(DE2B,CBF6,9558,1718), - bn_pack4(B5C5,5DF0,6F4C,52C9), - bn_pack4(9B27,83A2,EC07,A28F), - bn_pack4(E39E,772C,180E,8603), - bn_pack4(3290,5E46,2E36,CE3B), - bn_pack4(F174,6C08,CA18,217C), - bn_pack4(670C,354E,4ABC,9804), - bn_pack4(9ED5,2907,7096,966D), - bn_pack4(1C62,F356,2085,52BB), - bn_pack4(8365,5D23,DCA3,AD96), - bn_pack4(6916,3FA8,FD24,CF5F), - bn_pack4(98DA,4836,1C55,D39A), - bn_pack4(C200,7CB8,A163,BF05), - bn_pack4(4928,6651,ECE4,5B3D), - bn_pack4(AE9F,2411,7C4B,1FE6), - bn_pack4(EE38,6BFB,5A89,9FA5), - bn_pack4(0BFF,5CB6,F406,B7ED), - bn_pack4(F44C,42E9,A637,ED6B), - bn_pack4(E485,B576,625E,7EC6), - bn_pack4(4FE1,356D,6D51,C245), - bn_pack4(302B,0A6D,F25F,1437), - bn_pack4(EF95,19B3,CD3A,431B), - bn_pack4(514A,0879,8E34,04DD), - bn_pack4(020B,BEA6,3B13,9B22), - bn_pack4(2902,4E08,8A67,CC74), - bn_pack4(C4C6,628B,80DC,1CD1), - bn_pack4(C90F,DAA2,2168,C234), - bn_pack4(FFFF,FFFF,FFFF,FFFF) + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF), + bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA), + bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E), + bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31), + bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2), + bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C), + bn_pack4(0x521F,0x2B18,0x177B,0x200C), + bn_pack4(0xD876,0x0273,0x3EC8,0x6A64), + bn_pack4(0xF12F,0xFA06,0xD98A,0x0864), + bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B), + bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D), + bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7), + bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7), + bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D), + bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A), + bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64), + bn_pack4(0xAD33,0x170D,0x0450,0x7A33), + bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D), + bn_pack4(0x15D2,0x2618,0x98FA,0x0510), + bn_pack4(0x3995,0x497C,0xEA95,0x6AE5), + bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718), + bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9), + bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F), + bn_pack4(0xE39E,0x772C,0x180E,0x8603), + bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B), + bn_pack4(0xF174,0x6C08,0xCA18,0x217C), + bn_pack4(0x670C,0x354E,0x4ABC,0x9804), + bn_pack4(0x9ED5,0x2907,0x7096,0x966D), + bn_pack4(0x1C62,0xF356,0x2085,0x52BB), + bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96), + bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F), + bn_pack4(0x98DA,0x4836,0x1C55,0xD39A), + bn_pack4(0xC200,0x7CB8,0xA163,0xBF05), + bn_pack4(0x4928,0x6651,0xECE4,0x5B3D), + bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6), + bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5), + bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED), + bn_pack4(0xF44C,0x42E9,0xA637,0xED6B), + bn_pack4(0xE485,0xB576,0x625E,0x7EC6), + bn_pack4(0x4FE1,0x356D,0x6D51,0xC245), + bn_pack4(0x302B,0x0A6D,0xF25F,0x1437), + bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B), + bn_pack4(0x514A,0x0879,0x8E34,0x04DD), + bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22), + bn_pack4(0x2902,0x4E08,0x8A67,0xCC74), + bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1), + bn_pack4(0xC90F,0xDAA2,0x2168,0xC234), + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF) }; static BIGNUM bn_group_3072 = { bn_group_3072_value, @@ -161,70 +161,70 @@ static BIGNUM bn_group_3072 = { }; static BN_ULONG bn_group_4096_value[] = { - bn_pack4(FFFF,FFFF,FFFF,FFFF), - bn_pack4(4DF4,35C9,3406,3199), - bn_pack4(86FF,B7DC,90A6,C08F), - bn_pack4(93B4,EA98,8D8F,DDC1), - bn_pack4(D006,9127,D5B0,5AA9), - bn_pack4(B81B,DD76,2170,481C), - bn_pack4(1F61,2970,CEE2,D7AF), - bn_pack4(233B,A186,515B,E7ED), - bn_pack4(99B2,964F,A090,C3A2), - bn_pack4(287C,5947,4E6B,C05D), - bn_pack4(2E8E,FC14,1FBE,CAA6), - bn_pack4(DBBB,C2DB,04DE,8EF9), - bn_pack4(2583,E9CA,2AD4,4CE8), - bn_pack4(1A94,6834,B615,0BDA), - bn_pack4(99C3,2718,6AF4,E23C), - bn_pack4(8871,9A10,BDBA,5B26), - bn_pack4(1A72,3C12,A787,E6D7), - bn_pack4(4B82,D120,A921,0801), - bn_pack4(43DB,5BFC,E0FD,108E), - bn_pack4(08E2,4FA0,74E5,AB31), - bn_pack4(7709,88C0,BAD9,46E2), - bn_pack4(BBE1,1757,7A61,5D6C), - bn_pack4(521F,2B18,177B,200C), - bn_pack4(D876,0273,3EC8,6A64), - bn_pack4(F12F,FA06,D98A,0864), - bn_pack4(CEE3,D226,1AD2,EE6B), - bn_pack4(1E8C,94E0,4A25,619D), - bn_pack4(ABF5,AE8C,DB09,33D7), - bn_pack4(B397,0F85,A6E1,E4C7), - bn_pack4(8AEA,7157,5D06,0C7D), - bn_pack4(ECFB,8504,58DB,EF0A), - bn_pack4(A855,21AB,DF1C,BA64), - bn_pack4(AD33,170D,0450,7A33), - bn_pack4(1572,8E5A,8AAA,C42D), - bn_pack4(15D2,2618,98FA,0510), - bn_pack4(3995,497C,EA95,6AE5), - bn_pack4(DE2B,CBF6,9558,1718), - bn_pack4(B5C5,5DF0,6F4C,52C9), - bn_pack4(9B27,83A2,EC07,A28F), - bn_pack4(E39E,772C,180E,8603), - bn_pack4(3290,5E46,2E36,CE3B), - bn_pack4(F174,6C08,CA18,217C), - bn_pack4(670C,354E,4ABC,9804), - bn_pack4(9ED5,2907,7096,966D), - bn_pack4(1C62,F356,2085,52BB), - bn_pack4(8365,5D23,DCA3,AD96), - bn_pack4(6916,3FA8,FD24,CF5F), - bn_pack4(98DA,4836,1C55,D39A), - bn_pack4(C200,7CB8,A163,BF05), - bn_pack4(4928,6651,ECE4,5B3D), - bn_pack4(AE9F,2411,7C4B,1FE6), - bn_pack4(EE38,6BFB,5A89,9FA5), - bn_pack4(0BFF,5CB6,F406,B7ED), - bn_pack4(F44C,42E9,A637,ED6B), - bn_pack4(E485,B576,625E,7EC6), - bn_pack4(4FE1,356D,6D51,C245), - bn_pack4(302B,0A6D,F25F,1437), - bn_pack4(EF95,19B3,CD3A,431B), - bn_pack4(514A,0879,8E34,04DD), - bn_pack4(020B,BEA6,3B13,9B22), - bn_pack4(2902,4E08,8A67,CC74), - bn_pack4(C4C6,628B,80DC,1CD1), - bn_pack4(C90F,DAA2,2168,C234), - bn_pack4(FFFF,FFFF,FFFF,FFFF) + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF), + bn_pack4(0x4DF4,0x35C9,0x3406,0x3199), + bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F), + bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1), + bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9), + bn_pack4(0xB81B,0xDD76,0x2170,0x481C), + bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF), + bn_pack4(0x233B,0xA186,0x515B,0xE7ED), + bn_pack4(0x99B2,0x964F,0xA090,0xC3A2), + bn_pack4(0x287C,0x5947,0x4E6B,0xC05D), + bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6), + bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9), + bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8), + bn_pack4(0x1A94,0x6834,0xB615,0x0BDA), + bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C), + bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26), + bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7), + bn_pack4(0x4B82,0xD120,0xA921,0x0801), + bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E), + bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31), + bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2), + bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C), + bn_pack4(0x521F,0x2B18,0x177B,0x200C), + bn_pack4(0xD876,0x0273,0x3EC8,0x6A64), + bn_pack4(0xF12F,0xFA06,0xD98A,0x0864), + bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B), + bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D), + bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7), + bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7), + bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D), + bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A), + bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64), + bn_pack4(0xAD33,0x170D,0x0450,0x7A33), + bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D), + bn_pack4(0x15D2,0x2618,0x98FA,0x0510), + bn_pack4(0x3995,0x497C,0xEA95,0x6AE5), + bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718), + bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9), + bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F), + bn_pack4(0xE39E,0x772C,0x180E,0x8603), + bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B), + bn_pack4(0xF174,0x6C08,0xCA18,0x217C), + bn_pack4(0x670C,0x354E,0x4ABC,0x9804), + bn_pack4(0x9ED5,0x2907,0x7096,0x966D), + bn_pack4(0x1C62,0xF356,0x2085,0x52BB), + bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96), + bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F), + bn_pack4(0x98DA,0x4836,0x1C55,0xD39A), + bn_pack4(0xC200,0x7CB8,0xA163,0xBF05), + bn_pack4(0x4928,0x6651,0xECE4,0x5B3D), + bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6), + bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5), + bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED), + bn_pack4(0xF44C,0x42E9,0xA637,0xED6B), + bn_pack4(0xE485,0xB576,0x625E,0x7EC6), + bn_pack4(0x4FE1,0x356D,0x6D51,0xC245), + bn_pack4(0x302B,0x0A6D,0xF25F,0x1437), + bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B), + bn_pack4(0x514A,0x0879,0x8E34,0x04DD), + bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22), + bn_pack4(0x2902,0x4E08,0x8A67,0xCC74), + bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1), + bn_pack4(0xC90F,0xDAA2,0x2168,0xC234), + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF) }; static BIGNUM bn_group_4096 = { bn_group_4096_value, @@ -235,102 +235,102 @@ static BIGNUM bn_group_4096 = { }; static BN_ULONG bn_group_6144_value[] = { - bn_pack4(FFFF,FFFF,FFFF,FFFF), - bn_pack4(E694,F91E,6DCC,4024), - bn_pack4(12BF,2D5B,0B74,74D6), - bn_pack4(043E,8F66,3F48,60EE), - bn_pack4(387F,E8D7,6E3C,0468), - bn_pack4(DA56,C9EC,2EF2,9632), - bn_pack4(EB19,CCB1,A313,D55C), - bn_pack4(F550,AA3D,8A1F,BFF0), - bn_pack4(06A1,D58B,B7C5,DA76), - bn_pack4(A797,15EE,F29B,E328), - bn_pack4(14CC,5ED2,0F80,37E0), - bn_pack4(CC8F,6D7E,BF48,E1D8), - bn_pack4(4BD4,07B2,2B41,54AA), - bn_pack4(0F1D,45B7,FF58,5AC5), - bn_pack4(23A9,7A7E,36CC,88BE), - bn_pack4(59E7,C97F,BEC7,E8F3), - bn_pack4(B5A8,4031,900B,1C9E), - bn_pack4(D55E,702F,4698,0C82), - bn_pack4(F482,D7CE,6E74,FEF6), - bn_pack4(F032,EA15,D172,1D03), - bn_pack4(5983,CA01,C64B,92EC), - bn_pack4(6FB8,F401,378C,D2BF), - bn_pack4(3320,5151,2BD7,AF42), - bn_pack4(DB7F,1447,E6CC,254B), - bn_pack4(44CE,6CBA,CED4,BB1B), - bn_pack4(DA3E,DBEB,CF9B,14ED), - bn_pack4(1797,27B0,865A,8918), - bn_pack4(B06A,53ED,9027,D831), - bn_pack4(E5DB,382F,4130,01AE), - bn_pack4(F8FF,9406,AD9E,530E), - bn_pack4(C975,1E76,3DBA,37BD), - bn_pack4(C1D4,DCB2,6026,46DE), - bn_pack4(36C3,FAB4,D27C,7026), - bn_pack4(4DF4,35C9,3402,8492), - bn_pack4(86FF,B7DC,90A6,C08F), - bn_pack4(93B4,EA98,8D8F,DDC1), - bn_pack4(D006,9127,D5B0,5AA9), - bn_pack4(B81B,DD76,2170,481C), - bn_pack4(1F61,2970,CEE2,D7AF), - bn_pack4(233B,A186,515B,E7ED), - bn_pack4(99B2,964F,A090,C3A2), - bn_pack4(287C,5947,4E6B,C05D), - bn_pack4(2E8E,FC14,1FBE,CAA6), - bn_pack4(DBBB,C2DB,04DE,8EF9), - bn_pack4(2583,E9CA,2AD4,4CE8), - bn_pack4(1A94,6834,B615,0BDA), - bn_pack4(99C3,2718,6AF4,E23C), - bn_pack4(8871,9A10,BDBA,5B26), - bn_pack4(1A72,3C12,A787,E6D7), - bn_pack4(4B82,D120,A921,0801), - bn_pack4(43DB,5BFC,E0FD,108E), - bn_pack4(08E2,4FA0,74E5,AB31), - bn_pack4(7709,88C0,BAD9,46E2), - bn_pack4(BBE1,1757,7A61,5D6C), - bn_pack4(521F,2B18,177B,200C), - bn_pack4(D876,0273,3EC8,6A64), - bn_pack4(F12F,FA06,D98A,0864), - bn_pack4(CEE3,D226,1AD2,EE6B), - bn_pack4(1E8C,94E0,4A25,619D), - bn_pack4(ABF5,AE8C,DB09,33D7), - bn_pack4(B397,0F85,A6E1,E4C7), - bn_pack4(8AEA,7157,5D06,0C7D), - bn_pack4(ECFB,8504,58DB,EF0A), - bn_pack4(A855,21AB,DF1C,BA64), - bn_pack4(AD33,170D,0450,7A33), - bn_pack4(1572,8E5A,8AAA,C42D), - bn_pack4(15D2,2618,98FA,0510), - bn_pack4(3995,497C,EA95,6AE5), - bn_pack4(DE2B,CBF6,9558,1718), - bn_pack4(B5C5,5DF0,6F4C,52C9), - bn_pack4(9B27,83A2,EC07,A28F), - bn_pack4(E39E,772C,180E,8603), - bn_pack4(3290,5E46,2E36,CE3B), - bn_pack4(F174,6C08,CA18,217C), - bn_pack4(670C,354E,4ABC,9804), - bn_pack4(9ED5,2907,7096,966D), - bn_pack4(1C62,F356,2085,52BB), - bn_pack4(8365,5D23,DCA3,AD96), - bn_pack4(6916,3FA8,FD24,CF5F), - bn_pack4(98DA,4836,1C55,D39A), - bn_pack4(C200,7CB8,A163,BF05), - bn_pack4(4928,6651,ECE4,5B3D), - bn_pack4(AE9F,2411,7C4B,1FE6), - bn_pack4(EE38,6BFB,5A89,9FA5), - bn_pack4(0BFF,5CB6,F406,B7ED), - bn_pack4(F44C,42E9,A637,ED6B), - bn_pack4(E485,B576,625E,7EC6), - bn_pack4(4FE1,356D,6D51,C245), - bn_pack4(302B,0A6D,F25F,1437), - bn_pack4(EF95,19B3,CD3A,431B), - bn_pack4(514A,0879,8E34,04DD), - bn_pack4(020B,BEA6,3B13,9B22), - bn_pack4(2902,4E08,8A67,CC74), - bn_pack4(C4C6,628B,80DC,1CD1), - bn_pack4(C90F,DAA2,2168,C234), - bn_pack4(FFFF,FFFF,FFFF,FFFF) + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF), + bn_pack4(0xE694,0xF91E,0x6DCC,0x4024), + bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6), + bn_pack4(0x043E,0x8F66,0x3F48,0x60EE), + bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468), + bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632), + bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C), + bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0), + bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76), + bn_pack4(0xA797,0x15EE,0xF29B,0xE328), + bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0), + bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8), + bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA), + bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5), + bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE), + bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3), + bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E), + bn_pack4(0xD55E,0x702F,0x4698,0x0C82), + bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6), + bn_pack4(0xF032,0xEA15,0xD172,0x1D03), + bn_pack4(0x5983,0xCA01,0xC64B,0x92EC), + bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF), + bn_pack4(0x3320,0x5151,0x2BD7,0xAF42), + bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B), + bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B), + bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED), + bn_pack4(0x1797,0x27B0,0x865A,0x8918), + bn_pack4(0xB06A,0x53ED,0x9027,0xD831), + bn_pack4(0xE5DB,0x382F,0x4130,0x01AE), + bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E), + bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD), + bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE), + bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026), + bn_pack4(0x4DF4,0x35C9,0x3402,0x8492), + bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F), + bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1), + bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9), + bn_pack4(0xB81B,0xDD76,0x2170,0x481C), + bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF), + bn_pack4(0x233B,0xA186,0x515B,0xE7ED), + bn_pack4(0x99B2,0x964F,0xA090,0xC3A2), + bn_pack4(0x287C,0x5947,0x4E6B,0xC05D), + bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6), + bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9), + bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8), + bn_pack4(0x1A94,0x6834,0xB615,0x0BDA), + bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C), + bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26), + bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7), + bn_pack4(0x4B82,0xD120,0xA921,0x0801), + bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E), + bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31), + bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2), + bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C), + bn_pack4(0x521F,0x2B18,0x177B,0x200C), + bn_pack4(0xD876,0x0273,0x3EC8,0x6A64), + bn_pack4(0xF12F,0xFA06,0xD98A,0x0864), + bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B), + bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D), + bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7), + bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7), + bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D), + bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A), + bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64), + bn_pack4(0xAD33,0x170D,0x0450,0x7A33), + bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D), + bn_pack4(0x15D2,0x2618,0x98FA,0x0510), + bn_pack4(0x3995,0x497C,0xEA95,0x6AE5), + bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718), + bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9), + bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F), + bn_pack4(0xE39E,0x772C,0x180E,0x8603), + bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B), + bn_pack4(0xF174,0x6C08,0xCA18,0x217C), + bn_pack4(0x670C,0x354E,0x4ABC,0x9804), + bn_pack4(0x9ED5,0x2907,0x7096,0x966D), + bn_pack4(0x1C62,0xF356,0x2085,0x52BB), + bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96), + bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F), + bn_pack4(0x98DA,0x4836,0x1C55,0xD39A), + bn_pack4(0xC200,0x7CB8,0xA163,0xBF05), + bn_pack4(0x4928,0x6651,0xECE4,0x5B3D), + bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6), + bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5), + bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED), + bn_pack4(0xF44C,0x42E9,0xA637,0xED6B), + bn_pack4(0xE485,0xB576,0x625E,0x7EC6), + bn_pack4(0x4FE1,0x356D,0x6D51,0xC245), + bn_pack4(0x302B,0x0A6D,0xF25F,0x1437), + bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B), + bn_pack4(0x514A,0x0879,0x8E34,0x04DD), + bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22), + bn_pack4(0x2902,0x4E08,0x8A67,0xCC74), + bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1), + bn_pack4(0xC90F,0xDAA2,0x2168,0xC234), + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF) }; static BIGNUM bn_group_6144 = { bn_group_6144_value, @@ -341,134 +341,134 @@ static BIGNUM bn_group_6144 = { }; static BN_ULONG bn_group_8192_value[] = { - bn_pack4(FFFF,FFFF,FFFF,FFFF), - bn_pack4(60C9,80DD,98ED,D3DF), - bn_pack4(C81F,56E8,80B9,6E71), - bn_pack4(9E30,50E2,7656,94DF), - bn_pack4(9558,E447,5677,E9AA), - bn_pack4(C919,0DA6,FC02,6E47), - bn_pack4(889A,002E,D5EE,382B), - bn_pack4(4009,438B,481C,6CD7), - bn_pack4(3590,46F4,EB87,9F92), - bn_pack4(FAF3,6BC3,1ECF,A268), - bn_pack4(B1D5,10BD,7EE7,4D73), - bn_pack4(F9AB,4819,5DED,7EA1), - bn_pack4(64F3,1CC5,0846,851D), - bn_pack4(4597,E899,A025,5DC1), - bn_pack4(DF31,0EE0,74AB,6A36), - bn_pack4(6D2A,13F8,3F44,F82D), - bn_pack4(062B,3CF5,B3A2,78A6), - bn_pack4(7968,3303,ED5B,DD3A), - bn_pack4(FA9D,4B7F,A2C0,87E8), - bn_pack4(4BCB,C886,2F83,85DD), - bn_pack4(3473,FC64,6CEA,306B), - bn_pack4(13EB,57A8,1A23,F0C7), - bn_pack4(2222,2E04,A403,7C07), - bn_pack4(E3FD,B8BE,FC84,8AD9), - bn_pack4(238F,16CB,E39D,652D), - bn_pack4(3423,B474,2BF1,C978), - bn_pack4(3AAB,639C,5AE4,F568), - bn_pack4(2576,F693,6BA4,2466), - bn_pack4(741F,A7BF,8AFC,47ED), - bn_pack4(3BC8,32B6,8D9D,D300), - bn_pack4(D8BE,C4D0,73B9,31BA), - bn_pack4(3877,7CB6,A932,DF8C), - bn_pack4(74A3,926F,12FE,E5E4), - bn_pack4(E694,F91E,6DBE,1159), - bn_pack4(12BF,2D5B,0B74,74D6), - bn_pack4(043E,8F66,3F48,60EE), - bn_pack4(387F,E8D7,6E3C,0468), - bn_pack4(DA56,C9EC,2EF2,9632), - bn_pack4(EB19,CCB1,A313,D55C), - bn_pack4(F550,AA3D,8A1F,BFF0), - bn_pack4(06A1,D58B,B7C5,DA76), - bn_pack4(A797,15EE,F29B,E328), - bn_pack4(14CC,5ED2,0F80,37E0), - bn_pack4(CC8F,6D7E,BF48,E1D8), - bn_pack4(4BD4,07B2,2B41,54AA), - bn_pack4(0F1D,45B7,FF58,5AC5), - bn_pack4(23A9,7A7E,36CC,88BE), - bn_pack4(59E7,C97F,BEC7,E8F3), - bn_pack4(B5A8,4031,900B,1C9E), - bn_pack4(D55E,702F,4698,0C82), - bn_pack4(F482,D7CE,6E74,FEF6), - bn_pack4(F032,EA15,D172,1D03), - bn_pack4(5983,CA01,C64B,92EC), - bn_pack4(6FB8,F401,378C,D2BF), - bn_pack4(3320,5151,2BD7,AF42), - bn_pack4(DB7F,1447,E6CC,254B), - bn_pack4(44CE,6CBA,CED4,BB1B), - bn_pack4(DA3E,DBEB,CF9B,14ED), - bn_pack4(1797,27B0,865A,8918), - bn_pack4(B06A,53ED,9027,D831), - bn_pack4(E5DB,382F,4130,01AE), - bn_pack4(F8FF,9406,AD9E,530E), - bn_pack4(C975,1E76,3DBA,37BD), - bn_pack4(C1D4,DCB2,6026,46DE), - bn_pack4(36C3,FAB4,D27C,7026), - bn_pack4(4DF4,35C9,3402,8492), - bn_pack4(86FF,B7DC,90A6,C08F), - bn_pack4(93B4,EA98,8D8F,DDC1), - bn_pack4(D006,9127,D5B0,5AA9), - bn_pack4(B81B,DD76,2170,481C), - bn_pack4(1F61,2970,CEE2,D7AF), - bn_pack4(233B,A186,515B,E7ED), - bn_pack4(99B2,964F,A090,C3A2), - bn_pack4(287C,5947,4E6B,C05D), - bn_pack4(2E8E,FC14,1FBE,CAA6), - bn_pack4(DBBB,C2DB,04DE,8EF9), - bn_pack4(2583,E9CA,2AD4,4CE8), - bn_pack4(1A94,6834,B615,0BDA), - bn_pack4(99C3,2718,6AF4,E23C), - bn_pack4(8871,9A10,BDBA,5B26), - bn_pack4(1A72,3C12,A787,E6D7), - bn_pack4(4B82,D120,A921,0801), - bn_pack4(43DB,5BFC,E0FD,108E), - bn_pack4(08E2,4FA0,74E5,AB31), - bn_pack4(7709,88C0,BAD9,46E2), - bn_pack4(BBE1,1757,7A61,5D6C), - bn_pack4(521F,2B18,177B,200C), - bn_pack4(D876,0273,3EC8,6A64), - bn_pack4(F12F,FA06,D98A,0864), - bn_pack4(CEE3,D226,1AD2,EE6B), - bn_pack4(1E8C,94E0,4A25,619D), - bn_pack4(ABF5,AE8C,DB09,33D7), - bn_pack4(B397,0F85,A6E1,E4C7), - bn_pack4(8AEA,7157,5D06,0C7D), - bn_pack4(ECFB,8504,58DB,EF0A), - bn_pack4(A855,21AB,DF1C,BA64), - bn_pack4(AD33,170D,0450,7A33), - bn_pack4(1572,8E5A,8AAA,C42D), - bn_pack4(15D2,2618,98FA,0510), - bn_pack4(3995,497C,EA95,6AE5), - bn_pack4(DE2B,CBF6,9558,1718), - bn_pack4(B5C5,5DF0,6F4C,52C9), - bn_pack4(9B27,83A2,EC07,A28F), - bn_pack4(E39E,772C,180E,8603), - bn_pack4(3290,5E46,2E36,CE3B), - bn_pack4(F174,6C08,CA18,217C), - bn_pack4(670C,354E,4ABC,9804), - bn_pack4(9ED5,2907,7096,966D), - bn_pack4(1C62,F356,2085,52BB), - bn_pack4(8365,5D23,DCA3,AD96), - bn_pack4(6916,3FA8,FD24,CF5F), - bn_pack4(98DA,4836,1C55,D39A), - bn_pack4(C200,7CB8,A163,BF05), - bn_pack4(4928,6651,ECE4,5B3D), - bn_pack4(AE9F,2411,7C4B,1FE6), - bn_pack4(EE38,6BFB,5A89,9FA5), - bn_pack4(0BFF,5CB6,F406,B7ED), - bn_pack4(F44C,42E9,A637,ED6B), - bn_pack4(E485,B576,625E,7EC6), - bn_pack4(4FE1,356D,6D51,C245), - bn_pack4(302B,0A6D,F25F,1437), - bn_pack4(EF95,19B3,CD3A,431B), - bn_pack4(514A,0879,8E34,04DD), - bn_pack4(020B,BEA6,3B13,9B22), - bn_pack4(2902,4E08,8A67,CC74), - bn_pack4(C4C6,628B,80DC,1CD1), - bn_pack4(C90F,DAA2,2168,C234), - bn_pack4(FFFF,FFFF,FFFF,FFFF) + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF), + bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF), + bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71), + bn_pack4(0x9E30,0x50E2,0x7656,0x94DF), + bn_pack4(0x9558,0xE447,0x5677,0xE9AA), + bn_pack4(0xC919,0x0DA6,0xFC02,0x6E47), + bn_pack4(0x889A,0x002E,0xD5EE,0x382B), + bn_pack4(0x4009,0x438B,0x481C,0x6CD7), + bn_pack4(0x3590,0x46F4,0xEB87,0x9F92), + bn_pack4(0xFAF3,0x6BC3,0x1ECF,0xA268), + bn_pack4(0xB1D5,0x10BD,0x7EE7,0x4D73), + bn_pack4(0xF9AB,0x4819,0x5DED,0x7EA1), + bn_pack4(0x64F3,0x1CC5,0x0846,0x851D), + bn_pack4(0x4597,0xE899,0xA025,0x5DC1), + bn_pack4(0xDF31,0x0EE0,0x74AB,0x6A36), + bn_pack4(0x6D2A,0x13F8,0x3F44,0xF82D), + bn_pack4(0x062B,0x3CF5,0xB3A2,0x78A6), + bn_pack4(0x7968,0x3303,0xED5B,0xDD3A), + bn_pack4(0xFA9D,0x4B7F,0xA2C0,0x87E8), + bn_pack4(0x4BCB,0xC886,0x2F83,0x85DD), + bn_pack4(0x3473,0xFC64,0x6CEA,0x306B), + bn_pack4(0x13EB,0x57A8,0x1A23,0xF0C7), + bn_pack4(0x2222,0x2E04,0xA403,0x7C07), + bn_pack4(0xE3FD,0xB8BE,0xFC84,0x8AD9), + bn_pack4(0x238F,0x16CB,0xE39D,0x652D), + bn_pack4(0x3423,0xB474,0x2BF1,0xC978), + bn_pack4(0x3AAB,0x639C,0x5AE4,0xF568), + bn_pack4(0x2576,0xF693,0x6BA4,0x2466), + bn_pack4(0x741F,0xA7BF,0x8AFC,0x47ED), + bn_pack4(0x3BC8,0x32B6,0x8D9D,0xD300), + bn_pack4(0xD8BE,0xC4D0,0x73B9,0x31BA), + bn_pack4(0x3877,0x7CB6,0xA932,0xDF8C), + bn_pack4(0x74A3,0x926F,0x12FE,0xE5E4), + bn_pack4(0xE694,0xF91E,0x6DBE,0x1159), + bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6), + bn_pack4(0x043E,0x8F66,0x3F48,0x60EE), + bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468), + bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632), + bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C), + bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0), + bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76), + bn_pack4(0xA797,0x15EE,0xF29B,0xE328), + bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0), + bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8), + bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA), + bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5), + bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE), + bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3), + bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E), + bn_pack4(0xD55E,0x702F,0x4698,0x0C82), + bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6), + bn_pack4(0xF032,0xEA15,0xD172,0x1D03), + bn_pack4(0x5983,0xCA01,0xC64B,0x92EC), + bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF), + bn_pack4(0x3320,0x5151,0x2BD7,0xAF42), + bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B), + bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B), + bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED), + bn_pack4(0x1797,0x27B0,0x865A,0x8918), + bn_pack4(0xB06A,0x53ED,0x9027,0xD831), + bn_pack4(0xE5DB,0x382F,0x4130,0x01AE), + bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E), + bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD), + bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE), + bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026), + bn_pack4(0x4DF4,0x35C9,0x3402,0x8492), + bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F), + bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1), + bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9), + bn_pack4(0xB81B,0xDD76,0x2170,0x481C), + bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF), + bn_pack4(0x233B,0xA186,0x515B,0xE7ED), + bn_pack4(0x99B2,0x964F,0xA090,0xC3A2), + bn_pack4(0x287C,0x5947,0x4E6B,0xC05D), + bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6), + bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9), + bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8), + bn_pack4(0x1A94,0x6834,0xB615,0x0BDA), + bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C), + bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26), + bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7), + bn_pack4(0x4B82,0xD120,0xA921,0x0801), + bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E), + bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31), + bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2), + bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C), + bn_pack4(0x521F,0x2B18,0x177B,0x200C), + bn_pack4(0xD876,0x0273,0x3EC8,0x6A64), + bn_pack4(0xF12F,0xFA06,0xD98A,0x0864), + bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B), + bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D), + bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7), + bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7), + bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D), + bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A), + bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64), + bn_pack4(0xAD33,0x170D,0x0450,0x7A33), + bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D), + bn_pack4(0x15D2,0x2618,0x98FA,0x0510), + bn_pack4(0x3995,0x497C,0xEA95,0x6AE5), + bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718), + bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9), + bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F), + bn_pack4(0xE39E,0x772C,0x180E,0x8603), + bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B), + bn_pack4(0xF174,0x6C08,0xCA18,0x217C), + bn_pack4(0x670C,0x354E,0x4ABC,0x9804), + bn_pack4(0x9ED5,0x2907,0x7096,0x966D), + bn_pack4(0x1C62,0xF356,0x2085,0x52BB), + bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96), + bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F), + bn_pack4(0x98DA,0x4836,0x1C55,0xD39A), + bn_pack4(0xC200,0x7CB8,0xA163,0xBF05), + bn_pack4(0x4928,0x6651,0xECE4,0x5B3D), + bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6), + bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5), + bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED), + bn_pack4(0xF44C,0x42E9,0xA637,0xED6B), + bn_pack4(0xE485,0xB576,0x625E,0x7EC6), + bn_pack4(0x4FE1,0x356D,0x6D51,0xC245), + bn_pack4(0x302B,0x0A6D,0xF25F,0x1437), + bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B), + bn_pack4(0x514A,0x0879,0x8E34,0x04DD), + bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22), + bn_pack4(0x2902,0x4E08,0x8A67,0xCC74), + bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1), + bn_pack4(0xC90F,0xDAA2,0x2168,0xC234), + bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF) }; static BIGNUM bn_group_8192 = { bn_group_8192_value, diff --git a/src/lib/libssl/src/crypto/srp/srp_lib.c b/src/lib/libssl/src/crypto/srp/srp_lib.c index 92cea98dcd..7c1dcc5111 100644 --- a/src/lib/libssl/src/crypto/srp/srp_lib.c +++ b/src/lib/libssl/src/crypto/srp/srp_lib.c @@ -63,13 +63,17 @@ #include #if (BN_BYTES == 8) -#define bn_pack4(a1,a2,a3,a4) 0x##a1##a2##a3##a4##ul -#endif -#if (BN_BYTES == 4) -#define bn_pack4(a1,a2,a3,a4) 0x##a3##a4##ul, 0x##a1##a2##ul -#endif -#if (BN_BYTES == 2) -#define bn_pack4(a1,a2,a3,a4) 0x##a4##u,0x##a3##u,0x##a2##u,0x##a1##u +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) +# elif defined(__arch64__) +# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) +# else +# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) +# endif +#elif (BN_BYTES == 4) +# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) +#else +# error "unsupported BN_BYTES" #endif diff --git a/src/lib/libssl/src/crypto/srp/srp_vfy.c b/src/lib/libssl/src/crypto/srp/srp_vfy.c index c8be907d7f..4a3d13edf6 100644 --- a/src/lib/libssl/src/crypto/srp/srp_vfy.c +++ b/src/lib/libssl/src/crypto/srp/srp_vfy.c @@ -390,7 +390,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) } for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(tmpdb->data,i); + pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i); if (pp[DB_srptype][0] == DB_SRP_INDEX) { /*we add this couple in the internal Stack */ @@ -581,7 +581,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, if (*salt == NULL) { char *tmp_salt; - if ((tmp_salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) + + if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) { OPENSSL_free(vf); goto err; diff --git a/src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl b/src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl index 32cf16380b..cb2381c22b 100644 --- a/src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl +++ b/src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl @@ -119,7 +119,7 @@ $tbl="ebp"; &mov ("eax",&DWP(0,"esp")); &mov ("ebx",&DWP(4,"esp")); for($i=0;$i<8;$i++) { - my $func = ($i==0)? movq : pxor; + my $func = ($i==0)? \&movq : \&pxor; &movb (&LB("ecx"),&LB("eax")); &movb (&LB("edx"),&HB("eax")); &scale ("esi","ecx"); diff --git a/src/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl b/src/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl index 87c0843dc1..24b2ff60c3 100644 --- a/src/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl +++ b/src/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl @@ -41,7 +41,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; sub L() { $code.=".byte ".join(',',@_)."\n"; } sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; } diff --git a/src/lib/libssl/src/crypto/x86_64cpuid.pl b/src/lib/libssl/src/crypto/x86_64cpuid.pl index 7b7b93b223..6ebfd017ea 100644 --- a/src/lib/libssl/src/crypto/x86_64cpuid.pl +++ b/src/lib/libssl/src/crypto/x86_64cpuid.pl @@ -11,7 +11,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $flavour $output"; +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order ("%rdi","%rsi","%rdx","%rcx"); # Unix order diff --git a/src/lib/libssl/src/crypto/x86cpuid.pl b/src/lib/libssl/src/crypto/x86cpuid.pl index 39fd8f2293..b270b44337 100644 --- a/src/lib/libssl/src/crypto/x86cpuid.pl +++ b/src/lib/libssl/src/crypto/x86cpuid.pl @@ -67,6 +67,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &inc ("esi"); # number of cores &mov ("eax",1); + &xor ("ecx","ecx"); &cpuid (); &bt ("edx",28); &jnc (&label("generic")); @@ -91,6 +92,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &set_label("nocacheinfo"); &mov ("eax",1); + &xor ("ecx","ecx"); &cpuid (); &and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0 &cmp ("ebp",0); @@ -165,7 +167,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &jnz (&label("nohalt")); # not enough privileges &pushf (); - &pop ("eax") + &pop ("eax"); &bt ("eax",9); &jnc (&label("nohalt")); # interrupts are disabled @@ -280,7 +282,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } # arguments is 1 or 2! &function_begin_B("OPENSSL_indirect_call"); { - my $i,$max=7; # $max has to be chosen as 4*n-1 + my ($max,$i)=(7,); # $max has to be chosen as 4*n-1 # in order to preserve eventual # stack alignment &push ("ebp"); diff --git a/src/lib/libssl/src/demos/cms/cms_comp.c b/src/lib/libssl/src/demos/cms/cms_comp.c index b7943e813b..01bf092546 100644 --- a/src/lib/libssl/src/demos/cms/cms_comp.c +++ b/src/lib/libssl/src/demos/cms/cms_comp.c @@ -10,7 +10,7 @@ int main(int argc, char **argv) int ret = 1; /* - * On OpenSSL 0.9.9 only: + * On OpenSSL 1.0.0+ only: * for streaming set CMS_STREAM */ int flags = CMS_STREAM; diff --git a/src/lib/libssl/src/demos/cms/cms_dec.c b/src/lib/libssl/src/demos/cms/cms_dec.c index 7ddf653269..9fee0a3ebf 100644 --- a/src/lib/libssl/src/demos/cms/cms_dec.c +++ b/src/lib/libssl/src/demos/cms/cms_dec.c @@ -47,7 +47,7 @@ int main(int argc, char **argv) goto err; /* Decrypt S/MIME message */ - if (!CMS_decrypt(cms, rkey, rcert, out, NULL, 0)) + if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0)) goto err; ret = 0; diff --git a/src/lib/libssl/src/demos/cms/cms_sign.c b/src/lib/libssl/src/demos/cms/cms_sign.c index 42f762034b..6823c34a0e 100644 --- a/src/lib/libssl/src/demos/cms/cms_sign.c +++ b/src/lib/libssl/src/demos/cms/cms_sign.c @@ -12,7 +12,7 @@ int main(int argc, char **argv) int ret = 1; /* For simple S/MIME signing use CMS_DETACHED. - * On OpenSSL 0.9.9 only: + * On OpenSSL 1.0.0 only: * for streaming detached set CMS_DETACHED|CMS_STREAM * for streaming non-detached set CMS_STREAM */ diff --git a/src/lib/libssl/src/doc/apps/ec.pod b/src/lib/libssl/src/doc/apps/ec.pod index ba6dc4689b..5c7b45d4e7 100644 --- a/src/lib/libssl/src/doc/apps/ec.pod +++ b/src/lib/libssl/src/doc/apps/ec.pod @@ -41,7 +41,7 @@ PKCS#8 private key format use the B command. This specifies the input format. The B option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it -uses the SubjectPublicKeyInfo structur as specified in RFC 3280. +uses the SubjectPublicKeyInfo structure as specified in RFC 3280. The B form is the default format: it consists of the B format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. diff --git a/src/lib/libssl/src/doc/apps/ts.pod b/src/lib/libssl/src/doc/apps/ts.pod index 7fb6caa96e..d6aa47d314 100644 --- a/src/lib/libssl/src/doc/apps/ts.pod +++ b/src/lib/libssl/src/doc/apps/ts.pod @@ -352,7 +352,7 @@ switch always overrides the settings in the config file. This is the main section and it specifies the name of another section that contains all the options for the B<-reply> command. This default -section can be overriden with the B<-section> command line switch. (Optional) +section can be overridden with the B<-section> command line switch. (Optional) =item B @@ -453,7 +453,7 @@ included. Default is no. (Optional) =head1 ENVIRONMENT VARIABLES B contains the path of the configuration file and can be -overriden by the B<-config> command line option. +overridden by the B<-config> command line option. =head1 EXAMPLES diff --git a/src/lib/libssl/src/doc/apps/tsget.pod b/src/lib/libssl/src/doc/apps/tsget.pod index b05957beea..56db985c4b 100644 --- a/src/lib/libssl/src/doc/apps/tsget.pod +++ b/src/lib/libssl/src/doc/apps/tsget.pod @@ -124,7 +124,7 @@ The name of an EGD socket to get random data from. (Optional) =item [request]... List of files containing B DER-encoded time stamp requests. If no -requests are specifed only one request will be sent to the server and it will be +requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional) =back diff --git a/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod b/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod index 5f51fdb470..da06e44461 100644 --- a/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod +++ b/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod @@ -48,7 +48,7 @@ necessary parameters are set, by re-creating the blinding parameters. BN_BLINDING_convert_ex() multiplies B with the blinding factor B. If B is not NULL a copy the inverse blinding factor B will be -returned in B (this is useful if a B object is shared amoung +returned in B (this is useful if a B object is shared among several threads). BN_BLINDING_invert_ex() multiplies B with the inverse blinding factor B. If B is not NULL it will be used as the inverse blinding. diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod index f2f455990f..13b91f1e6e 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -117,7 +117,7 @@ L, L, L, L, -L, +L, L L diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod index 42b2a8c44e..847983237b 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod @@ -83,7 +83,7 @@ L, L, L, L, -L, +L, L =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod index d9d6d76c72..27464be571 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod @@ -84,7 +84,7 @@ L, L, L, L, -L, +L, =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod index 91c9c5d0a5..e495a81242 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod @@ -83,7 +83,7 @@ L, L, L, L, -L, +L, L =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod index 1a9c7954c5..8ff597d44a 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod @@ -32,7 +32,7 @@ public key algorithm. L, L, L, -L, +L, =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod index 37c6fe9503..fd431ace6d 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod @@ -151,7 +151,7 @@ L, L, L, L, -L, +L, L =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod index 2fb52c3486..a044f2c131 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod @@ -86,7 +86,7 @@ L, L, L, L, -L, +L, L =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod index f93e5fc6c3..90612ba2f0 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod @@ -81,7 +81,7 @@ L, L, L, L, -L, +L, L =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod new file mode 100644 index 0000000000..23a28a9c43 --- /dev/null +++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod @@ -0,0 +1,103 @@ +=pod + +=head1 NAME + +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + +=head1 DESCRIPTION + +The EVP_PKEY_verify_recover_init() function initializes a public key algorithm +context using key B for a verify recover operation. + +The EVP_PKEY_verify_recover() function recovers signed data +using B. The signature is specified using the B and +B parameters. If B is B then the maximum size of the output +buffer is written to the B parameter. If B is not B then +before the call the B parameter should contain the length of the +B buffer, if the call is successful recovered data is written to +B and the amount of data written to B. + +=head1 NOTES + +Normally an application is only interested in whether a signature verification +operation is successful in those cases the EVP_verify() function should be +used. + +Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example RSA in PKCS padding mode). + +After the call to EVP_PKEY_verify_recover_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_verify_recover() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success +and 0 or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Recover digest originally signed using PKCS#1 and SHA256 digest: + + #include + #include + + EVP_PKEY_CTX *ctx; + unsigned char *rout, *sig; + size_t routlen, siglen; + EVP_PKEY *verify_key; + /* NB: assumes verify_key, sig and siglen are already set up + * and that verify_key is an RSA public key + */ + ctx = EVP_PKEY_CTX_new(verify_key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_verify_recover_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) + /* Error */ + + rout = OPENSSL_malloc(routlen); + + if (!rout) + /* malloc failure */ + + if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) + /* Error */ + + /* Recovered data is routlen bytes written to buffer rout */ + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod index a883f6c097..60e8332ae9 100644 --- a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod @@ -278,6 +278,8 @@ happen if extended CRL checking is enabled. an application specific error. This will never be returned unless explicitly set by an application. +=back + =head1 NOTES The above functions should be used instead of directly referencing the fields diff --git a/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index b68eece033..46cac2bea2 100644 --- a/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -113,7 +113,7 @@ a special status code is set to the verification callback. This permits it to examine the valid policy tree and perform additional checks or simply log it for debugging purposes. -By default some addtional features such as indirect CRLs and CRLs signed by +By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. If B is set they are enabled. diff --git a/src/lib/libssl/src/doc/crypto/ecdsa.pod b/src/lib/libssl/src/doc/crypto/ecdsa.pod index 20edff97ff..59a5916de1 100644 --- a/src/lib/libssl/src/doc/crypto/ecdsa.pod +++ b/src/lib/libssl/src/doc/crypto/ecdsa.pod @@ -95,7 +95,7 @@ is ignored. ECDSA_verify() verifies that the signature in B of size B is a valid ECDSA signature of the hash value -value B of size B using the public key B. +B of size B using the public key B. The parameter B is ignored. ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B @@ -131,16 +131,12 @@ specific) int ret; ECDSA_SIG *sig; - EC_KEY *eckey = EC_KEY_new(); + EC_KEY *eckey; + eckey = EC_KEY_new_by_curve_name(NID_secp192k1); if (eckey == NULL) { /* error */ } - key->group = EC_GROUP_new_by_nid(NID_secp192k1); - if (key->group == NULL) - { - /* error */ - } if (!EC_KEY_generate_key(eckey)) { /* error */ diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod index b80e25be7e..7e60df5ba8 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod @@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return Return values from the server callback are interpreted as follows: +=over 4 + =item > 0 PSK identity was found and the server callback has provided the PSK @@ -99,4 +101,6 @@ completely. PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. +=back + =cut diff --git a/src/lib/libssl/src/engines/ccgost/gost89.c b/src/lib/libssl/src/engines/ccgost/gost89.c index 7ebae0f71f..b0568c6b3c 100644 --- a/src/lib/libssl/src/engines/ccgost/gost89.c +++ b/src/lib/libssl/src/engines/ccgost/gost89.c @@ -369,7 +369,13 @@ int gost_mac(gost_ctx *ctx,int mac_len,const unsigned char *data, memset(buf2,0,8); memcpy(buf2,data+i,data_len-i); mac_block(ctx,buffer,buf2); - } + i+=8; + } + if (i==8) + { + memset(buf2,0,8); + mac_block(ctx,buffer,buf2); + } get_mac(buffer,mac_len,mac); return 1; } @@ -389,7 +395,13 @@ int gost_mac_iv(gost_ctx *ctx,int mac_len,const unsigned char *iv,const unsigned memset(buf2,0,8); memcpy(buf2,data+i,data_len-i); mac_block(ctx,buffer,buf2); + i+=8; } + if (i==8) + { + memset(buf2,0,8); + mac_block(ctx,buffer,buf2); + } get_mac(buffer,mac_len,mac); return 1; } diff --git a/src/lib/libssl/src/engines/ccgost/gost89.h b/src/lib/libssl/src/engines/ccgost/gost89.h index 2157852519..8da2407b03 100644 --- a/src/lib/libssl/src/engines/ccgost/gost89.h +++ b/src/lib/libssl/src/engines/ccgost/gost89.h @@ -87,10 +87,6 @@ extern gost_subst_block Gost28147_CryptoProParamSetB; extern gost_subst_block Gost28147_CryptoProParamSetC; extern gost_subst_block Gost28147_CryptoProParamSetD; extern const byte CryptoProKeyMeshingKey[]; -#if __LONG_MAX__ > 2147483647L typedef unsigned int word32; -#else -typedef unsigned long word32; -#endif #endif diff --git a/src/lib/libssl/src/engines/ccgost/gost_crypt.c b/src/lib/libssl/src/engines/ccgost/gost_crypt.c index cde58c0e9b..52aef15acf 100644 --- a/src/lib/libssl/src/engines/ccgost/gost_crypt.c +++ b/src/lib/libssl/src/engines/ccgost/gost_crypt.c @@ -11,6 +11,14 @@ #include #include "e_gost_err.h" #include "gost_lcl.h" + +#if !defined(CCGOST_DEBUG) && !defined(DEBUG) +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include + static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -206,12 +214,13 @@ int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf) { struct ossl_gost_cipher_ctx *c = ctx; - if (c->count&&c->key_meshing && c->count%1024==0) + assert(c->count%8 == 0 && c->count <= 1024); + if (c->key_meshing && c->count==1024) { cryptopro_key_meshing(&(c->cctx),iv); } gostcrypt(&(c->cctx),iv,buf); - c->count+=8; + c->count = c->count%1024 + 8; } static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf) @@ -219,7 +228,8 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf) struct ossl_gost_cipher_ctx *c = ctx; word32 g,go; unsigned char buf1[8]; - if (c->count && c->key_meshing && c->count %1024 ==0) + assert(c->count%8 == 0 && c->count <= 1024); + if (c->key_meshing && c->count==1024) { cryptopro_key_meshing(&(c->cctx),iv); } @@ -248,7 +258,7 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf) buf1[7]=(unsigned char)((g>>24)&0xff); memcpy(iv,buf1,8); gostcrypt(&(c->cctx),buf1,buf); - c->count +=8; + c->count = c->count%1024 + 8; } /* GOST encryption in CFB mode */ @@ -511,12 +521,13 @@ static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *dat * interpret internal state of MAC algorithm as iv during keymeshing * (but does initialize internal state from iv in key transport */ - if (c->key_meshing&& c->count && c->count %1024 ==0) + assert(c->count%8 == 0 && c->count <= 1024); + if (c->key_meshing && c->count==1024) { cryptopro_key_meshing(&(c->cctx),buffer); } mac_block(&(c->cctx),c->buffer,data); - c->count +=8; + c->count = c->count%1024 + 8; } int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -565,6 +576,12 @@ int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md) GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET); return 0; } + if (c->count==0 && c->bytes_left) + { + unsigned char buffer[8]; + memset(buffer, 0, 8); + gost_imit_update(ctx, buffer, 8); + } if (c->bytes_left) { int i; diff --git a/src/lib/libssl/src/engines/ccgost/gost_eng.c b/src/lib/libssl/src/engines/ccgost/gost_eng.c index d2cbe3b831..8f29bf6f85 100644 --- a/src/lib/libssl/src/engines/ccgost/gost_eng.c +++ b/src/lib/libssl/src/engines/ccgost/gost_eng.c @@ -64,6 +64,13 @@ static int gost_engine_finish(ENGINE *e) static int gost_engine_destroy(ENGINE *e) { gost_param_free(); + + pmeth_GostR3410_94 = NULL; + pmeth_GostR3410_2001 = NULL; + pmeth_Gost28147_MAC = NULL; + ameth_GostR3410_94 = NULL; + ameth_GostR3410_2001 = NULL; + ameth_Gost28147_MAC = NULL; return 1; } @@ -71,6 +78,11 @@ static int bind_gost (ENGINE *e,const char *id) { int ret = 0; if (id && strcmp(id, engine_gost_id)) return 0; + if (ameth_GostR3410_94) + { + printf("GOST engine already loaded\n"); + goto end; + } if (!ENGINE_set_id(e, engine_gost_id)) { @@ -263,7 +275,10 @@ static ENGINE *engine_gost(void) void ENGINE_load_gost(void) { - ENGINE *toadd =engine_gost(); + ENGINE *toadd; + if (pmeth_GostR3410_94) + return; + toadd = engine_gost(); if (!toadd) return; ENGINE_add(toadd); ENGINE_free(toadd); diff --git a/src/lib/libssl/src/engines/ccgost/gost_lcl.h b/src/lib/libssl/src/engines/ccgost/gost_lcl.h index 437a48cc86..00aa42cea4 100644 --- a/src/lib/libssl/src/engines/ccgost/gost_lcl.h +++ b/src/lib/libssl/src/engines/ccgost/gost_lcl.h @@ -136,7 +136,7 @@ extern EVP_MD imit_gost_cpa; /* Cipher context used for EVP_CIPHER operation */ struct ossl_gost_cipher_ctx { int paramNID; - off_t count; + unsigned int count; int key_meshing; gost_ctx cctx; }; @@ -151,7 +151,7 @@ struct ossl_gost_imit_ctx { gost_ctx cctx; unsigned char buffer[8]; unsigned char partial_block[8]; - off_t count; + unsigned int count; int key_meshing; int bytes_left; int key_set; diff --git a/src/lib/libssl/src/engines/ccgost/gosthash.c b/src/lib/libssl/src/engines/ccgost/gosthash.c index a5c0662ffc..91b2ce8829 100644 --- a/src/lib/libssl/src/engines/ccgost/gosthash.c +++ b/src/lib/libssl/src/engines/ccgost/gosthash.c @@ -42,7 +42,7 @@ static void circle_xor8 (const byte *w, byte *k) byte buf[8]; int i; memcpy(buf,w,8); - memcpy(k,w+8,24); + memmove(k,w+8,24); for(i=0;i<8;i++) k[i+24]=buf[i]^k[i]; } @@ -180,8 +180,6 @@ int start_hash(gost_hash_ctx *ctx) */ int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length) { - const byte *curptr=block; - const byte *barrier=block+(length-32);/* Last byte we can safely hash*/ if (ctx->left) { /*There are some bytes from previous step*/ @@ -196,24 +194,25 @@ int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length) { return 1; } - curptr=block+add_bytes; + block+=add_bytes; + length-=add_bytes; hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder); add_blocks(32,ctx->S,ctx->remainder); ctx->len+=32; ctx->left=0; } - while (curptr<=barrier) + while (length>=32) { - hash_step(ctx->cipher_ctx,ctx->H,curptr); + hash_step(ctx->cipher_ctx,ctx->H,block); - add_blocks(32,ctx->S,curptr); + add_blocks(32,ctx->S,block); ctx->len+=32; - curptr+=32; + block+=32; + length-=32; } - if (curptr!=block+length) + if (length) { - ctx->left=block+length-curptr; - memcpy(ctx->remainder,curptr,ctx->left); + memcpy(ctx->remainder,block,ctx->left=length); } return 1; } diff --git a/src/lib/libssl/src/engines/e_capi.c b/src/lib/libssl/src/engines/e_capi.c index bfedde0eb0..c1085b56cd 100644 --- a/src/lib/libssl/src/engines/e_capi.c +++ b/src/lib/libssl/src/engines/e_capi.c @@ -1432,10 +1432,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec) { CAPI_KEY *key; + DWORD dwFlags = 0; key = OPENSSL_malloc(sizeof(CAPI_KEY)); CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", contname, provname, ptype); - if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0)) + if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE) + dwFlags = CRYPT_MACHINE_KEYSET; + if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags)) { CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c index de8bab873f..2e8cf681ed 100644 --- a/src/lib/libssl/src/ssl/d1_both.c +++ b/src/lib/libssl/src/ssl/d1_both.c @@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) static void dtls1_hm_fragment_free(hm_fragment *frag) { + + if (frag->msg_header.is_ccs) + { + EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); + EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); + } if (frag->fragment) OPENSSL_free(frag->fragment); if (frag->reassembly) OPENSSL_free(frag->reassembly); OPENSSL_free(frag); @@ -313,9 +319,10 @@ int dtls1_do_write(SSL *s, int type) s->init_off -= DTLS1_HM_HEADER_LENGTH; s->init_num += DTLS1_HM_HEADER_LENGTH; - /* write atleast DTLS1_HM_HEADER_LENGTH bytes */ - if ( len <= DTLS1_HM_HEADER_LENGTH) - len += DTLS1_HM_HEADER_LENGTH; + if ( s->init_num > curr_mtu) + len = curr_mtu; + else + len = s->init_num; } dtls1_fix_message_header(s, frag_off, @@ -1452,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; int r; + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; + /* Allocate memory for the response, size is 1 byte * message type, plus 2 bytes payload length, plus * payload, plus padding */ - buffer = OPENSSL_malloc(1 + 2 + payload + padding); + buffer = OPENSSL_malloc(write_length); bp = buffer; /* Enter response type, length and copy payload */ @@ -1482,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s) /* Random padding */ RAND_pseudo_bytes(bp, padding); - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); + r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, 3 + payload + padding, + buffer, write_length, s, s->msg_callback_arg); OPENSSL_free(buffer); diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c index a6ed09c51d..48e5e06bde 100644 --- a/src/lib/libssl/src/ssl/d1_clnt.c +++ b/src/lib/libssl/src/ssl/d1_clnt.c @@ -538,13 +538,6 @@ int dtls1_connect(SSL *s) SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_SCTP - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); -#endif - s->state=SSL3_ST_CW_FINISHED_A; s->init_num=0; @@ -571,6 +564,16 @@ int dtls1_connect(SSL *s) goto end; } +#ifndef OPENSSL_NO_SCTP + if (s->hit) + { + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); + } +#endif + dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); break; @@ -613,6 +616,13 @@ int dtls1_connect(SSL *s) } else { +#ifndef OPENSSL_NO_SCTP + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); +#endif + #ifndef OPENSSL_NO_TLSEXT /* Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) @@ -773,7 +783,7 @@ int dtls1_client_hello(SSL *s) unsigned char *buf; unsigned char *p,*d; unsigned int i,j; - unsigned long Time,l; + unsigned long l; SSL_COMP *comp; buf=(unsigned char *)s->init_buf->data; @@ -798,13 +808,11 @@ int dtls1_client_hello(SSL *s) /* if client_random is initialized, reuse it, we are * required to use same upon reply to HelloVerify */ - for (i=0;p[i]=='\0' && is3->client_random);i++) ; + for (i=0;p[i]=='\0' && is3->client_random);i++) + ; if (i==sizeof(s->s3->client_random)) - { - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4); - } + ssl_fill_hello_random(s, 0, p, + sizeof(s->s3->client_random)); /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c index 07a5e97ce5..712c4647f2 100644 --- a/src/lib/libssl/src/ssl/d1_enc.c +++ b/src/lib/libssl/src/ssl/d1_enc.c @@ -126,20 +126,28 @@ #include #endif +/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. + * + * Returns: + * 0: (in non-constant time) if the record is publically invalid (i.e. too + * short etc). + * 1: if the record's padding is valid / the encryption was successful. + * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, + * an internal error occured. */ int dtls1_enc(SSL *s, int send) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; - int bs,i,ii,j,k,n=0; + int bs,i,j,k,mac_size=0; const EVP_CIPHER *enc; if (send) { if (EVP_MD_CTX_md(s->write_hash)) { - n=EVP_MD_CTX_size(s->write_hash); - if (n < 0) + mac_size=EVP_MD_CTX_size(s->write_hash); + if (mac_size < 0) return -1; } ds=s->enc_write_ctx; @@ -164,9 +172,8 @@ int dtls1_enc(SSL *s, int send) { if (EVP_MD_CTX_md(s->read_hash)) { - n=EVP_MD_CTX_size(s->read_hash); - if (n < 0) - return -1; + mac_size=EVP_MD_CTX_size(s->read_hash); + OPENSSL_assert(mac_size >= 0); } ds=s->enc_read_ctx; rec= &(s->s3->rrec); @@ -231,7 +238,7 @@ int dtls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) - return -1; + return 0; } EVP_Cipher(ds,rec->data,rec->input,l); @@ -246,43 +253,7 @@ int dtls1_enc(SSL *s, int send) #endif /* KSSL_DEBUG */ if ((bs != 1) && !send) - { - ii=i=rec->data[l-1]; /* padding_length */ - i++; - if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) - { - /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, - "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) - s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - i--; - } - /* TLS 1.0 does not bound the number of padding bytes by the block size. - * All of them must have value 'padding_length'. */ - if (i + bs > (int)rec->length) - { - /* Incorrect padding. SSLerr() and ssl3_alert are done - * by caller: we don't want to reveal whether this is - * a decryption error or a MAC verification failure - * (see http://www.openssl.org/~bodo/tls-cbc.txt) - */ - return -1; - } - for (j=(int)(l-i); j<(int)l; j++) - { - if (rec->data[j] != ii) - { - /* Incorrect padding */ - return -1; - } - } - rec->length-=i; - - rec->data += bs; /* skip the implicit IV */ - rec->input += bs; - rec->length -= bs; - } + return tls1_cbc_remove_padding(s, rec, bs, mac_size); } return(1); } diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c index f61f718183..106939f241 100644 --- a/src/lib/libssl/src/ssl/d1_lib.c +++ b/src/lib/libssl/src/ssl/d1_lib.c @@ -196,6 +196,7 @@ void dtls1_free(SSL *s) pqueue_free(s->d1->buffered_app_data.q); OPENSSL_free(s->d1); + s->d1 = NULL; } void dtls1_clear(SSL *s) diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 987af60835..8186462d4a 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c @@ -376,15 +376,11 @@ static int dtls1_process_record(SSL *s) { int i,al; - int clear=0; int enc_err; SSL_SESSION *sess; SSL3_RECORD *rr; - unsigned int mac_size; + unsigned int mac_size, orig_len; unsigned char md[EVP_MAX_MD_SIZE]; - int decryption_failed_or_bad_record_mac = 0; - unsigned char *mac = NULL; - rr= &(s->s3->rrec); sess = s->session; @@ -416,12 +412,16 @@ dtls1_process_record(SSL *s) rr->data=rr->input; enc_err = s->method->ssl3_enc->enc(s,0); - if (enc_err <= 0) + /* enc_err is: + * 0: (in non-constant time) if the record is publically invalid. + * 1: if the padding is valid + * -1: if the padding is invalid */ + if (enc_err == 0) { - /* To minimize information leaked via timing, we will always - * perform all computations before discarding the message. - */ - decryption_failed_or_bad_record_mac = 1; + /* For DTLS we simply ignore bad packets. */ + rr->length = 0; + s->packet_length = 0; + goto err; } #ifdef TLS_DEBUG @@ -431,45 +431,62 @@ printf("\n"); #endif /* r->length is now the compressed data plus mac */ - if ( (sess == NULL) || - (s->enc_read_ctx == NULL) || - (s->read_hash == NULL)) - clear=1; - - if (!clear) + if ((sess != NULL) && + (s->enc_read_ctx != NULL) && + (EVP_MD_CTX_md(s->read_hash) != NULL)) { - /* !clear => s->read_hash != NULL => mac_size != -1 */ - int t; - t=EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(t >= 0); - mac_size=t; - - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) + /* s->read_hash != NULL => mac_size != -1 */ + unsigned char *mac = NULL; + unsigned char mac_tmp[EVP_MAX_MD_SIZE]; + mac_size=EVP_MD_CTX_size(s->read_hash); + OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); + + /* kludge: *_cbc_remove_padding passes padding length in rr->type */ + orig_len = rr->length+((unsigned int)rr->type>>8); + + /* orig_len is the length of the record before any padding was + * removed. This is public information, as is the MAC in use, + * therefore we can safely process the record in a different + * amount of time if it's too short to possibly contain a MAC. + */ + if (orig_len < mac_size || + /* CBC records must have a padding length byte too. */ + (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && + orig_len < mac_size+1)) { -#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); + al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; -#else - decryption_failed_or_bad_record_mac = 1; -#endif } - /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length >= mac_size) + + if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { + /* We update the length so that the TLS header bytes + * can be constructed correctly but we need to extract + * the MAC in constant time from within the record, + * without leaking the contents of the padding bytes. + * */ + mac = mac_tmp; + ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); rr->length -= mac_size; - mac = &rr->data[rr->length]; } else - rr->length = 0; - i=s->method->ssl3_enc->mac(s,md,0); - if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) { - decryption_failed_or_bad_record_mac = 1; + /* In this case there's no padding, so |orig_len| + * equals |rec->length| and we checked that there's + * enough bytes for |mac_size| above. */ + rr->length -= mac_size; + mac = &rr->data[rr->length]; } + + i=s->method->ssl3_enc->mac(s,md,0 /* not send */); + if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) + enc_err = -1; + if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) + enc_err = -1; } - if (decryption_failed_or_bad_record_mac) + if (enc_err < 0) { /* decryption failed, silently discard message */ rr->length = 0; @@ -830,6 +847,12 @@ start: } } + if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) + { + rr->length = 0; + goto start; + } + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1034,6 +1057,7 @@ start: !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !s->s3->renegotiate) { + s->d1->handshake_read_seq++; s->new_session = 1; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) diff --git a/src/lib/libssl/src/ssl/d1_srtp.c b/src/lib/libssl/src/ssl/d1_srtp.c index 928935bd8b..ab9c41922c 100644 --- a/src/lib/libssl/src/ssl/d1_srtp.c +++ b/src/lib/libssl/src/ssl/d1_srtp.c @@ -115,11 +115,12 @@ Copyright (C) 2011, RTFM, Inc. */ -#ifndef OPENSSL_NO_SRTP - #include #include #include "ssl_locl.h" + +#ifndef OPENSSL_NO_SRTP + #include "srtp.h" diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 29421da9aa..9975e20873 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c @@ -276,10 +276,11 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; + dtls1_clear_record_buffer(s); dtls1_start_timer(s); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; + s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; @@ -721,10 +722,13 @@ int dtls1_accept(SSL *s) if (ret <= 0) goto end; #ifndef OPENSSL_NO_SCTP - /* Change to new shared key of SCTP-Auth, - * will be ignored if no SCTP used. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); + if (!s->hit) + { + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); + } #endif s->state=SSL3_ST_SW_FINISHED_A; @@ -749,7 +753,16 @@ int dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; if (s->hit) + { s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + +#ifndef OPENSSL_NO_SCTP + /* Change to new shared key of SCTP-Auth, + * will be ignored if no SCTP used. + */ + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); +#endif + } else { s->s3->tmp.next_state=SSL_ST_OK; @@ -912,15 +925,13 @@ int dtls1_send_server_hello(SSL *s) unsigned char *p,*d; int i; unsigned int sl; - unsigned long l,Time; + unsigned long l; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf=(unsigned char *)s->init_buf->data; p=s->s3->server_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); + ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h index 5008bf6081..e65d501191 100644 --- a/src/lib/libssl/src/ssl/dtls1.h +++ b/src/lib/libssl/src/ssl/dtls1.h @@ -57,8 +57,8 @@ * */ -#ifndef HEADER_DTLS1_H -#define HEADER_DTLS1_H +#ifndef HEADER_DTLS1_H +#define HEADER_DTLS1_H #include #include @@ -72,8 +72,12 @@ #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) #include #else +#if defined(OPENSSL_SYS_VXWORKS) +#include +#else #include #endif +#endif #ifdef __cplusplus extern "C" { diff --git a/src/lib/libssl/src/ssl/tls_srp.c b/src/lib/libssl/src/ssl/tls_srp.c index 8512c4daf6..2315a7c0a2 100644 --- a/src/lib/libssl/src/ssl/tls_srp.c +++ b/src/lib/libssl/src/ssl/tls_srp.c @@ -242,7 +242,8 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad) (s->srp_ctx.v == NULL)) return SSL3_AL_FATAL; - RAND_bytes(b, sizeof(b)); + if (RAND_bytes(b, sizeof(b)) <= 0) + return SSL3_AL_FATAL; s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL); OPENSSL_cleanse(b,sizeof(b)); diff --git a/src/lib/libssl/src/test/cms-test.pl b/src/lib/libssl/src/test/cms-test.pl index c938bcf00d..dfef799be2 100644 --- a/src/lib/libssl/src/test/cms-test.pl +++ b/src/lib/libssl/src/test/cms-test.pl @@ -415,8 +415,10 @@ sub run_smime_tests { } sub cmp_files { + use FileHandle; my ( $f1, $f2 ) = @_; - my ( $fp1, $fp2 ); + my $fp1 = FileHandle->new(); + my $fp2 = FileHandle->new(); my ( $rd1, $rd2 ); -- cgit v1.2.3-55-g6feb