diff --git a/trunk/3rdparty/README.md b/trunk/3rdparty/README.md index a7d677802..9852227ce 100644 --- a/trunk/3rdparty/README.md +++ b/trunk/3rdparty/README.md @@ -13,8 +13,8 @@ srt-1.4.1.tar.gz * https://ossrs.net/lts/zh-cn/license#srt openssl-1.1-fit -openssl-1.1.1b.tar.gz -* http://www.openssl.org/source/openssl-1.1.1b.tar.gz +openssl-1.1.1l.tar.gz +* http://www.openssl.org/source/openssl-1.1.1l.tar.gz openssl-1.1.0e.zip openssl-OpenSSL_1_0_2u.tar.gz diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/00-base-templates.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/00-base-templates.conf index 5fd995cb3..e01dc63a8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/00-base-templates.conf +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/00-base-templates.conf @@ -198,7 +198,7 @@ my %targets=( bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s", ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s", des_asm_src => "des-586.s crypt586.s", - aes_asm_src => "aes-586.s vpaes-x86.s aesni-x86.s", + aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s", bf_asm_src => "bf-586.s", md5_asm_src => "md5-586.s", cast_asm_src => "cast-586.s", @@ -223,7 +223,7 @@ my %targets=( cpuid_asm_src => "x86_64cpuid.s", bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s", ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s", - aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", + aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", md5_asm_src => "md5-x86_64.s", sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s", rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s", diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/10-main.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/10-main.conf index 930f2d3c9..61c6689a0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/10-main.conf +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/10-main.conf @@ -263,7 +263,7 @@ my %targets = ( # primarily because vendor assembler can't assemble our modules # with -KPIC flag. As result it, assembly support, was not even # available as option. But its lack means lack of side-channel - # resistant code, which is incompatible with security by todays + # resistant code, which is incompatible with security by today's # standards. Fortunately gcc is readily available prepackaged # option, which we can firmly point at... # @@ -434,7 +434,7 @@ my %targets = ( # 32-bit message digests. (For the moment of this writing) HP C # doesn't seem to "digest" too many local variables (they make "him" # chew forever:-). For more details look-up MD32_XARRAY comment in -# crypto/sha/sha_lcl.h. +# crypto/sha/sha_local.h. # - originally there were 32-bit hpux-parisc2-* targets. They were # scrapped, because a) they were not interchangeable with other 32-bit # targets; b) performance-critical 32-bit assembly modules implement @@ -663,6 +663,7 @@ my %targets = ( "linux-ppc" => { inherit_from => [ "linux-generic32", asm("ppc32_asm") ], perlasm_scheme => "linux32", + lib_cppflags => add("-DB_ENDIAN"), }, "linux-ppc64" => { inherit_from => [ "linux-generic64", asm("ppc64_asm") ], @@ -741,7 +742,7 @@ my %targets = ( inherit_from => [ "linux-generic32", asm("mips64_asm") ], cflags => add("-mabi=n32"), cxxflags => add("-mabi=n32"), - bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", + bn_ops => "RC4_CHAR", perlasm_scheme => "n32", multilib => "32", }, @@ -753,6 +754,13 @@ my %targets = ( multilib => "64", }, + # riscv64 below refers to contemporary RISCV Architecture + # specifications, + "linux64-riscv64" => { + inherit_from => [ "linux-generic64"], + perlasm_scheme => "linux64", + }, + #### IA-32 targets... #### These two targets are a bit aged and are to be used on older Linux #### machines where gcc doesn't understand -m32 and -m64 @@ -1111,7 +1119,7 @@ my %targets = ( thread_scheme => "pthreads", dso_scheme => "dlfcn", shared_target => "self", - module_ldflags => "-Wl,-G,-bsymbolic,-bexpall", + module_ldflags => "-Wl,-G,-bsymbolic,-bnoentry", shared_ldflag => "-Wl,-G,-bsymbolic,-bnoentry", shared_defflag => "-Wl,-bE:", shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", @@ -1125,7 +1133,7 @@ my %targets = ( CFLAGS => picker(debug => "-O0 -g", release => "-O"), cflags => add(threads("-pthread")), - ex_libs => threads("-pthread"), + ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG RC4_CHAR", perlasm_scheme => "aix32", shared_ldflag => add_before("-shared -static-libgcc"), @@ -1138,7 +1146,7 @@ my %targets = ( CFLAGS => picker(debug => "-O0 -g", release => "-O"), cflags => combine("-maix64", threads("-pthread")), - ex_libs => threads("-pthread"), + ex_libs => add(threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "aix64", shared_ldflag => add_before("-shared -static-libgcc"), @@ -1154,7 +1162,7 @@ my %targets = ( cflags => combine("-q32 -qmaxmem=16384 -qro -qroconst", threads("-qthreaded")), cppflags => threads("-D_THREAD_SAFE"), - ex_libs => threads("-lpthreads"), + ex_libs => add(threads("-lpthreads")), bn_ops => "BN_LLONG RC4_CHAR", perlasm_scheme => "aix32", shared_cflag => "-qpic", @@ -1169,7 +1177,7 @@ my %targets = ( cflags => combine("-q64 -qmaxmem=16384 -qro -qroconst", threads("-qthreaded")), cppflags => threads("-D_THREAD_SAFE"), - ex_libs => threads("-lpthreads"), + ex_libs => add(threads("-lpthreads")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "aix64", dso_scheme => "dlfcn", @@ -1313,7 +1321,6 @@ my %targets = ( "VC-WIN32" => { inherit_from => [ "VC-noCE-common", asm("x86_asm"), sub { $disabled{shared} ? () : "uplink_common" } ], - CFLAGS => add("/WX"), AS => sub { vc_win32_info()->{AS} }, ASFLAGS => sub { vc_win32_info()->{ASFLAGS} }, asoutflag => sub { vc_win32_info()->{asoutflag} }, @@ -1366,9 +1373,9 @@ my %targets = ( } push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib' if (defined(env('PORTSDK_LIBPATH'))); - push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib' - if (env('TARGETCPU') eq "X86"); - return @ex_libs; + push @ex_libs, '/nodefaultlib coredll.lib corelibc.lib' + if (env('TARGETCPU') =~ /^X86|^ARMV4[IT]/); + return join(" ", @ex_libs); }), }, @@ -1397,6 +1404,10 @@ my %targets = ( shared_extension => ".dll", multilib => "", apps_aux_src => add("win32_init.c"), + # "WOW" stands for "Windows on Windows", and that word engages + # some installation path heuristics in unix-Makefile.tmpl... + build_scheme => add("WOW", { separator => undef }), + }, "mingw64" => { # As for OPENSSL_USE_APPLINK. Applink makes it possible to use @@ -1554,6 +1565,14 @@ my %targets = ( bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "macosx", }, + "darwin64-arm64-cc" => { + inherit_from => [ "darwin-common", asm("aarch64_asm") ], + CFLAGS => add("-Wall"), + cflags => add("-arch arm64"), + lib_cppflags => add("-DL_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "ios64", + }, ##### GNU Hurd "hurd-x86" => { diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/15-android.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/15-android.conf index 7b496a452..fd5cd3f47 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/15-android.conf +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/15-android.conf @@ -29,18 +29,18 @@ $ndk = $ENV{$ndk_var}; last if defined $ndk; } - die "\$ANDROID_NDK_HOME is not defined" if (!$ndk); - if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") { - # $ndk/platforms is traditional "all-inclusive" NDK, while - # $ndk/AndroidVersion.txt is so-called standalone toolchain - # tailored for specific target down to API level. + die "\$ANDROID_NDK_HOME is not defined" if (!$ndk); + my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt"; + my $ndk_src_props = "$ndk/source.properties"; + my $is_ndk = -f $ndk_src_props; + if ($is_ndk == $is_standalone_toolchain) { die "\$ANDROID_NDK_HOME=$ndk is invalid"; } $ndk = canonpath($ndk); my $ndkver = undef; - if (open my $fh, "<$ndk/source.properties") { + if (open my $fh, "<$ndk_src_props") { local $_; while(<$fh>) { if (m|Pkg\.Revision\s*=\s*([0-9]+)|) { @@ -59,7 +59,7 @@ if ($sysroot = $ENV{CROSS_SYSROOT}) { $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|; ($api, $arch) = ($1, $2); - } elsif (-f "$ndk/AndroidVersion.txt") { + } elsif ($is_standalone_toolchain) { $sysroot = "$ndk/sysroot"; } else { $api = "*"; @@ -72,17 +72,31 @@ } } - # list available platforms (numerically) - my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1; - $b =~ m/-([0-9]+)$/; $aa <=> $1; - } glob("$ndk/platforms/android-$api"); - die "no $ndk/platforms/android-$api" if ($#platforms < 0); + if (-d "$ndk/platforms") { + # list available platforms (numerically) + my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1; + $b =~ m/-([0-9]+)$/; $aa <=> $1; + } glob("$ndk/platforms/android-$api"); + die "no $ndk/platforms/android-$api" if ($#platforms < 0); - $sysroot = "@platforms[$#platforms]/arch-$arch"; - $sysroot =~ m|/android-([0-9]+)/arch-$arch|; - $api = $1; + $sysroot = "@platforms[$#platforms]/arch-$arch"; + $sysroot =~ m|/android-([0-9]+)/arch-$arch|; + $api = $1; + } elsif ($api eq "*") { + # r22 Removed platforms dir, use this JSON file + my $path = "$ndk/meta/platforms.json"; + open my $fh, $path or die "Could not open '$path' $!"; + while (<$fh>) { + if (/"max": (\d+),/) { + $api = $1; + last; + } + } + close $fh; + } + die "Could not get default API Level" if ($api eq "*"); } - die "no sysroot=$sysroot" if (!-d $sysroot); + die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot); my $triarch = $triplet{$arch}; my $cflags; @@ -95,17 +109,21 @@ my $arm = $ndkver > 16 ? "armv7a" : "armv5te"; (my $tridefault = $triarch) =~ s/^arm-/$arm-/; (my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/; - $cflags .= " -target $tridefault " - . "-gcc-toolchain \$($ndk_var)/toolchains" - . "/$tritools-4.9/prebuilt/$host"; - $user{CC} = "clang" if ($user{CC} !~ m|clang|); + if (length $sysroot) { + $cflags .= " -target $tridefault " + . "-gcc-toolchain \$($ndk_var)/toolchains" + . "/$tritools-4.9/prebuilt/$host"; + $user{CC} = "clang" if ($user{CC} !~ m|clang|); + } else { + $user{CC} = "$tridefault$api-clang"; + } $user{CROSS_COMPILE} = undef; if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) { $user{AR} = "llvm-ar"; $user{ARFLAGS} = [ "rs" ]; $user{RANLIB} = ":"; } - } elsif (-f "$ndk/AndroidVersion.txt") { #"standalone toolchain" + } elsif ($is_standalone_toolchain) { my $cc = $user{CC} // "clang"; # One can probably argue that both clang and gcc should be # probed, but support for "standalone toolchain" was added @@ -127,19 +145,21 @@ $user{CROSS_COMPILE} = "$triarch-"; } - if (!-d "$sysroot/usr/include") { - my $incroot = "$ndk/sysroot/usr/include"; - die "no $incroot" if (!-d $incroot); - die "no $incroot/$triarch" if (!-d "$incroot/$triarch"); - $incroot =~ s|^$ndk/||; - $cppflags = "-D__ANDROID_API__=$api"; - $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch"; - $cppflags .= " -isystem \$($ndk_var)/$incroot"; + if (length $sysroot) { + if (!-d "$sysroot/usr/include") { + my $incroot = "$ndk/sysroot/usr/include"; + die "no $incroot" if (!-d $incroot); + die "no $incroot/$triarch" if (!-d "$incroot/$triarch"); + $incroot =~ s|^$ndk/||; + $cppflags = "-D__ANDROID_API__=$api"; + $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch"; + $cppflags .= " -isystem \$($ndk_var)/$incroot"; + } + $sysroot =~ s|^$ndk/||; + $sysroot = " --sysroot=\$($ndk_var)/$sysroot"; } - - $sysroot =~ s|^$ndk/||; $android_ndk = { - cflags => "$cflags --sysroot=\$($ndk_var)/$sysroot", + cflags => $cflags . $sysroot, cppflags => $cppflags, bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG" : "BN_LLONG", @@ -241,7 +261,7 @@ my %targets = ( }, #################################################################### - # Backward compatible targets, (might) requre $CROSS_SYSROOT + # Backward compatible targets, (might) require $CROSS_SYSROOT # "android-armeabi" => { inherit_from => [ "android-arm" ], diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/15-ios.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/15-ios.conf index 1bb9f48d0..f404077fd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/15-ios.conf +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/15-ios.conf @@ -1,6 +1,6 @@ #### iPhoneOS/iOS # -# It takes recent enough XCode to use following two targets. It shouldn't +# It takes recent enough Xcode to use following two targets. It shouldn't # be a problem by now, but if they don't work, original targets below # that depend on manual definition of environment variables should still # work... diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/50-win-onecore.conf b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-win-onecore.conf index 51cb3819c..c59527911 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/50-win-onecore.conf +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/50-win-onecore.conf @@ -1,10 +1,10 @@ # Windows OneCore targets. # -# OneCore is new API stability "contract" that transends Desktop, IoT and +# OneCore is new API stability "contract" that transcends Desktop, IoT and # Mobile[?] Windows editions. It's a set up "umbrella" libraries that # export subset of Win32 API that are common to all Windows 10 devices. # -# OneCore Configuration temporarly dedicated for console applications +# OneCore Configuration temporarily dedicated for console applications # due to disabled event logging, which is incompatible with one core. # Error messages are provided via standard error only. # TODO: extend error handling to use ETW based eventing diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/common0.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/common0.tmpl index 03acb3e0b..852b1fb3e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/common0.tmpl +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/common0.tmpl @@ -22,7 +22,7 @@ our @generated = sort ( ( grep { defined $unified_info{generate}->{$_} } sort keys %generatables ), - # Scripts are assumed to be generated, so add thhem too + # Scripts are assumed to be generated, so add them too ( grep { defined $unified_info{sources}->{$_} } @{$unified_info{scripts}} ) ); diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/descrip.mms.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/descrip.mms.tmpl index 0ccd5f075..04c93222c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/descrip.mms.tmpl +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/descrip.mms.tmpl @@ -343,6 +343,7 @@ CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags2.$cppflags1) =~ s|"|""|g; # # #include # #include "internal/bar.h" +# #include "crypto/something.h" # # will use the logical names to find the files. Expecting # DECompHP C to find files in subdirectories of whatever was @@ -351,11 +352,13 @@ NODEBUG=@ .FIRST : $(NODEBUG) openssl_inc1 = F$PARSE("[.include.openssl]","A.;",,,"syntax_only") - "A.;" $(NODEBUG) openssl_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.openssl]") -}","A.;",,,"SYNTAX_ONLY") - "A.;" - $(NODEBUG) internal_inc1 = F$PARSE("[.crypto.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;" + $(NODEBUG) internal_inc1 = F$PARSE("[.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;" $(NODEBUG) internal_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;" - $(NODEBUG) internal_inc3 = F$PARSE("{- catdir($config{sourcedir},"[.crypto.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;" + $(NODEBUG) crypto_inc1 = F$PARSE("[.include.crypto]","A.;",,,"SYNTAX_ONLY") - "A.;" + $(NODEBUG) crypto_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.crypto]") -}","A.;",,,"SYNTAX_ONLY") - "A.;" $(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2' - $(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2','internal_inc3' + $(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2' + $(NODEBUG) DEFINE crypto 'crypto_inc1','crypto_inc2' $(NODEBUG) staging_dir = "$(DESTDIR)" $(NODEBUG) staging_instdir = "" $(NODEBUG) staging_datadir = "" @@ -374,8 +377,13 @@ NODEBUG=@ $(NODEBUG) ! $(NODEBUG) ! Installation logical names $(NODEBUG) ! - $(NODEBUG) installtop = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]" - $(NODEBUG) datatop = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]" + $(NODEBUG) ! This also creates a few DCL variables that are used for + $(NODEBUG) ! the "install_msg" target. + $(NODEBUG) ! + $(NODEBUG) installroot = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + $(NODEBUG) installtop = installroot + ".]" + $(NODEBUG) dataroot = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + $(NODEBUG) datatop = dataroot + ".]" $(NODEBUG) DEFINE ossl_installroot 'installtop' $(NODEBUG) DEFINE ossl_dataroot 'datatop' $(NODEBUG) ! @@ -392,6 +400,7 @@ NODEBUG=@ $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } @shlibs) || "!" -} $(NODEBUG) DEASSIGN ossl_dataroot $(NODEBUG) DEASSIGN ossl_installroot + $(NODEBUG) DEASSIGN crypto $(NODEBUG) DEASSIGN internal $(NODEBUG) DEASSIGN openssl .DEFAULT : @@ -451,30 +460,19 @@ list-tests : @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options" @ ! {- output_on() if !$disabled{tests}; "" -} -install : install_sw install_ssldirs install_docs +install : install_sw install_ssldirs install_docs install_msg + @ ! + +install_msg : @ WRITE SYS$OUTPUT "" @ WRITE SYS$OUTPUT "######################################################################" @ WRITE SYS$OUTPUT "" @ IF "$(DESTDIR)" .EQS. "" THEN - - PIPE ( WRITE SYS$OUTPUT "Installation complete" ; - - WRITE SYS$OUTPUT "" ; - - WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; - - WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; - - WRITE SYS$OUTPUT "" ) + @{- sourcefile("VMS", "msg_install.com") -} "$(SYSTARTUP)" "{- $osslver -}" @ IF "$(DESTDIR)" .NES. "" THEN - - PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; - - WRITE SYS$OUTPUT "" ; - - WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the directory tree" ; - - WRITE SYS$OUTPUT staging_instdir ; - - WRITE SYS$OUTPUT "ends up in $(INSTALLTOP)," ; - - WRITE SYS$OUTPUT "and that the contents of the contents of the directory tree" ; - - WRITE SYS$OUTPUT staging_datadir ; - - WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; - - WRITE SYS$OUTPUT "" ; - - WRITE SYS$OUTPUT "When in its final destination," ; - - WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; - - WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; - - WRITE SYS$OUTPUT "" ) + @{- sourcefile("VMS", "msg_staging.com") -} - + "''installroot']" "''dataroot']" "$(INSTALLTOP)" "$(OPENSSLDIR)" - + "$(SYSTARTUP)" "{- $osslver -}" check_install : spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-Makefile.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-Makefile.tmpl index 288b79202..66617d6f4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-Makefile.tmpl +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/unix-Makefile.tmpl @@ -14,6 +14,26 @@ our $dsoext = $target{dso_extension} || ".so"; our $makedepprog = $disabled{makedepend} ? undef : $config{makedepprog}; + # $mingw_installroot and $mingw_commonroot is relevant for mingw only. + my $build_scheme = $target{build_scheme}; + my $install_flavour = $build_scheme->[$#$build_scheme]; # last element + my $mingw_installenv = $install_flavour eq "WOW" ? "ProgramFiles(x86)" + : "ProgramW6432"; + my $mingw_commonenv = $install_flavour eq "WOW" ? "CommonProgramFiles(x86)" + : "CommonProgramW6432"; + our $mingw_installroot = + defined($ENV{$mingw_installenv}) ? $mingw_installenv : 'ProgramFiles'; + our $mingw_commonroot = + defined($ENV{$mingw_commonenv}) ? $mingw_commonenv : 'CommonProgramFiles'; + my $mingw_installdflt = + $install_flavour eq "WOW" ? "C:/Program Files (x86)" + : "C:/Program Files"; + my $mingw_commondflt = "$mingw_installdflt/Common Files"; + + # expand variables early + $mingw_installroot = $ENV{$mingw_installroot} // $mingw_installdflt; + $mingw_commonroot = $ENV{$mingw_commonroot} // $mingw_commondflt; + sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ } # Shared AIX support is special. We put libcrypto[64].so.ver into @@ -132,6 +152,7 @@ APPS_OPENSSL={- use File::Spec::Functions; # Normally it is left empty. DESTDIR= +{- output_off() if $config{target} =~ /^mingw/; "" -} # Do not edit these manually. Use Configure with --prefix or --openssldir # to change this! Short explanation in the top comment in Configure INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet @@ -175,6 +196,83 @@ ENGINESDIR=$(libdir)/engines-{- $sover_dirname -} # Convenience variable for those who want to set the rpath in shared # libraries and applications LIBRPATH=$(libdir) +{- output_on() if $config{target} =~ /^mingw/; + output_off() if $config{target} !~ /^mingw/; + "" -} +# Do not edit these manually. Use Configure with --prefix or --openssldir +# to change this! Short explanation in the top comment in Configure +INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet + # + use File::Spec::Win32; + my $prefix_default = "$mingw_installroot/OpenSSL"; + our $prefix = + File::Spec::Win32->canonpath($config{prefix} + || $prefix_default); + our ($prefix_dev, $prefix_dir, $prefix_file) = + File::Spec::Win32->splitpath($prefix, 1); + $prefix =~ s|\\|/|g; + $prefix_dir =~ s|\\|/|g; + $prefix_dev -} +INSTALLTOP_dir={- my $x = File::Spec::Win32->canonpath($prefix_dir); + $x =~ s|\\|/|g; + $x -} +OPENSSLDIR_dev={- # + # The logic here is that if no --openssldir was given, + # OPENSSLDIR will get the value "$mingw_commonroot/SSL". + # If --openssldir was given and the value is an absolute + # path, OPENSSLDIR will get its value without change. + # If the value from --openssldir is a relative path, + # OPENSSLDIR will get $prefix with the --openssldir + # value appended as a subdirectory. + # + use File::Spec::Win32; + our $openssldir = + $config{openssldir} ? + (File::Spec::Win32->file_name_is_absolute($config{openssldir}) ? + File::Spec::Win32->canonpath($config{openssldir}) + : File::Spec::Win32->catdir($prefix, $config{openssldir})) + : File::Spec::Win32->canonpath("$mingw_commonroot/SSL"); + our ($openssldir_dev, $openssldir_dir, $openssldir_file) = + File::Spec::Win32->splitpath($openssldir, 1); + $openssldir =~ s|\\|/|g; + $openssldir_dir =~ s|\\|/|g; + $openssldir_dev -} +OPENSSLDIR_dir={- my $x = File::Spec::Win32->canonpath($openssldir_dir); + $x =~ s|\\|/|g; + $x -} +LIBDIR={- our $libdir = $config{libdir} || "lib"; + File::Spec::Win32->file_name_is_absolute($libdir) ? "" : $libdir -} +ENGINESDIR_dev={- use File::Spec::Win32; + our $enginesdir = + File::Spec::Win32->catdir($prefix,$libdir, + "engines-$sover_dirname"); + our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) = + File::Spec::Win32->splitpath($enginesdir, 1); + $enginesdir =~ s|\\|/|g; + $enginesdir_dir =~ s|\\|/|g; + $enginesdir_dev -} +ENGINESDIR_dir={- my $x = File::Spec::Win32->canonpath($enginesdir_dir); + $x =~ s|\\|/|g; + $x -} +# In a Windows environment, $(DESTDIR) is harder to contatenate with other +# directory variables, because both may contain devices. What we do here is +# to adapt INSTALLTOP, OPENSSLDIR and ENGINESDIR depending on if $(DESTDIR) +# has a value or not, to ensure that concatenation will always work further +# down. +ifneq "$(DESTDIR)" "" +INSTALLTOP=$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dir) +else +INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir) +endif + +# $(libdir) is chosen to be compatible with the GNU coding standards +libdir={- File::Spec::Win32->file_name_is_absolute($libdir) + ? $libdir : '$(INSTALLTOP)/$(LIBDIR)' -} +{- output_on() if $config{target} !~ /^mingw/; "" -} MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) @@ -260,8 +358,8 @@ LIB_CPPFLAGS={- our $lib_cppflags = join(' ', $target{lib_cppflags} || (), $target{shared_cppflag} || (), (map { '-D'.$_ } - @{$config{lib_defines}}, - @{$config{shared_defines}}), + @{$config{lib_defines} || ()}, + @{$config{shared_defines} || ()}), @{$config{lib_cppflags}}, @{$config{shared_cppflag}}); join(' ', $lib_cppflags, @@ -285,6 +383,9 @@ LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (), LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (), $target{module_cppflags} || (), + (map { '-D'.$_ } + @{$config{dso_defines} || ()}, + @{$config{module_defines} || ()}), @{$config{dso_cppflags}}, @{$config{module_cppflags}}, '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} @@ -305,6 +406,7 @@ DSO_LDFLAGS={- join(' ', $target{dso_ldflags} || (), '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (), + (map { '-D'.$_ } @{$config{bin_defines} || ()}), @{$config{bin_cppflags}}, '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} BIN_CFLAGS={- join(' ', $target{bin_cflags} || (), @@ -414,14 +516,13 @@ libclean: clean: libclean $(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS) $(RM) $(GENERATED_MANDATORY) $(GENERATED) - -$(RM) `find . -name .git -prune -o -name '*{- $depext -}' -print` - -$(RM) `find . -name .git -prune -o -name '*{- $objext -}' -print` + -$(RM) `find . -name '*{- $depext -}' \! -name '.*' \! -type d -print` + -$(RM) `find . -name '*{- $objext -}' \! -name '.*' \! -type d -print` $(RM) core $(RM) tags TAGS doc-nits $(RM) -r test/test-runs $(RM) openssl.pc libcrypto.pc libssl.pc - -$(RM) `find . -name .git -prune -o -type l -print` - $(RM) $(TARFILE) + -$(RM) `find . -type l \! -name '.*' -print` distclean: clean $(RM) configdata.pm @@ -445,78 +546,78 @@ uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev install_docs: install_man_docs install_html_docs uninstall_docs: uninstall_man_docs uninstall_html_docs - $(RM) -r -v $(DESTDIR)$(DOCDIR) + $(RM) -r "$(DESTDIR)$(DOCDIR)" install_ssldirs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/certs" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/private" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/misc" @set -e; for x in dummy $(MISC_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ x1=`echo "$$x" | cut -f1 -d:`; \ x2=`echo "$$x" | cut -f2 -d:`; \ fn=`basename $$x1`; \ $(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \ - $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \ + cp $$x1 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \ + mv -f "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new" \ + "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ if [ "$$x1" != "$$x2" ]; then \ ln=`basename "$$x2"`; \ : {- output_off() unless windowsdll(); "" -}; \ $(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + cp "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn" "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \ : {- output_on() unless windowsdll(); output_off() if windowsdll(); "" -}; \ $(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + ln -sf $$fn "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \ : {- output_on() if windowsdll(); "" -}; \ fi; \ done @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" - @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist + @cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" + @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" + @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ - cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ + cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ + chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ fi @$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" - @cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist + @cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" + @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" + @mv -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \ $(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ - cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ + cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ + chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ fi install_dev: install_runtime_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing development files" - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/include/openssl" @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} @$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @cp $(SRCDIR)/ms/applink.c "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" + @chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ $(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ - chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + cp $$i "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ + chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ done - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)" @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ $(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$l $(DESTDIR)$(libdir)/$$fn.new; \ - $(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ + cp $$l "$(DESTDIR)$(libdir)/$$fn.new"; \ + $(RANLIB) "$(DESTDIR)$(libdir)/$$fn.new"; \ + chmod 644 "$(DESTDIR)$(libdir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn.new" \ + "$(DESTDIR)$(libdir)/$$fn"; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -527,61 +628,61 @@ install_dev: install_runtime_libs : {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \ if [ "$$fn1" != "$$fn2" ]; then \ $(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \ - ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \ + ln -sf $$fn1 "$(DESTDIR)$(libdir)/$$fn2"; \ fi; \ : {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \ $(ECHO) "install $$s2 -> $(DESTDIR)$(libdir)/$$fn2"; \ - cp $$s2 $(DESTDIR)$(libdir)/$$fn2.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn2.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn2.new \ - $(DESTDIR)$(libdir)/$$fn2; \ + cp $$s2 "$(DESTDIR)$(libdir)/$$fn2.new"; \ + chmod 755 "$(DESTDIR)$(libdir)/$$fn2.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn2.new" \ + "$(DESTDIR)$(libdir)/$$fn2"; \ : {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \ - a=$(DESTDIR)$(libdir)/$$fn2; \ + a="$(DESTDIR)$(libdir)/$$fn2"; \ $(ECHO) "install $$s1 -> $$a"; \ - if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \ + if [ -f "$$a" ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \ mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \ - cp -f $$a $$a.new; \ - for so in `$(AR) t $$a`; do \ - $(AR) x $$a $$so; \ - chmod u+w $$so; \ - strip -X32_64 -e $$so; \ - $(AR) r $$a.new $$so; \ + cp -f "$$a" "$$a.new"; \ + for so in `$(AR) t "$$a"`; do \ + $(AR) x "$$a" "$$so"; \ + chmod u+w "$$so"; \ + strip -X32_64 -e "$$so"; \ + $(AR) r "$$a.new" "$$so"; \ done; \ )); fi; \ - $(AR) r $$a.new $$s1; \ - mv -f $$a.new $$a; \ + $(AR) r "$$a.new" "$$s1"; \ + mv -f "$$a.new" "$$a"; \ : {- output_off() if sharedaix(); output_on(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)/pkgconfig" @$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" - @cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc + @cp libcrypto.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" @$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc" - @cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc + @cp libssl.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc" @$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc" - @cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc + @cp openssl.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc" uninstall_dev: uninstall_runtime_libs @$(ECHO) "*** Uninstalling development files" @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} @$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @$(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include/openssl" + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include" @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn"; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -591,35 +692,35 @@ uninstall_dev: uninstall_runtime_libs fn2=`basename $$s2`; \ : {- output_off() if windowsdll(); "" -}; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn2; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn2"; \ if [ "$$fn1" != "$$fn2" -a -f "$(DESTDIR)$(libdir)/$$fn1" ]; then \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn1; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn1"; \ fi; \ : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn2; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn2"; \ : {- output_on() unless windowsdll(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc - -$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig - -$(RMDIR) $(DESTDIR)$(libdir) + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc" + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc" + -$(RMDIR) "$(DESTDIR)$(libdir)/pkgconfig" + -$(RMDIR) "$(DESTDIR)$(libdir)" install_engines: install_runtime_libs build_engines @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)/" @$(ECHO) "*** Installing engines" @set -e; for e in dummy $(INSTALL_ENGINES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \ - $(DESTDIR)$(ENGINESDIR)/$$fn; \ + cp $$e "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \ + mv -f "$(DESTDIR)$(ENGINESDIR)/$$fn.new" \ + "$(DESTDIR)$(ENGINESDIR)/$$fn"; \ done uninstall_engines: @@ -631,18 +732,18 @@ uninstall_engines: continue; \ fi; \ $(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \ + $(RM) "$(DESTDIR)$(ENGINESDIR)/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(ENGINESDIR) + -$(RMDIR) "$(DESTDIR)$(ENGINESDIR)" install_runtime: install_programs install_runtime_libs: build_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @ : {- output_off() if windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)" @ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin" @ : {- output_on() unless windowsdll(); "" -} @$(ECHO) "*** Installing runtime libraries" @set -e; for s in dummy $(INSTALL_SHLIBS); do \ @@ -650,40 +751,40 @@ install_runtime_libs: build_libs fn=`basename $$s`; \ : {- output_off() unless windowsdll(); "" -}; \ $(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$s "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \ $(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$s $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ + cp $$s "$(DESTDIR)$(libdir)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(libdir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn.new" \ + "$(DESTDIR)$(libdir)/$$fn"; \ : {- output_on() if windowsdll(); "" -}; \ done install_programs: install_runtime_libs build_programs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin" @$(ECHO) "*** Installing runtime programs" @set -e; for x in dummy $(INSTALL_PROGRAMS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done @set -e; for x in dummy $(BIN_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done uninstall_runtime: uninstall_programs uninstall_runtime_libs @@ -695,16 +796,16 @@ uninstall_programs: if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done; @set -e; for x in dummy $(BIN_SCRIPTS); \ do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/bin" uninstall_runtime_libs: @$(ECHO) "*** Uninstalling runtime libraries" @@ -713,7 +814,7 @@ uninstall_runtime_libs: if [ "$$s" = "dummy" ]; then continue; fi; \ fn=`basename $$s`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done @ : {- output_on() unless windowsdll(); "" -} @@ -722,24 +823,24 @@ install_man_docs: @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ - --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) + "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) uninstall_man_docs: @$(ECHO) "*** Uninstalling manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ - --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) \ + "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) \ --remove install_html_docs: @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing HTML manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ - --destdir=$(DESTDIR)$(HTMLDIR) --type=html + "--destdir=$(DESTDIR)$(HTMLDIR)" --type=html uninstall_html_docs: @$(ECHO) "*** Uninstalling manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ - --destdir=$(DESTDIR)$(HTMLDIR) --type=html --remove + "--destdir=$(DESTDIR)$(HTMLDIR)" --type=html --remove # Developer targets (note: these are only available on Unix) ######### @@ -815,8 +916,8 @@ errors: done ) ordinals: - ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update ) - ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update ) + $(PERL) $(SRCDIR)/util/mkdef.pl crypto update + $(PERL) $(SRCDIR)/util/mkdef.pl ssl update test_ordinals: ( cd test; \ diff --git a/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-makefile.tmpl b/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-makefile.tmpl index d420bfff3..13716e064 100644 --- a/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-makefile.tmpl +++ b/trunk/3rdparty/openssl-1.1-fit/Configurations/windows-makefile.tmpl @@ -187,6 +187,7 @@ AS={- $config{AS} -} ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -} RC={- $config{RC} -} +RCFLAGS={- join(' ', @{$config{RCFLAGS}}) -} ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl" @@ -210,8 +211,8 @@ CNF_CPPFLAGS={- our $cppfags2 = join(' ', $target{cppflags} || (), (map { '-D'.quotify1($_) } @{$target{defines}}, @{$config{defines}}), - (map { '-I'.quotify1($_) } @{$target{includes}}, - @{$config{includes}}), + (map { '-I'.'"'.$_.'"' } @{$target{includes}}, + @{$config{includes}}), @{$config{cppflags}}) -} CNF_CFLAGS={- join(' ', $target{cflags} || (), @{$config{cflags}}) -} @@ -323,15 +324,15 @@ build_apps build_tests: build_programs # Convenience target to prebuild all generated files, not just the mandatory # ones build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) - @{- output_off() if $disabled{makedepend}; "" -} + @{- output_off() if $disabled{makedepend}; "\@rem" -} @$(ECHO) "Warning: consider configuring with no-makedepend, because if" @$(ECHO) " target system doesn't have $(PERL)," @$(ECHO) " then make will fail..." - @{- output_on() if $disabled{makedepend}; "" -} + @{- output_on() if $disabled{makedepend}; "\@rem" -} test: tests {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep - @{- output_off() if $disabled{tests}; "" -} + @{- output_off() if $disabled{tests}; "\@rem" -} -mkdir $(BLDDIR)\test\test-runs set SRCTOP=$(SRCDIR) set BLDTOP=$(BLDDIR) @@ -340,17 +341,17 @@ test: tests set OPENSSL_ENGINES=$(MAKEDIR)\engines set OPENSSL_DEBUG_MEMORY=on "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) - @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -} @$(ECHO) "Tests are not supported with your chosen Configure options" - @{- output_on() if !$disabled{tests}; "" -} + @{- output_on() if !$disabled{tests}; "\@rem" -} list-tests: - @{- output_off() if $disabled{tests}; "" -} + @{- output_off() if $disabled{tests}; "\@rem" -} @set SRCTOP=$(SRCDIR) @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list - @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -} @$(ECHO) "Tests are not supported with your chosen Configure options" - @{- output_on() if !$disabled{tests}; "" -} + @{- output_on() if !$disabled{tests}; "\@rem" -} install: install_sw install_ssldirs install_docs @@ -361,7 +362,7 @@ libclean: -del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb clean: libclean - {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -} + {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) || "\@rem" -} -del /Q /F $(ENGINES) -del /Q /F $(SCRIPTS) -del /Q /F $(GENERATED_MANDATORY) @@ -377,9 +378,9 @@ distclean: clean -del /Q /F makefile depend: - @ {- output_off() if $disabled{makedepend}; "" -} + @ {- output_off() if $disabled{makedepend}; "\@rem" -} @ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC" - @ {- output_on() if $disabled{makedepend}; "" -} + @ {- output_on() if $disabled{makedepend}; "\@rem" -} # Install helper targets ############################################# @@ -412,10 +413,10 @@ install_dev: install_runtime_libs @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) @$(ECHO) "*** Installing development files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" - @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" - @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @@ -586,7 +587,7 @@ EOF if ($srcs[0] =~ /\.rc$/) { return <<"EOF"; $args{obj}: $deps - \$(RC) \$(RCOUTFLAG)\$\@ $srcs + \$(RC) \$(RCFLAGS) \$(RCOUTFLAG)\$\@ $srcs EOF } (my $obj = $args{obj}) =~ s|\.o$||; diff --git a/trunk/3rdparty/openssl-1.1-fit/Configure b/trunk/3rdparty/openssl-1.1-fit/Configure index 608012225..b286dd067 100755 --- a/trunk/3rdparty/openssl-1.1-fit/Configure +++ b/trunk/3rdparty/openssl-1.1-fit/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,7 @@ use OpenSSL::Glob; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -54,16 +54,14 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # [no-]threads [don't] try to create a library that is suitable for # multithreaded applications (default is "threads" if we # know how to do it) -# [no-]shared [don't] try to create shared libraries when supported. +# [no-]shared [don't] try to create shared libraries when supported. # [no-]pic [don't] try to build position independent code when supported. # If disabled, it also disables shared and dynamic-engine. # no-asm do not use assembler -# no-dso do not compile in any native shared-library methods. This -# will ensure that all methods just return NULL. # no-egd do not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. -# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared -# library and will be loaded in run-time by the OpenSSL library. +# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared +# library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # enable-weak-ssl-ciphers # Enable weak ciphers that are disabled by default. @@ -71,11 +69,19 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # no-sse2 disables IA-32 SSE2 code in assembly modules, the above # mentioned '386' option implies this one # no- build without specified algorithm (rsa, idea, rc5, ...) -# - + compiler options are passed through +# - + All options which are unknown to the 'Configure' script are +# / passed through to the compiler. Unix-style options beginning +# with a '-' or '+' are recognized, as well as Windows-style +# options beginning with a '/'. If the option contains arguments +# separated by spaces, then the URL-style notation %20 can be +# used for the space character in order to avoid having to quote +# the option. For example, -opt%20arg gets expanded to -opt arg. +# In fact, any ASCII character can be encoded as %xx using its +# hexadecimal encoding. # -static while -static is also a pass-through compiler option (and # as such is limited to environments where it's actually # meaningful), it triggers a number configuration options, -# namely no-dso, no-pic, no-shared and no-threads. It is +# namely no-pic, no-shared and no-threads. It is # argued that the only reason to produce statically linked # binaries (and in context it means executables linked with # -static flag, and not just executables linked with static @@ -89,22 +95,20 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # linked openssl executable has rather debugging value than # production quality. # -# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items -# provided to stack calls. Generates unique stack functions for -# each possible stack type. -# BN_LLONG use the type 'long long' in crypto/bn/bn.h -# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# BN_LLONG use the type 'long long' in crypto/bn/bn.h +# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h # Following are set automatically by this script # -# MD5_ASM use some extra md5 assembler, -# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86 -# RMD160_ASM use some extra ripemd160 assembler, -# SHA256_ASM sha256_block is implemented in assembler -# SHA512_ASM sha512_block is implemented in assembler -# AES_ASM AES_[en|de]crypt is implemented in assembler +# MD5_ASM use some extra md5 assembler, +# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86 +# RMD160_ASM use some extra ripemd160 assembler, +# SHA256_ASM sha256_block is implemented in assembler +# SHA512_ASM sha512_block is implemented in assembler +# AES_ASM AES_[en|de]crypt is implemented in assembler -# Minimum warning options... any contributions to OpenSSL should at least get -# past these. +# Minimum warning options... any contributions to OpenSSL should at least +# get past these. Note that we only use these with C compilers, not with +# C++ compilers. # DEBUG_UNUSED enables __owur (warn unused result) checks. # -DPEDANTIC complements -pedantic and is meant to mask code that @@ -119,22 +123,23 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # code, so we just tell compiler to be pedantic about everything # but 'long long' type. -my $gcc_devteam_warn = "-DDEBUG_UNUSED" - . " -DPEDANTIC -pedantic -Wno-long-long" - . " -Wall" - . " -Wextra" - . " -Wno-unused-parameter" - . " -Wno-missing-field-initializers" - . " -Wswitch" - . " -Wsign-compare" - . " -Wmissing-prototypes" - . " -Wstrict-prototypes" - . " -Wshadow" - . " -Wformat" - . " -Wtype-limits" - . " -Wundef" - . " -Werror" - ; +my @gcc_devteam_warn = qw( + -DDEBUG_UNUSED + -DPEDANTIC -pedantic -Wno-long-long + -Wall + -Wextra + -Wno-unused-parameter + -Wno-missing-field-initializers + -Wswitch + -Wsign-compare + -Wshadow + -Wformat + -Wtype-limits + -Wundef + -Werror + -Wmissing-prototypes + -Wstrict-prototypes +); # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the @@ -144,19 +149,20 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -Wlanguage-extension-token -- no, we use asm() # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code -# -Wunused-function -- no, it forces header use of safestack et al -# DEFINE macros -my $clang_devteam_warn = "" - . " -Wswitch-default" - . " -Wno-parentheses-equality" - . " -Wno-language-extension-token" - . " -Wno-extended-offsetof" - . " -Wconditional-uninitialized" - . " -Wincompatible-pointer-types-discards-qualifiers" - . " -Wmissing-variable-declarations" - . " -Wno-unknown-warning-option" - . " -Wno-unused-function" - ; +my @clang_devteam_warn = qw( + -Wno-unknown-warning-option + -Wswitch-default + -Wno-parentheses-equality + -Wno-language-extension-token + -Wno-extended-offsetof + -Wconditional-uninitialized + -Wincompatible-pointer-types-discards-qualifiers + -Wmissing-variable-declarations +); + +my @cl_devteam_warn = qw( + /WX +); # This adds backtrace information to the memory leak info. Is only used # when crypto-mdebug-backtrace is enabled. @@ -211,12 +217,22 @@ sub resolve_config; # Unified build supports separate build dir my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax + +# File::Spec::Unix doesn't detect case insensitivity, so we make sure to +# check if the source and build directory are really the same, and make +# them so. This avoids all kinds of confusion later on. +# We must check @File::Spec::ISA rather than using File::Spec->isa() to +# know if File::Spec ended up loading File::Spec::Unix. +$srcdir = $blddir + if (grep(/::Unix$/, @File::Spec::ISA) + && samedir($srcdir, $blddir)); + my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; -$config{sourcedir} = abs2rel($srcdir); -$config{builddir} = abs2rel($blddir); +$config{sourcedir} = abs2rel($srcdir, $blddir); +$config{builddir} = abs2rel($blddir, $blddir); # Collect reconfiguration information if needed my @argvcopy=@ARGV; @@ -225,20 +241,20 @@ if (grep /^reconf(igure)?$/, @argvcopy) { die "reconfiguring with other arguments present isn't supported" if scalar @argvcopy > 1; if (-f "./configdata.pm") { - my $file = "./configdata.pm"; - unless (my $return = do $file) { - die "couldn't parse $file: $@" if $@; + my $file = "./configdata.pm"; + unless (my $return = do $file) { + die "couldn't parse $file: $@" if $@; die "couldn't do $file: $!" unless defined $return; die "couldn't run $file" unless $return; - } + } - @argvcopy = defined($configdata::config{perlargv}) ? - @{$configdata::config{perlargv}} : (); - die "Incorrect data to reconfigure, please do a normal configuration\n" - if (grep(/^reconf/,@argvcopy)); - $config{perlenv} = $configdata::config{perlenv} // {}; + @argvcopy = defined($configdata::config{perlargv}) ? + @{$configdata::config{perlargv}} : (); + die "Incorrect data to reconfigure, please do a normal configuration\n" + if (grep(/^reconf/,@argvcopy)); + $config{perlenv} = $configdata::config{perlenv} // {}; } else { - die "Insufficient data to reconfigure, please do a normal configuration\n"; + die "Insufficient data to reconfigure, please do a normal configuration\n"; } } @@ -253,8 +269,8 @@ $config{shlib_version_history} = "unknown"; collect_information( collect_from_file(catfile($srcdir,'include/openssl/opensslv.h')), qr/OPENSSL.VERSION.TEXT.*OpenSSL (\S+) / => sub { $config{version} = $1; }, - qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/ => sub { $config{version_num}=$1 }, - qr/SHLIB_VERSION_NUMBER *"([^"]+)"/ => sub { $config{shlib_version_number}=$1 }, + qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/ => sub { $config{version_num}=$1 }, + qr/SHLIB_VERSION_NUMBER *"([^"]+)"/ => sub { $config{shlib_version_number}=$1 }, qr/SHLIB_VERSION_HISTORY *"([^"]*)"/ => sub { $config{shlib_version_history}=$1 } ); if ($config{shlib_version_history} ne "") { $config{shlib_version_history} .= ":"; } @@ -266,7 +282,7 @@ if ($config{shlib_version_history} ne "") { $config{shlib_version_history} .= ": die "erroneous version information in opensslv.h: ", "$config{major}, $config{minor}, $config{shlib_major}, $config{shlib_minor}\n" if ($config{major} eq "" || $config{minor} eq "" - || $config{shlib_major} eq "" || $config{shlib_minor} eq ""); + || $config{shlib_major} eq "" || $config{shlib_minor} eq ""); # Collect target configurations @@ -335,6 +351,7 @@ my @disablables = ( "autoload-config", "bf", "blake2", + "buildtest-c\\+\\+", "camellia", "capieng", "cast", @@ -419,10 +436,10 @@ my @disablables = ( "zlib-dynamic", ); foreach my $proto ((@tls, @dtls)) - { - push(@disablables, $proto); - push(@disablables, "$proto-method") unless $proto eq "tls1_3"; - } + { + push(@disablables, $proto); + push(@disablables, "$proto-method") unless $proto eq "tls1_3"; + } my %deprecated_disablables = ( "ssl2" => undef, @@ -434,59 +451,58 @@ my %deprecated_disablables = ( # All of the following are disabled by default: our %disabled = ( # "what" => "comment" - "asan" => "default", - "crypto-mdebug" => "default", - "crypto-mdebug-backtrace" => "default", - "devcryptoeng" => "default", - "ec_nistp_64_gcc_128" => "default", - "egd" => "default", - "external-tests" => "default", - "fuzz-libfuzzer" => "default", - "fuzz-afl" => "default", - "heartbeats" => "default", - "md2" => "default", + "asan" => "default", + "buildtest-c++" => "default", + "crypto-mdebug" => "default", + "crypto-mdebug-backtrace" => "default", + "devcryptoeng" => "default", + "ec_nistp_64_gcc_128" => "default", + "egd" => "default", + "external-tests" => "default", + "fuzz-libfuzzer" => "default", + "fuzz-afl" => "default", + "heartbeats" => "default", + "md2" => "default", "msan" => "default", - "rc5" => "default", - "sctp" => "default", - "ssl-trace" => "default", - "ssl3" => "default", - "ssl3-method" => "default", - "ubsan" => "default", - "unit-test" => "default", - "weak-ssl-ciphers" => "default", - "zlib" => "default", - "zlib-dynamic" => "default", - ); + "rc5" => "default", + "sctp" => "default", + "ssl-trace" => "default", + "ssl3" => "default", + "ssl3-method" => "default", + "ubsan" => "default", + "unit-test" => "default", + "weak-ssl-ciphers" => "default", + "zlib" => "default", + "zlib-dynamic" => "default", + ); # Note: => pair form used for aesthetics, not to truly make a hash table my @disable_cascades = ( - # "what" => [ "cascade", ... ] + # "what" => [ "cascade", ... ] sub { $config{processor} eq "386" } - => [ "sse2" ], - "ssl" => [ "ssl3" ], - "ssl3-method" => [ "ssl3" ], - "zlib" => [ "zlib-dynamic" ], - "des" => [ "mdc2" ], - "ec" => [ "ecdsa", "ecdh" ], + => [ "sse2" ], + "ssl" => [ "ssl3" ], + "ssl3-method" => [ "ssl3" ], + "zlib" => [ "zlib-dynamic" ], + "des" => [ "mdc2" ], + "ec" => [ "ecdsa", "ecdh" ], - "dgram" => [ "dtls", "sctp" ], - "sock" => [ "dgram" ], - "dtls" => [ @dtls ], + "dgram" => [ "dtls", "sctp" ], + "sock" => [ "dgram" ], + "dtls" => [ @dtls ], sub { 0 == scalar grep { !$disabled{$_} } @dtls } - => [ "dtls" ], + => [ "dtls" ], - "tls" => [ @tls ], + "tls" => [ @tls ], sub { 0 == scalar grep { !$disabled{$_} } @tls } - => [ "tls" ], + => [ "tls" ], "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], - # Without DSO, we can't load dynamic engines, so don't build them dynamic - "dso" => [ "dynamic-engine" ], - # Without position independent code, there can be no shared libraries or DSOs "pic" => [ "shared" ], "shared" => [ "dynamic-engine" ], + "dso" => [ "dynamic-engine" ], "engine" => [ "afalgeng", "devcryptoeng" ], # no-autoalginit is only useful when building non-shared @@ -510,14 +526,14 @@ my @list = (reverse @tls); while ((my $first, my $second) = (shift @list, shift @list)) { last unless @list; push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} } - => [ @list ] ); + => [ @list ] ); unshift @list, $second; } my @list = (reverse @dtls); while ((my $first, my $second) = (shift @list, shift @list)) { last unless @list; push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} } - => [ @list ] ); + => [ @list ] ); unshift @list, $second; } @@ -527,7 +543,7 @@ while ((my $first, my $second) = (shift @list, shift @list)) { &usage if ($#ARGV < 0); -# For the "make variables" CINCLUDES and CDEFINES, we support lists with +# For the "make variables" CPPINCLUDES and CPPDEFINES, we support lists with # platform specific list separators. Users from those platforms should # recognise those separators from how you set up the PATH to find executables. # The default is the Unix like separator, :, but as an exception, we also @@ -544,24 +560,24 @@ my %user = ( AS => undef, ASFLAGS => [], CC => env('CC'), - CFLAGS => [], + CFLAGS => [ env('CFLAGS') || () ], CXX => env('CXX'), - CXXFLAGS => [], + CXXFLAGS => [ env('CXXFLAGS') || () ], CPP => undef, - CPPFLAGS => [], # -D, -I, -Wp, + CPPFLAGS => [ env('CPPFLAGS') || () ], # -D, -I, -Wp, CPPDEFINES => [], # Alternative for -D CPPINCLUDES => [], # Alternative for -I CROSS_COMPILE => env('CROSS_COMPILE'), HASHBANGPERL=> env('HASHBANGPERL') || env('PERL'), LD => undef, - LDFLAGS => [], # -L, -Wl, - LDLIBS => [], # -l + LDFLAGS => [ env('LDFLAGS') || () ], # -L, -Wl, + LDLIBS => [ env('LDLIBS') || () ], # -l MT => undef, MTFLAGS => [], PERL => env('PERL') || ($^O ne "VMS" ? $^X : "perl"), RANLIB => env('RANLIB'), RC => env('RC') || env('WINDRES'), - RCFLAGS => [], + RCFLAGS => [ env('RCFLAGS') || () ], RM => undef, ); # Info about what "make variables" may be prefixed with the cross compiler @@ -578,6 +594,7 @@ my %useradd = ( CXXFLAGS => [], LDFLAGS => [], LDLIBS => [], + RCFLAGS => [], ); my %user_synonyms = ( @@ -625,43 +642,43 @@ my %deprecated_options = (); my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom); my @seed_sources = (); while (@argvcopy) - { - $_ = shift @argvcopy; + { + $_ = shift @argvcopy; - # Support env variable assignments among the options - if (m|^(\w+)=(.+)?$|) - { - $cmdvars{$1} = $2; - # Every time a variable is given as a configuration argument, - # it acts as a reset if the variable. - if (exists $user{$1}) - { - $user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef; - } - #if (exists $useradd{$1}) - # { - # $useradd{$1} = []; - # } - next; - } + # Support env variable assignments among the options + if (m|^(\w+)=(.+)?$|) + { + $cmdvars{$1} = $2; + # Every time a variable is given as a configuration argument, + # it acts as a reset if the variable. + if (exists $user{$1}) + { + $user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef; + } + #if (exists $useradd{$1}) + # { + # $useradd{$1} = []; + # } + next; + } - # VMS is a case insensitive environment, and depending on settings - # out of our control, we may receive options uppercased. Let's - # downcase at least the part before any equal sign. - if ($^O eq "VMS") - { - s/^([^=]*)/lc($1)/e; - } + # VMS is a case insensitive environment, and depending on settings + # out of our control, we may receive options uppercased. Let's + # downcase at least the part before any equal sign. + if ($^O eq "VMS") + { + s/^([^=]*)/lc($1)/e; + } - # some people just can't read the instructions, clang people have to... - s/^-no-(?!integrated-as)/no-/; + # some people just can't read the instructions, clang people have to... + s/^-no-(?!integrated-as)/no-/; - # rewrite some options in "enable-..." form - s /^-?-?shared$/enable-shared/; - s /^sctp$/enable-sctp/; - s /^threads$/enable-threads/; - s /^zlib$/enable-zlib/; - s /^zlib-dynamic$/enable-zlib-dynamic/; + # rewrite some options in "enable-..." form + s /^-?-?shared$/enable-shared/; + s /^sctp$/enable-sctp/; + s /^threads$/enable-threads/; + s /^zlib$/enable-zlib/; + s /^zlib-dynamic$/enable-zlib-dynamic/; if (/^(no|disable|enable)-(.+)$/) { @@ -715,21 +732,24 @@ while (@argvcopy) } elsif (exists $deprecated_disablables{$1}) { - $deprecated_options{$_} = 1; - if (defined $deprecated_disablables{$1}) + if ($deprecated_disablables{$1} ne "") { - $disabled{$deprecated_disablables{$1}} = "option"; + $deprecated_options{$_} = 1; + if (defined $deprecated_disablables{$1}) + { + $disabled{$deprecated_disablables{$1}} = "option"; + } } } else { $disabled{$1} = "option"; } - # No longer an automatic choice - $auto_threads = 0 if ($1 eq "threads"); - } - elsif (/^enable-(.+)$/) - { + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); + } + elsif (/^enable-(.+)$/) + { if ($1 eq "static-engine") { $disabled{"dynamic-engine"} = "option"; @@ -742,173 +762,184 @@ while (@argvcopy) { delete $disabled{"zlib"}; } - my $algo = $1; - delete $disabled{$algo}; + my $algo = $1; + delete $disabled{$algo}; - # No longer an automatic choice - $auto_threads = 0 if ($1 eq "threads"); - } - elsif (/^--strict-warnings$/) - { - $strict_warnings = 1; - } - elsif (/^--debug$/) - { - $config{build_type} = "debug"; - } - elsif (/^--release$/) - { - $config{build_type} = "release"; - } - elsif (/^386$/) - { $config{processor}=386; } - elsif (/^fips$/) - { - die "FIPS mode not supported\n"; - } - elsif (/^rsaref$/) - { - # No RSAref support any more since it's not needed. - # The check for the option is there so scripts aren't - # broken - } - elsif (/^nofipscanistercheck$/) - { - die "FIPS mode not supported\n"; - } - elsif (/^[-+]/) - { - if (/^--prefix=(.*)$/) - { - $config{prefix}=$1; - die "Directory given with --prefix MUST be absolute\n" - unless file_name_is_absolute($config{prefix}); - } - elsif (/^--api=(.*)$/) - { - $config{api}=$1; - } - elsif (/^--libdir=(.*)$/) - { - $config{libdir}=$1; - } - elsif (/^--openssldir=(.*)$/) - { - $config{openssldir}=$1; - } - elsif (/^--with-zlib-lib=(.*)$/) - { - $withargs{zlib_lib}=$1; - } - elsif (/^--with-zlib-include=(.*)$/) - { - $withargs{zlib_include}=$1; - } - elsif (/^--with-fuzzer-lib=(.*)$/) - { - $withargs{fuzzer_lib}=$1; - } - elsif (/^--with-fuzzer-include=(.*)$/) - { - $withargs{fuzzer_include}=$1; - } - elsif (/^--with-rand-seed=(.*)$/) - { - foreach my $x (split(m|,|, $1)) - { - die "Unknown --with-rand-seed choice $x\n" - if ! grep { $x eq $_ } @known_seed_sources; - push @seed_sources, $x; - } + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); + } + elsif (/^--strict-warnings$/) + { + # Pretend that our strict flags is a C flag, and replace it + # with the proper flags later on + push @{$useradd{CFLAGS}}, '--ossl-strict-warnings'; + $strict_warnings=1; + } + elsif (/^--debug$/) + { + $config{build_type} = "debug"; + } + elsif (/^--release$/) + { + $config{build_type} = "release"; + } + elsif (/^386$/) + { $config{processor}=386; } + elsif (/^fips$/) + { + die "FIPS mode not supported\n"; + } + elsif (/^rsaref$/) + { + # No RSAref support any more since it's not needed. + # The check for the option is there so scripts aren't + # broken + } + elsif (/^nofipscanistercheck$/) + { + die "FIPS mode not supported\n"; + } + elsif (m|^[-+/]|) + { + if (/^--prefix=(.*)$/) + { + $config{prefix}=$1; + die "Directory given with --prefix MUST be absolute\n" + unless file_name_is_absolute($config{prefix}); } - elsif (/^--cross-compile-prefix=(.*)$/) - { - $user{CROSS_COMPILE}=$1; - } - elsif (/^--config=(.*)$/) - { - read_config $1; - } - elsif (/^-l(.*)$/) - { - push @{$useradd{LDLIBS}}, $_; - } - elsif (/^-framework$/) - { - push @{$useradd{LDLIBS}}, $_, shift(@argvcopy); - } - elsif (/^-L(.*)$/ or /^-Wl,/) - { - push @{$useradd{LDFLAGS}}, $_; - } - elsif (/^-rpath$/ or /^-R$/) - # -rpath is the OSF1 rpath flag - # -R is the old Solaris rpath flag - { - my $rpath = shift(@argvcopy) || ""; - $rpath .= " " if $rpath ne ""; - push @{$useradd{LDFLAGS}}, $_, $rpath; - } - elsif (/^-static$/) - { - push @{$useradd{LDFLAGS}}, $_; - $disabled{"dso"} = "forced"; - $disabled{"pic"} = "forced"; - $disabled{"shared"} = "forced"; - $disabled{"threads"} = "forced"; - } - elsif (/^-D(.*)$/) - { - push @{$useradd{CPPDEFINES}}, $1; - } - elsif (/^-I(.*)$/) - { - push @{$useradd{CPPINCLUDES}}, $1; - } - elsif (/^-Wp,$/) - { - push @{$useradd{CPPFLAGS}}, $1; - } - else # common if (/^[-+]/), just pass down... - { - $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; - push @{$useradd{CFLAGS}}, $_; - push @{$useradd{CXXFLAGS}}, $_; - } - } - else - { - die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); - $target=$_; - } - unless ($_ eq $target || /^no-/ || /^disable-/) - { - # "no-..." follows later after implied deactivations - # have been derived. (Don't take this too seriously, - # we really only write OPTIONS to the Makefile out of - # nostalgia.) + elsif (/^--api=(.*)$/) + { + $config{api}=$1; + } + elsif (/^--libdir=(.*)$/) + { + $config{libdir}=$1; + } + elsif (/^--openssldir=(.*)$/) + { + $config{openssldir}=$1; + } + elsif (/^--with-zlib-lib=(.*)$/) + { + $withargs{zlib_lib}=$1; + } + elsif (/^--with-zlib-include=(.*)$/) + { + $withargs{zlib_include}=$1; + } + elsif (/^--with-fuzzer-lib=(.*)$/) + { + $withargs{fuzzer_lib}=$1; + } + elsif (/^--with-fuzzer-include=(.*)$/) + { + $withargs{fuzzer_include}=$1; + } + elsif (/^--with-rand-seed=(.*)$/) + { + foreach my $x (split(m|,|, $1)) + { + die "Unknown --with-rand-seed choice $x\n" + if ! grep { $x eq $_ } @known_seed_sources; + push @seed_sources, $x; + } + } + elsif (/^--cross-compile-prefix=(.*)$/) + { + $user{CROSS_COMPILE}=$1; + } + elsif (/^--config=(.*)$/) + { + read_config $1; + } + elsif (/^-l(.*)$/) + { + push @{$useradd{LDLIBS}}, $_; + } + elsif (/^-framework$/) + { + push @{$useradd{LDLIBS}}, $_, shift(@argvcopy); + } + elsif (/^-L(.*)$/ or /^-Wl,/) + { + push @{$useradd{LDFLAGS}}, $_; + } + elsif (/^-rpath$/ or /^-R$/) + # -rpath is the OSF1 rpath flag + # -R is the old Solaris rpath flag + { + my $rpath = shift(@argvcopy) || ""; + $rpath .= " " if $rpath ne ""; + push @{$useradd{LDFLAGS}}, $_, $rpath; + } + elsif (/^-static$/) + { + push @{$useradd{LDFLAGS}}, $_; + } + elsif (m|^[-/]D(.*)$|) + { + push @{$useradd{CPPDEFINES}}, $1; + } + elsif (m|^[-/]I(.*)$|) + { + push @{$useradd{CPPINCLUDES}}, $1; + } + elsif (/^-Wp,$/) + { + push @{$useradd{CPPFLAGS}}, $1; + } + else # common if (/^[-+]/), just pass down... + { + # Treat %xx as an ASCII code (e.g. replace %20 by a space character). + # This provides a simple way to pass options with arguments separated + # by spaces without quoting (e.g. -opt%20arg translates to -opt arg). + $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; + push @{$useradd{CFLAGS}}, $_; + push @{$useradd{CXXFLAGS}}, $_; + } + } + elsif (m|^/|) + { + # Treat %xx as an ASCII code (e.g. replace %20 by a space character). + # This provides a simple way to pass options with arguments separated + # by spaces without quoting (e.g. /opt%20arg translates to /opt arg). + $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; + push @{$useradd{CFLAGS}}, $_; + push @{$useradd{CXXFLAGS}}, $_; + } + else + { + die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); + $target=$_; + } + unless ($_ eq $target || /^no-/ || /^disable-/) + { + # "no-..." follows later after implied deactivations + # have been derived. (Don't take this too seriously, + # we really only write OPTIONS to the Makefile out of + # nostalgia.) - if ($config{options} eq "") - { $config{options} = $_; } - else - { $config{options} .= " ".$_; } - } - } + if ($config{options} eq "") + { $config{options} = $_; } + else + { $config{options} .= " ".$_; } + } + } if (defined($config{api}) && !exists $apitable->{$config{api}}) { - die "***** Unsupported api compatibility level: $config{api}\n", + die "***** Unsupported api compatibility level: $config{api}\n", } if (keys %deprecated_options) - { - warn "***** Deprecated options: ", - join(", ", keys %deprecated_options), "\n"; - } + { + warn "***** Deprecated options: ", + join(", ", keys %deprecated_options), "\n"; + } if (keys %unsupported_options) - { - die "***** Unsupported options: ", - join(", ", keys %unsupported_options), "\n"; - } + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; + } # If any %useradd entry has been set, we must check that the "make # variables" haven't been set. We start by checking of any %useradd entry @@ -953,7 +984,11 @@ foreach (keys %user) { if (defined $value) { if (ref $user{$_} eq 'ARRAY') { - $user{$_} = [ split /$list_separator_re/, $value ]; + if ($_ eq 'CPPDEFINES' || $_ eq 'CPPINCLUDES') { + $user{$_} = [ split /$list_separator_re/, $value ]; + } else { + $user{$_} = [ $value ]; + } } elsif (!defined $user{$_}) { $user{$_} = $value; } @@ -964,36 +999,46 @@ if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFLAGS}} : ()) && !$disabled{shared} && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) { die "***** Cannot simultaneously use -rpath, shared libraries, and\n", - "***** any of asan, msan or ubsan\n"; + "***** any of asan, msan or ubsan\n"; } -my @tocheckfor = (keys %disabled); -while (@tocheckfor) { - my %new_tocheckfor = (); - my @cascade_copy = (@disable_cascades); - while (@cascade_copy) { - my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy); - if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { - foreach(grep { !defined($disabled{$_}) } @$descendents) { - $new_tocheckfor{$_} = 1; $disabled{$_} = "forced"; - } - } +sub disable { + my $disable_type = shift; + + for (@_) { + $disabled{$_} = $disable_type; + } + + my @tocheckfor = (@_ ? @_ : keys %disabled); + while (@tocheckfor) { + my %new_tocheckfor = (); + my @cascade_copy = (@disable_cascades); + while (@cascade_copy) { + my ($test, $descendents) = + (shift @cascade_copy, shift @cascade_copy); + if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { + foreach (grep { !defined($disabled{$_}) } @$descendents) { + $new_tocheckfor{$_} = 1; $disabled{$_} = "cascade"; + } + } + } + @tocheckfor = (keys %new_tocheckfor); } - @tocheckfor = (keys %new_tocheckfor); } +disable(); # First cascade run our $die = sub { die @_; }; if ($target eq "TABLE") { local $die = sub { warn @_; }; foreach (sort keys %table) { - print_table_entry($_, "TABLE"); + print_table_entry($_, "TABLE"); } exit 0; } if ($target eq "LIST") { foreach (sort keys %table) { - print $_,"\n" unless $table{$_}->{template}; + print $_,"\n" unless $table{$_}->{template}; } exit 0; } @@ -1002,7 +1047,7 @@ if ($target eq "HASH") { local $die = sub { warn @_; }; print "%table = (\n"; foreach (sort keys %table) { - print_table_entry($_, "HASH"); + print_table_entry($_, "HASH"); } exit 0; } @@ -1014,6 +1059,9 @@ if (scalar(@seed_sources) == 0) { print "Using os-specific seed configuration\n"; push @seed_sources, 'os'; } +if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) { + delete $disabled{'egd'}; +} if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; @@ -1033,7 +1081,7 @@ _____ } push @{$config{openssl_other_defines}}, map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" } - @seed_sources; + @seed_sources; # Backward compatibility? if ($target =~ m/^CygWin32(-.*)$/) { @@ -1047,7 +1095,7 @@ if ($d) { # If we do not find debug-foo in the table, the target is set to foo. if (!$table{$target}) { - $target = $t; + $target = $t; } } @@ -1064,47 +1112,11 @@ foreach (keys %target_attr_translate) { %target = ( %{$table{DEFAULTS}}, %target ); -# Make the flags to build DSOs the same as for shared libraries unless they -# are already defined -$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; -$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; -$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; -{ - my $shared_info_pl = - catfile(dirname($0), "Configurations", "shared-info.pl"); - my %shared_info = read_eval_file($shared_info_pl); - push @{$target{_conf_fname_int}}, $shared_info_pl; - my $si = $target{shared_target}; - while (ref $si ne "HASH") { - last if ! defined $si; - if (ref $si eq "CODE") { - $si = $si->(); - } else { - $si = $shared_info{$si}; - } - } - - # Some of the 'shared_target' values don't have any entried in - # %shared_info. That's perfectly fine, AS LONG AS the build file - # template knows how to handle this. That is currently the case for - # Windows and VMS. - if (defined $si) { - # Just as above, copy certain shared_* attributes to the corresponding - # module_ attribute unless the latter is already defined - $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags}; - $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags}; - $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags}; - foreach (sort keys %$si) { - $target{$_} = defined $target{$_} - ? add($si->{$_})->($target{$_}) - : $si->{$_}; - } - } -} - my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); $config{conf_files} = [ sort keys %conf_files ]; +# Using sub disable within these loops may prove fragile, so we run +# a cascade afterwards foreach my $feature (@{$target{disable}}) { if (exists $deprecated_disablables{$feature}) { warn "***** config $target disables deprecated feature $feature\n"; @@ -1123,6 +1135,7 @@ foreach my $feature (@{$target{enable}}) { delete $disabled{$feature}; } } +disable(); # Run a cascade now $target{CXXFLAGS}//=$target{CFLAGS} if $target{CXX}; $target{cxxflags}//=$target{cflags} if $target{CXX}; @@ -1172,45 +1185,28 @@ foreach (keys %user) { delete $config{$_} unless defined $config{$_}; } -# Allow overriding the build file name -$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; - -my %disabled_info = (); # For configdata.pm -foreach my $what (sort keys %disabled) { - $config{options} .= " no-$what"; - - if (!grep { $what eq $_ } ( 'dso', 'threads', 'shared', 'pic', - 'dynamic-engine', 'makedepend', - 'zlib-dynamic', 'zlib', 'sse2' )) { - (my $WHAT = uc $what) =~ s|-|_|g; - - # Fix up C macro end names - $WHAT = "RMD160" if $what eq "ripemd"; - - # fix-up crypto/directory name(s) - $what = "ripemd" if $what eq "rmd160"; - $what = "whrlpool" if $what eq "whirlpool"; - - my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT"; - - if ((grep { $what eq $_ } @{$config{sdirs}}) - && $what ne 'async' && $what ne 'err') { - @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}}; - $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ]; - - if ($what ne 'engine') { - push @{$config{openssl_algorithm_defines}}, $macro; - } else { - @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; - push @{$disabled_info{engine}->{skipped}}, catdir('engines'); - push @{$config{openssl_other_defines}}, $macro; - } - } else { - push @{$config{openssl_other_defines}}, $macro; - } +# Finish up %config by appending things the user gave us on the command line +# apart from "make variables" +foreach (keys %useradd) { + # The must all be lists, so we assert that here + die "internal error: \$useradd{$_} isn't an ARRAY\n" + unless ref $useradd{$_} eq 'ARRAY'; + if (defined $config{$_}) { + push @{$config{$_}}, @{$useradd{$_}}; + } else { + $config{$_} = [ @{$useradd{$_}} ]; } } +# At this point, we can forget everything about %user and %useradd, +# because it's now all been merged into the corresponding $config entry + +if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { + disable('static', 'pic', 'threads'); +} + +# Allow overriding the build file name +$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; # Make sure build_scheme is consistent. $target{build_scheme} = [ $target{build_scheme} ] @@ -1241,21 +1237,20 @@ foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm", push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release"; if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) - { - push @{$config{cflags}}, "-mno-cygwin"; - push @{$config{cxxflags}}, "-mno-cygwin" if $config{CXX}; - push @{$config{shared_ldflag}}, "-mno-cygwin"; - } + { + push @{$config{cflags}}, "-mno-cygwin"; + push @{$config{cxxflags}}, "-mno-cygwin" if $config{CXX}; + push @{$config{shared_ldflag}}, "-mno-cygwin"; + } if ($target =~ /linux.*-mips/ && !$disabled{asm} - && !grep { $_ !~ /-m(ips|arch=)/ } (@{$user{CFLAGS}}, - @{$useradd{CFLAGS}})) { - # minimally required architecture flags for assembly modules - my $value; - $value = '-mips2' if ($target =~ /mips32/); - $value = '-mips3' if ($target =~ /mips64/); - unshift @{$config{cflags}}, $value; - unshift @{$config{cxxflags}}, $value if $config{CXX}; + && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { + # minimally required architecture flags for assembly modules + my $value; + $value = '-mips2' if ($target =~ /mips32/); + $value = '-mips3' if ($target =~ /mips64/); + unshift @{$config{cflags}}, $value; + unshift @{$config{cxxflags}}, $value if $config{CXX}; } # If threads aren't disabled, check how possible they are @@ -1263,7 +1258,7 @@ unless ($disabled{threads}) { if ($auto_threads) { # Enabled by default, disable it forcibly if unavailable if ($target{thread_scheme} eq "(unknown)") { - $disabled{threads} = "unavailable"; + disable("unavailable", 'threads'); } } else { # The user chose to enable threads explicitly, let's see @@ -1274,8 +1269,7 @@ unless ($disabled{threads}) { # system-dependent compiler options that are necessary. We # can't truly check that the given options are correct, but # we expect the user to know what [s]He is doing. - if (!@{$user{CFLAGS}} && !@{$useradd{CFLAGS}} - && !@{$user{CPPDEFINES}} && !@{$useradd{CPPDEFINES}}) { + if (!@{$config{CFLAGS}} && !@{$config{CPPDEFINES}}) { die "You asked for multi-threading support, but didn't\n" ,"provide any system-specific compiler options\n"; } @@ -1296,38 +1290,30 @@ if (defined($disabled{"deprecated"})) { my $no_shared_warn=0; if ($target{shared_target} eq "") - { - $no_shared_warn = 1 - if (!$disabled{shared} || !$disabled{"dynamic-engine"}); - $disabled{shared} = "no-shared-target"; - $disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} = - "no-shared-target"; - } + { + $no_shared_warn = 1 + if (!$disabled{shared} || !$disabled{"dynamic-engine"}); + disable('no-shared-target', 'pic'); + } if ($disabled{"dynamic-engine"}) { - push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; $config{dynamic_engines} = 0; } else { - push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE"; $config{dynamic_engines} = 1; } unless ($disabled{asan}) { push @{$config{cflags}}, "-fsanitize=address"; - push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX}; } unless ($disabled{ubsan}) { # -DPEDANTIC or -fnosanitize=alignment may also be required on some # platforms. push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"; - push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all" - if $config{CXX}; } unless ($disabled{msan}) { push @{$config{cflags}}, "-fsanitize=memory"; - push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX}; } unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} @@ -1341,25 +1327,25 @@ unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} # This saves the build files from having to check if ($disabled{pic}) - { - foreach (qw(shared_cflag shared_cxxflag shared_cppflag - shared_defines shared_includes shared_ldflag - module_cflags module_cxxflags module_cppflags - module_defines module_includes module_lflags)) - { - delete $config{$_}; - $target{$_} = ""; - } - } + { + foreach (qw(shared_cflag shared_cxxflag shared_cppflag + shared_defines shared_includes shared_ldflag + module_cflags module_cxxflags module_cppflags + module_defines module_includes module_lflags)) + { + delete $config{$_}; + $target{$_} = ""; + } + } else - { - push @{$config{lib_defines}}, "OPENSSL_PIC"; - } + { + push @{$config{lib_defines}}, "OPENSSL_PIC"; + } if ($target{sys_id} ne "") - { - push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}"; - } + { + push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}"; + } unless ($disabled{asm}) { $target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386"); @@ -1377,59 +1363,63 @@ unless ($disabled{asm}) { push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/); if ($target{sha1_asm_src}) { - push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); - push @{$config{lib_defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/); - push @{$config{lib_defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/); + push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); + push @{$config{lib_defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/); + push @{$config{lib_defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/); } if ($target{keccak1600_asm_src} ne $table{DEFAULTS}->{keccak1600_asm_src}) { - push @{$config{lib_defines}}, "KECCAK1600_ASM"; + push @{$config{lib_defines}}, "KECCAK1600_ASM"; } if ($target{rc4_asm_src} ne $table{DEFAULTS}->{rc4_asm_src}) { - push @{$config{lib_defines}}, "RC4_ASM"; + push @{$config{lib_defines}}, "RC4_ASM"; } if ($target{md5_asm_src}) { - push @{$config{lib_defines}}, "MD5_ASM"; + push @{$config{lib_defines}}, "MD5_ASM"; } $target{cast_asm_src}=$table{DEFAULTS}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC if ($target{rmd160_asm_src}) { - push @{$config{lib_defines}}, "RMD160_ASM"; + push @{$config{lib_defines}}, "RMD160_ASM"; } if ($target{aes_asm_src}) { - push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; - # aes-ctr.fake is not a real file, only indication that assembler - # module implements AES_ctr32_encrypt... - push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); - # aes-xts.fake indicates presence of AES_xts_[en|de]crypt... - push @{$config{lib_defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//); - $target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2}); - push @{$config{lib_defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/); - push @{$config{lib_defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/); + push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; + push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);; + # aes-ctr.fake is not a real file, only indication that assembler + # module implements AES_ctr32_encrypt... + push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); + # aes-xts.fake indicates presence of AES_xts_[en|de]crypt... + push @{$config{lib_defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//); + $target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2}); + push @{$config{lib_defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/); + push @{$config{lib_defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/); } if ($target{wp_asm_src} =~ /mmx/) { if ($config{processor} eq "386") { - $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src}; - } elsif (!$disabled{"whirlpool"}) { - push @{$config{lib_defines}}, "WHIRLPOOL_ASM"; - } + $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src}; + } elsif (!$disabled{"whirlpool"}) { + push @{$config{lib_defines}}, "WHIRLPOOL_ASM"; + } } if ($target{modes_asm_src} =~ /ghash-/) { - push @{$config{lib_defines}}, "GHASH_ASM"; + push @{$config{lib_defines}}, "GHASH_ASM"; } if ($target{ec_asm_src} =~ /ecp_nistz256/) { - push @{$config{lib_defines}}, "ECP_NISTZ256_ASM"; + push @{$config{lib_defines}}, "ECP_NISTZ256_ASM"; } if ($target{ec_asm_src} =~ /x25519/) { - push @{$config{lib_defines}}, "X25519_ASM"; + push @{$config{lib_defines}}, "X25519_ASM"; } if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) { - push @{$config{lib_defines}}, "PADLOCK_ASM"; + push @{$config{dso_defines}}, "PADLOCK_ASM"; } if ($target{poly1305_asm_src} ne "") { - push @{$config{lib_defines}}, "POLY1305_ASM"; + push @{$config{lib_defines}}, "POLY1305_ASM"; } } -my %predefined = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); +my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); +my %predefined_CXX = $config{CXX} + ? compiler_predefined($config{CROSS_COMPILE}.$config{CXX}) + : (); # Check for makedepend capabilities. if (!$disabled{makedepend}) { @@ -1437,8 +1427,8 @@ if (!$disabled{makedepend}) { # For VC- and vms- targets, there's nothing more to do here. The # functionality is hard coded in the corresponding build files for # cl (Windows) and CC/DECC (VMS). - } elsif (($predefined{__GNUC__} // -1) >= 3 - && !($predefined{__APPLE_CC__} && !$predefined{__clang__})) { + } elsif (($predefined_C{__GNUC__} // -1) >= 3 + && !($predefined_C{__APPLE_CC__} && !$predefined_C{__clang__})) { # We know that GNU C version 3 and up as well as all clang # versions support dependency generation, but Xcode did not # handle $cc -M before clang support (but claims __GNUC__ = 3) @@ -1447,13 +1437,13 @@ if (!$disabled{makedepend}) { # In all other cases, we look for 'makedepend', and disable the # capability if not found. $config{makedepprog} = which('makedepend'); - $disabled{makedepend} = "unavailable" unless $config{makedepprog}; + disable('unavailable', 'makedepend') unless $config{makedepprog}; } } -if (!$disabled{asm} && !$predefined{__MACH__} && $^O ne 'VMS') { +if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') { # probe for -Wa,--noexecstack option... - if ($predefined{__clang__}) { + if ($predefined_C{__clang__}) { # clang has builtin assembler, which doesn't recognize --help, # but it apparently recognizes the option in question on all # supported platforms even when it's meaningless. In other words @@ -1475,24 +1465,24 @@ if (!$disabled{asm} && !$predefined{__MACH__} && $^O ne 'VMS') { # Deal with bn_ops ################################################### -$config{bn_ll} =0; -$config{export_var_as_fn} =0; +$config{bn_ll} =0; +$config{export_var_as_fn} =0; my $def_int="unsigned int"; -$config{rc4_int} =$def_int; +$config{rc4_int} =$def_int; ($config{b64l},$config{b64},$config{b32})=(0,0,1); my $count = 0; foreach (sort split(/\s+/,$target{bn_ops})) { $count++ if /SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT/; $config{export_var_as_fn}=1 if $_ eq 'EXPORT_VAR_AS_FN'; - $config{bn_ll}=1 if $_ eq 'BN_LLONG'; - $config{rc4_int}="unsigned char" if $_ eq 'RC4_CHAR'; + $config{bn_ll}=1 if $_ eq 'BN_LLONG'; + $config{rc4_int}="unsigned char" if $_ eq 'RC4_CHAR'; ($config{b64l},$config{b64},$config{b32}) - =(0,1,0) if $_ eq 'SIXTY_FOUR_BIT'; + =(0,1,0) if $_ eq 'SIXTY_FOUR_BIT'; ($config{b64l},$config{b64},$config{b32}) - =(1,0,0) if $_ eq 'SIXTY_FOUR_BIT_LONG'; + =(1,0,0) if $_ eq 'SIXTY_FOUR_BIT_LONG'; ($config{b64l},$config{b64},$config{b32}) - =(0,0,1) if $_ eq 'THIRTY_TWO_BIT'; + =(0,0,1) if $_ eq 'THIRTY_TWO_BIT'; } die "Exactly one of SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT can be set in bn_ops\n" if $count > 1; @@ -1513,49 +1503,45 @@ if (defined($config{api})) { push @{$config{defines}}, $apiflag; } +my @strict_warnings_collection=(); if ($strict_warnings) - { - my $wopt; - my $gccver = $predefined{__GNUC__} // -1; + { + my $wopt; + my $gccver = $predefined_C{__GNUC__} // -1; - die "ERROR --strict-warnings requires gcc[>=4] or gcc-alike" - unless $gccver >= 4; - foreach $wopt (split /\s+/, $gcc_devteam_warn) - { - push @{$config{cflags}}, $wopt - unless grep { $_ eq $wopt } @{$config{cflags}}; - push @{$config{cxxflags}}, $wopt - if ($config{CXX} - && !grep { $_ eq $wopt } @{$config{cxxflags}}); - } - if (defined($predefined{__clang__})) - { - foreach $wopt (split /\s+/, $clang_devteam_warn) - { - push @{$config{cflags}}, $wopt - unless grep { $_ eq $wopt } @{$config{cflags}}; - push @{$config{cxxflags}}, $wopt - if ($config{CXX} - && !grep { $_ eq $wopt } @{$config{cxxflags}}); - } - } - } + if ($gccver >= 4) + { + push @strict_warnings_collection, @gcc_devteam_warn; + push @strict_warnings_collection, @clang_devteam_warn + if (defined($predefined_C{__clang__})); + } + elsif ($config{target} =~ /^VC-/) + { + push @strict_warnings_collection, @cl_devteam_warn; + } + else + { + warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike, or MSVC" + } + } + +$config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings' + ? @strict_warnings_collection + : ( $_ ) } + @{$config{CFLAGS}} ]; unless ($disabled{"crypto-mdebug-backtrace"}) - { - foreach my $wopt (split /\s+/, $memleak_devteam_backtrace) - { - push @{$config{cflags}}, $wopt - unless grep { $_ eq $wopt } @{$config{cflags}}; - push @{$config{cxxflags}}, $wopt - if ($config{CXX} - && !grep { $_ eq $wopt } @{$config{cxxflags}}); - } - if ($target =~ /^BSD-/) - { - push @{$config{ex_libs}}, "-lexecinfo"; - } - } + { + foreach my $wopt (split /\s+/, $memleak_devteam_backtrace) + { + push @{$config{cflags}}, $wopt + unless grep { $_ eq $wopt } @{$config{cflags}}; + } + if ($target =~ /^BSD-/) + { + push @{$config{ex_libs}}, "-lexecinfo"; + } + } unless ($disabled{afalgeng}) { $config{afalgeng}=""; @@ -1567,35 +1553,118 @@ unless ($disabled{afalgeng}) { ($mi2) = $mi2 =~ /(\d+)/; my $ver = $ma*10000 + $mi1*100 + $mi2; if ($ver < $minver) { - $disabled{afalgeng} = "too-old-kernel"; + disable('too-old-kernel', 'afalgeng'); } else { push @{$config{engdirs}}, "afalg"; } } else { - $disabled{afalgeng} = "cross-compiling"; + disable('cross-compiling', 'afalgeng'); } } else { - $disabled{afalgeng} = "not-linux"; + disable('not-linux', 'afalgeng'); } } -push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng}); - -# Finish up %config by appending things the user gave us on the command line -# apart from "make variables" -foreach (keys %useradd) { - # The must all be lists, so we assert that here - die "internal error: \$useradd{$_} isn't an ARRAY\n" - unless ref $useradd{$_} eq 'ARRAY'; - - if (defined $config{$_}) { - push @{$config{$_}}, @{$useradd{$_}}; - } else { - $config{$_} = [ @{$useradd{$_}} ]; +unless ($disabled{devcryptoeng}) { + if ($target =~ m/^BSD/) { + my $maxver = 5*100 + 7; + my $sysstr = `uname -s`; + my $verstr = `uname -r`; + $sysstr =~ s|\R$||; + $verstr =~ s|\R$||; + my ($ma, $mi, @rest) = split m|\.|, $verstr; + my $ver = $ma*100 + $mi; + if ($sysstr eq 'OpenBSD' && $ver >= $maxver) { + disable('too-new-kernel', 'devcryptoeng'); + } } } -# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON +# Get the extra flags used when building shared libraries and modules. We +# do this late because some of them depend on %disabled. + +# Make the flags to build DSOs the same as for shared libraries unless they +# are already defined +$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; +$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; +$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; +{ + my $shared_info_pl = + catfile(dirname($0), "Configurations", "shared-info.pl"); + my %shared_info = read_eval_file($shared_info_pl); + push @{$target{_conf_fname_int}}, $shared_info_pl; + my $si = $target{shared_target}; + while (ref $si ne "HASH") { + last if ! defined $si; + if (ref $si eq "CODE") { + $si = $si->(); + } else { + $si = $shared_info{$si}; + } + } + + # Some of the 'shared_target' values don't have any entries in + # %shared_info. That's perfectly fine, AS LONG AS the build file + # template knows how to handle this. That is currently the case for + # Windows and VMS. + if (defined $si) { + # Just as above, copy certain shared_* attributes to the corresponding + # module_ attribute unless the latter is already defined + $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags}; + $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags}; + $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags}; + foreach (sort keys %$si) { + $target{$_} = defined $target{$_} + ? add($si->{$_})->($target{$_}) + : $si->{$_}; + } + } +} + +# ALL MODIFICATIONS TO %disabled, %config and %target MUST BE DONE FROM HERE ON + +my %disabled_info = (); # For configdata.pm +foreach my $what (sort keys %disabled) { + $config{options} .= " no-$what"; + + if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'pic', + 'dynamic-engine', 'makedepend', + 'zlib-dynamic', 'zlib', 'sse2' )) { + (my $WHAT = uc $what) =~ s|-|_|g; + + # Fix up C macro end names + $WHAT = "RMD160" if $what eq "ripemd"; + + # fix-up crypto/directory name(s) + $what = "ripemd" if $what eq "rmd160"; + $what = "whrlpool" if $what eq "whirlpool"; + + my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT"; + + if ((grep { $what eq $_ } @{$config{sdirs}}) + && $what ne 'async' && $what ne 'err' && $what ne 'dso') { + @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}}; + $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ]; + + if ($what ne 'engine') { + push @{$config{openssl_algorithm_defines}}, $macro; + } else { + @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; + push @{$disabled_info{engine}->{skipped}}, catdir('engines'); + push @{$config{openssl_other_defines}}, $macro; + } + } else { + push @{$config{openssl_other_defines}}, $macro; + } + + } +} + +if ($disabled{"dynamic-engine"}) { + push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; +} else { + push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE"; +} # If we use the unified build, collect information from build.info files my %unified_info = (); @@ -1640,38 +1709,38 @@ if ($builder eq "unified") { # Store the name of the template file we will build the build file from # in %config. This may be useful for the build file itself. my @build_file_template_names = - ( $builder_platform."-".$target{build_file}.".tmpl", - $target{build_file}.".tmpl" ); + ( $builder_platform."-".$target{build_file}.".tmpl", + $target{build_file}.".tmpl" ); my @build_file_templates = (); # First, look in the user provided directory, if given if (defined env($local_config_envname)) { - @build_file_templates = - map { - if ($^O eq 'VMS') { - # VMS environment variables are logical names, - # which can be used as is - $local_config_envname . ':' . $_; - } else { - catfile(env($local_config_envname), $_); - } - } - @build_file_template_names; + @build_file_templates = + map { + if ($^O eq 'VMS') { + # VMS environment variables are logical names, + # which can be used as is + $local_config_envname . ':' . $_; + } else { + catfile(env($local_config_envname), $_); + } + } + @build_file_template_names; } # Then, look in our standard directory push @build_file_templates, - ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) } - @build_file_template_names ); + ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) } + @build_file_template_names ); my $build_file_template; for $_ (@build_file_templates) { - $build_file_template = $_; + $build_file_template = $_; last if -f $build_file_template; $build_file_template = undef; } if (!defined $build_file_template) { - die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n"; + die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n"; } $config{build_file_templates} = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"), @@ -2327,11 +2396,11 @@ EOF print OUT "our %config = (\n"; foreach (sort keys %config) { if (ref($config{$_}) eq "ARRAY") { - print OUT " ", $_, " => [ ", join(", ", - map { quotify("perl", $_) } - @{$config{$_}}), " ],\n"; + print OUT " ", $_, " => [ ", join(", ", + map { quotify("perl", $_) } + @{$config{$_}}), " ],\n"; } elsif (ref($config{$_}) eq "HASH") { - print OUT " ", $_, " => {"; + print OUT " ", $_, " => {"; if (scalar keys %{$config{$_}} > 0) { print OUT "\n"; foreach my $key (sort keys %{$config{$_}}) { @@ -2347,7 +2416,7 @@ foreach (sort keys %config) { } print OUT "},\n"; } else { - print OUT " ", $_, " => ", quotify("perl", $config{$_}), ",\n" + print OUT " ", $_, " => ", quotify("perl", $config{$_}), ",\n" } } print OUT <<"EOF"; @@ -2357,11 +2426,11 @@ EOF print OUT "our %target = (\n"; foreach (sort keys %target) { if (ref($target{$_}) eq "ARRAY") { - print OUT " ", $_, " => [ ", join(", ", - map { quotify("perl", $_) } - @{$target{$_}}), " ],\n"; + print OUT " ", $_, " => [ ", join(", ", + map { quotify("perl", $_) } + @{$target{$_}}), " ],\n"; } else { - print OUT " ", $_, " => ", quotify("perl", $target{$_}), ",\n" + print OUT " ", $_, " => ", quotify("perl", $target{$_}), ",\n" } } print OUT <<"EOF"; @@ -2394,11 +2463,11 @@ EOF print OUT "our %withargs = (\n"; foreach (sort keys %withargs) { if (ref($withargs{$_}) eq "ARRAY") { - print OUT " ", $_, " => [ ", join(", ", - map { quotify("perl", $_) } - @{$withargs{$_}}), " ],\n"; + print OUT " ", $_, " => [ ", join(", ", + map { quotify("perl", $_) } + @{$withargs{$_}}), " ],\n"; } else { - print OUT " ", $_, " => ", quotify("perl", $withargs{$_}), ",\n" + print OUT " ", $_, " => ", quotify("perl", $withargs{$_}), ",\n" } } print OUT <<"EOF"; @@ -2542,19 +2611,22 @@ _____ } print "\nEnabled features:\n\n"; foreach my $what (@disablables) { - print " $what\n" unless $disabled{$what}; + print " $what\n" + unless grep { $_ =~ /^${what}$/ } keys %disabled; } print "\nDisabled features:\n\n"; foreach my $what (@disablables) { - if ($disabled{$what}) { - print " $what", ' ' x ($longest - length($what) + 1), - "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1); - print $disabled_info{$what}->{macro} - if $disabled_info{$what}->{macro}; + my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled; + my $what3 = $what2[0]; + if ($what3) { + print " $what3", ' ' x ($longest - length($what3) + 1), + "[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1); + print $disabled_info{$what3}->{macro} + if $disabled_info{$what3}->{macro}; print ' (skip ', - join(', ', @{$disabled_info{$what}->{skipped}}), + join(', ', @{$disabled_info{$what3}->{skipped}}), ')' - if $disabled_info{$what}->{skipped}; + if $disabled_info{$what3}->{skipped}; print "\n"; } } @@ -2625,9 +2697,9 @@ _____ if ($reconf) { if ($verbose) { print 'Reconfiguring with: ', join(' ',@{$config{perlargv}}), "\n"; - foreach (sort keys %{$config{perlenv}}) { - print ' ',$_,' = ',($config{perlenv}->{$_} || ""),"\n"; - } + foreach (sort keys %{$config{perlenv}}) { + print ' ',$_,' = ',($config{perlenv}->{$_} || ""),"\n"; + } } chdir $here; @@ -2822,7 +2894,7 @@ _____ sub asm { my @x = @_; sub { - $disabled{asm} ? () : @x; + $disabled{asm} ? () : @x; } } @@ -2888,29 +2960,29 @@ sub _add { my $found_array = !defined($separator); my @values = - map { - my $res = $_; - while (ref($res) eq "CODE") { - $res = $res->(); - } - if (defined($res)) { - if (ref($res) eq "ARRAY") { - $found_array = 1; - @$res; - } else { - $res; - } - } else { - (); - } + map { + my $res = $_; + while (ref($res) eq "CODE") { + $res = $res->(); + } + if (defined($res)) { + if (ref($res) eq "ARRAY") { + $found_array = 1; + @$res; + } else { + $res; + } + } else { + (); + } } (@_); $add_called = 1; if ($found_array) { - [ @values ]; + [ @values ]; } else { - join($separator, grep { defined($_) && $_ ne "" } @values); + join($separator, grep { defined($_) && $_ ne "" } @values); } } sub add_before { @@ -2960,10 +3032,10 @@ sub read_config { my %targets; { - # Protect certain tables from tampering - local %table = (); + # Protect certain tables from tampering + local %table = (); - %targets = read_eval_file($fname); + %targets = read_eval_file($fname); } my %preexisting = (); foreach (sort keys %targets) { @@ -2979,14 +3051,14 @@ EOF # For each target, check that it's configured with a hash table. foreach (keys %targets) { - if (ref($targets{$_}) ne "HASH") { - if (ref($targets{$_}) eq "") { - warn "Deprecated target configuration for $_, ignoring...\n"; - } else { - warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n"; - } - delete $targets{$_}; - } else { + if (ref($targets{$_}) ne "HASH") { + if (ref($targets{$_}) eq "") { + warn "Deprecated target configuration for $_, ignoring...\n"; + } else { + warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n"; + } + delete $targets{$_}; + } else { $targets{$_}->{_conf_fname_int} = add([ $fname ]); } } @@ -3005,13 +3077,13 @@ sub resolve_config { # my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS}); if (grep { $_ eq $target } @breadcrumbs) { - die "inherit_from loop! target backtrace:\n " - ,$target,"\n ",join("\n ", @breadcrumbs),"\n"; + die "inherit_from loop! target backtrace:\n " + ,$target,"\n ",join("\n ", @breadcrumbs),"\n"; } if (!defined($table{$target})) { - warn "Warning! target $target doesn't exist!\n"; - return (); + warn "Warning! target $target doesn't exist!\n"; + return (); } # Recurse through all inheritances. They will be resolved on the # fly, so when this operation is done, they will all just be a @@ -3021,22 +3093,22 @@ sub resolve_config { # this stage is done. my %combined_inheritance = (); if ($table{$target}->{inherit_from}) { - my @inherit_from = - map { ref($_) eq "CODE" ? $_->() : $_ } @{$table{$target}->{inherit_from}}; - foreach (@inherit_from) { - my %inherited_config = resolve_config($_, $target, @breadcrumbs); + my @inherit_from = + map { ref($_) eq "CODE" ? $_->() : $_ } @{$table{$target}->{inherit_from}}; + foreach (@inherit_from) { + my %inherited_config = resolve_config($_, $target, @breadcrumbs); - # 'template' is a marker that's considered private to - # the config that had it. - delete $inherited_config{template}; + # 'template' is a marker that's considered private to + # the config that had it. + delete $inherited_config{template}; - foreach (keys %inherited_config) { - if (!$combined_inheritance{$_}) { - $combined_inheritance{$_} = []; - } - push @{$combined_inheritance{$_}}, $inherited_config{$_}; - } - } + foreach (keys %inherited_config) { + if (!$combined_inheritance{$_}) { + $combined_inheritance{$_} = []; + } + push @{$combined_inheritance{$_}}, $inherited_config{$_}; + } + } } # We won't need inherit_from in this target any more, since we've @@ -3057,14 +3129,14 @@ sub resolve_config { my $default_combiner = add(); my %all_keys = - map { $_ => 1 } (keys %combined_inheritance, - keys %{$table{$target}}); + map { $_ => 1 } (keys %combined_inheritance, + keys %{$table{$target}}); sub process_values { - my $object = shift; - my $inherited = shift; # Always a [ list ] - my $target = shift; - my $entry = shift; + my $object = shift; + my $inherited = shift; # Always a [ list ] + my $target = shift; + my $entry = shift; $add_called = 0; @@ -3089,16 +3161,16 @@ sub resolve_config { foreach (sort keys %all_keys) { my $previous = $combined_inheritance{$_}; - # Current target doesn't have a value for the current key? - # Assign it the default combiner, the rest of this loop body - # will handle it just like any other coderef. - if (!exists $table{$target}->{$_}) { - $table{$target}->{$_} = $default_combiner; - } + # Current target doesn't have a value for the current key? + # Assign it the default combiner, the rest of this loop body + # will handle it just like any other coderef. + if (!exists $table{$target}->{$_}) { + $table{$target}->{$_} = $default_combiner; + } - $table{$target}->{$_} = process_values($table{$target}->{$_}, - $combined_inheritance{$_}, - $target, $_); + $table{$target}->{$_} = process_values($table{$target}->{$_}, + $combined_inheritance{$_}, + $target, $_); unless(defined($table{$target}->{$_})) { delete $table{$target}->{$_}; } @@ -3113,39 +3185,39 @@ sub resolve_config { } sub usage - { - print STDERR $usage; - print STDERR "\npick os/compiler from:\n"; - my $j=0; - my $i; + { + print STDERR $usage; + print STDERR "\npick os/compiler from:\n"; + my $j=0; + my $i; my $k=0; - foreach $i (sort keys %table) - { - next if $table{$i}->{template}; - next if $i =~ /^debug/; - $k += length($i) + 1; - if ($k > 78) - { - print STDERR "\n"; - $k=length($i); - } - print STDERR $i . " "; - } - foreach $i (sort keys %table) - { - next if $table{$i}->{template}; - next if $i !~ /^debug/; - $k += length($i) + 1; - if ($k > 78) - { - print STDERR "\n"; - $k=length($i); - } - print STDERR $i . " "; - } - print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n"; - exit(1); - } + foreach $i (sort keys %table) + { + next if $table{$i}->{template}; + next if $i =~ /^debug/; + $k += length($i) + 1; + if ($k > 78) + { + print STDERR "\n"; + $k=length($i); + } + print STDERR $i . " "; + } + foreach $i (sort keys %table) + { + next if $table{$i}->{template}; + next if $i !~ /^debug/; + $k += length($i) + 1; + if ($k > 78) + { + print STDERR "\n"; + $k=length($i); + } + print STDERR $i . " "; + } + print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n"; + exit(1); + } sub run_dofile { @@ -3239,69 +3311,69 @@ sub print_table_entry return if $target{template}; my @sequence = ( - "sys_id", - "cpp", - "cppflags", - "defines", - "includes", - "cc", - "cflags", - "unistd", - "ld", - "lflags", - "loutflag", - "ex_libs", - "bn_ops", - "apps_aux_src", - "cpuid_asm_src", - "uplink_aux_src", - "bn_asm_src", - "ec_asm_src", - "des_asm_src", - "aes_asm_src", - "bf_asm_src", - "md5_asm_src", - "cast_asm_src", - "sha1_asm_src", - "rc4_asm_src", - "rmd160_asm_src", - "rc5_asm_src", - "wp_asm_src", - "cmll_asm_src", - "modes_asm_src", - "padlock_asm_src", - "chacha_asm_src", - "poly1035_asm_src", - "thread_scheme", - "perlasm_scheme", - "dso_scheme", - "shared_target", - "shared_cflag", - "shared_defines", - "shared_ldflag", - "shared_rcflag", - "shared_extension", - "dso_extension", - "obj_extension", - "exe_extension", - "ranlib", - "ar", - "arflags", - "aroutflag", - "rc", - "rcflags", - "rcoutflag", - "mt", - "mtflags", - "mtinflag", - "mtoutflag", - "multilib", - "build_scheme", - ); + "sys_id", + "cpp", + "cppflags", + "defines", + "includes", + "cc", + "cflags", + "unistd", + "ld", + "lflags", + "loutflag", + "ex_libs", + "bn_ops", + "apps_aux_src", + "cpuid_asm_src", + "uplink_aux_src", + "bn_asm_src", + "ec_asm_src", + "des_asm_src", + "aes_asm_src", + "bf_asm_src", + "md5_asm_src", + "cast_asm_src", + "sha1_asm_src", + "rc4_asm_src", + "rmd160_asm_src", + "rc5_asm_src", + "wp_asm_src", + "cmll_asm_src", + "modes_asm_src", + "padlock_asm_src", + "chacha_asm_src", + "poly1035_asm_src", + "thread_scheme", + "perlasm_scheme", + "dso_scheme", + "shared_target", + "shared_cflag", + "shared_defines", + "shared_ldflag", + "shared_rcflag", + "shared_extension", + "dso_extension", + "obj_extension", + "exe_extension", + "ranlib", + "ar", + "arflags", + "aroutflag", + "rc", + "rcflags", + "rcoutflag", + "mt", + "mtflags", + "mtinflag", + "mtoutflag", + "multilib", + "build_scheme", + ); if ($type eq "TABLE") { - print "\n"; - print "*** $now_printing\n"; + print "\n"; + print "*** $now_printing\n"; foreach (@sequence) { if (ref($target{$_}) eq "ARRAY") { printf "\$%-12s = %s\n", $_, join(" ", @{$target{$_}}); @@ -3310,19 +3382,19 @@ sub print_table_entry } } } elsif ($type eq "HASH") { - my $largest = - length((sort { length($a) <=> length($b) } @sequence)[-1]); - print " '$now_printing' => {\n"; - foreach (@sequence) { - if ($target{$_}) { + my $largest = + length((sort { length($a) <=> length($b) } @sequence)[-1]); + print " '$now_printing' => {\n"; + foreach (@sequence) { + if ($target{$_}) { if (ref($target{$_}) eq "ARRAY") { print " '",$_,"'"," " x ($largest - length($_))," => [ ",join(", ", map { "'$_'" } @{$target{$_}})," ],\n"; } else { print " '",$_,"'"," " x ($largest - length($_))," => '",$target{$_},"',\n"; } - } - } - print " },\n"; + } + } + print " },\n"; } } @@ -3368,23 +3440,44 @@ sub absolutedir { return realpath($dir); } +# Check if all paths are one and the same, using stat. They must both exist +# We need this for the cases when File::Spec doesn't detect case insensitivity +# (File::Spec::Unix assumes case sensitivity) +sub samedir { + die "samedir expects two arguments\n" unless scalar @_ == 2; + + my @stat0 = stat($_[0]); # First argument + my @stat1 = stat($_[1]); # Second argument + + die "Couldn't stat $_[0]" unless @stat0; + die "Couldn't stat $_[1]" unless @stat1; + + # Compare device number + return 0 unless ($stat0[0] == $stat1[0]); + # Compare "inode". The perl manual recommends comparing as + # string rather than as number. + return 0 unless ($stat0[1] eq $stat1[1]); + + return 1; # All the same +} + sub quotify { my %processors = ( - perl => sub { my $x = shift; - $x =~ s/([\\\$\@"])/\\$1/g; - return '"'.$x.'"'; }, - maybeshell => sub { my $x = shift; - (my $y = $x) =~ s/([\\\"])/\\$1/g; - if ($x ne $y || $x =~ m|\s|) { - return '"'.$y.'"'; - } else { - return $x; - } - }, - ); + perl => sub { my $x = shift; + $x =~ s/([\\\$\@"])/\\$1/g; + return '"'.$x.'"'; }, + maybeshell => sub { my $x = shift; + (my $y = $x) =~ s/([\\\"])/\\$1/g; + if ($x ne $y || $x =~ m|\s|) { + return '"'.$y.'"'; + } else { + return $x; + } + }, + ); my $for = shift; my $processor = - defined($processors{$for}) ? $processors{$for} : sub { shift; }; + defined($processors{$for}) ? $processors{$for} : sub { shift; }; return map { $processor->($_); } @_; } @@ -3512,8 +3605,8 @@ sub tokenize { } if ($ENV{CONFIGURE_DEBUG_TOKENIZE}) { - print STDERR "DEBUG[tokenize]: Parsed '$debug_line' into:\n"; - print STDERR "DEBUG[tokenize]: ('", join("', '", @result), "')\n"; + print STDERR "DEBUG[tokenize]: Parsed '$debug_line' into:\n"; + print STDERR "DEBUG[tokenize]: ('", join("', '", @result), "')\n"; } return @result; } diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/apps.c b/trunk/3rdparty/openssl-1.1-fit/apps/apps.c index 36cb0b278..c06241abb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/apps.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/apps.c @@ -40,7 +40,6 @@ #endif #include #include -#include "s_apps.h" #include "apps.h" #ifdef _WIN32 @@ -48,6 +47,14 @@ static int WIN32_rename(const char *from, const char *to); # define rename(from,to) WIN32_rename((from),(to)) #endif +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +# include +#endif + +#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) +# define _kbhit kbhit +#endif + typedef struct { const char *name; unsigned long flag; @@ -1955,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) size_t len; unsigned char *out; size_t i, start = 0; + size_t skipped = 0; len = strlen(in); - if (len >= 65535) + if (len == 0 || len >= 65535) return NULL; - out = app_malloc(strlen(in) + 1, "NPN buffer"); + out = app_malloc(len + 1, "NPN buffer"); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') { + /* + * Zero-length ALPN elements are invalid on the wire, we could be + * strict and reject the entire string, but just ignoring extra + * commas seems harmless and more friendly. + * + * Every comma we skip in this way puts the input buffer another + * byte ahead of the output buffer, so all stores into the output + * buffer need to be decremented by the number commas skipped. + */ + if (i == start) { + ++start; + ++skipped; + continue; + } if (i - start > 255) { OPENSSL_free(out); return NULL; } - out[start] = (unsigned char)(i - start); + out[start-skipped] = (unsigned char)(i - start); start = i + 1; } else { - out[i + 1] = in[i]; + out[i + 1 - skipped] = in[i]; } } - *outlen = len + 1; + if (len <= skipped) { + OPENSSL_free(out); + return NULL; + } + + *outlen = len + 1 - skipped; return out; } diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/apps.h b/trunk/3rdparty/openssl-1.1-fit/apps/apps.h index d9eb650eb..34c3fd863 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/apps.h +++ b/trunk/3rdparty/openssl-1.1-fit/apps/apps.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_APPS_H -# define HEADER_APPS_H +#ifndef OSSL_APPS_H +# define OSSL_APPS_H # include "e_os.h" /* struct timeval for DTLS */ # include "internal/nelem.h" @@ -444,11 +444,9 @@ void destroy_ui_method(void); const UI_METHOD *get_ui_method(void); int chopup_args(ARGS *arg, char *buf); -# ifdef HEADER_X509_H int dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); -# endif void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c b/trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c index 62c70b9cc..6c44df7de 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -170,17 +170,17 @@ int asn1parse_main(int argc, char **argv) if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL) goto end; + if ((buf = BUF_MEM_new()) == NULL) + goto end; if (strictpem) { - if (PEM_read_bio(in, &name, &header, &str, &num) != - 1) { + if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { BIO_printf(bio_err, "Error reading PEM file\n"); ERR_print_errors(bio_err); goto end; } + buf->data = (char *)str; + buf->length = buf->max = num; } else { - - if ((buf = BUF_MEM_new()) == NULL) - goto end; if (!BUF_MEM_grow(buf, BUFSIZ * 8)) goto end; /* Pre-allocate :-) */ @@ -303,8 +303,6 @@ int asn1parse_main(int argc, char **argv) BUF_MEM_free(buf); OPENSSL_free(name); OPENSSL_free(header); - if (strictpem) - OPENSSL_free(str); ASN1_TYPE_free(at); sk_OPENSSL_STRING_free(osk); return ret; diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/build.info b/trunk/3rdparty/openssl-1.1-fit/apps/build.info index 751d8da82..015373618 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/build.info +++ b/trunk/3rdparty/openssl-1.1-fit/apps/build.info @@ -1,16 +1,17 @@ {- our @apps_openssl_src = qw(openssl.c - asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c - dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c - genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c - pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c + asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c + enc.c errstr.c + genpkey.c nseq.c passwd.c pkcs7.c pkcs8.c + pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c - srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c); + verify.c version.c x509.c rehash.c storeutl.c); our @apps_lib_src = ( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c), split(/\s+/, $target{apps_aux_src}) ); our @apps_init_src = split(/\s+/, $target{apps_init_src}); "" -} + IF[{- !$disabled{apps} -}] LIBS_NO_INST=libapps.a SOURCE[libapps.a]={- join(" ", @apps_lib_src) -} @@ -21,11 +22,51 @@ IF[{- !$disabled{apps} -}] SOURCE[openssl]={- join(" ", @apps_openssl_src) -} INCLUDE[openssl]=.. ../include DEPEND[openssl]=libapps.a ../libssl - -IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] - GENERATE[openssl.rc]=../util/mkrc.pl openssl - SOURCE[openssl]=openssl.rc -ENDIF + IF[{- !$disabled{'des'} -}] + SOURCE[openssl]=pkcs12.c + DEPEND[pkcs12.o]=progs.h + ENDIF + IF[{- !$disabled{'ec'} -}] + SOURCE[openssl]=ec.c ecparam.c + DEPEND[ec.o]=progs.h + DEPEND[ecparam.o]=progs.h + ENDIF + IF[{- !$disabled{'ocsp'} -}] + SOURCE[openssl]=ocsp.c + DEPEND[ocsp.o]=progs.h + ENDIF + IF[{- !$disabled{'srp'} -}] + SOURCE[openssl]=srp.c + DEPEND[srp.o]=progs.h + ENDIF + IF[{- !$disabled{'ts'} -}] + SOURCE[openssl]=ts.c + DEPEND[ts.o]=progs.h + ENDIF + IF[{- !$disabled{'dh'} -}] + SOURCE[openssl]=dhparam.c + DEPEND[dhparam.o]=progs.h + ENDIF + IF[{- !$disabled{'dsa'} -}] + SOURCE[openssl]=dsa.c dsaparam.c gendsa.c + DEPEND[dsa.o]=progs.h + DEPEND[dsaparam.o]=progs.h + DEPEND[gendsa.o]=progs.h + ENDIF + IF[{- !$disabled{'engine'} -}] + SOURCE[openssl]=engine.c + DEPEND[engine.o]=progs.h + ENDIF + IF[{- !$disabled{'rsa'} -}] + SOURCE[openssl]=rsa.c rsautl.c genrsa.c + DEPEND[rsa.o]=progs.h + DEPEND[rsautl.o]=progs.h + DEPEND[genrsa.o]=progs.h + ENDIF + IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] + GENERATE[openssl.rc]=../util/mkrc.pl openssl + SOURCE[openssl]=openssl.rc + ENDIF {- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" } @apps_openssl_src) -} diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ca.c b/trunk/3rdparty/openssl-1.1-fit/apps/ca.c old mode 100644 new mode 100755 index 69207c066..390ac3749 --- a/trunk/3rdparty/openssl-1.1-fit/apps/ca.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/ca.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -722,7 +722,7 @@ end_of_options: /*****************************************************************/ if (req || gencrl) { - if (spkac_file != NULL) { + if (spkac_file != NULL && outfile != NULL) { output_der = 1; batch = 1; } @@ -1862,8 +1862,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, row[DB_exp_date][tm->length] = '\0'; row[DB_rev_date] = NULL; row[DB_file] = OPENSSL_strdup("unknown"); - if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || - (row[DB_file] == NULL) || (row[DB_name] == NULL)) { + if ((row[DB_type] == NULL) || (row[DB_file] == NULL) + || (row[DB_name] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } @@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial, CA_DB *db) static int do_updatedb(CA_DB *db) { - ASN1_UTCTIME *a_tm = NULL; + ASN1_TIME *a_tm = NULL; int i, cnt = 0; - int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ - char **rrow, *a_tm_s; + char **rrow; - a_tm = ASN1_UTCTIME_new(); + a_tm = ASN1_TIME_new(); if (a_tm == NULL) return -1; - /* get actual time and make a string */ + /* get actual time */ if (X509_gmtime_adj(a_tm, 0) == NULL) { - ASN1_UTCTIME_free(a_tm); + ASN1_TIME_free(a_tm); return -1; } - a_tm_s = app_malloc(a_tm->length + 1, "time string"); - - memcpy(a_tm_s, a_tm->data, a_tm->length); - a_tm_s[a_tm->length] = '\0'; - - if (strncmp(a_tm_s, "49", 2) <= 0) - a_y2k = 1; - else - a_y2k = 0; for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); if (rrow[DB_type][0] == DB_TYPE_VAL) { /* ignore entries that are not valid */ - if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) - db_y2k = 1; - else - db_y2k = 0; + ASN1_TIME *exp_date = NULL; - if (db_y2k == a_y2k) { - /* all on the same y2k side */ - if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) { - rrow[DB_type][0] = DB_TYPE_EXP; - rrow[DB_type][1] = '\0'; - cnt++; + exp_date = ASN1_TIME_new(); + if (exp_date == NULL) { + ASN1_TIME_free(a_tm); + return -1; + } - BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); - } - } else if (db_y2k < a_y2k) { + if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) { + ASN1_TIME_free(a_tm); + ASN1_TIME_free(exp_date); + return -1; + } + + if (ASN1_TIME_compare(exp_date, a_tm) <= 0) { rrow[DB_type][0] = DB_TYPE_EXP; rrow[DB_type][1] = '\0'; cnt++; BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); } - + ASN1_TIME_free(exp_date); } } - ASN1_UTCTIME_free(a_tm); - OPENSSL_free(a_tm_s); + ASN1_TIME_free(a_tm); return cnt; } diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/cms.c b/trunk/3rdparty/openssl-1.1-fit/apps/cms.c index e9d760c99..71554037d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/cms.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/cms.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -545,9 +545,11 @@ int cms_main(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = app_malloc(sizeof(*nparam), "key param buffer"); - nparam->idx = keyidx; - if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) + if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) { + OPENSSL_free(nparam); goto end; + } + nparam->idx = keyidx; nparam->next = NULL; if (key_first == NULL) key_first = nparam; @@ -636,6 +638,7 @@ int cms_main(int argc, char **argv) goto opthelp; } } else if (!operation) { + BIO_printf(bio_err, "No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.\n"); goto opthelp; } diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c b/trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c index 88fabcb22..3f619bf52 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -120,19 +120,20 @@ int crl2pkcs7_main(int argc, char **argv) if (!ASN1_INTEGER_set(p7s->version, 1)) goto end; - if ((crl_stack = sk_X509_CRL_new_null()) == NULL) - goto end; - p7s->crl = crl_stack; + if (crl != NULL) { + if ((crl_stack = sk_X509_CRL_new_null()) == NULL) + goto end; + p7s->crl = crl_stack; sk_X509_CRL_push(crl_stack, crl); crl = NULL; /* now part of p7 for OPENSSL_freeing */ } - if ((cert_stack = sk_X509_new_null()) == NULL) - goto end; - p7s->cert = cert_stack; + if (certflst != NULL) { + if ((cert_stack = sk_X509_new_null()) == NULL) + goto end; + p7s->cert = cert_stack; - if (certflst != NULL) for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { certfile = sk_OPENSSL_STRING_value(certflst, i); if (add_certs_from_file(cert_stack, certfile) < 0) { @@ -141,6 +142,7 @@ int crl2pkcs7_main(int argc, char **argv) goto end; } } + } out = bio_open_default(outfile, 'w', outformat); if (out == NULL) diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dgst.c b/trunk/3rdparty/openssl-1.1-fit/apps/dgst.c index d158a0ccb..e595f7d81 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/dgst.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/dgst.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,6 +19,7 @@ #include #include #include +#include #undef BUFSIZE #define BUFSIZE 1024*8 @@ -27,9 +28,15 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, const char *file); +static void show_digests(const OBJ_NAME *name, void *bio_); + +struct doall_dgst_digests { + BIO *bio; + int n; +}; typedef enum OPTION_choice { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST, OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, @@ -43,6 +50,7 @@ const OPTIONS dgst_options[] = { {OPT_HELP_STR, 1, '-', " file... files to digest (default is stdin)\n"}, {"help", OPT_HELP, '-', "Display this summary"}, + {"list", OPT_LIST, '-', "List digests"}, {"c", OPT_C, '-', "Print the digest with separating colons"}, {"r", OPT_R, '-', "Print the digest in coreutils format"}, {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, @@ -91,6 +99,7 @@ int dgst_main(int argc, char **argv) int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0; unsigned char *buf = NULL, *sigbuf = NULL; int engine_impl = 0; + struct doall_dgst_digests dec; prog = opt_progname(argv[0]); buf = app_malloc(BUFSIZE, "I/O buffer"); @@ -108,6 +117,15 @@ int dgst_main(int argc, char **argv) opt_help(dgst_options); ret = 0; goto end; + case OPT_LIST: + BIO_printf(bio_out, "Supported digests:\n"); + dec.bio = bio_out; + dec.n = 0; + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, + show_digests, &dec); + BIO_printf(bio_out, "\n"); + ret = 0; + goto end; case OPT_C: separator = 1; break; @@ -413,20 +431,86 @@ int dgst_main(int argc, char **argv) return ret; } +static void show_digests(const OBJ_NAME *name, void *arg) +{ + struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg; + const EVP_MD *md = NULL; + + /* Filter out signed digests (a.k.a signature algorithms) */ + if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL) + return; + + if (!islower((unsigned char)*name->name)) + return; + + /* Filter out message digests that we cannot use */ + md = EVP_get_digestbyname(name->name); + if (md == NULL) + return; + + BIO_printf(dec->bio, "-%-25s", name->name); + if (++dec->n == 3) { + BIO_printf(dec->bio, "\n"); + dec->n = 0; + } else { + BIO_printf(dec->bio, " "); + } +} + +/* + * The newline_escape_filename function performs newline escaping for any + * filename that contains a newline. This function also takes a pointer + * to backslash. The backslash pointer is a flag to indicating whether a newline + * is present in the filename. If a newline is present, the backslash flag is + * set and the output format will contain a backslash at the beginning of the + * digest output. This output format is to replicate the output format found + * in the '*sum' checksum programs. This aims to preserve backward + * compatibility. + */ +static const char *newline_escape_filename(const char *file, int * backslash) +{ + size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0; + char *file_cpy = NULL; + + for (i = 0; i < length; i++) + if (file[i] == '\n') + newline_count++; + + mem_len = length + newline_count + 1; + file_cpy = app_malloc(mem_len, file); + i = 0; + + while(e < length) { + const char c = file[e]; + if (c == '\n') { + file_cpy[i++] = '\\'; + file_cpy[i++] = 'n'; + *backslash = 1; + } else { + file_cpy[i++] = c; + } + e++; + } + file_cpy[i] = '\0'; + return (const char*)file_cpy; +} + + int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, const char *file) { - size_t len; - int i; + size_t len = BUFSIZE; + int i, backslash = 0, ret = 1; + unsigned char *sigbuf = NULL; - for (;;) { + while (BIO_pending(bp) || !BIO_eof(bp)) { i = BIO_read(bp, (char *)buf, BUFSIZE); if (i < 0) { BIO_printf(bio_err, "Read Error in %s\n", file); ERR_print_errors(bio_err); - return 1; + goto end; } if (i == 0) break; @@ -439,37 +523,51 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, BIO_printf(out, "Verified OK\n"); } else if (i == 0) { BIO_printf(out, "Verification Failure\n"); - return 1; + goto end; } else { BIO_printf(bio_err, "Error Verifying Data\n"); ERR_print_errors(bio_err); - return 1; + goto end; } - return 0; + ret = 0; + goto end; } if (key != NULL) { EVP_MD_CTX *ctx; + int pkey_len; BIO_get_md_ctx(bp, &ctx); - len = BUFSIZE; + pkey_len = EVP_PKEY_size(key); + if (pkey_len > BUFSIZE) { + len = pkey_len; + sigbuf = app_malloc(len, "Signature buffer"); + buf = sigbuf; + } if (!EVP_DigestSignFinal(ctx, buf, &len)) { BIO_printf(bio_err, "Error Signing Data\n"); ERR_print_errors(bio_err); - return 1; + goto end; } } else { len = BIO_gets(bp, (char *)buf, BUFSIZE); if ((int)len < 0) { ERR_print_errors(bio_err); - return 1; + goto end; } } if (binout) { BIO_write(out, buf, len); } else if (sep == 2) { + file = newline_escape_filename(file, &backslash); + + if (backslash == 1) + BIO_puts(out, "\\"); + for (i = 0; i < (int)len; i++) BIO_printf(out, "%02x", buf[i]); + BIO_printf(out, " *%s\n", file); + OPENSSL_free((char *)file); } else { if (sig_name != NULL) { BIO_puts(out, sig_name); @@ -488,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } BIO_printf(out, "\n"); } - return 0; + + ret = 0; + end: + if (sigbuf != NULL) + OPENSSL_clear_free(sigbuf, len); + + return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c b/trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c index 13f76754d..98c73214b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,28 +8,24 @@ */ #include -#ifdef OPENSSL_NO_DH -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#ifndef OPENSSL_NO_DSA +# include +#endif -# ifndef OPENSSL_NO_DSA -# include -# endif - -# define DEFBITS 2048 +#define DEFBITS 2048 static int dh_cb(int p, int n, BN_GENCB *cb); @@ -56,13 +52,13 @@ const OPTIONS dhparam_options[] = { {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA {"dsaparam", OPT_DSAPARAM, '-', "Read or generate DSA parameters, convert to DH"}, -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -146,13 +142,13 @@ int dhparam_main(int argc, char **argv) if (g && !num) num = DEFBITS; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam && g) { BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); goto end; } -# endif +#endif out = bio_open_default(outfile, 'w', outformat); if (out == NULL) @@ -173,7 +169,7 @@ int dhparam_main(int argc, char **argv) BN_GENCB_set(cb, dh_cb, bio_err); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa = DSA_new(); @@ -196,7 +192,7 @@ int dhparam_main(int argc, char **argv) goto end; } } else -# endif +#endif { dh = DH_new(); BIO_printf(bio_err, @@ -217,7 +213,7 @@ int dhparam_main(int argc, char **argv) if (in == NULL) goto end; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa; @@ -239,7 +235,7 @@ int dhparam_main(int argc, char **argv) goto end; } } else -# endif +#endif { if (informat == FORMAT_ASN1) { /* @@ -376,4 +372,3 @@ static int dh_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsa.c b/trunk/3rdparty/openssl-1.1-fit/apps/dsa.c index 6022e64cd..c7884df16 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/dsa.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,19 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -49,14 +45,14 @@ const OPTIONS dsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -71,9 +67,9 @@ int dsa_main(int argc, char **argv) OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; int i, modulus = 0, pubin = 0, pubout = 0, ret = 1; -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 int pvk_encr = 2; -# endif +#endif int private = 0; prog = opt_init(argc, argv, dsa_options); @@ -214,7 +210,7 @@ int dsa_main(int argc, char **argv) i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout); } -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); @@ -229,13 +225,13 @@ int dsa_main(int argc, char **argv) goto end; } assert(private); -# ifdef OPENSSL_NO_RC4 +# ifdef OPENSSL_NO_RC4 BIO_printf(bio_err, "PVK format not supported\n"); EVP_PKEY_free(pk); goto end; -# else +# else i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); -# endif +# endif } else if (pubin || pubout) { i = i2b_PublicKey_bio(out, pk); } else { @@ -243,7 +239,7 @@ int dsa_main(int argc, char **argv) i = i2b_PrivateKey_bio(out, pk); } EVP_PKEY_free(pk); -# endif +#endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; @@ -262,4 +258,3 @@ int dsa_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c b/trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c index b227b76a3..75589ac6b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,22 +8,18 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include static int dsa_cb(int p, int n, BN_GENCB *cb); @@ -44,9 +40,9 @@ const OPTIONS dsaparam_options[] = { {"noout", OPT_NOOUT, '-', "No output"}, {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -255,4 +251,3 @@ static int dsa_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ec.c b/trunk/3rdparty/openssl-1.1-fit/apps/ec.c index 03abb0068..0c8ed750c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/ec.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/ec.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,19 +8,15 @@ */ #include -#ifdef OPENSSL_NO_EC -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include static OPT_PAIR conv_forms[] = { {"compressed", POINT_CONVERSION_COMPRESSED}, @@ -62,9 +58,9 @@ const OPTIONS ec_options[] = { "Specifies the way the ec parameters are encoded"}, {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -280,4 +276,3 @@ int ec_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c b/trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c index 917f1a86b..58fbeb95c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -9,22 +9,18 @@ */ #include -#ifdef OPENSSL_NO_EC -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -55,9 +51,9 @@ const OPTIONS ecparam_options[] = { "Specifies the way the ec parameters are encoded"}, {"genkey", OPT_GENKEY, '-', "Generate ec key"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -446,5 +442,3 @@ int ecparam_main(int argc, char **argv) BIO_free_all(out); return ret; } - -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/enc.c b/trunk/3rdparty/openssl-1.1-fit/apps/enc.c index 8e5a57d3e..65710771a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,7 +50,8 @@ typedef enum OPTION_choice { const OPTIONS enc_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"ciphers", OPT_LIST, '-', "List ciphers"}, + {"list", OPT_LIST, '-', "List ciphers"}, + {"ciphers", OPT_LIST, '-', "Alias for -list"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pass", OPT_PASS, 's', "Passphrase source"}, @@ -80,7 +81,7 @@ const OPTIONS enc_options[] = { {"", OPT_CIPHER, '-', "Any supported cipher"}, OPT_R_OPTIONS, #ifdef ZLIB - {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, + {"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"}, #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -500,7 +501,7 @@ int enc_main(int argc, char **argv) if (hiv != NULL) { int siz = EVP_CIPHER_iv_length(cipher); if (siz == 0) { - BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + BIO_printf(bio_err, "warning: iv not used by this cipher\n"); } else if (!set_hex(hiv, iv, siz)) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; @@ -586,7 +587,7 @@ int enc_main(int argc, char **argv) if (benc != NULL) wbio = BIO_push(benc, wbio); - for (;;) { + while (BIO_pending(rbio) || !BIO_eof(rbio)) { inl = BIO_read(rbio, (char *)buff, bsize); if (inl <= 0) break; diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/engine.c b/trunk/3rdparty/openssl-1.1-fit/apps/engine.c index 83f9588a0..746cace35 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/engine.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/engine.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,19 +8,15 @@ */ #include -#ifdef OPENSSL_NO_ENGINE -NON_EMPTY_TRANSLATION_UNIT -#else - -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -486,4 +482,3 @@ int engine_main(int argc, char **argv) BIO_free_all(out); return ret; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c b/trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c index 401375420..ec57c92a9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,22 +8,18 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -39,9 +35,9 @@ const OPTIONS gendsa_options[] = { {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, OPT_R_OPTIONS, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -143,4 +139,3 @@ int gendsa_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c b/trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c index 39fa73c91..3fe87e853 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -177,9 +177,12 @@ int genpkey_main(int argc, char **argv) goto end; } + ret = 0; + if (rv <= 0) { BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err); + ret = 1; } if (text) { @@ -191,11 +194,10 @@ int genpkey_main(int argc, char **argv) if (rv <= 0) { BIO_puts(bio_err, "Error printing key\n"); ERR_print_errors(bio_err); + ret = 1; } } - ret = 0; - end: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(ctx); diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c b/trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c index c17cd1471..e34a2f7ab 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,27 +8,23 @@ */ #include -#ifdef OPENSSL_NO_RSA -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include +#include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include -# include - -# define DEFBITS 2048 -# define DEFPRIMES 2 +#define DEFBITS 2048 +#define DEFPRIMES 2 static int genrsa_cb(int p, int n, BN_GENCB *cb); @@ -48,9 +44,9 @@ const OPTIONS genrsa_options[] = { OPT_R_OPTIONS, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {"primes", OPT_PRIMES, 'p', "Specify number of primes"}, {NULL} }; @@ -198,4 +194,3 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c b/trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c index e8aeb11cc..27ec94fa6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,65 +9,62 @@ #include -#ifdef OPENSSL_NO_OCSP -NON_EMPTY_TRANSLATION_UNIT -#else -# ifdef OPENSSL_SYS_VMS -# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined +#ifdef OPENSSL_SYS_VMS +# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined * on OpenVMS */ -# endif +#endif -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include /* Needs to be included before the openssl headers */ -# include "apps.h" -# include "progs.h" -# include "internal/sockets.h" -# include -# include -# include -# include -# include -# include -# include -# include +#include "apps.h" +#include "progs.h" +#include "internal/sockets.h" +#include +#include +#include +#include +#include +#include +#include +#include #ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# endif +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# define HAVE_FORK 0 +#else +# define HAVE_FORK 1 +#endif #endif #if HAVE_FORK -# undef NO_FORK +#undef NO_FORK #else -# define NO_FORK +#define NO_FORK #endif -# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ +#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ && !defined(OPENSSL_NO_POSIX_IO) -# define OCSP_DAEMON -# include -# include -# include -# include -# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ -# else -# undef LOG_INFO -# undef LOG_WARNING -# undef LOG_ERR -# define LOG_INFO 0 -# define LOG_WARNING 1 -# define LOG_ERR 2 -# endif +# define OCSP_DAEMON +# include +# include +# include +# include +# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ +#else +# undef LOG_INFO +# undef LOG_WARNING +# undef LOG_ERR +# define LOG_INFO 0 +# define LOG_WARNING 1 +# define LOG_ERR 2 +#endif -# if defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) /* not supported */ int setpgid(pid_t pid, pid_t pgid) { @@ -80,9 +77,9 @@ pid_t fork(void) errno = ENOSYS; return (pid_t) -1; } -# endif +#endif /* Maximum leeway in validity period: default 5 minutes */ -# define MAX_VALIDITY_PERIOD (5 * 60) +#define MAX_VALIDITY_PERIOD (5 * 60) static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, @@ -109,20 +106,20 @@ static void log_message(int level, const char *fmt, ...); static char *prog; static int multi = 0; -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON static int acfd = (int) INVALID_SOCKET; static int index_changed(CA_DB *); static void spawn_loop(void); static int print_syslog(const char *str, size_t len, void *levPtr); -static void sock_timeout(int signum); -# endif +static void socket_timeout(int signum); +#endif -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, const STACK_OF(CONF_VALUE) *headers, OCSP_REQUEST *req, int req_timeout); -# endif +#endif typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -160,9 +157,9 @@ const OPTIONS ocsp_options[] = { "Don't include any certificates in response"}, {"resp_key_id", OPT_RESP_KEY_ID, '-', "Identify response by signing certificate key ID"}, -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON {"multi", OPT_MULTI, 'p', "run multiple responder processes"}, -# endif +#endif {"no_certs", OPT_NO_CERTS, '-', "Don't include any certificates in signed request"}, {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-', @@ -511,9 +508,9 @@ int ocsp_main(int argc, char **argv) trailing_md = 1; break; case OPT_MULTI: -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON multi = atoi(opt_arg()); -# endif +#endif break; } } @@ -593,11 +590,11 @@ int ocsp_main(int argc, char **argv) } } -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (multi && acbio != NULL) spawn_loop(); if (acbio != NULL && req_timeout > 0) - signal(SIGALRM, sock_timeout); + signal(SIGALRM, socket_timeout); #endif if (acbio != NULL) @@ -606,7 +603,7 @@ int ocsp_main(int argc, char **argv) redo_accept: if (acbio != NULL) { -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (index_changed(rdb)) { CA_DB *newrdb = load_index(ridx_filename, NULL); @@ -619,7 +616,7 @@ redo_accept: ridx_filename); } } -# endif +#endif req = NULL; if (!do_responder(&req, &cbio, acbio, req_timeout)) @@ -641,8 +638,10 @@ redo_accept: goto end; } - if (req != NULL && add_nonce) - OCSP_request_add1_nonce(req, NULL, -1); + if (req != NULL && add_nonce) { + if (!OCSP_request_add1_nonce(req, NULL, -1)) + goto end; + } if (signfile != NULL) { if (keyfile == NULL) @@ -686,16 +685,16 @@ redo_accept: if (cbio != NULL) send_ocsp_response(cbio, resp); } else if (host != NULL) { -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK resp = process_responder(req, host, path, port, use_ssl, headers, req_timeout); if (resp == NULL) goto end; -# else +#else BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); goto end; -# endif +#endif } else if (respin != NULL) { derbio = bio_open_default(respin, 'r', FORMAT_ASN1); if (derbio == NULL) @@ -838,7 +837,7 @@ log_message(int level, const char *fmt, ...) va_list ap; va_start(ap, fmt); -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (multi) { char buf[1024]; if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) { @@ -847,7 +846,7 @@ log_message(int level, const char *fmt, ...) if (level >= LOG_ERR) ERR_print_errors_cb(print_syslog, &level); } -# endif +#endif if (!multi) { BIO_printf(bio_err, "%s: ", prog); BIO_vprintf(bio_err, fmt, ap); @@ -856,7 +855,7 @@ log_message(int level, const char *fmt, ...) va_end(ap); } -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON static int print_syslog(const char *str, size_t len, void *levPtr) { @@ -1009,7 +1008,7 @@ static void spawn_loop(void) syslog(LOG_INFO, "terminating on signal: %d", termsig); killall(0, kidpids); } -# endif +#endif static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, @@ -1245,7 +1244,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req goto end; } } - OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags); + if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs); + goto end; + } if (badsig) { const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); @@ -1286,11 +1288,11 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) static BIO *init_responder(const char *port) { -# ifdef OPENSSL_NO_SOCK +#ifdef OPENSSL_NO_SOCK BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n"); return NULL; -# else +#else BIO *acbio = NULL, *bufbio = NULL; bufbio = BIO_new(BIO_f_buffer()); @@ -1317,10 +1319,10 @@ static BIO *init_responder(const char *port) BIO_free_all(acbio); BIO_free(bufbio); return NULL; -# endif +#endif } -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK /* * Decode %xx URL-decoding in-place. Ignores mal-formed sequences. */ @@ -1344,22 +1346,22 @@ static int urldecode(char *p) *out = '\0'; return (int)(out - save); } -# endif +#endif -# ifdef OCSP_DAEMON -static void sock_timeout(int signum) +#ifdef OCSP_DAEMON +static void socket_timeout(int signum) { if (acfd != (int)INVALID_SOCKET) (void)shutdown(acfd, SHUT_RD); } -# endif +#endif static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, int timeout) { -# ifdef OPENSSL_NO_SOCK +#ifdef OPENSSL_NO_SOCK return 0; -# else +#else int len; OCSP_REQUEST *req = NULL; char inbuf[2048], reqbuf[2048]; @@ -1377,12 +1379,12 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *pcbio = cbio; client = BIO_get_peer_name(cbio); -# ifdef OCSP_DAEMON +# ifdef OCSP_DAEMON if (timeout > 0) { (void) BIO_get_fd(cbio, &acfd); alarm(timeout); } -# endif +# endif /* Read the request line. */ len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); @@ -1411,9 +1413,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *q = '\0'; /* - * Skip "GET / HTTP..." requests often used by load-balancers + * Skip "GET / HTTP..." requests often used by load-balancers. Note: + * 'p' was incremented above to point to the first byte *after* the + * leading slash, so with 'GET / ' it is now an empty string. */ - if (p[1] == '\0') + if (p[0] == '\0') goto out; len = urldecode(p); @@ -1443,11 +1447,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, break; } -# ifdef OCSP_DAEMON +# ifdef OCSP_DAEMON /* Clear alarm before we close the client socket */ alarm(0); timeout = 0; -# endif +# endif /* Try to read OCSP request */ if (getbio != NULL) { @@ -1463,13 +1467,13 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *preq = req; out: -# ifdef OCSP_DAEMON +# ifdef OCSP_DAEMON if (timeout > 0) alarm(0); acfd = (int)INVALID_SOCKET; -# endif - return 1; # endif + return 1; +#endif } static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) @@ -1485,7 +1489,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) return 1; } -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, const STACK_OF(CONF_VALUE) *headers, @@ -1616,6 +1620,4 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, SSL_CTX_free(ctx); return resp; } -# endif - #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/openssl.c b/trunk/3rdparty/openssl-1.1-fit/apps/openssl.c index a872e2c5e..ff7b759a4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/openssl.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,6 @@ # include #endif #include -#include "s_apps.h" /* Needed to get the other O_xxx flags. */ #ifdef OPENSSL_SYS_VMS # include @@ -165,6 +164,13 @@ int main(int argc, char *argv[]) } prog = prog_init(); + if (prog == NULL) { + BIO_printf(bio_err, + "FATAL: Startup failure (dev note: prog_init() failed)\n"); + ERR_print_errors(bio_err); + ret = 1; + goto end; + } pname = opt_progname(argv[0]); /* first check the program name */ diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/passwd.c b/trunk/3rdparty/openssl-1.1-fit/apps/passwd.c index aa516c874..d741d0533 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/passwd.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/passwd.c @@ -807,7 +807,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ (*salt_p)[i] = 0; # ifdef CHARSET_EBCDIC - /* The password encryption funtion will convert back to ASCII */ + /* The password encryption function will convert back to ASCII */ ascii2ebcdic(*salt_p, *salt_p, saltlen); # endif } diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c b/trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c index 719a309a8..8c5d963b8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,25 +8,21 @@ */ #include -#if defined(OPENSSL_NO_DES) -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include - -# define NOKEYS 0x1 -# define NOCERTS 0x2 -# define INFO 0x4 -# define CLCERTS 0x8 -# define CACERTS 0x10 +#define NOKEYS 0x1 +#define NOCERTS 0x2 +#define INFO 0x4 +#define CLCERTS 0x8 +#define CACERTS 0x10 #define PASSWD_BUF_SIZE 2048 @@ -41,6 +37,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, const char *pass, int passlen, int options, char *pempass, const EVP_CIPHER *enc); +void print_attribute(BIO *out, const ASN1_TYPE *av); int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); @@ -73,15 +70,15 @@ const OPTIONS pkcs12_options[] = { {"chain", OPT_CHAIN, '-', "Add certificate chain"}, {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"}, -# ifndef OPENSSL_NO_RC2 +#ifndef OPENSSL_NO_RC2 {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (default RC2-40)"}, {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default RC2-40)"}, -# else +#else {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"}, {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"}, -# endif +#endif {"export", OPT_EXPORT, '-', "Output PKCS12 file"}, {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, {"maciter", OPT_MACITER, '-', "Use MAC iteration"}, @@ -112,9 +109,9 @@ const OPTIONS pkcs12_options[] = { {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -125,11 +122,11 @@ int pkcs12_main(int argc, char **argv) char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; -# ifndef OPENSSL_NO_RC2 +#ifndef OPENSSL_NO_RC2 int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; -# else +#else int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -# endif +#endif int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int ret = 1, macver = 1, add_lmk = 0, private = 0; int noprompt = 0; @@ -838,7 +835,7 @@ static int alg_print(const X509_ALGOR *alg) goto done; } BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, " - "Block size(r): %ld, Paralelizm(p): %ld", + "Block size(r): %ld, Parallelism(p): %ld", ASN1_STRING_length(kdf->salt), ASN1_INTEGER_get(kdf->costParameter), ASN1_INTEGER_get(kdf->blockSize), @@ -878,6 +875,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) return ret; } +/* Generalised x509 attribute value print */ + +void print_attribute(BIO *out, const ASN1_TYPE *av) +{ + char *value; + + switch (av->type) { + case V_ASN1_BMPSTRING: + value = OPENSSL_uni2asc(av->value.bmpstring->data, + av->value.bmpstring->length); + BIO_printf(out, "%s\n", value); + OPENSSL_free(value); + break; + + case V_ASN1_OCTET_STRING: + hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); + BIO_printf(out, "\n"); + break; + + case V_ASN1_BIT_STRING: + hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); + BIO_printf(out, "\n"); + break; + + default: + BIO_printf(out, "\n", av->type); + break; + } +} + /* Generalised attribute print: handle PKCS#8 and bag attributes */ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, @@ -885,8 +914,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, { X509_ATTRIBUTE *attr; ASN1_TYPE *av; - char *value; - int i, attr_nid; + int i, j, attr_nid; if (!attrlst) { BIO_printf(out, "%s: \n", name); return 1; @@ -910,30 +938,10 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, } if (X509_ATTRIBUTE_count(attr)) { - av = X509_ATTRIBUTE_get0_type(attr, 0); - switch (av->type) { - case V_ASN1_BMPSTRING: - value = OPENSSL_uni2asc(av->value.bmpstring->data, - av->value.bmpstring->length); - BIO_printf(out, "%s\n", value); - OPENSSL_free(value); - break; - - case V_ASN1_OCTET_STRING: - hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); - BIO_printf(out, "\n"); - break; - - case V_ASN1_BIT_STRING: - hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); - BIO_printf(out, "\n"); - break; - - default: - BIO_printf(out, "\n", av->type); - break; + for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) + { + av = X509_ATTRIBUTE_get0_type(attr, j); + print_attribute(out, av); } } else { BIO_printf(out, "\n"); @@ -964,5 +972,3 @@ static int set_pbe(int *ppbe, const char *str) } return 1; } - -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c b/trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c index 2c4e524b6..831e14dab 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -299,8 +299,7 @@ int pkeyutl_main(int argc, char **argv) /* Sanity check the input */ if (buf_inlen > EVP_MAX_MD_SIZE && (pkey_op == EVP_PKEY_OP_SIGN - || pkey_op == EVP_PKEY_OP_VERIFY - || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) { + || pkey_op == EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, "Error: The input data looks too long to be a hash\n"); goto end; diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rehash.c b/trunk/3rdparty/openssl-1.1-fit/apps/rehash.c index 2b769fbce..fc1dffe97 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/rehash.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/rehash.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2013-2014 Timo Teräs * * Licensed under the OpenSSL license (the "License"). You may not use @@ -274,11 +274,19 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) if (x->x509 != NULL) { type = TYPE_CERT; name = X509_get_subject_name(x->x509); - X509_digest(x->x509, evpmd, digest, NULL); + if (!X509_digest(x->x509, evpmd, digest, NULL)) { + BIO_printf(bio_err, "out of memory\n"); + ++errs; + goto end; + } } else if (x->crl != NULL) { type = TYPE_CRL; name = X509_CRL_get_issuer(x->crl); - X509_CRL_digest(x->crl, evpmd, digest, NULL); + if (!X509_CRL_digest(x->crl, evpmd, digest, NULL)) { + BIO_printf(bio_err, "out of memory\n"); + ++errs; + goto end; + } } else { ++errs; goto end; diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/req.c b/trunk/3rdparty/openssl-1.1-fit/apps/req.c index 6fd28a2ab..a603907cd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/req.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -200,9 +200,12 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) *p = '\0'; /* Finally have a clean "key"; see if it's there [by attempt to add it]. */ - if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv)) - != NULL || lh_OPENSSL_STRING_error(addexts)) { - OPENSSL_free(p != NULL ? p : kv); + p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv); + if (p != NULL) { + OPENSSL_free(p); + return 1; + } else if (lh_OPENSSL_STRING_error(addexts)) { + OPENSSL_free(kv); return -1; } @@ -435,12 +438,14 @@ int req_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "Using configuration from %s\n", template); - req_conf = app_load_config(template); + if ((req_conf = app_load_config(template)) == NULL) + goto end; if (addext_bio) { if (verbose) BIO_printf(bio_err, "Using additional configuration from command line\n"); - addext_conf = app_load_config_bio(addext_bio, NULL); + if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL) + goto end; } if (template != default_config_file && !app_load_modules(req_conf)) goto end; @@ -881,9 +886,19 @@ int req_main(int argc, char **argv) if (text) { if (x509) - X509_print_ex(out, x509ss, get_nameopt(), reqflag); + ret = X509_print_ex(out, x509ss, get_nameopt(), reqflag); else - X509_REQ_print_ex(out, req, get_nameopt(), reqflag); + ret = X509_REQ_print_ex(out, req, get_nameopt(), reqflag); + + if (ret == 0) { + if (x509) + BIO_printf(bio_err, "Error printing certificate\n"); + else + BIO_printf(bio_err, "Error printing certificate request\n"); + + ERR_print_errors(bio_err); + goto end; + } } if (subject) { diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rsa.c b/trunk/3rdparty/openssl-1.1-fit/apps/rsa.c index fdd02dce3..aeda917cc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/rsa.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,19 @@ */ #include -#ifdef OPENSSL_NO_RSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -53,14 +49,14 @@ const OPTIONS rsa_options[] = { {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, {"check", OPT_CHECK, '-', "Verify key consistency"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -75,9 +71,9 @@ int rsa_main(int argc, char **argv) int i, private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0; int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1; -# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) int pvk_encr = 2; -# endif +#endif OPTION_CHOICE o; prog = opt_init(argc, argv, rsa_options); @@ -130,9 +126,9 @@ int rsa_main(int argc, char **argv) case OPT_PVK_STRONG: /* pvk_encr:= 2 */ case OPT_PVK_WEAK: /* pvk_encr:= 1 */ case OPT_PVK_NONE: /* pvk_encr:= 0 */ -# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) pvk_encr = (o - OPT_PVK_NONE); -# endif +#endif break; case OPT_NOOUT: noout = 1; @@ -265,7 +261,7 @@ int rsa_main(int argc, char **argv) i = PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, NULL, passout); } -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); @@ -280,13 +276,13 @@ int rsa_main(int argc, char **argv) goto end; } assert(private); -# ifdef OPENSSL_NO_RC4 +# ifdef OPENSSL_NO_RC4 BIO_printf(bio_err, "PVK format not supported\n"); EVP_PKEY_free(pk); goto end; -# else +# else i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); -# endif +# endif } else if (pubin || pubout) { i = i2b_PublicKey_bio(out, pk); } else { @@ -294,7 +290,7 @@ int rsa_main(int argc, char **argv) i = i2b_PrivateKey_bio(out, pk); } EVP_PKEY_free(pk); -# endif +#endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; @@ -313,4 +309,3 @@ int rsa_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem b/trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem index 946a6e543..83d962f40 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem +++ b/trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c b/trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c index 5da8504d3..0c0fa8eba 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,25 +8,21 @@ */ #include -#ifdef OPENSSL_NO_RSA -NON_EMPTY_TRANSLATION_UNIT -#else +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include +#define RSA_SIGN 1 +#define RSA_VERIFY 2 +#define RSA_ENCRYPT 3 +#define RSA_DECRYPT 4 -# define RSA_SIGN 1 -# define RSA_VERIFY 2 -# define RSA_ENCRYPT 3 -# define RSA_DECRYPT 4 - -# define KEY_PRIVKEY 1 -# define KEY_PUBKEY 2 -# define KEY_CERT 3 +#define KEY_PRIVKEY 1 +#define KEY_PUBKEY 2 +#define KEY_CERT 3 typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -60,9 +56,9 @@ const OPTIONS rsautl_options[] = { {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -279,4 +275,3 @@ int rsautl_main(int argc, char **argv) OPENSSL_free(passin); return ret; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h b/trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h index 0a3bc9628..f94e659e7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h +++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,13 +9,7 @@ #include -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) -# include -#endif - -#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) -# define _kbhit kbhit -#endif +#include #define PORT "4433" #define PROTOCOL "tcp" @@ -24,17 +18,15 @@ typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); int do_server(int *accept_sock, const char *host, const char *port, int family, int type, int protocol, do_server_cb cb, unsigned char *context, int naccept, BIO *bio_s_out); -#ifdef HEADER_X509_H + int verify_callback(int ok, X509_STORE_CTX *ctx); -#endif -#ifdef HEADER_SSL_H + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_groups(BIO *out, SSL *s, int noshared); -#endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, const char *bindhost, const char *bindport, @@ -44,13 +36,11 @@ int should_retry(int i); long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -#ifdef HEADER_SSL_H void apps_ssl_info_callback(const SSL *s, int where, int ret); void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg); -#endif int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); @@ -75,7 +65,6 @@ int args_excert(int option, SSL_EXCERT **pexc); int load_excert(SSL_EXCERT **pexc); void print_verify_detail(SSL *s, BIO *bio); void print_ssl_summary(SSL *s); -#ifdef HEADER_SSL_H int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx); int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download); @@ -86,4 +75,3 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); void print_ca_names(BIO *bio, SSL *s); -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c index d0e332a70..dee1b2e5b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -188,6 +188,7 @@ static STRINT_PAIR cert_type_list[] = { {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, {"GOST01 Sign", TLS_CT_GOST01_SIGN}, + {"GOST12 Sign", TLS_CT_GOST12_SIGN}, {NULL} }; @@ -683,6 +684,53 @@ static STRINT_PAIR tlsext_types[] = { {NULL} }; +/* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */ +static STRINT_PAIR signature_tls13_scheme_list[] = { + {"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */}, + {"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */}, +/* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */ +/* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */ + {"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */}, + {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */}, + {"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */}, + {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */}, + {"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */}, + {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */}, + {"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */}, + {"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */}, + {"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */}, + {"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */}, + {"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */}, + {"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */}, + {"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */}, + {"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */}, + {"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */}, + {"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */}, + {"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */}, + {NULL} +}; + +/* from rfc5246 7.4.1.4.1. */ +static STRINT_PAIR signature_tls12_alg_list[] = { + {"anonymous", TLSEXT_signature_anonymous /* 0 */}, + {"RSA", TLSEXT_signature_rsa /* 1 */}, + {"DSA", TLSEXT_signature_dsa /* 2 */}, + {"ECDSA", TLSEXT_signature_ecdsa /* 3 */}, + {NULL} +}; + +/* from rfc5246 7.4.1.4.1. */ +static STRINT_PAIR signature_tls12_hash_list[] = { + {"none", TLSEXT_hash_none /* 0 */}, + {"MD5", TLSEXT_hash_md5 /* 1 */}, + {"SHA1", TLSEXT_hash_sha1 /* 2 */}, + {"SHA224", TLSEXT_hash_sha224 /* 3 */}, + {"SHA256", TLSEXT_hash_sha256 /* 4 */}, + {"SHA384", TLSEXT_hash_sha384 /* 5 */}, + {"SHA512", TLSEXT_hash_sha512 /* 6 */}, + {NULL} +}; + void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg) { @@ -886,7 +934,8 @@ static int set_cert_cb(SSL *ssl, void *arg) if (!SSL_build_cert_chain(ssl, 0)) return 0; } else if (exc->chain != NULL) { - SSL_set1_chain(ssl, exc->chain); + if (!SSL_set1_chain(ssl, exc->chain)) + return 0; } } exc = exc->prev; @@ -1282,9 +1331,9 @@ static STRINT_PAIR callback_types[] = { {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED}, {"Shared Curve", SSL_SECOP_CURVE_SHARED}, {"Check Curve", SSL_SECOP_CURVE_CHECK}, - {"Supported Signature Algorithm digest", SSL_SECOP_SIGALG_SUPPORTED}, - {"Shared Signature Algorithm digest", SSL_SECOP_SIGALG_SHARED}, - {"Check Signature Algorithm digest", SSL_SECOP_SIGALG_CHECK}, + {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED}, + {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED}, + {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK}, {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK}, {"Certificate chain EE key", SSL_SECOP_EE_KEY}, {"Certificate chain CA key", SSL_SECOP_CA_KEY}, @@ -1304,29 +1353,37 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, security_debug_ex *sdb = ex; int rv, show_bits = 1, cert_md = 0; const char *nm; + int show_nm; rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex); if (rv == 1 && sdb->verbose < 2) return 1; BIO_puts(sdb->out, "Security callback: "); nm = lookup(op, callback_types, NULL); + show_nm = nm != NULL; switch (op) { case SSL_SECOP_TICKET: case SSL_SECOP_COMPRESSION: show_bits = 0; - nm = NULL; + show_nm = 0; break; case SSL_SECOP_VERSION: BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???")); show_bits = 0; - nm = NULL; + show_nm = 0; break; case SSL_SECOP_CA_MD: case SSL_SECOP_PEER_CA_MD: cert_md = 1; break; + case SSL_SECOP_SIGALG_SUPPORTED: + case SSL_SECOP_SIGALG_SHARED: + case SSL_SECOP_SIGALG_CHECK: + case SSL_SECOP_SIGALG_MASK: + show_nm = 0; + break; } - if (nm != NULL) + if (show_nm) BIO_printf(sdb->out, "%s=", nm); switch (op & SSL_SECOP_OTHER_TYPE) { @@ -1373,27 +1430,28 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, { const unsigned char *salg = other; const char *sname = NULL; - switch (salg[1]) { - case TLSEXT_signature_anonymous: - sname = "anonymous"; - break; - case TLSEXT_signature_rsa: - sname = "RSA"; - break; - case TLSEXT_signature_dsa: - sname = "DSA"; - break; - case TLSEXT_signature_ecdsa: - sname = "ECDSA"; - break; - } + int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */ + /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */ - BIO_puts(sdb->out, OBJ_nid2sn(nid)); - if (sname) - BIO_printf(sdb->out, ", algorithm=%s", sname); + if (nm != NULL) + BIO_printf(sdb->out, "%s", nm); else - BIO_printf(sdb->out, ", algid=%d", salg[1]); - break; + BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op); + + sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL); + if (sname != NULL) { + BIO_printf(sdb->out, " scheme=%s", sname); + } else { + int alg_code = salg[1]; + int hash_code = salg[0]; + const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL); + const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL); + + if (alg_str != NULL && hash_str != NULL) + BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str); + else + BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code); + } } } @@ -1469,7 +1527,8 @@ void print_ca_names(BIO *bio, SSL *s) int i; if (sk == NULL || sk_X509_NAME_num(sk) == 0) { - BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); + if (!SSL_is_server(s)) + BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); return; } diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_client.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_client.c index 4dd6e2fef..83b3fc9c7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/s_client.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -1283,22 +1283,42 @@ int s_client_main(int argc, char **argv) case OPT_SSL3: min_version = SSL3_VERSION; max_version = SSL3_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_3: min_version = TLS1_3_VERSION; max_version = TLS1_3_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_1: min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1: min_version = TLS1_VERSION; max_version = TLS1_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_DTLS: #ifndef OPENSSL_NO_DTLS @@ -2253,7 +2273,7 @@ int s_client_main(int argc, char **argv) do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); } - while (mbuf_len > 3 && mbuf[3] == '-'); + while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' ')); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); @@ -2345,7 +2365,7 @@ int s_client_main(int argc, char **argv) (void)BIO_flush(fbio); /* * The first line is the HTTP response. According to RFC 7230, - * it's formated exactly like this: + * it's formatted exactly like this: * * HTTP/d.d ddd Reason text\r\n */ diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c index 929a08bd8..938e24422 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -133,6 +133,17 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); + + if (SSL_version(ssl) >= TLS1_3_VERSION) { + /* + * This callback is designed for use in TLSv1.2. It is possible to use + * a single callback for all protocol versions - but it is preferred to + * use a dedicated callback for TLSv1.3. For TLSv1.3 we have + * psk_find_session_cb. + */ + return 0; + } + if (identity == NULL) { BIO_printf(bio_err, "Error: client did not send PSK identity\n"); goto out_err; @@ -180,9 +191,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, } #endif -#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") -#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") - static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, size_t identity_len, SSL_SESSION **sess) { @@ -1907,7 +1915,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); if (sdebug) - ssl_ctx_security_debug(ctx, sdebug); + ssl_ctx_security_debug(ctx2, sdebug); if (session_id_prefix) { if (strlen(session_id_prefix) >= 32) @@ -3208,6 +3216,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context) if (e[0] == ' ') break; + if (e[0] == ':') { + /* Windows drive. We treat this the same way as ".." */ + dot = -1; + break; + } + switch (dot) { case 1: dot = (e[0] == '.') ? 2 : 0; @@ -3216,11 +3230,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) dot = (e[0] == '.') ? 3 : 0; break; case 3: - dot = (e[0] == '/') ? -1 : 0; + dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; break; } if (dot == 0) - dot = (e[0] == '/') ? 1 : 0; + dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; } dot = (dot == 3) || (dot == -1); /* filename contains ".." * component */ @@ -3234,11 +3248,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) if (dot) { BIO_puts(io, text); - BIO_printf(io, "'%s' contains '..' reference\r\n", p); + BIO_printf(io, "'%s' contains '..' or ':'\r\n", p); break; } - if (*p == '/') { + if (*p == '/' || *p == '\\') { BIO_puts(io, text); BIO_printf(io, "'%s' is an invalid path\r\n", p); break; diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c index 76f928900..aee366d5f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -214,6 +214,8 @@ int do_server(int *accept_sock, const char *host, const char *port, const BIO_ADDRINFO *next; int sock_family, sock_type, sock_protocol, sock_port; const BIO_ADDR *sock_address; + int sock_family_fallback = AF_UNSPEC; + const BIO_ADDR *sock_address_fallback = NULL; int sock_options = BIO_SOCK_REUSEADDR; int ret = 0; @@ -244,6 +246,10 @@ int do_server(int *accept_sock, const char *host, const char *port, && BIO_ADDRINFO_protocol(next) == sock_protocol) { if (sock_family == AF_INET && BIO_ADDRINFO_family(next) == AF_INET6) { + /* In case AF_INET6 is returned but not supported by the + * kernel, retry with the first detected address family */ + sock_family_fallback = sock_family; + sock_address_fallback = sock_address; sock_family = AF_INET6; sock_address = BIO_ADDRINFO_address(next); } else if (sock_family == AF_INET6 @@ -253,6 +259,10 @@ int do_server(int *accept_sock, const char *host, const char *port, } asock = BIO_socket(sock_family, sock_type, sock_protocol, 0); + if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) { + asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0); + sock_address = sock_address_fallback; + } if (asock == INVALID_SOCKET || !BIO_listen(asock, sock_address, sock_options)) { BIO_ADDRINFO_free(res); diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/s_time.c b/trunk/3rdparty/openssl-1.1-fit/apps/s_time.c index 82d40a5a5..1235e545c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/s_time.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -62,6 +62,7 @@ const OPTIONS s_time_options[] = { {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, + {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, {"no-CAfile", OPT_NOCAFILE, '-', "Do not load the default certificates file"}, {"no-CApath", OPT_NOCAPATH, '-', @@ -262,7 +263,8 @@ int s_time_main(int argc, char **argv) nConn, totalTime, ((double)nConn / totalTime), bytes_read); printf ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); + nConn, (long)time(NULL) - finishtime + maxtime, + nConn > 0 ? bytes_read / nConn : 0l); /* * Now loop and time connections using the same session id over and over diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/server.pem b/trunk/3rdparty/openssl-1.1-fit/apps/server.pem index d0fc265f0..b38075919 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/server.pem +++ b/trunk/3rdparty/openssl-1.1-fit/apps/server.pem @@ -1,52 +1,47 @@ -subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert -issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG -A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU -RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ -KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi -R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv -vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 -TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU -41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R -AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49 -hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK -WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp -yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7 -vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds -xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t -JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA== +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= -----END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv -h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL -tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu -D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI -uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6 -qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn -zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3 -r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D -AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R -5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm -W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH -674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg -utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY -BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX -4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a -WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8 -bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH -6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex -4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa -WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g -n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB -JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+ -OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX -xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK -UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq +jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH +EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd +igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp +4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/ +WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p +8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq +gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD +nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u +OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4 +nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU +otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4 +XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA +trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V ++ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G +PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd +vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs +7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT +SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5 +lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/ +yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww +poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY +rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx +Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL +Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws +KQypwAFz0tbHxaNag/bSAN0J +-----END PRIVATE KEY----- diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/speed.c b/trunk/3rdparty/openssl-1.1-fit/apps/speed.c index 506737d05..d4ae7ab7b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/speed.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -489,30 +489,35 @@ static const OPT_PAIR rsa_choices[] = { static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_RSA */ -#define R_EC_P160 0 -#define R_EC_P192 1 -#define R_EC_P224 2 -#define R_EC_P256 3 -#define R_EC_P384 4 -#define R_EC_P521 5 -#define R_EC_K163 6 -#define R_EC_K233 7 -#define R_EC_K283 8 -#define R_EC_K409 9 -#define R_EC_K571 10 -#define R_EC_B163 11 -#define R_EC_B233 12 -#define R_EC_B283 13 -#define R_EC_B409 14 -#define R_EC_B571 15 -#define R_EC_BRP256R1 16 -#define R_EC_BRP256T1 17 -#define R_EC_BRP384R1 18 -#define R_EC_BRP384T1 19 -#define R_EC_BRP512R1 20 -#define R_EC_BRP512T1 21 -#define R_EC_X25519 22 -#define R_EC_X448 23 +enum { + R_EC_P160, + R_EC_P192, + R_EC_P224, + R_EC_P256, + R_EC_P384, + R_EC_P521, +#ifndef OPENSSL_NO_EC2M + R_EC_K163, + R_EC_K233, + R_EC_K283, + R_EC_K409, + R_EC_K571, + R_EC_B163, + R_EC_B233, + R_EC_B283, + R_EC_B409, + R_EC_B571, +#endif + R_EC_BRP256R1, + R_EC_BRP256T1, + R_EC_BRP384R1, + R_EC_BRP384T1, + R_EC_BRP512R1, + R_EC_BRP512T1, + R_EC_X25519, + R_EC_X448 +}; + #ifndef OPENSSL_NO_EC static OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, @@ -521,6 +526,7 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsap256", R_EC_P256}, {"ecdsap384", R_EC_P384}, {"ecdsap521", R_EC_P521}, +# ifndef OPENSSL_NO_EC2M {"ecdsak163", R_EC_K163}, {"ecdsak233", R_EC_K233}, {"ecdsak283", R_EC_K283}, @@ -531,6 +537,7 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, {"ecdsab571", R_EC_B571}, +# endif {"ecdsabrp256r1", R_EC_BRP256R1}, {"ecdsabrp256t1", R_EC_BRP256T1}, {"ecdsabrp384r1", R_EC_BRP384R1}, @@ -549,6 +556,7 @@ static const OPT_PAIR ecdh_choices[] = { {"ecdhp256", R_EC_P256}, {"ecdhp384", R_EC_P384}, {"ecdhp521", R_EC_P521}, +# ifndef OPENSSL_NO_EC2M {"ecdhk163", R_EC_K163}, {"ecdhk233", R_EC_K233}, {"ecdhk283", R_EC_K283}, @@ -559,6 +567,7 @@ static const OPT_PAIR ecdh_choices[] = { {"ecdhb283", R_EC_B283}, {"ecdhb409", R_EC_B409}, {"ecdhb571", R_EC_B571}, +# endif {"ecdhbrp256r1", R_EC_BRP256R1}, {"ecdhbrp256t1", R_EC_BRP256T1}, {"ecdhbrp384r1", R_EC_BRP384R1}, @@ -1233,8 +1242,6 @@ static int run_benchmark(int async_jobs, OSSL_ASYNC_FD job_fd = 0; size_t num_job_fds = 0; - run = 1; - if (async_jobs == 0) { return loop_function((void *)&loopargs); } @@ -1501,6 +1508,7 @@ int speed_main(int argc, char **argv) {"nistp256", NID_X9_62_prime256v1, 256}, {"nistp384", NID_secp384r1, 384}, {"nistp521", NID_secp521r1, 521}, +# ifndef OPENSSL_NO_EC2M /* Binary Curves */ {"nistk163", NID_sect163k1, 163}, {"nistk233", NID_sect233k1, 233}, @@ -1512,6 +1520,7 @@ int speed_main(int argc, char **argv) {"nistb283", NID_sect283r1, 283}, {"nistb409", NID_sect409r1, 409}, {"nistb571", NID_sect571r1, 571}, +# endif {"brainpoolP256r1", NID_brainpoolP256r1, 256}, {"brainpoolP256t1", NID_brainpoolP256t1, 256}, {"brainpoolP384r1", NID_brainpoolP384r1, 384}, @@ -1779,7 +1788,7 @@ int speed_main(int argc, char **argv) } buflen = lengths[size_num - 1]; - if (buflen < 36) /* size of random vector in RSA bencmark */ + if (buflen < 36) /* size of random vector in RSA benchmark */ buflen = 36; buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); @@ -2031,6 +2040,7 @@ int speed_main(int argc, char **argv) } } } +# ifndef OPENSSL_NO_EC2M ecdsa_c[R_EC_K163][0] = count / 1000; ecdsa_c[R_EC_K163][1] = count / 1000 / 2; for (i = R_EC_K233; i <= R_EC_K571; i++) { @@ -2059,6 +2069,7 @@ int speed_main(int argc, char **argv) } } } +# endif ecdh_c[R_EC_P160][0] = count / 1000; for (i = R_EC_P192; i <= R_EC_P521; i++) { @@ -2071,6 +2082,7 @@ int speed_main(int argc, char **argv) } } } +# ifndef OPENSSL_NO_EC2M ecdh_c[R_EC_K163][0] = count / 1000; for (i = R_EC_K233; i <= R_EC_K571; i++) { ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; @@ -2093,6 +2105,7 @@ int speed_main(int argc, char **argv) } } } +# endif /* repeated code good to factorize */ ecdh_c[R_EC_BRP256R1][0] = count / 1000; for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) { @@ -2397,7 +2410,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++) + for (count = 0; COND(c[D_CBC_128_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &camellia_ks1, iv, CAMELLIA_ENCRYPT); @@ -2419,7 +2432,7 @@ int speed_main(int argc, char **argv) exit(1); } Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++) + for (count = 0; COND(c[D_CBC_192_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &camellia_ks2, iv, CAMELLIA_ENCRYPT); @@ -2437,7 +2450,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++) + for (count = 0; COND(c[D_CBC_256_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &camellia_ks3, iv, CAMELLIA_ENCRYPT); @@ -2457,7 +2470,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++) + for (count = 0; COND(c[D_CBC_IDEA][testnum]); count++) IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &idea_ks, iv, IDEA_ENCRYPT); @@ -2477,7 +2490,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++) + for (count = 0; COND(c[D_CBC_SEED][testnum]); count++) SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &seed_ks, iv, 1); d = Time_F(STOP); @@ -2500,7 +2513,7 @@ int speed_main(int argc, char **argv) exit(1); } Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++) + for (count = 0; COND(c[D_CBC_RC2][testnum]); count++) RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &rc2_ks, iv, RC2_ENCRYPT); @@ -2524,7 +2537,7 @@ int speed_main(int argc, char **argv) exit(1); } Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++) + for (count = 0; COND(c[D_CBC_RC5][testnum]); count++) RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &rc5_ks, iv, RC5_ENCRYPT); @@ -2544,7 +2557,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++) + for (count = 0; COND(c[D_CBC_BF][testnum]); count++) BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &bf_ks, iv, BF_ENCRYPT); @@ -2564,7 +2577,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++) + for (count = 0; COND(c[D_CBC_CAST][testnum]); count++) CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &cast_ks, iv, CAST_ENCRYPT); @@ -2614,16 +2627,28 @@ int speed_main(int argc, char **argv) for (k = 0; k < loopargs_len; k++) { loopargs[k].ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL, - iv, decrypt ? 0 : 1); + if (loopargs[k].ctx == NULL) { + BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n"); + exit(1); + } + if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, + NULL, iv, decrypt ? 0 : 1)) { + BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); + ERR_print_errors(bio_err); + exit(1); + } EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx); loopargs[k].key = app_malloc(keylen, "evp_cipher key"); EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); - EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, - loopargs[k].key, NULL, -1); + if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, NULL, -1)) { + BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); + ERR_print_errors(bio_err); + exit(1); + } OPENSSL_clear_free(loopargs[k].key, keylen); } @@ -2979,7 +3004,7 @@ int speed_main(int argc, char **argv) pctx = NULL; } if (kctx == NULL || /* keygen ctx is not null */ - !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) { + EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) { ecdh_checks = 0; BIO_printf(bio_err, "ECDH keygen failure.\n"); ERR_print_errors(bio_err); @@ -2987,12 +3012,12 @@ int speed_main(int argc, char **argv) break; } - if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */ - !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */ + if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */ + EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */ !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */ - !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */ - !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */ - !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */ + EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */ + EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */ + EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */ outlen == 0 || /* ensure outlen is a valid size */ outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) { ecdh_checks = 0; @@ -3079,8 +3104,8 @@ int speed_main(int argc, char **argv) if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL)) == NULL - || !EVP_PKEY_keygen_init(ed_pctx) - || !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) { + || EVP_PKEY_keygen_init(ed_pctx) <= 0 + || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) { st = 0; EVP_PKEY_CTX_free(ed_pctx); break; @@ -3368,6 +3393,7 @@ static void print_message(const char *s, long num, int length, int tm) mr ? "+DT:%s:%d:%d\n" : "Doing %s for %ds on %d size blocks: ", s, tm, length); (void)BIO_flush(bio_err); + run = 1; alarm(tm); #else BIO_printf(bio_err, @@ -3385,6 +3411,7 @@ static void pkey_print_message(const char *str, const char *str2, long num, mr ? "+DTP:%d:%s:%s:%d\n" : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); (void)BIO_flush(bio_err); + run = 1; alarm(tm); #else BIO_printf(bio_err, @@ -3557,6 +3584,7 @@ static int do_multi(int multi, int size_num) p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); + sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); eddsa_results[k][0] += d; @@ -3614,7 +3642,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, for (j = 0; j < num; j++) { print_message(alg_name, 0, mblengths[j], seconds->sym); Time_F(START); - for (count = 0, run = 1; run && count < 0x7fffffff; count++) { + for (count = 0; run && count < 0x7fffffff; count++) { unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/srp.c b/trunk/3rdparty/openssl-1.1-fit/apps/srp.c index 689574a48..6c5817387 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/srp.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/srp.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,28 +12,24 @@ */ #include -#ifdef OPENSSL_NO_SRP -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" - -# define BASE_SECTION "srp" -# define CONFIG_FILE "openssl.cnf" +#define BASE_SECTION "srp" +#define CONFIG_FILE "openssl.cnf" -# define ENV_DATABASE "srpvfile" -# define ENV_DEFAULT_SRP "default_srp" +#define ENV_DATABASE "srpvfile" +#define ENV_DEFAULT_SRP "default_srp" static int get_index(CA_DB *db, char *id, char type) { @@ -212,9 +208,9 @@ const OPTIONS srp_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -610,4 +606,3 @@ int srp_main(int argc, char **argv) release_engine(e); return ret; } -#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c b/trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c index 50007f6e8..644fe2849 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/storeutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -125,7 +125,7 @@ int storeutl_main(int argc, char *argv[]) } /* * If expected wasn't set at this point, it means the map - * isn't syncronised with the possible options leading here. + * isn't synchronised with the possible options leading here. */ OPENSSL_assert(expected != 0); } diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h b/trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h index e023b0aa4..7e606cba0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h +++ b/trunk/3rdparty/openssl-1.1-fit/apps/timeouts.h @@ -7,11 +7,11 @@ * https://www.openssl.org/source/license.html */ -#ifndef INCLUDED_TIMEOUTS_H -# define INCLUDED_TIMEOUTS_H +#ifndef OSSL_APPS_TIMEOUTS_H +# define OSSL_APPS_TIMEOUTS_H /* numbers in us */ # define DGRAM_RCV_TIMEOUT 250000 # define DGRAM_SND_TIMEOUT 250000 -#endif /* ! INCLUDED_TIMEOUTS_H */ +#endif /* ! OSSL_APPS_TIMEOUTS_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/ts.c b/trunk/3rdparty/openssl-1.1-fit/apps/ts.c index 930c1daaa..66a0c810e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/ts.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/ts.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,29 +8,26 @@ */ #include -#ifdef OPENSSL_NO_TS -NON_EMPTY_TRANSLATION_UNIT -#else -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include /* Request nonce length, in bits (must be a multiple of 8). */ -# define NONCE_LENGTH 64 +#define NONCE_LENGTH 64 /* Name of config entry that defines the OID file. */ -# define ENV_OID_FILE "oid_file" +#define ENV_OID_FILE "oid_file" /* Is |EXACTLY_ONE| of three pointers set? */ -# define EXACTLY_ONE(a, b, c) \ +#define EXACTLY_ONE(a, b, c) \ (( a && !b && !c) || \ ( b && !a && !c) || \ ( c && !a && !b)) @@ -114,9 +111,9 @@ const OPTIONS ts_options[] = { {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"}, {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"}, {"", OPT_MD, '-', "Any supported digest"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"}, OPT_V_OPTIONS, {OPT_HELP_STR, 1, '-', "\n"}, @@ -137,11 +134,11 @@ static char* opt_helplist[] = { " [-signer tsa_cert.pem] [-inkey private_key.pem]", " [-chain certs_file.pem] [-tspolicy oid]", " [-in file] [-token_in] [-out file] [-token_out]", -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE " [-text] [-engine id]", -# else +#else " [-text]", -# endif +#endif " or", "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem", " [-data file] [-digest hexstring]", @@ -282,7 +279,8 @@ int ts_main(int argc, char **argv) goto end; } - conf = load_config_file(configfile); + if ((conf = load_config_file(configfile)) == NULL) + goto end; if (configfile != default_config_file && !app_load_modules(conf)) goto end; @@ -681,10 +679,10 @@ static TS_RESP *create_response(CONF *conf, const char *section, const char *eng goto end; if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) goto end; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE if (!TS_CONF_set_crypto_device(conf, section, engine)) goto end; -# endif +#endif if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) goto end; if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) @@ -983,4 +981,3 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx) { return ok; } -#endif /* ndef OPENSSL_NO_TS */ diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h b/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h index c4d1702d7..e092b18ea 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h +++ b/trunk/3rdparty/openssl-1.1-fit/apps/vms_term_sock.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef TERM_SOCK_H -# define TERM_SOCK_H +#ifndef OSSL_APPS_VMS_TERM_SOCK_H +# define OSSL_APPS_VMS_TERM_SOCK_H /* ** Terminal Socket Function Codes diff --git a/trunk/3rdparty/openssl-1.1-fit/apps/x509.c b/trunk/3rdparty/openssl-1.1-fit/apps/x509.c index 81291a9a4..1043eba0c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/apps/x509.c +++ b/trunk/3rdparty/openssl-1.1-fit/apps/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,7 +72,7 @@ const OPTIONS x509_options[] = { {"outform", OPT_OUTFORM, 'f', "Output format - default PEM (one of DER or PEM)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, + {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"}, {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, {"serial", OPT_SERIAL, '-', "Print serial number value"}, {"subject_hash", OPT_HASH, '-', "Print subject hash value"}, @@ -107,7 +107,7 @@ const OPTIONS x509_options[] = { {"checkend", OPT_CHECKEND, 'M', "Check whether the cert expires in the next arg seconds"}, {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"}, - {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"}, + {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"}, {"x509toreq", OPT_X509TOREQ, '-', "Output a certification request object"}, {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"}, @@ -130,7 +130,7 @@ const OPTIONS x509_options[] = { {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"}, {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, - {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"}, + {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format - default PEM"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"}, {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"}, @@ -140,9 +140,9 @@ const OPTIONS x509_options[] = { {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', "Print old-style (MD5) subject hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -217,7 +217,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat)) + if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat)) goto opthelp; break; case OPT_CAFORM: @@ -225,7 +225,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_CAKEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat)) + if (!opt_format(opt_arg(), OPT_FMT_PDE, &CAkeyformat)) goto opthelp; break; case OPT_OUT: diff --git a/trunk/3rdparty/openssl-1.1-fit/appveyor.yml b/trunk/3rdparty/openssl-1.1-fit/appveyor.yml index 24966c0fa..6210391f2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/appveyor.yml +++ b/trunk/3rdparty/openssl-1.1-fit/appveyor.yml @@ -1,3 +1,6 @@ +image: + - Visual Studio 2017 + platform: - x64 - x86 @@ -5,17 +8,24 @@ platform: environment: fast_finish: true matrix: - - VSVER: 14 + - VSVER: 15 configuration: - shared - plain + - minimal before_build: + - ps: >- + Install-Module VSSetup -Scope CurrentUser + - ps: >- + Get-VSSetupInstance -All + - ps: >- + gci env:* | sort-object name - ps: >- If ($env:Platform -Match "x86") { $env:VCVARS_PLATFORM="x86" - $env:TARGET="VC-WIN32 no-asm" + $env:TARGET="VC-WIN32 no-asm --strict-warnings" } Else { $env:VCVARS_PLATFORM="amd64" $env:TARGET="VC-WIN64A-masm" @@ -23,11 +33,12 @@ before_build: - ps: >- If ($env:Configuration -Match "shared") { $env:SHARED="no-makedepend" + } ElseIf ($env:Configuration -Match "minimal") { + $env:SHARED="no-shared no-dso no-makedepend no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_SMALL_FOOTPRINT" } Else { $env:SHARED="no-shared no-makedepend" } - - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS")) - - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM% + - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM% - mkdir _build - cd _build - perl ..\Configure %TARGET% %SHARED% @@ -35,7 +46,8 @@ before_build: - cd .. - ps: >- if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` - -or (&git log -2 | Select-String "\[extended tests\]") ) { + -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT | + Select-String "\[extended tests\]") ) { $env:EXTENDED_TESTS="yes" } diff --git a/trunk/3rdparty/openssl-1.1-fit/build.info b/trunk/3rdparty/openssl-1.1-fit/build.info index 3dda4e89b..05c9bdd19 100644 --- a/trunk/3rdparty/openssl-1.1-fit/build.info +++ b/trunk/3rdparty/openssl-1.1-fit/build.info @@ -9,20 +9,20 @@ ""; -} LIBS=libcrypto libssl -INCLUDE[libcrypto]=. crypto/include include +INCLUDE[libcrypto]=. include INCLUDE[libssl]=. include DEPEND[libssl]=libcrypto # Empty DEPEND "indices" means the dependencies are expected to be built # unconditionally before anything else. -DEPEND[]=include/openssl/opensslconf.h crypto/include/internal/bn_conf.h \ - crypto/include/internal/dso_conf.h +DEPEND[]=include/openssl/opensslconf.h include/crypto/bn_conf.h \ + include/crypto/dso_conf.h DEPEND[include/openssl/opensslconf.h]=configdata.pm GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in -DEPEND[crypto/include/internal/bn_conf.h]=configdata.pm -GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in -DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm -GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in +DEPEND[include/crypto/bn_conf.h]=configdata.pm +GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in +DEPEND[include/crypto/dso_conf.h]=configdata.pm +GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in IF[{- defined $target{shared_defflag} -}] IF[{- $config{target} =~ /^mingw/ -}] diff --git a/trunk/3rdparty/openssl-1.1-fit/config b/trunk/3rdparty/openssl-1.1-fit/config index d0e31b651..26225ca2a 100755 --- a/trunk/3rdparty/openssl-1.1-fit/config +++ b/trunk/3rdparty/openssl-1.1-fit/config @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -253,11 +253,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in Power*) echo "ppc-apple-darwin${VERSION}" ;; - x86_64) - echo "x86_64-apple-darwin${VERSION}" - ;; *) - echo "i686-apple-darwin${VERSION}" + echo "${MACHINE}-apple-darwin${VERSION}" ;; esac exit 0 @@ -497,22 +494,22 @@ case "$GUESSOS" in else OUT="darwin64-x86_64-cc" fi ;; + $MACHINE-apple-darwin*) + OUT="darwin64-$MACHINE-cc" + ;; armv6+7-*-iphoneos) - __CNF_CFLAGS="$__CNF_CFLAGS -arch%20armv6 -arch%20armv7" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20armv6 -arch%20armv7" + __CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7" OUT="iphoneos-cross" ;; *-*-iphoneos) - __CNF_CFLAGS="$__CNF_CFLAGS -arch%20${MACHINE}" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20${MACHINE}" + __CNF_CFLAGS="$__CNF_CFLAGS -arch ${MACHINE}" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch ${MACHINE}" OUT="iphoneos-cross" ;; arm64-*-iphoneos|*-*-ios64) OUT="ios64-cross" ;; alpha-*-linux2) ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo` - case ${ISA:-generic} in - *[678]) OUT="linux-alpha+bwx-$CC" ;; - *) OUT="linux-alpha-$CC" ;; - esac + OUT="linux-alpha-$CC" if [ "$CC" = "gcc" ]; then case ${ISA:-generic} in EV5|EV45) __CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev5" @@ -908,8 +905,12 @@ fi OUT="$OUT" -$PERL $THERE/Configure LIST | grep "$OUT" > /dev/null -if [ $? = "0" ]; then +if [ "$OUT" = "darwin64-x86_64-cc" ]; then + echo "WARNING! If you wish to build 32-bit libraries, then you have to" + echo " invoke 'KERNEL_BITS=32 $THERE/config $options'." +fi + +if $PERL $THERE/Configure LIST | grep "$OUT" > /dev/null; then if [ "$VERBOSE" = "true" ]; then echo /usr/bin/env \ __CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \ @@ -939,8 +940,5 @@ else exit 1 fi -if [ "$OUT" = "darwin64-x86_64-cc" ]; then - echo "WARNING! If you wish to build 32-bit libraries, then you have to" - echo " invoke 'KERNEL_BITS=32 $THERE/config $options'." -fi +# Do not add anothing from here on, so we don't lose the Configure exit code ) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_unix.c b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_unix.c index b1022895c..bbbec0aee 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_unix.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/LPdir_unix.c @@ -131,9 +131,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) return 0; } - strncpy((*ctx)->entry_name, direntry->d_name, - sizeof((*ctx)->entry_name) - 1); - (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; + OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name, + sizeof((*ctx)->entry_name)); #ifdef __VMS if ((*ctx)->expect_file_generations) { char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_core.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_core.c index f1f11fd8d..ad00c729e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_core.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_core.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,9 +41,639 @@ #include #include #include -#include "aes_locl.h" +#include "aes_local.h" -#ifndef AES_ASM +#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM) +typedef union { + unsigned char b[8]; + u32 w[2]; + u64 d; +} uni; + +/* + * Compute w := (w * x) mod (x^8 + x^4 + x^3 + x^1 + 1) + * Therefore the name "xtime". + */ +static void XtimeWord(u32 *w) +{ + u32 a, b; + + a = *w; + b = a & 0x80808080u; + a ^= b; + b -= b >> 7; + b &= 0x1B1B1B1Bu; + b ^= a << 1; + *w = b; +} + +static void XtimeLong(u64 *w) +{ + u64 a, b; + + a = *w; + b = a & 0x8080808080808080uLL; + a ^= b; + b -= b >> 7; + b &= 0x1B1B1B1B1B1B1B1BuLL; + b ^= a << 1; + *w = b; +} + +/* + * This computes w := S * w ^ -1 + c, where c = {01100011}. + * Instead of using GF(2^8) mod (x^8+x^4+x^3+x+1} we do the inversion + * in GF(GF(GF(2^2)^2)^2) mod (X^2+X+8) + * and GF(GF(2^2)^2) mod (X^2+X+2) + * and GF(2^2) mod (X^2+X+1) + * The first part of the algorithm below transfers the coordinates + * {0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80} => + * {1,Y,Y^2,Y^3,Y^4,Y^5,Y^6,Y^7} with Y=0x41: + * {0x01,0x41,0x66,0x6c,0x56,0x9a,0x58,0xc4} + * The last part undoes the coordinate transfer and the final affine + * transformation S: + * b[i] = b[i] + b[(i+4)%8] + b[(i+5)%8] + b[(i+6)%8] + b[(i+7)%8] + c[i] + * in one step. + * The multiplication in GF(2^2^2^2) is done in ordinary coords: + * A = (a0*1 + a1*x^4) + * B = (b0*1 + b1*x^4) + * AB = ((a0*b0 + 8*a1*b1)*1 + (a1*b0 + (a0+a1)*b1)*x^4) + * When A = (a0,a1) is given we want to solve AB = 1: + * (a) 1 = a0*b0 + 8*a1*b1 + * (b) 0 = a1*b0 + (a0+a1)*b1 + * => multiply (a) by a1 and (b) by a0 + * (c) a1 = a1*a0*b0 + (8*a1*a1)*b1 + * (d) 0 = a1*a0*b0 + (a0*a0+a1*a0)*b1 + * => add (c) + (d) + * (e) a1 = (a0*a0 + a1*a0 + 8*a1*a1)*b1 + * => therefore + * b1 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * a1 + * => and adding (a1*b0) to (b) we get + * (f) a1*b0 = (a0+a1)*b1 + * => therefore + * b0 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * (a0+a1) + * Note this formula also works for the case + * (a0+a1)*a0 + 8*a1*a1 = 0 + * if the inverse element for 0^-1 is mapped to 0. + * Repeat the same for GF(2^2^2) and GF(2^2). + * We get the following algorithm: + * inv8(a0,a1): + * x0 = a0^a1 + * [y0,y1] = mul4([x0,a1],[a0,a1]); (*) + * y1 = mul4(8,y1); + * t = inv4(y0^y1); + * [b0,b1] = mul4([x0,a1],[t,t]); (*) + * return [b0,b1]; + * The non-linear multiplies (*) can be done in parallel at no extra cost. + */ +static void SubWord(u32 *w) +{ + u32 x, y, a1, a2, a3, a4, a5, a6; + + x = *w; + y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7); + x &= 0xDDDDDDDDu; + x ^= y & 0x57575757u; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x1C1C1C1Cu; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x4A4A4A4Au; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x42424242u; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x64646464u; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0xE0E0E0E0u; + a1 = x; + a1 ^= (x & 0xF0F0F0F0u) >> 4; + a2 = ((x & 0xCCCCCCCCu) >> 2) | ((x & 0x33333333u) << 2); + a3 = x & a1; + a3 ^= (a3 & 0xAAAAAAAAu) >> 1; + a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAu; + a4 = a2 & a1; + a4 ^= (a4 & 0xAAAAAAAAu) >> 1; + a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAu; + a5 = (a3 & 0xCCCCCCCCu) >> 2; + a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu; + a4 = a5 & 0x22222222u; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x22222222u; + a3 ^= a4; + a5 = a3 & 0xA0A0A0A0u; + a5 |= a5 >> 1; + a5 ^= (a3 << 1) & 0xA0A0A0A0u; + a4 = a5 & 0xC0C0C0C0u; + a6 = a4 >> 2; + a4 ^= (a5 << 2) & 0xC0C0C0C0u; + a5 = a6 & 0x20202020u; + a5 |= a5 >> 1; + a5 ^= (a6 << 1) & 0x20202020u; + a4 |= a5; + a3 ^= a4 >> 4; + a3 &= 0x0F0F0F0Fu; + a2 = a3; + a2 ^= (a3 & 0x0C0C0C0Cu) >> 2; + a4 = a3 & a2; + a4 ^= (a4 & 0x0A0A0A0A0Au) >> 1; + a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0Au; + a5 = a4 & 0x08080808u; + a5 |= a5 >> 1; + a5 ^= (a4 << 1) & 0x08080808u; + a4 ^= a5 >> 2; + a4 &= 0x03030303u; + a4 ^= (a4 & 0x02020202u) >> 1; + a4 |= a4 << 2; + a3 = a2 & a4; + a3 ^= (a3 & 0x0A0A0A0Au) >> 1; + a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0Au; + a3 |= a3 << 4; + a2 = ((a1 & 0xCCCCCCCCu) >> 2) | ((a1 & 0x33333333u) << 2); + x = a1 & a3; + x ^= (x & 0xAAAAAAAAu) >> 1; + x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAu; + a4 = a2 & a3; + a4 ^= (a4 & 0xAAAAAAAAu) >> 1; + a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAu; + a5 = (x & 0xCCCCCCCCu) >> 2; + x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu; + a4 = a5 & 0x22222222u; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x22222222u; + x ^= a4; + y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7); + x &= 0x39393939u; + x ^= y & 0x3F3F3F3Fu; + y = ((y & 0xFCFCFCFCu) >> 2) | ((y & 0x03030303u) << 6); + x ^= y & 0x97979797u; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x9B9B9B9Bu; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x3C3C3C3Cu; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0xDDDDDDDDu; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x72727272u; + x ^= 0x63636363u; + *w = x; +} + +static void SubLong(u64 *w) +{ + u64 x, y, a1, a2, a3, a4, a5, a6; + + x = *w; + y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7); + x &= 0xDDDDDDDDDDDDDDDDuLL; + x ^= y & 0x5757575757575757uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x1C1C1C1C1C1C1C1CuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x4A4A4A4A4A4A4A4AuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x4242424242424242uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x6464646464646464uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xE0E0E0E0E0E0E0E0uLL; + a1 = x; + a1 ^= (x & 0xF0F0F0F0F0F0F0F0uLL) >> 4; + a2 = ((x & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((x & 0x3333333333333333uLL) << 2); + a3 = x & a1; + a3 ^= (a3 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAAAAAAAAAuLL; + a4 = a2 & a1; + a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL; + a5 = (a3 & 0xCCCCCCCCCCCCCCCCuLL) >> 2; + a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL; + a4 = a5 & 0x2222222222222222uLL; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x2222222222222222uLL; + a3 ^= a4; + a5 = a3 & 0xA0A0A0A0A0A0A0A0uLL; + a5 |= a5 >> 1; + a5 ^= (a3 << 1) & 0xA0A0A0A0A0A0A0A0uLL; + a4 = a5 & 0xC0C0C0C0C0C0C0C0uLL; + a6 = a4 >> 2; + a4 ^= (a5 << 2) & 0xC0C0C0C0C0C0C0C0uLL; + a5 = a6 & 0x2020202020202020uLL; + a5 |= a5 >> 1; + a5 ^= (a6 << 1) & 0x2020202020202020uLL; + a4 |= a5; + a3 ^= a4 >> 4; + a3 &= 0x0F0F0F0F0F0F0F0FuLL; + a2 = a3; + a2 ^= (a3 & 0x0C0C0C0C0C0C0C0CuLL) >> 2; + a4 = a3 & a2; + a4 ^= (a4 & 0x0A0A0A0A0A0A0A0AuLL) >> 1; + a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0A0A0A0A0AuLL; + a5 = a4 & 0x0808080808080808uLL; + a5 |= a5 >> 1; + a5 ^= (a4 << 1) & 0x0808080808080808uLL; + a4 ^= a5 >> 2; + a4 &= 0x0303030303030303uLL; + a4 ^= (a4 & 0x0202020202020202uLL) >> 1; + a4 |= a4 << 2; + a3 = a2 & a4; + a3 ^= (a3 & 0x0A0A0A0A0A0A0A0AuLL) >> 1; + a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0A0A0A0A0AuLL; + a3 |= a3 << 4; + a2 = ((a1 & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((a1 & 0x3333333333333333uLL) << 2); + x = a1 & a3; + x ^= (x & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAAAAAAAAAuLL; + a4 = a2 & a3; + a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL; + a5 = (x & 0xCCCCCCCCCCCCCCCCuLL) >> 2; + x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL; + a4 = a5 & 0x2222222222222222uLL; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x2222222222222222uLL; + x ^= a4; + y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7); + x &= 0x3939393939393939uLL; + x ^= y & 0x3F3F3F3F3F3F3F3FuLL; + y = ((y & 0xFCFCFCFCFCFCFCFCuLL) >> 2) | ((y & 0x0303030303030303uLL) << 6); + x ^= y & 0x9797979797979797uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x9B9B9B9B9B9B9B9BuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x3C3C3C3C3C3C3C3CuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xDDDDDDDDDDDDDDDDuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x7272727272727272uLL; + x ^= 0x6363636363636363uLL; + *w = x; +} + +/* + * This computes w := (S^-1 * (w + c))^-1 + */ +static void InvSubLong(u64 *w) +{ + u64 x, y, a1, a2, a3, a4, a5, a6; + + x = *w; + x ^= 0x6363636363636363uLL; + y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7); + x &= 0xFDFDFDFDFDFDFDFDuLL; + x ^= y & 0x5E5E5E5E5E5E5E5EuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xF3F3F3F3F3F3F3F3uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xF5F5F5F5F5F5F5F5uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x7878787878787878uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x7777777777777777uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x1515151515151515uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xA5A5A5A5A5A5A5A5uLL; + a1 = x; + a1 ^= (x & 0xF0F0F0F0F0F0F0F0uLL) >> 4; + a2 = ((x & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((x & 0x3333333333333333uLL) << 2); + a3 = x & a1; + a3 ^= (a3 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAAAAAAAAAuLL; + a4 = a2 & a1; + a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL; + a5 = (a3 & 0xCCCCCCCCCCCCCCCCuLL) >> 2; + a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL; + a4 = a5 & 0x2222222222222222uLL; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x2222222222222222uLL; + a3 ^= a4; + a5 = a3 & 0xA0A0A0A0A0A0A0A0uLL; + a5 |= a5 >> 1; + a5 ^= (a3 << 1) & 0xA0A0A0A0A0A0A0A0uLL; + a4 = a5 & 0xC0C0C0C0C0C0C0C0uLL; + a6 = a4 >> 2; + a4 ^= (a5 << 2) & 0xC0C0C0C0C0C0C0C0uLL; + a5 = a6 & 0x2020202020202020uLL; + a5 |= a5 >> 1; + a5 ^= (a6 << 1) & 0x2020202020202020uLL; + a4 |= a5; + a3 ^= a4 >> 4; + a3 &= 0x0F0F0F0F0F0F0F0FuLL; + a2 = a3; + a2 ^= (a3 & 0x0C0C0C0C0C0C0C0CuLL) >> 2; + a4 = a3 & a2; + a4 ^= (a4 & 0x0A0A0A0A0A0A0A0AuLL) >> 1; + a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0A0A0A0A0AuLL; + a5 = a4 & 0x0808080808080808uLL; + a5 |= a5 >> 1; + a5 ^= (a4 << 1) & 0x0808080808080808uLL; + a4 ^= a5 >> 2; + a4 &= 0x0303030303030303uLL; + a4 ^= (a4 & 0x0202020202020202uLL) >> 1; + a4 |= a4 << 2; + a3 = a2 & a4; + a3 ^= (a3 & 0x0A0A0A0A0A0A0A0AuLL) >> 1; + a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0A0A0A0A0AuLL; + a3 |= a3 << 4; + a2 = ((a1 & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((a1 & 0x3333333333333333uLL) << 2); + x = a1 & a3; + x ^= (x & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAAAAAAAAAuLL; + a4 = a2 & a3; + a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL; + a5 = (x & 0xCCCCCCCCCCCCCCCCuLL) >> 2; + x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL; + a4 = a5 & 0x2222222222222222uLL; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x2222222222222222uLL; + x ^= a4; + y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7); + x &= 0xB5B5B5B5B5B5B5B5uLL; + x ^= y & 0x4040404040404040uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x8080808080808080uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x1616161616161616uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xEBEBEBEBEBEBEBEBuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x9797979797979797uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xFBFBFBFBFBFBFBFBuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x7D7D7D7D7D7D7D7DuLL; + *w = x; +} + +static void ShiftRows(u64 *state) +{ + unsigned char s[4]; + unsigned char *s0; + int r; + + s0 = (unsigned char *)state; + for (r = 0; r < 4; r++) { + s[0] = s0[0*4 + r]; + s[1] = s0[1*4 + r]; + s[2] = s0[2*4 + r]; + s[3] = s0[3*4 + r]; + s0[0*4 + r] = s[(r+0) % 4]; + s0[1*4 + r] = s[(r+1) % 4]; + s0[2*4 + r] = s[(r+2) % 4]; + s0[3*4 + r] = s[(r+3) % 4]; + } +} + +static void InvShiftRows(u64 *state) +{ + unsigned char s[4]; + unsigned char *s0; + int r; + + s0 = (unsigned char *)state; + for (r = 0; r < 4; r++) { + s[0] = s0[0*4 + r]; + s[1] = s0[1*4 + r]; + s[2] = s0[2*4 + r]; + s[3] = s0[3*4 + r]; + s0[0*4 + r] = s[(4-r) % 4]; + s0[1*4 + r] = s[(5-r) % 4]; + s0[2*4 + r] = s[(6-r) % 4]; + s0[3*4 + r] = s[(7-r) % 4]; + } +} + +static void MixColumns(u64 *state) +{ + uni s1; + uni s; + int c; + + for (c = 0; c < 2; c++) { + s1.d = state[c]; + s.d = s1.d; + s.d ^= ((s.d & 0xFFFF0000FFFF0000uLL) >> 16) + | ((s.d & 0x0000FFFF0000FFFFuLL) << 16); + s.d ^= ((s.d & 0xFF00FF00FF00FF00uLL) >> 8) + | ((s.d & 0x00FF00FF00FF00FFuLL) << 8); + s.d ^= s1.d; + XtimeLong(&s1.d); + s.d ^= s1.d; + s.b[0] ^= s1.b[1]; + s.b[1] ^= s1.b[2]; + s.b[2] ^= s1.b[3]; + s.b[3] ^= s1.b[0]; + s.b[4] ^= s1.b[5]; + s.b[5] ^= s1.b[6]; + s.b[6] ^= s1.b[7]; + s.b[7] ^= s1.b[4]; + state[c] = s.d; + } +} + +static void InvMixColumns(u64 *state) +{ + uni s1; + uni s; + int c; + + for (c = 0; c < 2; c++) { + s1.d = state[c]; + s.d = s1.d; + s.d ^= ((s.d & 0xFFFF0000FFFF0000uLL) >> 16) + | ((s.d & 0x0000FFFF0000FFFFuLL) << 16); + s.d ^= ((s.d & 0xFF00FF00FF00FF00uLL) >> 8) + | ((s.d & 0x00FF00FF00FF00FFuLL) << 8); + s.d ^= s1.d; + XtimeLong(&s1.d); + s.d ^= s1.d; + s.b[0] ^= s1.b[1]; + s.b[1] ^= s1.b[2]; + s.b[2] ^= s1.b[3]; + s.b[3] ^= s1.b[0]; + s.b[4] ^= s1.b[5]; + s.b[5] ^= s1.b[6]; + s.b[6] ^= s1.b[7]; + s.b[7] ^= s1.b[4]; + XtimeLong(&s1.d); + s1.d ^= ((s1.d & 0xFFFF0000FFFF0000uLL) >> 16) + | ((s1.d & 0x0000FFFF0000FFFFuLL) << 16); + s.d ^= s1.d; + XtimeLong(&s1.d); + s1.d ^= ((s1.d & 0xFF00FF00FF00FF00uLL) >> 8) + | ((s1.d & 0x00FF00FF00FF00FFuLL) << 8); + s.d ^= s1.d; + state[c] = s.d; + } +} + +static void AddRoundKey(u64 *state, const u64 *w) +{ + state[0] ^= w[0]; + state[1] ^= w[1]; +} + +static void Cipher(const unsigned char *in, unsigned char *out, + const u64 *w, int nr) +{ + u64 state[2]; + int i; + + memcpy(state, in, 16); + + AddRoundKey(state, w); + + for (i = 1; i < nr; i++) { + SubLong(&state[0]); + SubLong(&state[1]); + ShiftRows(state); + MixColumns(state); + AddRoundKey(state, w + i*2); + } + + SubLong(&state[0]); + SubLong(&state[1]); + ShiftRows(state); + AddRoundKey(state, w + nr*2); + + memcpy(out, state, 16); +} + +static void InvCipher(const unsigned char *in, unsigned char *out, + const u64 *w, int nr) + +{ + u64 state[2]; + int i; + + memcpy(state, in, 16); + + AddRoundKey(state, w + nr*2); + + for (i = nr - 1; i > 0; i--) { + InvShiftRows(state); + InvSubLong(&state[0]); + InvSubLong(&state[1]); + AddRoundKey(state, w + i*2); + InvMixColumns(state); + } + + InvShiftRows(state); + InvSubLong(&state[0]); + InvSubLong(&state[1]); + AddRoundKey(state, w); + + memcpy(out, state, 16); +} + +static void RotWord(u32 *x) +{ + unsigned char *w0; + unsigned char tmp; + + w0 = (unsigned char *)x; + tmp = w0[0]; + w0[0] = w0[1]; + w0[1] = w0[2]; + w0[2] = w0[3]; + w0[3] = tmp; +} + +static void KeyExpansion(const unsigned char *key, u64 *w, + int nr, int nk) +{ + u32 rcon; + uni prev; + u32 temp; + int i, n; + + memcpy(w, key, nk*4); + memcpy(&rcon, "\1\0\0\0", 4); + n = nk/2; + prev.d = w[n-1]; + for (i = n; i < (nr+1)*2; i++) { + temp = prev.w[1]; + if (i % n == 0) { + RotWord(&temp); + SubWord(&temp); + temp ^= rcon; + XtimeWord(&rcon); + } else if (nk > 6 && i % n == 2) { + SubWord(&temp); + } + prev.d = w[i-n]; + prev.w[0] ^= temp; + prev.w[1] ^= prev.w[0]; + w[i] = prev.d; + } +} + +/** + * Expand the cipher key into the encryption key schedule. + */ +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) +{ + u64 *rk; + + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; + + rk = (u64*)key->rd_key; + + if (bits == 128) + key->rounds = 10; + else if (bits == 192) + key->rounds = 12; + else + key->rounds = 14; + + KeyExpansion(userKey, rk, key->rounds, bits/32); + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + */ +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) +{ + return AES_set_encrypt_key(userKey, bits, key); +} + +/* + * Encrypt a single block + * in and out can overlap + */ +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key) +{ + const u64 *rk; + + assert(in && out && key); + rk = (u64*)key->rd_key; + + Cipher(in, out, rk, key->rounds); +} + +/* + * Decrypt a single block + * in and out can overlap + */ +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key) +{ + const u64 *rk; + + assert(in && out && key); + rk = (u64*)key->rd_key; + + InvCipher(in, out, rk, key->rounds); +} +#elif !defined(AES_ASM) /*- Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ecb.c index 29bfc1ad6..4fa360ca8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ecb.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ecb.c @@ -10,7 +10,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key, const int enc) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ige.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ige.c index 75f796cf3..804b3a723 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ige.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_ige.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,7 @@ #include "internal/cryptlib.h" #include -#include "aes_locl.h" - -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { - unsigned long data[N_WORDS]; -} aes_block_t; +#include "aes_local.h" /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) @@ -24,6 +19,15 @@ typedef struct { # define UNALIGNED_MEMOPS_ARE_FAST 0 #endif +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { + unsigned long data[N_WORDS]; +#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST +} aes_block_t __attribute((__aligned__(1))); +#else +} aes_block_t; +#endif + #if UNALIGNED_MEMOPS_ARE_FAST # define load_block(d, s) (d) = *(const aes_block_t *)(s) # define store_block(d, s) *(aes_block_t *)(d) = (s) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_local.h similarity index 83% rename from trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_local.h index adee29df8..a9c0059e5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_AES_LOCL_H -# define HEADER_AES_LOCL_H +#ifndef OSSL_CRYPTO_AES_LOCAL_H +# define OSSL_CRYPTO_AES_LOCAL_H # include # include @@ -24,6 +24,7 @@ # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } # endif +typedef unsigned long long u64; # ifdef AES_LONG typedef unsigned long u32; # else @@ -39,4 +40,4 @@ typedef unsigned char u8; /* This controls loop-unrolling in aes_core.c */ # undef FULL_UNROLL -#endif /* !HEADER_AES_LOCL_H */ +#endif /* !OSSL_CRYPTO_AES_LOCAL_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_misc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_misc.c index 7403c84f8..e0edc72ba 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_misc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_misc.c @@ -9,7 +9,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" const char *AES_options(void) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_x86core.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_x86core.c index 1b660d716..50b53abc1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_x86core.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/aes_x86core.c @@ -46,7 +46,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" /* * These two parameters control which table, 256-byte or 2KB, is diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-586.pl deleted file mode 100755 index 29059edf8..000000000 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-586.pl +++ /dev/null @@ -1,3000 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Version 4.3. -# -# You might fail to appreciate this module performance from the first -# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered -# to be *the* best Intel C compiler without -KPIC, performance appears -# to be virtually identical... But try to re-configure with shared -# library support... Aha! Intel compiler "suddenly" lags behind by 30% -# [on P4, more on others]:-) And if compared to position-independent -# code generated by GNU C, this code performs *more* than *twice* as -# fast! Yes, all this buzz about PIC means that unlike other hand- -# coded implementations, this one was explicitly designed to be safe -# to use even in shared library context... This also means that this -# code isn't necessarily absolutely fastest "ever," because in order -# to achieve position independence an extra register has to be -# off-loaded to stack, which affects the benchmark result. -# -# Special note about instruction choice. Do you recall RC4_INT code -# performing poorly on P4? It might be the time to figure out why. -# RC4_INT code implies effective address calculations in base+offset*4 -# form. Trouble is that it seems that offset scaling turned to be -# critical path... At least eliminating scaling resulted in 2.8x RC4 -# performance improvement [as you might recall]. As AES code is hungry -# for scaling too, I [try to] avoid the latter by favoring off-by-2 -# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF. -# -# As was shown by Dean Gaudet, the above note turned out to be -# void. Performance improvement with off-by-2 shifts was observed on -# intermediate implementation, which was spilling yet another register -# to stack... Final offset*4 code below runs just a tad faster on P4, -# but exhibits up to 10% improvement on other cores. -# -# Second version is "monolithic" replacement for aes_core.c, which in -# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key. -# This made it possible to implement little-endian variant of the -# algorithm without modifying the base C code. Motivating factor for -# the undertaken effort was that it appeared that in tight IA-32 -# register window little-endian flavor could achieve slightly higher -# Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent µ-archs... -# -# Third version adds AES_cbc_encrypt implementation, which resulted in -# up to 40% performance improvement of CBC benchmark results. 40% was -# observed on P4 core, where "overall" improvement coefficient, i.e. if -# compared to PIC generated by GCC and in CBC mode, was observed to be -# as large as 4x:-) CBC performance is virtually identical to ECB now -# and on some platforms even better, e.g. 17.6 "small" cycles/byte on -# Opteron, because certain function prologues and epilogues are -# effectively taken out of the loop... -# -# Version 3.2 implements compressed tables and prefetch of these tables -# in CBC[!] mode. Former means that 3/4 of table references are now -# misaligned, which unfortunately has negative impact on elder IA-32 -# implementations, Pentium suffered 30% penalty, PIII - 10%. -# -# Version 3.3 avoids L1 cache aliasing between stack frame and -# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The -# latter is achieved by copying the key schedule to controlled place in -# stack. This unfortunately has rather strong impact on small block CBC -# performance, ~2x deterioration on 16-byte block if compared to 3.3. -# -# Version 3.5 checks if there is L1 cache aliasing between user-supplied -# key schedule and S-boxes and abstains from copying the former if -# there is no. This allows end-user to consciously retain small block -# performance by aligning key schedule in specific manner. -# -# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. -# -# Current ECB performance numbers for 128-bit key in CPU cycles per -# processed byte [measure commonly used by AES benchmarkers] are: -# -# small footprint fully unrolled -# P4 24 22 -# AMD K8 20 19 -# PIII 25 23 -# Pentium 81 78 -# -# Version 3.7 reimplements outer rounds as "compact." Meaning that -# first and last rounds reference compact 256 bytes S-box. This means -# that first round consumes a lot more CPU cycles and that encrypt -# and decrypt performance becomes asymmetric. Encrypt performance -# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is -# aggressively pre-fetched. -# -# Version 4.0 effectively rolls back to 3.6 and instead implements -# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact, -# which use exclusively 256 byte S-box. These functions are to be -# called in modes not concealing plain text, such as ECB, or when -# we're asked to process smaller amount of data [or unconditionally -# on hyper-threading CPU]. Currently it's called unconditionally from -# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine -# still needs to be modified to switch between slower and faster -# mode when appropriate... But in either case benchmark landscape -# changes dramatically and below numbers are CPU cycles per processed -# byte for 128-bit key. -# -# ECB encrypt ECB decrypt CBC large chunk -# P4 52[54] 83[95] 23 -# AMD K8 46[41] 66[70] 18 -# PIII 41[50] 60[77] 24 -# Core 2 31[36] 45[64] 18.5 -# Atom 76[100] 96[138] 60 -# Pentium 115 150 77 -# -# Version 4.1 switches to compact S-box even in key schedule setup. -# -# Version 4.2 prefetches compact S-box in every SSE round or in other -# words every cache-line is *guaranteed* to be accessed within ~50 -# cycles window. Why just SSE? Because it's needed on hyper-threading -# CPU! Which is also why it's prefetched with 64 byte stride. Best -# part is that it has no negative effect on performance:-) -# -# Version 4.3 implements switch between compact and non-compact block -# functions in AES_cbc_encrypt depending on how much data was asked -# to be processed in one stroke. -# -###################################################################### -# Timing attacks are classified in two classes: synchronous when -# attacker consciously initiates cryptographic operation and collects -# timing data of various character afterwards, and asynchronous when -# malicious code is executed on same CPU simultaneously with AES, -# instruments itself and performs statistical analysis of this data. -# -# As far as synchronous attacks go the root to the AES timing -# vulnerability is twofold. Firstly, of 256 S-box elements at most 160 -# are referred to in single 128-bit block operation. Well, in C -# implementation with 4 distinct tables it's actually as little as 40 -# references per 256 elements table, but anyway... Secondly, even -# though S-box elements are clustered into smaller amount of cache- -# lines, smaller than 160 and even 40, it turned out that for certain -# plain-text pattern[s] or simply put chosen plain-text and given key -# few cache-lines remain unaccessed during block operation. Now, if -# attacker can figure out this access pattern, he can deduct the key -# [or at least part of it]. The natural way to mitigate this kind of -# attacks is to minimize the amount of cache-lines in S-box and/or -# prefetch them to ensure that every one is accessed for more uniform -# timing. But note that *if* plain-text was concealed in such way that -# input to block function is distributed *uniformly*, then attack -# wouldn't apply. Now note that some encryption modes, most notably -# CBC, do mask the plain-text in this exact way [secure cipher output -# is distributed uniformly]. Yes, one still might find input that -# would reveal the information about given key, but if amount of -# candidate inputs to be tried is larger than amount of possible key -# combinations then attack becomes infeasible. This is why revised -# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk -# of data is to be processed in one stroke. The current size limit of -# 512 bytes is chosen to provide same [diminishingly low] probability -# for cache-line to remain untouched in large chunk operation with -# large S-box as for single block operation with compact S-box and -# surely needs more careful consideration... -# -# As for asynchronous attacks. There are two flavours: attacker code -# being interleaved with AES on hyper-threading CPU at *instruction* -# level, and two processes time sharing single core. As for latter. -# Two vectors. 1. Given that attacker process has higher priority, -# yield execution to process performing AES just before timer fires -# off the scheduler, immediately regain control of CPU and analyze the -# cache state. For this attack to be efficient attacker would have to -# effectively slow down the operation by several *orders* of magnitude, -# by ratio of time slice to duration of handful of AES rounds, which -# unlikely to remain unnoticed. Not to mention that this also means -# that he would spend correspondingly more time to collect enough -# statistical data to mount the attack. It's probably appropriate to -# say that if adversary reckons that this attack is beneficial and -# risks to be noticed, you probably have larger problems having him -# mere opportunity. In other words suggested code design expects you -# to preclude/mitigate this attack by overall system security design. -# 2. Attacker manages to make his code interrupt driven. In order for -# this kind of attack to be feasible, interrupt rate has to be high -# enough, again comparable to duration of handful of AES rounds. But -# is there interrupt source of such rate? Hardly, not even 1Gbps NIC -# generates interrupts at such raging rate... -# -# And now back to the former, hyper-threading CPU or more specifically -# Intel P4. Recall that asynchronous attack implies that malicious -# code instruments itself. And naturally instrumentation granularity -# has be noticeably lower than duration of codepath accessing S-box. -# Given that all cache-lines are accessed during that time that is. -# Current implementation accesses *all* cache-lines within ~50 cycles -# window, which is actually *less* than RDTSC latency on Intel P4! - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop; -open OUT,">$output"; -*STDOUT=*OUT; - -&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); -&static_label("AES_Te"); -&static_label("AES_Td"); - -$s0="eax"; -$s1="ebx"; -$s2="ecx"; -$s3="edx"; -$key="edi"; -$acc="esi"; -$tbl="ebp"; - -# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated -# by caller -$__ra=&DWP(0,"esp"); # return address -$__s0=&DWP(4,"esp"); # s0 backing store -$__s1=&DWP(8,"esp"); # s1 backing store -$__s2=&DWP(12,"esp"); # s2 backing store -$__s3=&DWP(16,"esp"); # s3 backing store -$__key=&DWP(20,"esp"); # pointer to key schedule -$__end=&DWP(24,"esp"); # pointer to end of key schedule -$__tbl=&DWP(28,"esp"); # %ebp backing store - -# stack frame layout in AES_[en|crypt] routines, which differs from -# above by 4 and overlaps by %ebp backing store -$_tbl=&DWP(24,"esp"); -$_esp=&DWP(28,"esp"); - -sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } - -$speed_limit=512; # chunks smaller than $speed_limit are - # processed with compact routine in CBC mode -$small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent µ-archs], but ~5 times smaller! - # I favor compact code to minimize cache - # contention and in hope to "collect" 5% back - # in real-life applications... - -$vertical_spin=0; # shift "vertically" defaults to 0, because of - # its proof-of-concept status... -# Note that there is no decvert(), as well as last encryption round is -# performed with "horizontal" shifts. This is because this "vertical" -# implementation [one which groups shifts on a given $s[i] to form a -# "column," unlike "horizontal" one, which groups shifts on different -# $s[i] to form a "row"] is work in progress. It was observed to run -# few percents faster on Intel cores, but not AMD. On AMD K8 core it's -# whole 12% slower:-( So we face a trade-off... Shall it be resolved -# some day? Till then the code is considered experimental and by -# default remains dormant... - -sub encvert() -{ my ($te,@s) = @_; - my ($v0,$v1) = ($acc,$key); - - &mov ($v0,$s[3]); # copy s3 - &mov (&DWP(4,"esp"),$s[2]); # save s2 - &mov ($v1,$s[0]); # copy s0 - &mov (&DWP(8,"esp"),$s[1]); # save s1 - - &movz ($s[2],&HB($s[0])); - &and ($s[0],0xFF); - &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0 - &shr ($v1,16); - &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8 - &movz ($s[1],&HB($v1)); - &and ($v1,0xFF); - &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16 - &mov ($v1,$v0); - &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24 - - &and ($v0,0xFF); - &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0 - &movz ($v0,&HB($v1)); - &shr ($v1,16); - &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8 - &movz ($v0,&HB($v1)); - &and ($v1,0xFF); - &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16 - &mov ($v1,&DWP(4,"esp")); # restore s2 - &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24 - - &mov ($v0,$v1); - &and ($v1,0xFF); - &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0 - &movz ($v1,&HB($v0)); - &shr ($v0,16); - &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8 - &movz ($v1,&HB($v0)); - &and ($v0,0xFF); - &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16 - &mov ($v0,&DWP(8,"esp")); # restore s1 - &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24 - - &mov ($v1,$v0); - &and ($v0,0xFF); - &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0 - &movz ($v0,&HB($v1)); - &shr ($v1,16); - &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8 - &movz ($v0,&HB($v1)); - &and ($v1,0xFF); - &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16 - &mov ($key,$__key); # reincarnate v1 as key - &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24 -} - -# Another experimental routine, which features "horizontal spin," but -# eliminates one reference to stack. Strangely enough runs slower... -sub enchoriz() -{ my ($v0,$v1) = ($key,$acc); - - &movz ($v0,&LB($s0)); # 3, 2, 1, 0* - &rotr ($s2,8); # 8,11,10, 9 - &mov ($v1,&DWP(0,$te,$v0,8)); # 0 - &movz ($v0,&HB($s1)); # 7, 6, 5*, 4 - &rotr ($s3,16); # 13,12,15,14 - &xor ($v1,&DWP(3,$te,$v0,8)); # 5 - &movz ($v0,&HB($s2)); # 8,11,10*, 9 - &rotr ($s0,16); # 1, 0, 3, 2 - &xor ($v1,&DWP(2,$te,$v0,8)); # 10 - &movz ($v0,&HB($s3)); # 13,12,15*,14 - &xor ($v1,&DWP(1,$te,$v0,8)); # 15, t[0] collected - &mov ($__s0,$v1); # t[0] saved - - &movz ($v0,&LB($s1)); # 7, 6, 5, 4* - &shr ($s1,16); # -, -, 7, 6 - &mov ($v1,&DWP(0,$te,$v0,8)); # 4 - &movz ($v0,&LB($s3)); # 13,12,15,14* - &xor ($v1,&DWP(2,$te,$v0,8)); # 14 - &movz ($v0,&HB($s0)); # 1, 0, 3*, 2 - &and ($s3,0xffff0000); # 13,12, -, - - &xor ($v1,&DWP(1,$te,$v0,8)); # 3 - &movz ($v0,&LB($s2)); # 8,11,10, 9* - &or ($s3,$s1); # 13,12, 7, 6 - &xor ($v1,&DWP(3,$te,$v0,8)); # 9, t[1] collected - &mov ($s1,$v1); # s[1]=t[1] - - &movz ($v0,&LB($s0)); # 1, 0, 3, 2* - &shr ($s2,16); # -, -, 8,11 - &mov ($v1,&DWP(2,$te,$v0,8)); # 2 - &movz ($v0,&HB($s3)); # 13,12, 7*, 6 - &xor ($v1,&DWP(1,$te,$v0,8)); # 7 - &movz ($v0,&HB($s2)); # -, -, 8*,11 - &xor ($v1,&DWP(0,$te,$v0,8)); # 8 - &mov ($v0,$s3); - &shr ($v0,24); # 13 - &xor ($v1,&DWP(3,$te,$v0,8)); # 13, t[2] collected - - &movz ($v0,&LB($s2)); # -, -, 8,11* - &shr ($s0,24); # 1* - &mov ($s2,&DWP(1,$te,$v0,8)); # 11 - &xor ($s2,&DWP(3,$te,$s0,8)); # 1 - &mov ($s0,$__s0); # s[0]=t[0] - &movz ($v0,&LB($s3)); # 13,12, 7, 6* - &shr ($s3,16); # , ,13,12 - &xor ($s2,&DWP(2,$te,$v0,8)); # 6 - &mov ($key,$__key); # reincarnate v0 as key - &and ($s3,0xff); # , ,13,12* - &mov ($s3,&DWP(0,$te,$s3,8)); # 12 - &xor ($s3,$s2); # s[2]=t[3] collected - &mov ($s2,$v1); # s[2]=t[2] -} - -# More experimental code... SSE one... Even though this one eliminates -# *all* references to stack, it's not faster... -sub sse_encbody() -{ - &movz ($acc,&LB("eax")); # 0 - &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 0 - &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2 - &movz ("edx",&HB("eax")); # 1 - &mov ("edx",&DWP(3,$tbl,"edx",8)); # 1 - &shr ("eax",16); # 5, 4 - - &movz ($acc,&LB("ebx")); # 10 - &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 10 - &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8 - &movz ($acc,&HB("ebx")); # 11 - &xor ("edx",&DWP(1,$tbl,$acc,8)); # 11 - &shr ("ebx",16); # 15,14 - - &movz ($acc,&HB("eax")); # 5 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 5 - &movq ("mm3",QWP(16,$key)); - &movz ($acc,&HB("ebx")); # 15 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 15 - &movd ("mm0","ecx"); # t[0] collected - - &movz ($acc,&LB("eax")); # 4 - &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 4 - &movd ("eax","mm2"); # 7, 6, 3, 2 - &movz ($acc,&LB("ebx")); # 14 - &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 14 - &movd ("ebx","mm6"); # 13,12, 9, 8 - - &movz ($acc,&HB("eax")); # 3 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 3 - &movz ($acc,&HB("ebx")); # 9 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 9 - &movd ("mm1","ecx"); # t[1] collected - - &movz ($acc,&LB("eax")); # 2 - &mov ("ecx",&DWP(2,$tbl,$acc,8)); # 2 - &shr ("eax",16); # 7, 6 - &punpckldq ("mm0","mm1"); # t[0,1] collected - &movz ($acc,&LB("ebx")); # 8 - &xor ("ecx",&DWP(0,$tbl,$acc,8)); # 8 - &shr ("ebx",16); # 13,12 - - &movz ($acc,&HB("eax")); # 7 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 7 - &pxor ("mm0","mm3"); - &movz ("eax",&LB("eax")); # 6 - &xor ("edx",&DWP(2,$tbl,"eax",8)); # 6 - &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0 - &movz ($acc,&HB("ebx")); # 13 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 13 - &xor ("ecx",&DWP(24,$key)); # t[2] - &movd ("mm4","ecx"); # t[2] collected - &movz ("ebx",&LB("ebx")); # 12 - &xor ("edx",&DWP(0,$tbl,"ebx",8)); # 12 - &shr ("ecx",16); - &movd ("eax","mm1"); # 5, 4, 1, 0 - &mov ("ebx",&DWP(28,$key)); # t[3] - &xor ("ebx","edx"); - &movd ("mm5","ebx"); # t[3] collected - &and ("ebx",0xffff0000); - &or ("ebx","ecx"); - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - -###################################################################### -# "Compact" block function -###################################################################### - -sub enccompact() -{ my $Fn = \&mov; - while ($#_>5) { pop(@_); $Fn=sub{}; } - my ($i,$te,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # $Fn is used in first compact round and its purpose is to - # void restoration of some values from stack, so that after - # 4xenccompact with extra argument $key value is left there... - if ($i==3) { &$Fn ($key,$__key); }##%edx - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &movz ($out,&BP(-128,$te,$out,1)); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24); } - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } - &comment(); -} - -sub enctransform() -{ my @s = ($s0,$s1,$s2,$s3); - my $i = shift; - my $tmp = $tbl; - my $r2 = $key ; - - &and ($tmp,$s[$i]); - &lea ($r2,&DWP(0,$s[$i],$s[$i])); - &mov ($acc,$tmp); - &shr ($tmp,7); - &and ($r2,0xfefefefe); - &sub ($acc,$tmp); - &mov ($tmp,$s[$i]); - &and ($acc,0x1b1b1b1b); - &rotr ($tmp,16); - &xor ($acc,$r2); # r2 - &mov ($r2,$s[$i]); - - &xor ($s[$i],$acc); # r0 ^ r2 - &rotr ($r2,16+8); - &xor ($acc,$tmp); - &rotl ($s[$i],24); - &xor ($acc,$r2); - &mov ($tmp,0x80808080) if ($i!=1); - &xor ($s[$i],$acc); # ROTATE(r2^r0,24) ^ r2 -} - -&function_begin_B("_x86_AES_encrypt_compact"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - # prefetch Te4 - &mov ($key,&DWP(0-128,$tbl)); - &mov ($acc,&DWP(32-128,$tbl)); - &mov ($key,&DWP(64-128,$tbl)); - &mov ($acc,&DWP(96-128,$tbl)); - &mov ($key,&DWP(128-128,$tbl)); - &mov ($acc,&DWP(160-128,$tbl)); - &mov ($key,&DWP(192-128,$tbl)); - &mov ($acc,&DWP(224-128,$tbl)); - - &set_label("loop",16); - - &enccompact(0,$tbl,$s0,$s1,$s2,$s3,1); - &enccompact(1,$tbl,$s1,$s2,$s3,$s0,1); - &enccompact(2,$tbl,$s2,$s3,$s0,$s1,1); - &enccompact(3,$tbl,$s3,$s0,$s1,$s2,1); - &mov ($tbl,0x80808080); - &enctransform(2); - &enctransform(3); - &enctransform(0); - &enctransform(1); - &mov ($key,$__key); - &mov ($tbl,$__tbl); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - - &enccompact(0,$tbl,$s0,$s1,$s2,$s3); - &enccompact(1,$tbl,$s1,$s2,$s3,$s0); - &enccompact(2,$tbl,$s2,$s3,$s0,$s1); - &enccompact(3,$tbl,$s3,$s0,$s1,$s2); - - &xor ($s0,&DWP(16,$key)); - &xor ($s1,&DWP(20,$key)); - &xor ($s2,&DWP(24,$key)); - &xor ($s3,&DWP(28,$key)); - - &ret (); -&function_end_B("_x86_AES_encrypt_compact"); - -###################################################################### -# "Compact" SSE block function. -###################################################################### -# -# Performance is not actually extraordinary in comparison to pure -# x86 code. In particular encrypt performance is virtually the same. -# Decrypt performance on the other hand is 15-20% better on newer -# µ-archs [but we're thankful for *any* improvement here], and ~50% -# better on PIII:-) And additionally on the pros side this code -# eliminates redundant references to stack and thus relieves/ -# minimizes the pressure on the memory bus. -# -# MMX register layout lsb -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# | mm4 | mm0 | -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# | s3 | s2 | s1 | s0 | -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0| -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# -# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8. -# In this terms encryption and decryption "compact" permutation -# matrices can be depicted as following: -# -# encryption lsb # decryption lsb -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t0 || 15 | 10 | 5 | 0 | # | t0 || 7 | 10 | 13 | 0 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t1 || 3 | 14 | 9 | 4 | # | t1 || 11 | 14 | 1 | 4 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t2 || 7 | 2 | 13 | 8 | # | t2 || 15 | 2 | 5 | 8 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t3 || 11 | 6 | 1 | 12 | # | t3 || 3 | 6 | 9 | 12 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# -###################################################################### -# Why not xmm registers? Short answer. It was actually tested and -# was not any faster, but *contrary*, most notably on Intel CPUs. -# Longer answer. Main advantage of using mm registers is that movd -# latency is lower, especially on Intel P4. While arithmetic -# instructions are twice as many, they can be scheduled every cycle -# and not every second one when they are operating on xmm register, -# so that "arithmetic throughput" remains virtually the same. And -# finally the code can be executed even on elder SSE-only CPUs:-) - -sub sse_enccompact() -{ - &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0 - &pshufw ("mm5","mm4",0x0d); # 15,14,11,10 - &movd ("eax","mm1"); # 5, 4, 1, 0 - &movd ("ebx","mm5"); # 15,14,11,10 - &mov ($__key,$key); - - &movz ($acc,&LB("eax")); # 0 - &movz ("edx",&HB("eax")); # 1 - &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2 - &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0 - &movz ($key,&LB("ebx")); # 10 - &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1 - &shr ("eax",16); # 5, 4 - &shl ("edx",8); # 1 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 10 - &movz ($key,&HB("ebx")); # 11 - &shl ($acc,16); # 10 - &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8 - &or ("ecx",$acc); # 10 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 11 - &movz ($key,&HB("eax")); # 5 - &shl ($acc,24); # 11 - &shr ("ebx",16); # 15,14 - &or ("edx",$acc); # 11 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 5 - &movz ($key,&HB("ebx")); # 15 - &shl ($acc,8); # 5 - &or ("ecx",$acc); # 5 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 15 - &movz ($key,&LB("eax")); # 4 - &shl ($acc,24); # 15 - &or ("ecx",$acc); # 15 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 4 - &movz ($key,&LB("ebx")); # 14 - &movd ("eax","mm2"); # 7, 6, 3, 2 - &movd ("mm0","ecx"); # t[0] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 14 - &movz ($key,&HB("eax")); # 3 - &shl ("ecx",16); # 14 - &movd ("ebx","mm6"); # 13,12, 9, 8 - &or ("ecx",$acc); # 14 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 3 - &movz ($key,&HB("ebx")); # 9 - &shl ($acc,24); # 3 - &or ("ecx",$acc); # 3 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 9 - &movz ($key,&LB("ebx")); # 8 - &shl ($acc,8); # 9 - &shr ("ebx",16); # 13,12 - &or ("ecx",$acc); # 9 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 8 - &movz ($key,&LB("eax")); # 2 - &shr ("eax",16); # 7, 6 - &movd ("mm1","ecx"); # t[1] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 2 - &movz ($key,&HB("eax")); # 7 - &shl ("ecx",16); # 2 - &and ("eax",0xff); # 6 - &or ("ecx",$acc); # 2 - - &punpckldq ("mm0","mm1"); # t[0,1] collected - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 7 - &movz ($key,&HB("ebx")); # 13 - &shl ($acc,24); # 7 - &and ("ebx",0xff); # 12 - &movz ("eax",&BP(-128,$tbl,"eax",1)); # 6 - &or ("ecx",$acc); # 7 - &shl ("eax",16); # 6 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 13 - &or ("edx","eax"); # 6 - &shl ($acc,8); # 13 - &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 12 - &or ("ecx",$acc); # 13 - &or ("edx","ebx"); # 12 - &mov ($key,$__key); - &movd ("mm4","ecx"); # t[2] collected - &movd ("mm5","edx"); # t[3] collected - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - - if (!$x86only) { -&function_begin_B("_sse_AES_encrypt_compact"); - &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0 - &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8 - - # note that caller is expected to allocate stack frame for me! - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &mov ($s0,0x1b1b1b1b); # magic constant - &mov (&DWP(8,"esp"),$s0); - &mov (&DWP(12,"esp"),$s0); - - # prefetch Te4 - &mov ($s0,&DWP(0-128,$tbl)); - &mov ($s1,&DWP(32-128,$tbl)); - &mov ($s2,&DWP(64-128,$tbl)); - &mov ($s3,&DWP(96-128,$tbl)); - &mov ($s0,&DWP(128-128,$tbl)); - &mov ($s1,&DWP(160-128,$tbl)); - &mov ($s2,&DWP(192-128,$tbl)); - &mov ($s3,&DWP(224-128,$tbl)); - - &set_label("loop",16); - &sse_enccompact(); - &add ($key,16); - &cmp ($key,$__end); - &ja (&label("out")); - - &movq ("mm2",&QWP(8,"esp")); - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &movq ("mm1","mm0"); &movq ("mm5","mm4"); # r0 - &pcmpgtb("mm3","mm0"); &pcmpgtb("mm7","mm4"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &pshufw ("mm2","mm0",0xb1); &pshufw ("mm6","mm4",0xb1);# ROTATE(r0,16) - &paddb ("mm0","mm0"); &paddb ("mm4","mm4"); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # = r2 - &pshufw ("mm3","mm2",0xb1); &pshufw ("mm7","mm6",0xb1);# r0 - &pxor ("mm1","mm0"); &pxor ("mm5","mm4"); # r0^r2 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(r0,16) - - &movq ("mm2","mm3"); &movq ("mm6","mm7"); - &pslld ("mm3",8); &pslld ("mm7",8); - &psrld ("mm2",24); &psrld ("mm6",24); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= r0<<8 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= r0>>24 - - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key)); - &psrld ("mm1",8); &psrld ("mm5",8); - &mov ($s0,&DWP(0-128,$tbl)); - &pslld ("mm3",24); &pslld ("mm7",24); - &mov ($s1,&DWP(64-128,$tbl)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= (r2^r0)<<8 - &mov ($s2,&DWP(128-128,$tbl)); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= (r2^r0)>>24 - &mov ($s3,&DWP(192-128,$tbl)); - - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); - &jmp (&label("loop")); - - &set_label("out",16); - &pxor ("mm0",&QWP(0,$key)); - &pxor ("mm4",&QWP(8,$key)); - - &ret (); -&function_end_B("_sse_AES_encrypt_compact"); - } - -###################################################################### -# Vanilla block function. -###################################################################### - -sub encstep() -{ my ($i,$te,@s) = @_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # lines marked with #%e?x[i] denote "reordered" instructions... - if ($i==3) { &mov ($key,$__key); }##%edx - else { &mov ($out,$s[0]); - &and ($out,0xFF); } - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &mov ($out,&DWP(0,$te,$out,8)); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &xor ($out,&DWP(3,$te,$tmp,8)); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &xor ($out,&DWP(2,$te,$tmp,8)); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24) } - &xor ($out,&DWP(1,$te,$tmp,8)); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } - &comment(); -} - -sub enclast() -{ my ($i,$te,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - if ($i==3) { &mov ($key,$__key); }##%edx - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &mov ($out,&DWP(2,$te,$out,8)); - &and ($out,0x000000ff); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &mov ($tmp,&DWP(0,$te,$tmp,8)); - &and ($tmp,0x0000ff00); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &mov ($tmp,&DWP(0,$te,$tmp,8)); - &and ($tmp,0x00ff0000); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24); } - &mov ($tmp,&DWP(2,$te,$tmp,8)); - &and ($tmp,0xff000000); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } -} - -&function_begin_B("_x86_AES_encrypt"); - if ($vertical_spin) { - # I need high parts of volatile registers to be accessible... - &exch ($s1="edi",$key="ebx"); - &mov ($s2="esi",$acc="ecx"); - } - - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - if ($small_footprint) { - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &set_label("loop",16); - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - } - else { - &cmp ($acc,10); - &jle (&label("10rounds")); - &cmp ($acc,12); - &jle (&label("12rounds")); - - &set_label("14rounds",4); - for ($i=1;$i<3;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("12rounds",4); - for ($i=1;$i<3;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("10rounds",4); - for ($i=1;$i<10;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - } - - if ($vertical_spin) { - # "reincarnate" some registers for "horizontal" spin... - &mov ($s1="ebx",$key="edi"); - &mov ($s2="ecx",$acc="esi"); - } - &enclast(0,$tbl,$s0,$s1,$s2,$s3); - &enclast(1,$tbl,$s1,$s2,$s3,$s0); - &enclast(2,$tbl,$s2,$s3,$s0,$s1); - &enclast(3,$tbl,$s3,$s0,$s1,$s2); - - &add ($key,$small_footprint?16:160); - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &ret (); - -&set_label("AES_Te",64); # Yes! I keep it in the code segment! - &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); - &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); - &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); - &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); - &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); - &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); - &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); - &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); - &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); - &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); - &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); - &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); - &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); - &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); - &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); - &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); - &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); - &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); - &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); - &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); - &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); - &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); - &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); - &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); - &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); - &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); - &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); - &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); - &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); - &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); - &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); - &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); - &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); - &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); - &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); - &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); - &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); - &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); - &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); - &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); - &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); - &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); - &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); - &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); - &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); - &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); - &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); - &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); - &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); - &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); - &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); - &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); - &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); - &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); - &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); - &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); - &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); - &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); - &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); - &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); - &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); - &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); - &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); - &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); - -#Te4 # four copies of Te4 to choose from to avoid L1 aliasing - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); -#rcon: - &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008); - &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080); - &data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000); - &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000); -&function_end_B("_x86_AES_encrypt"); - -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); -&function_begin("AES_encrypt"); - &mov ($acc,&wparam(0)); # load inp - &mov ($key,&wparam(2)); # load key - - &mov ($s0,"esp"); - &sub ("esp",36); - &and ("esp",-64); # align to cache-line - - # place stack frame just "above" the key schedule - &lea ($s1,&DWP(-64-63,$key)); - &sub ($s1,"esp"); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp",$s1); - &add ("esp",4); # 4 is reserved for caller's return address - &mov ($_esp,$s0); # save stack pointer - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - &lea ($s1,&DWP(768-4,"esp")); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - if (!$x86only) { - &bt (&DWP(0,$s0),25); # check for SSE bit - &jnc (&label("x86")); - - &movq ("mm0",&QWP(0,$acc)); - &movq ("mm4",&QWP(8,$acc)); - &call ("_sse_AES_encrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &movq (&QWP(0,$acc),"mm0"); # write output data - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &function_end_A(); - } - &set_label("x86",16); - &mov ($_tbl,$tbl); - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - &call ("_x86_AES_encrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &mov (&DWP(0,$acc),$s0); # write output data - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); -&function_end("AES_encrypt"); - -#--------------------------------------------------------------------# - -###################################################################### -# "Compact" block function -###################################################################### - -sub deccompact() -{ my $Fn = \&mov; - while ($#_>5) { pop(@_); $Fn=sub{}; } - my ($i,$td,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # $Fn is used in first compact round and its purpose is to - # void restoration of some values from stack, so that after - # 4xdeccompact with extra argument $key, $s0 and $s1 values - # are left there... - if($i==3) { &$Fn ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &movz ($out,&BP(-128,$td,$out,1)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &$Fn ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &$Fn ($s[3],$__s0); } -} - -# must be called with 2,3,0,1 as argument sequence!!! -sub dectransform() -{ my @s = ($s0,$s1,$s2,$s3); - my $i = shift; - my $tmp = $key; - my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1); - my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1); - my $tp8 = $tbl; - - &mov ($tmp,0x80808080); - &and ($tmp,$s[$i]); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp2,&DWP(0,$s[$i],$s[$i])); - &sub ($acc,$tmp); - &and ($tp2,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp2); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp4,&DWP(0,$tp2,$tp2)); - &sub ($acc,$tmp); - &and ($tp4,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$s[$i]); # tp2^tp1 - &xor ($tp4,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp4); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp8,&DWP(0,$tp4,$tp4)); - &sub ($acc,$tmp); - &and ($tp8,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp4,$s[$i]); # tp4^tp1 - &rotl ($s[$i],8); # = ROTATE(tp1,8) - &xor ($tp8,$acc); - - &xor ($s[$i],$tp2); - &xor ($tp2,$tp8); - &xor ($s[$i],$tp4); - &xor ($tp4,$tp8); - &rotl ($tp2,24); - &xor ($s[$i],$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1) - &rotl ($tp4,16); - &xor ($s[$i],$tp2); # ^= ROTATE(tp8^tp2^tp1,24) - &rotl ($tp8,8); - &xor ($s[$i],$tp4); # ^= ROTATE(tp8^tp4^tp1,16) - &mov ($s[0],$__s0) if($i==2); #prefetch $s0 - &mov ($s[1],$__s1) if($i==3); #prefetch $s1 - &mov ($s[2],$__s2) if($i==1); - &xor ($s[$i],$tp8); # ^= ROTATE(tp8,8) - - &mov ($s[3],$__s3) if($i==1); - &mov (&DWP(4+4*$i,"esp"),$s[$i]) if($i>=2); -} - -&function_begin_B("_x86_AES_decrypt_compact"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - # prefetch Td4 - &mov ($key,&DWP(0-128,$tbl)); - &mov ($acc,&DWP(32-128,$tbl)); - &mov ($key,&DWP(64-128,$tbl)); - &mov ($acc,&DWP(96-128,$tbl)); - &mov ($key,&DWP(128-128,$tbl)); - &mov ($acc,&DWP(160-128,$tbl)); - &mov ($key,&DWP(192-128,$tbl)); - &mov ($acc,&DWP(224-128,$tbl)); - - &set_label("loop",16); - - &deccompact(0,$tbl,$s0,$s3,$s2,$s1,1); - &deccompact(1,$tbl,$s1,$s0,$s3,$s2,1); - &deccompact(2,$tbl,$s2,$s1,$s0,$s3,1); - &deccompact(3,$tbl,$s3,$s2,$s1,$s0,1); - &dectransform(2); - &dectransform(3); - &dectransform(0); - &dectransform(1); - &mov ($key,$__key); - &mov ($tbl,$__tbl); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - - &deccompact(0,$tbl,$s0,$s3,$s2,$s1); - &deccompact(1,$tbl,$s1,$s0,$s3,$s2); - &deccompact(2,$tbl,$s2,$s1,$s0,$s3); - &deccompact(3,$tbl,$s3,$s2,$s1,$s0); - - &xor ($s0,&DWP(16,$key)); - &xor ($s1,&DWP(20,$key)); - &xor ($s2,&DWP(24,$key)); - &xor ($s3,&DWP(28,$key)); - - &ret (); -&function_end_B("_x86_AES_decrypt_compact"); - -###################################################################### -# "Compact" SSE block function. -###################################################################### - -sub sse_deccompact() -{ - &pshufw ("mm1","mm0",0x0c); # 7, 6, 1, 0 - &pshufw ("mm5","mm4",0x09); # 13,12,11,10 - &movd ("eax","mm1"); # 7, 6, 1, 0 - &movd ("ebx","mm5"); # 13,12,11,10 - &mov ($__key,$key); - - &movz ($acc,&LB("eax")); # 0 - &movz ("edx",&HB("eax")); # 1 - &pshufw ("mm2","mm0",0x06); # 3, 2, 5, 4 - &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0 - &movz ($key,&LB("ebx")); # 10 - &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1 - &shr ("eax",16); # 7, 6 - &shl ("edx",8); # 1 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 10 - &movz ($key,&HB("ebx")); # 11 - &shl ($acc,16); # 10 - &pshufw ("mm6","mm4",0x03); # 9, 8,15,14 - &or ("ecx",$acc); # 10 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 11 - &movz ($key,&HB("eax")); # 7 - &shl ($acc,24); # 11 - &shr ("ebx",16); # 13,12 - &or ("edx",$acc); # 11 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 7 - &movz ($key,&HB("ebx")); # 13 - &shl ($acc,24); # 7 - &or ("ecx",$acc); # 7 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 13 - &movz ($key,&LB("eax")); # 6 - &shl ($acc,8); # 13 - &movd ("eax","mm2"); # 3, 2, 5, 4 - &or ("ecx",$acc); # 13 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 6 - &movz ($key,&LB("ebx")); # 12 - &shl ($acc,16); # 6 - &movd ("ebx","mm6"); # 9, 8,15,14 - &movd ("mm0","ecx"); # t[0] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 12 - &movz ($key,&LB("eax")); # 4 - &or ("ecx",$acc); # 12 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 4 - &movz ($key,&LB("ebx")); # 14 - &or ("edx",$acc); # 4 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 14 - &movz ($key,&HB("eax")); # 5 - &shl ($acc,16); # 14 - &shr ("eax",16); # 3, 2 - &or ("edx",$acc); # 14 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 5 - &movz ($key,&HB("ebx")); # 15 - &shr ("ebx",16); # 9, 8 - &shl ($acc,8); # 5 - &movd ("mm1","edx"); # t[1] collected - &movz ("edx",&BP(-128,$tbl,$key,1)); # 15 - &movz ($key,&HB("ebx")); # 9 - &shl ("edx",24); # 15 - &and ("ebx",0xff); # 8 - &or ("edx",$acc); # 15 - - &punpckldq ("mm0","mm1"); # t[0,1] collected - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 9 - &movz ($key,&LB("eax")); # 2 - &shl ($acc,8); # 9 - &movz ("eax",&HB("eax")); # 3 - &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 8 - &or ("ecx",$acc); # 9 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 2 - &or ("edx","ebx"); # 8 - &shl ($acc,16); # 2 - &movz ("eax",&BP(-128,$tbl,"eax",1)); # 3 - &or ("edx",$acc); # 2 - &shl ("eax",24); # 3 - &or ("ecx","eax"); # 3 - &mov ($key,$__key); - &movd ("mm4","edx"); # t[2] collected - &movd ("mm5","ecx"); # t[3] collected - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - - if (!$x86only) { -&function_begin_B("_sse_AES_decrypt_compact"); - &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0 - &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8 - - # note that caller is expected to allocate stack frame for me! - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &mov ($s0,0x1b1b1b1b); # magic constant - &mov (&DWP(8,"esp"),$s0); - &mov (&DWP(12,"esp"),$s0); - - # prefetch Td4 - &mov ($s0,&DWP(0-128,$tbl)); - &mov ($s1,&DWP(32-128,$tbl)); - &mov ($s2,&DWP(64-128,$tbl)); - &mov ($s3,&DWP(96-128,$tbl)); - &mov ($s0,&DWP(128-128,$tbl)); - &mov ($s1,&DWP(160-128,$tbl)); - &mov ($s2,&DWP(192-128,$tbl)); - &mov ($s3,&DWP(224-128,$tbl)); - - &set_label("loop",16); - &sse_deccompact(); - &add ($key,16); - &cmp ($key,$__end); - &ja (&label("out")); - - # ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N) - &movq ("mm3","mm0"); &movq ("mm7","mm4"); - &movq ("mm2","mm0",1); &movq ("mm6","mm4",1); - &movq ("mm1","mm0"); &movq ("mm5","mm4"); - &pshufw ("mm0","mm0",0xb1); &pshufw ("mm4","mm4",0xb1);# = ROTATE(tp0,16) - &pslld ("mm2",8); &pslld ("mm6",8); - &psrld ("mm3",8); &psrld ("mm7",8); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<8 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>8 - &pslld ("mm2",16); &pslld ("mm6",16); - &psrld ("mm3",16); &psrld ("mm7",16); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<24 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>24 - - &movq ("mm3",&QWP(8,"esp")); - &pxor ("mm2","mm2"); &pxor ("mm6","mm6"); - &pcmpgtb("mm2","mm1"); &pcmpgtb("mm6","mm5"); - &pand ("mm2","mm3"); &pand ("mm6","mm3"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm2"); &pxor ("mm5","mm6"); # tp2 - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &movq ("mm2","mm1"); &movq ("mm6","mm5"); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp2 - &pslld ("mm3",24); &pslld ("mm7",24); - &psrld ("mm2",8); &psrld ("mm6",8); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp2<<24 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp2>>8 - - &movq ("mm2",&QWP(8,"esp")); - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp4 - &pshufw ("mm3","mm1",0xb1); &pshufw ("mm7","mm5",0xb1); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp4 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= ROTATE(tp4,16) - - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp8 - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8 - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &pshufw ("mm2","mm1",0xb1); &pshufw ("mm6","mm5",0xb1); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(tp8,16) - &pslld ("mm1",8); &pslld ("mm5",8); - &psrld ("mm3",8); &psrld ("mm7",8); - &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<8 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>8 - &mov ($s0,&DWP(0-128,$tbl)); - &pslld ("mm1",16); &pslld ("mm5",16); - &mov ($s1,&DWP(64-128,$tbl)); - &psrld ("mm3",16); &psrld ("mm7",16); - &mov ($s2,&DWP(128-128,$tbl)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<24 - &mov ($s3,&DWP(192-128,$tbl)); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>24 - - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); - &jmp (&label("loop")); - - &set_label("out",16); - &pxor ("mm0",&QWP(0,$key)); - &pxor ("mm4",&QWP(8,$key)); - - &ret (); -&function_end_B("_sse_AES_decrypt_compact"); - } - -###################################################################### -# Vanilla block function. -###################################################################### - -sub decstep() -{ my ($i,$td,@s) = @_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # no instructions are reordered, as performance appears - # optimal... or rather that all attempts to reorder didn't - # result in better performance [which by the way is not a - # bit lower than encryption]. - if($i==3) { &mov ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &mov ($out,&DWP(0,$td,$out,8)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &xor ($out,&DWP(3,$td,$tmp,8)); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { &mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &xor ($out,&DWP(2,$td,$tmp,8)); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &xor ($out,&DWP(1,$td,$tmp,8)); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$__s0); } - &comment(); -} - -sub declast() -{ my ($i,$td,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - if($i==0) { &lea ($td,&DWP(2048+128,$td)); - &mov ($tmp,&DWP(0-128,$td)); - &mov ($acc,&DWP(32-128,$td)); - &mov ($tmp,&DWP(64-128,$td)); - &mov ($acc,&DWP(96-128,$td)); - &mov ($tmp,&DWP(128-128,$td)); - &mov ($acc,&DWP(160-128,$td)); - &mov ($tmp,&DWP(192-128,$td)); - &mov ($acc,&DWP(224-128,$td)); - &lea ($td,&DWP(-128,$td)); } - if($i==3) { &mov ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &movz ($out,&BP(0,$td,$out,1)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$__s0); - &lea ($td,&DWP(-2048,$td)); } -} - -&function_begin_B("_x86_AES_decrypt"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - if ($small_footprint) { - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - &set_label("loop",16); - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - } - else { - &cmp ($acc,10); - &jle (&label("10rounds")); - &cmp ($acc,12); - &jle (&label("12rounds")); - - &set_label("14rounds",4); - for ($i=1;$i<3;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("12rounds",4); - for ($i=1;$i<3;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("10rounds",4); - for ($i=1;$i<10;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - } - - &declast(0,$tbl,$s0,$s3,$s2,$s1); - &declast(1,$tbl,$s1,$s0,$s3,$s2); - &declast(2,$tbl,$s2,$s1,$s0,$s3); - &declast(3,$tbl,$s3,$s2,$s1,$s0); - - &add ($key,$small_footprint?16:160); - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &ret (); - -&set_label("AES_Td",64); # Yes! I keep it in the code segment! - &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); - &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); - &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); - &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); - &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); - &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); - &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); - &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); - &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); - &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); - &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); - &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); - &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); - &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); - &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); - &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); - &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); - &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); - &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); - &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); - &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); - &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); - &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); - &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); - &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); - &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); - &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); - &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); - &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); - &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); - &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); - &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); - &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); - &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); - &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); - &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); - &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); - &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); - &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); - &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); - &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); - &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); - &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); - &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); - &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); - &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); - &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); - &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); - &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); - &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); - &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); - &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); - &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); - &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); - &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); - &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); - &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); - &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); - &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); - &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); - &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); - &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); - &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); - &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); - -#Td4: # four copies of Td4 to choose from to avoid L1 aliasing - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -&function_end_B("_x86_AES_decrypt"); - -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -&function_begin("AES_decrypt"); - &mov ($acc,&wparam(0)); # load inp - &mov ($key,&wparam(2)); # load key - - &mov ($s0,"esp"); - &sub ("esp",36); - &and ("esp",-64); # align to cache-line - - # place stack frame just "above" the key schedule - &lea ($s1,&DWP(-64-63,$key)); - &sub ($s1,"esp"); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp",$s1); - &add ("esp",4); # 4 is reserved for caller's return address - &mov ($_esp,$s0); # save stack pointer - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only); - &lea ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl)); - - # pick Td4 copy which can't "overlap" with stack frame or key schedule - &lea ($s1,&DWP(768-4,"esp")); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - if (!$x86only) { - &bt (&DWP(0,$s0),25); # check for SSE bit - &jnc (&label("x86")); - - &movq ("mm0",&QWP(0,$acc)); - &movq ("mm4",&QWP(8,$acc)); - &call ("_sse_AES_decrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &movq (&QWP(0,$acc),"mm0"); # write output data - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &function_end_A(); - } - &set_label("x86",16); - &mov ($_tbl,$tbl); - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - &call ("_x86_AES_decrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &mov (&DWP(0,$acc),$s0); # write output data - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); -&function_end("AES_decrypt"); - -# void AES_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -4(%esp) # return address 0(%esp) -# 0(%esp) # s0 backing store 4(%esp) -# 4(%esp) # s1 backing store 8(%esp) -# 8(%esp) # s2 backing store 12(%esp) -# 12(%esp) # s3 backing store 16(%esp) -# 16(%esp) # key backup 20(%esp) -# 20(%esp) # end of key schedule 24(%esp) -# 24(%esp) # %ebp backup 28(%esp) -# 28(%esp) # %esp backup -my $_inp=&DWP(32,"esp"); # copy of wparam(0) -my $_out=&DWP(36,"esp"); # copy of wparam(1) -my $_len=&DWP(40,"esp"); # copy of wparam(2) -my $_key=&DWP(44,"esp"); # copy of wparam(3) -my $_ivp=&DWP(48,"esp"); # copy of wparam(4) -my $_tmp=&DWP(52,"esp"); # volatile variable -# -my $ivec=&DWP(60,"esp"); # ivec[16] -my $aes_key=&DWP(76,"esp"); # copy of aes_key -my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds - -&function_begin("AES_cbc_encrypt"); - &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len - &cmp ($s2,0); - &je (&label("drop_out")); - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only); - - &cmp (&wparam(5),0); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - &jne (&label("picked_te")); - &lea ($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl)); - &set_label("picked_te"); - - # one can argue if this is required - &pushf (); - &cld (); - - &cmp ($s2,$speed_limit); - &jb (&label("slow_way")); - &test ($s2,15); - &jnz (&label("slow_way")); - if (!$x86only) { - &bt (&DWP(0,$s0),28); # check for hyper-threading bit - &jc (&label("slow_way")); - } - # pre-allocate aligned stack frame... - &lea ($acc,&DWP(-80-244,"esp")); - &and ($acc,-64); - - # ... and make sure it doesn't alias with $tbl modulo 4096 - &mov ($s0,$tbl); - &lea ($s1,&DWP(2048+256,$tbl)); - &mov ($s3,$acc); - &and ($s0,0xfff); # s = %ebp&0xfff - &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff - &and ($s3,0xfff); # p = %esp&0xfff - - &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); - &jb (&label("tbl_break_out")); - &sub ($s3,$s1); - &sub ($acc,$s3); - &jmp (&label("tbl_ok")); - &set_label("tbl_break_out",4); # else %esp -= (p-s)&0xfff + framesz; - &sub ($s3,$s0); - &and ($s3,0xfff); - &add ($s3,384); - &sub ($acc,$s3); - &set_label("tbl_ok",4); - - &lea ($s3,&wparam(0)); # obtain pointer to parameter block - &exch ("esp",$acc); # allocate stack frame - &add ("esp",4); # reserve for return address! - &mov ($_tbl,$tbl); # save %ebp - &mov ($_esp,$acc); # save %esp - - &mov ($s0,&DWP(0,$s3)); # load inp - &mov ($s1,&DWP(4,$s3)); # load out - #&mov ($s2,&DWP(8,$s3)); # load len - &mov ($key,&DWP(12,$s3)); # load key - &mov ($acc,&DWP(16,$s3)); # load ivp - &mov ($s3,&DWP(20,$s3)); # load enc flag - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$key); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - - &mov ($mark,0); # copy of aes_key->rounds = 0; - # do we copy key schedule to stack? - &mov ($s1 eq "ebx" ? $s1 : "",$key); - &mov ($s2 eq "ecx" ? $s2 : "",244/4); - &sub ($s1,$tbl); - &mov ("esi",$key); - &and ($s1,0xfff); - &lea ("edi",$aes_key); - &cmp ($s1,2048+256); - &jb (&label("do_copy")); - &cmp ($s1,4096-244); - &jb (&label("skip_copy")); - &set_label("do_copy",4); - &mov ($_key,"edi"); - &data_word(0xA5F3F689); # rep movsd - &set_label("skip_copy"); - - &mov ($key,16); - &set_label("prefetch_tbl",4); - &mov ($s0,&DWP(0,$tbl)); - &mov ($s1,&DWP(32,$tbl)); - &mov ($s2,&DWP(64,$tbl)); - &mov ($acc,&DWP(96,$tbl)); - &lea ($tbl,&DWP(128,$tbl)); - &sub ($key,1); - &jnz (&label("prefetch_tbl")); - &sub ($tbl,2048); - - &mov ($acc,$_inp); - &mov ($key,$_ivp); - - &cmp ($s3,0); - &je (&label("fast_decrypt")); - -#----------------------------- ENCRYPT -----------------------------# - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &set_label("fast_enc_loop",16); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$acc)); # xor input data - &xor ($s1,&DWP(4,$acc)); - &xor ($s2,&DWP(8,$acc)); - &xor ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_encrypt"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # save output data - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($s2,$_len); # load len - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_enc_loop")); - &mov ($acc,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last 2 dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # save ivec - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &je (&label("skip_ezero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); - &data_word(0xABF3F689); # rep stosd - &set_label("skip_ezero"); - &mov ("esp",$_esp); - &popf (); - &set_label("drop_out"); - &function_end_A(); - &pushf (); # kludge, never executed - -#----------------------------- DECRYPT -----------------------------# -&set_label("fast_decrypt",16); - - &cmp ($acc,$_out); - &je (&label("fast_dec_in_place")); # in-place processing... - - &mov ($_tmp,$key); - - &align (4); - &set_label("fast_dec_loop",16); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt"); - - &mov ($key,$_tmp); # load ivp - &mov ($acc,$_len); # load len - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($key,$_out); # load out - &mov ($acc,$_inp); # load inp - - &mov (&DWP(0,$key),$s0); # write output - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - &mov ($_tmp,$acc); # save ivp - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($key,&DWP(16,$key)); # advance out - &mov ($_out,$key); # save out - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_dec_loop")); - &mov ($key,$_tmp); # load temp ivp - &mov ($acc,$_ivp); # load user ivp - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # copy back to user - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - &jmp (&label("fast_dec_out")); - - &set_label("fast_dec_in_place",16); - &set_label("fast_dec_in_place_loop"); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt"); - - &mov ($key,$_ivp); # load ivp - &mov ($acc,$_out); # load out - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov (&DWP(0,$acc),$s0); # write output - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance out - &mov ($_out,$acc); # save out - - &lea ($acc,$ivec); - &mov ($s0,&DWP(0,$acc)); # read temp - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($acc,$_inp); # load inp - &mov ($s2,$_len); # load len - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_dec_in_place_loop")); - - &set_label("fast_dec_out",4); - &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &je (&label("skip_dzero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); - &data_word(0xABF3F689); # rep stosd - &set_label("skip_dzero"); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - -#--------------------------- SLOW ROUTINE ---------------------------# -&set_label("slow_way",16); - - &mov ($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap - &mov ($key,&wparam(3)); # load key - - # pre-allocate aligned stack frame... - &lea ($acc,&DWP(-80,"esp")); - &and ($acc,-64); - - # ... and make sure it doesn't alias with $key modulo 1024 - &lea ($s1,&DWP(-80-63,$key)); - &sub ($s1,$acc); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ($acc,$s1); - - # pick S-box copy which can't overlap with stack frame or $key - &lea ($s1,&DWP(768,$acc)); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - &lea ($s3,&wparam(0)); # pointer to parameter block - - &exch ("esp",$acc); - &add ("esp",4); # reserve for return address! - &mov ($_tbl,$tbl); # save %ebp - &mov ($_esp,$acc); # save %esp - &mov ($_tmp,$s0); # save OPENSSL_ia32cap - - &mov ($s0,&DWP(0,$s3)); # load inp - &mov ($s1,&DWP(4,$s3)); # load out - #&mov ($s2,&DWP(8,$s3)); # load len - #&mov ($key,&DWP(12,$s3)); # load key - &mov ($acc,&DWP(16,$s3)); # load ivp - &mov ($s3,&DWP(20,$s3)); # load enc flag - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$key); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - - &mov ($key,$acc); - &mov ($acc,$s0); - - &cmp ($s3,0); - &je (&label("slow_decrypt")); - -#--------------------------- SLOW ENCRYPT ---------------------------# - &cmp ($s2,16); - &mov ($s3,$s1); - &jb (&label("slow_enc_tail")); - - if (!$x86only) { - &bt ($_tmp,25); # check for SSE bit - &jnc (&label("slow_enc_x86")); - - &movq ("mm0",&QWP(0,$key)); # load iv - &movq ("mm4",&QWP(8,$key)); - - &set_label("slow_enc_loop_sse",16); - &pxor ("mm0",&QWP(0,$acc)); # xor input data - &pxor ("mm4",&QWP(8,$acc)); - - &mov ($key,$_key); - &call ("_sse_AES_encrypt_compact"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - &mov ($s2,$_len); # load len - - &movq (&QWP(0,$key),"mm0"); # save output data - &movq (&QWP(8,$key),"mm4"); - - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &cmp ($s2,16); - &mov ($_len,$s2); # save len - &jae (&label("slow_enc_loop_sse")); - &test ($s2,15); - &jnz (&label("slow_enc_tail")); - &mov ($acc,$_ivp); # load ivp - &movq (&QWP(0,$acc),"mm0"); # save ivec - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - } - &set_label("slow_enc_x86",16); - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &set_label("slow_enc_loop_x86",4); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$acc)); # xor input data - &xor ($s1,&DWP(4,$acc)); - &xor ($s2,&DWP(8,$acc)); - &xor ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_encrypt_compact"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # save output data - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &cmp ($s2,16); - &mov ($_len,$s2); # save len - &jae (&label("slow_enc_loop_x86")); - &test ($s2,15); - &jnz (&label("slow_enc_tail")); - &mov ($acc,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # save ivec - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_enc_tail",16); - &emms () if (!$x86only); - &mov ($key eq "edi"? $key:"",$s3); # load out to edi - &mov ($s1,16); - &sub ($s1,$s2); - &cmp ($key,$acc eq "esi"? $acc:""); # compare with inp - &je (&label("enc_in_place")); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy input - &jmp (&label("enc_skip_in_place")); - &set_label("enc_in_place"); - &lea ($key,&DWP(0,$key,$s2)); - &set_label("enc_skip_in_place"); - &mov ($s2,$s1); - &xor ($s0,$s0); - &align (4); - &data_word(0xAAF3F689); # rep stosb # zero tail - - &mov ($key,$_ivp); # restore ivp - &mov ($acc,$s3); # output as input - &mov ($s0,&DWP(0,$key)); - &mov ($s1,&DWP(4,$key)); - &mov ($_len,16); # len=16 - &jmp (&label("slow_enc_loop_x86")); # one more spin... - -#--------------------------- SLOW DECRYPT ---------------------------# -&set_label("slow_decrypt",16); - if (!$x86only) { - &bt ($_tmp,25); # check for SSE bit - &jnc (&label("slow_dec_loop_x86")); - - &set_label("slow_dec_loop_sse",4); - &movq ("mm0",&QWP(0,$acc)); # read input - &movq ("mm4",&QWP(8,$acc)); - - &mov ($key,$_key); - &call ("_sse_AES_decrypt_compact"); - - &mov ($acc,$_inp); # load inp - &lea ($s0,$ivec); - &mov ($s1,$_out); # load out - &mov ($s2,$_len); # load len - &mov ($key,$_ivp); # load ivp - - &movq ("mm1",&QWP(0,$acc)); # re-read input - &movq ("mm5",&QWP(8,$acc)); - - &pxor ("mm0",&QWP(0,$key)); # xor iv - &pxor ("mm4",&QWP(8,$key)); - - &movq (&QWP(0,$key),"mm1"); # copy input to iv - &movq (&QWP(8,$key),"mm5"); - - &sub ($s2,16); # decrease len - &jc (&label("slow_dec_partial_sse")); - - &movq (&QWP(0,$s1),"mm0"); # write output - &movq (&QWP(8,$s1),"mm4"); - - &lea ($s1,&DWP(16,$s1)); # advance out - &mov ($_out,$s1); # save out - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &mov ($_len,$s2); # save len - &jnz (&label("slow_dec_loop_sse")); - &emms (); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_dec_partial_sse",16); - &movq (&QWP(0,$s0),"mm0"); # save output to temp - &movq (&QWP(8,$s0),"mm4"); - &emms (); - - &add ($s2 eq "ecx" ? "ecx":"",16); - &mov ("edi",$s1); # out - &mov ("esi",$s0); # temp - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy partial output - - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - } - &set_label("slow_dec_loop_x86",16); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt_compact"); - - &mov ($key,$_ivp); # load ivp - &mov ($acc,$_len); # load len - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &sub ($acc,16); - &jc (&label("slow_dec_partial_x86")); - - &mov ($_len,$acc); # save len - &mov ($acc,$_out); # load out - - &mov (&DWP(0,$acc),$s0); # write output - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance out - &mov ($_out,$acc); # save out - - &lea ($acc,$ivec); - &mov ($s0,&DWP(0,$acc)); # read temp - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy it to iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($acc,$_inp); # load inp - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &jnz (&label("slow_dec_loop_x86")); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_dec_partial_x86",16); - &lea ($acc,$ivec); - &mov (&DWP(0,$acc),$s0); # save output to temp - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &mov ($acc,$_inp); - &mov ($s0,&DWP(0,$acc)); # re-read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy it to iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ("ecx",$_len); - &mov ("edi",$_out); - &lea ("esi",$ivec); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy partial output - - &mov ("esp",$_esp); - &popf (); -&function_end("AES_cbc_encrypt"); -} - -#------------------------------------------------------------------# - -sub enckey() -{ - &movz ("esi",&LB("edx")); # rk[i]>>0 - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[i]>>8 - &shl ("ebx",24); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shr ("edx",16); - &movz ("esi",&LB("edx")); # rk[i]>>16 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[i]>>24 - &shl ("ebx",8); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shl ("ebx",16); - &xor ("eax","ebx"); - - &xor ("eax",&DWP(1024-128,$tbl,"ecx",4)); # rcon -} - -&function_begin("_x86_AES_set_encrypt_key"); - &mov ("esi",&wparam(1)); # user supplied key - &mov ("edi",&wparam(3)); # private key schedule - - &test ("esi",-1); - &jz (&label("badpointer")); - &test ("edi",-1); - &jz (&label("badpointer")); - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($tbl); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - &lea ($tbl,&DWP(2048+128,$tbl)); - - # prefetch Te4 - &mov ("eax",&DWP(0-128,$tbl)); - &mov ("ebx",&DWP(32-128,$tbl)); - &mov ("ecx",&DWP(64-128,$tbl)); - &mov ("edx",&DWP(96-128,$tbl)); - &mov ("eax",&DWP(128-128,$tbl)); - &mov ("ebx",&DWP(160-128,$tbl)); - &mov ("ecx",&DWP(192-128,$tbl)); - &mov ("edx",&DWP(224-128,$tbl)); - - &mov ("ecx",&wparam(2)); # number of bits in key - &cmp ("ecx",128); - &je (&label("10rounds")); - &cmp ("ecx",192); - &je (&label("12rounds")); - &cmp ("ecx",256); - &je (&label("14rounds")); - &mov ("eax",-2); # invalid number of bits - &jmp (&label("exit")); - - &set_label("10rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 4 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("10shortcut")); - - &align (4); - &set_label("10loop"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - &mov ("edx",&DWP(12,"edi")); # rk[3] - &set_label("10shortcut"); - &enckey (); - - &mov (&DWP(16,"edi"),"eax"); # rk[4] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(20,"edi"),"eax"); # rk[5] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(24,"edi"),"eax"); # rk[6] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(28,"edi"),"eax"); # rk[7] - &inc ("ecx"); - &add ("edi",16); - &cmp ("ecx",10); - &jl (&label("10loop")); - - &mov (&DWP(80,"edi"),10); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("12rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 6 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - &mov ("ecx",&DWP(16,"esi")); - &mov ("edx",&DWP(20,"esi")); - &mov (&DWP(16,"edi"),"ecx"); - &mov (&DWP(20,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("12shortcut")); - - &align (4); - &set_label("12loop"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - &mov ("edx",&DWP(20,"edi")); # rk[5] - &set_label("12shortcut"); - &enckey (); - - &mov (&DWP(24,"edi"),"eax"); # rk[6] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(28,"edi"),"eax"); # rk[7] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(32,"edi"),"eax"); # rk[8] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(36,"edi"),"eax"); # rk[9] - - &cmp ("ecx",7); - &je (&label("12break")); - &inc ("ecx"); - - &xor ("eax",&DWP(16,"edi")); - &mov (&DWP(40,"edi"),"eax"); # rk[10] - &xor ("eax",&DWP(20,"edi")); - &mov (&DWP(44,"edi"),"eax"); # rk[11] - - &add ("edi",24); - &jmp (&label("12loop")); - - &set_label("12break"); - &mov (&DWP(72,"edi"),12); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("14rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 8 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("edx",&DWP(28,"esi")); - &mov (&DWP(16,"edi"),"eax"); - &mov (&DWP(20,"edi"),"ebx"); - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("14shortcut")); - - &align (4); - &set_label("14loop"); - &mov ("edx",&DWP(28,"edi")); # rk[7] - &set_label("14shortcut"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - - &enckey (); - - &mov (&DWP(32,"edi"),"eax"); # rk[8] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(36,"edi"),"eax"); # rk[9] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(40,"edi"),"eax"); # rk[10] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(44,"edi"),"eax"); # rk[11] - - &cmp ("ecx",6); - &je (&label("14break")); - &inc ("ecx"); - - &mov ("edx","eax"); - &mov ("eax",&DWP(16,"edi")); # rk[4] - &movz ("esi",&LB("edx")); # rk[11]>>0 - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[11]>>8 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shr ("edx",16); - &shl ("ebx",8); - &movz ("esi",&LB("edx")); # rk[11]>>16 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[11]>>24 - &shl ("ebx",16); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shl ("ebx",24); - &xor ("eax","ebx"); - - &mov (&DWP(48,"edi"),"eax"); # rk[12] - &xor ("eax",&DWP(20,"edi")); - &mov (&DWP(52,"edi"),"eax"); # rk[13] - &xor ("eax",&DWP(24,"edi")); - &mov (&DWP(56,"edi"),"eax"); # rk[14] - &xor ("eax",&DWP(28,"edi")); - &mov (&DWP(60,"edi"),"eax"); # rk[15] - - &add ("edi",32); - &jmp (&label("14loop")); - - &set_label("14break"); - &mov (&DWP(48,"edi"),14); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("badpointer"); - &mov ("eax",-1); - &set_label("exit"); -&function_end("_x86_AES_set_encrypt_key"); - -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&function_begin_B("AES_set_encrypt_key"); - &call ("_x86_AES_set_encrypt_key"); - &ret (); -&function_end_B("AES_set_encrypt_key"); - -sub deckey() -{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_; - my $tmp = $tbl; - - &mov ($tmp,0x80808080); - &and ($tmp,$tp1); - &lea ($tp2,&DWP(0,$tp1,$tp1)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &sub ($acc,$tmp); - &and ($tp2,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp2); - &lea ($tp4,&DWP(0,$tp2,$tp2)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &sub ($acc,$tmp); - &and ($tp4,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$tp1); # tp2^tp1 - &xor ($tp4,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp4); - &lea ($tp8,&DWP(0,$tp4,$tp4)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &xor ($tp4,$tp1); # tp4^tp1 - &sub ($acc,$tmp); - &and ($tp8,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &rotl ($tp1,8); # = ROTATE(tp1,8) - &xor ($tp8,$acc); - - &mov ($tmp,&DWP(4*($i+1),$key)); # modulo-scheduled load - - &xor ($tp1,$tp2); - &xor ($tp2,$tp8); - &xor ($tp1,$tp4); - &rotl ($tp2,24); - &xor ($tp4,$tp8); - &xor ($tp1,$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1) - &rotl ($tp4,16); - &xor ($tp1,$tp2); # ^= ROTATE(tp8^tp2^tp1,24) - &rotl ($tp8,8); - &xor ($tp1,$tp4); # ^= ROTATE(tp8^tp4^tp1,16) - &mov ($tp2,$tmp); - &xor ($tp1,$tp8); # ^= ROTATE(tp8,8) - - &mov (&DWP(4*$i,$key),$tp1); -} - -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&function_begin_B("AES_set_decrypt_key"); - &call ("_x86_AES_set_encrypt_key"); - &cmp ("eax",0); - &je (&label("proceed")); - &ret (); - - &set_label("proceed"); - &push ("ebp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - - &mov ("esi",&wparam(2)); - &mov ("ecx",&DWP(240,"esi")); # pull number of rounds - &lea ("ecx",&DWP(0,"","ecx",4)); - &lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk - - &set_label("invert",4); # invert order of chunks - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(0,"edi")); - &mov ("edx",&DWP(4,"edi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(0,"esi"),"ecx"); - &mov (&DWP(4,"esi"),"edx"); - &mov ("eax",&DWP(8,"esi")); - &mov ("ebx",&DWP(12,"esi")); - &mov ("ecx",&DWP(8,"edi")); - &mov ("edx",&DWP(12,"edi")); - &mov (&DWP(8,"edi"),"eax"); - &mov (&DWP(12,"edi"),"ebx"); - &mov (&DWP(8,"esi"),"ecx"); - &mov (&DWP(12,"esi"),"edx"); - &add ("esi",16); - &sub ("edi",16); - &cmp ("esi","edi"); - &jne (&label("invert")); - - &mov ($key,&wparam(2)); - &mov ($acc,&DWP(240,$key)); # pull number of rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov (&wparam(2),$acc); - - &mov ($s0,&DWP(16,$key)); # modulo-scheduled load - &set_label("permute",4); # permute the key schedule - &add ($key,16); - &deckey (0,$key,$s0,$s1,$s2,$s3); - &deckey (1,$key,$s1,$s2,$s3,$s0); - &deckey (2,$key,$s2,$s3,$s0,$s1); - &deckey (3,$key,$s3,$s0,$s1,$s2); - &cmp ($key,&wparam(2)); - &jb (&label("permute")); - - &xor ("eax","eax"); # return success -&function_end("AES_set_decrypt_key"); -&asciz("AES for x86, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-armv4.pl index 998158998..1112eef50 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-armv4.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1242,4 +1242,4 @@ while() { close SELF; print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-c64xplus.pl index 19d2cc176..cad3fcd06 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-c64xplus.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1379,4 +1379,4 @@ AES_Td4: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-mips.pl index 716c3356e..b5601e90e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-mips.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2167,4 +2167,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-parisc.pl index e817c757f..5b07fac3d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-parisc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1035,4 +1035,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ppc.pl index ca69df4c3..bb4ee84ae 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1456,4 +1456,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-s390x.pl index 0c4005906..4cb8f4331 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-s390x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -38,14 +38,14 @@ # Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided # for 128-bit keys, if hardware support is detected. -# Januray 2009. +# January 2009. # # Add support for hardware AES192/256 and reschedule instructions to # minimize/avoid Address Generation Interlock hazard and to favour # dual-issue z10 pipeline. This gave ~25% improvement on z10 and # almost 50% on z9. The gain is smaller on z10, because being dual- # issue z10 makes it impossible to eliminate the interlock condition: -# critial path is not long enough. Yet it spends ~24 cycles per byte +# critical path is not long enough. Yet it spends ~24 cycles per byte # processed with 128-bit key. # # Unlike previous version hardware support detection takes place only @@ -1987,7 +1987,7 @@ $code.=<<___; .Lxts_enc_done: stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$twesk+8($sp) + stg $sp,$tweak+8($sp) lm${g} %r6,$ra,6*$SIZE_T($sp) br $ra .size AES_xts_encrypt,.-AES_xts_encrypt @@ -2267,7 +2267,7 @@ $code.=<<___; stg $sp,$tweak-16+8($sp) .Lxts_dec_done: stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$twesk+8($sp) + stg $sp,$tweak+8($sp) lm${g} %r6,$ra,6*$SIZE_T($sp) br $ra .size AES_xts_decrypt,.-AES_xts_decrypt @@ -2279,4 +2279,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-sparcv9.pl index 40d1f94cc..1b37a9203 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1189,4 +1189,4 @@ ___ $code =~ s/fmovs.*$//gm; print $code; -close STDOUT; # ensure flush +close STDOUT or die "error closing STDOUT: $!"; # ensure flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-x86_64.pl deleted file mode 100755 index d87e20114..000000000 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aes-x86_64.pl +++ /dev/null @@ -1,2916 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Version 2.1. -# -# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on -# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version -# [you'll notice a lot of resemblance], such as compressed S-boxes -# in little-endian byte order, prefetch of these tables in CBC mode, -# as well as avoiding L1 cache aliasing between stack frame and key -# schedule and already mentioned tables, compressed Td4... -# -# Performance in number of cycles per processed byte for 128-bit key: -# -# ECB encrypt ECB decrypt CBC large chunk -# AMD64 33 43 13.0 -# EM64T 38 56 18.6(*) -# Core 2 30 42 14.5(*) -# Atom 65 86 32.1(*) -# -# (*) with hyper-threading off - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; -*STDOUT=*OUT; - -$verticalspin=1; # unlike 32-bit version $verticalspin performs - # ~15% better on both AMD and Intel cores -$speed_limit=512; # see aes-586.pl for details - -$code=".text\n"; - -$s0="%eax"; -$s1="%ebx"; -$s2="%ecx"; -$s3="%edx"; -$acc0="%esi"; $mask80="%rsi"; -$acc1="%edi"; $maskfe="%rdi"; -$acc2="%ebp"; $mask1b="%rbp"; -$inp="%r8"; -$out="%r9"; -$t0="%r10d"; -$t1="%r11d"; -$t2="%r12d"; -$rnds="%r13d"; -$sbox="%r14"; -$key="%r15"; - -sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } -sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; - $r =~ s/%[er]([sd]i)/%\1l/; - $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } -sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/; - $r =~ s/%r([0-9]+)/%r\1d/; $r; } -sub _data_word() -{ my $i; - while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; } -} -sub data_word() -{ my $i; - my $last=pop(@_); - $code.=".long\t"; - while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; } - $code.=sprintf"0x%08x\n",$last; -} - -sub data_byte() -{ my $i; - my $last=pop(@_); - $code.=".byte\t"; - while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; } - $code.=sprintf"0x%02x\n",$last&0xff; -} - -sub encvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - # favor 3-way issue Opteron pipeline... - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - mov 0($sbox,$acc0,8),$t0 - mov 0($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t2 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - movzb `&lo("$s3")`,$acc2 - xor 3($sbox,$acc0,8),$t0 - xor 3($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t3 - - movzb `&hi("$s3")`,$acc0 - shr \$16,$s2 - movzb `&hi("$s0")`,$acc2 - xor 3($sbox,$acc0,8),$t2 - shr \$16,$s3 - xor 3($sbox,$acc2,8),$t3 - - shr \$16,$s1 - lea 16($key),$key - shr \$16,$s0 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - xor 2($sbox,$acc0,8),$t0 - xor 2($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - movzb `&lo("$s1")`,$acc2 - xor 1($sbox,$acc0,8),$t0 - xor 1($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t3 - - mov 12($key),$s3 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - mov 0($key),$s0 - xor 1($sbox,$acc1,8),$t2 - xor 1($sbox,$acc2,8),$t3 - - mov 4($key),$s1 - mov 8($key),$s2 - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub enclastvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - movzb 2($sbox,$acc0,8),$t0 - movzb 2($sbox,$acc1,8),$t1 - movzb 2($sbox,$acc2,8),$t2 - - movzb `&lo("$s3")`,$acc0 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - movzb 2($sbox,$acc0,8),$t3 - mov 0($sbox,$acc1,8),$acc1 #$t0 - mov 0($sbox,$acc2,8),$acc2 #$t1 - - and \$0x0000ff00,$acc1 - and \$0x0000ff00,$acc2 - - xor $acc1,$t0 - xor $acc2,$t1 - shr \$16,$s2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - shr \$16,$s3 - mov 0($sbox,$acc0,8),$acc0 #$t2 - mov 0($sbox,$acc1,8),$acc1 #$t3 - - and \$0x0000ff00,$acc0 - and \$0x0000ff00,$acc1 - shr \$16,$s1 - xor $acc0,$t2 - xor $acc1,$t3 - shr \$16,$s0 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - mov 0($sbox,$acc0,8),$acc0 #$t0 - mov 0($sbox,$acc1,8),$acc1 #$t1 - mov 0($sbox,$acc2,8),$acc2 #$t2 - - and \$0x00ff0000,$acc0 - and \$0x00ff0000,$acc1 - and \$0x00ff0000,$acc2 - - xor $acc0,$t0 - xor $acc1,$t1 - xor $acc2,$t2 - - movzb `&lo("$s1")`,$acc0 - movzb `&hi("$s3")`,$acc1 - movzb `&hi("$s0")`,$acc2 - mov 0($sbox,$acc0,8),$acc0 #$t3 - mov 2($sbox,$acc1,8),$acc1 #$t0 - mov 2($sbox,$acc2,8),$acc2 #$t1 - - and \$0x00ff0000,$acc0 - and \$0xff000000,$acc1 - and \$0xff000000,$acc2 - - xor $acc0,$t3 - xor $acc1,$t0 - xor $acc2,$t1 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - mov 16+12($key),$s3 - mov 2($sbox,$acc0,8),$acc0 #$t2 - mov 2($sbox,$acc1,8),$acc1 #$t3 - mov 16+0($key),$s0 - - and \$0xff000000,$acc0 - and \$0xff000000,$acc1 - - xor $acc0,$t2 - xor $acc1,$t3 - - mov 16+4($key),$s1 - mov 16+8($key),$s2 - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub encstep() -{ my ($i,@s) = @_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - if ($i==3) { - $tmp0=$s[1]; - $tmp1=$s[2]; - $tmp2=$s[3]; - } - $code.=" movzb ".&lo($s[0]).",$out\n"; - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" lea 16($key),$key\n" if ($i==0); - - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" mov 0($sbox,$out,8),$out\n"; - - $code.=" shr \$16,$tmp1\n"; - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - $code.=" xor 3($sbox,$tmp0,8),$out\n"; - - $code.=" movzb ".&lo($tmp1).",$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - $code.=" xor 4*$i($key),$out\n"; - - $code.=" xor 2($sbox,$tmp1,8),$out\n"; - $code.=" xor 1($sbox,$tmp2,8),$out\n"; - - $code.=" mov $t0,$s[1]\n" if ($i==3); - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" mov $t2,$s[3]\n" if ($i==3); - $code.="\n"; -} - -sub enclast() -{ my ($i,@s)=@_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - if ($i==3) { - $tmp0=$s[1]; - $tmp1=$s[2]; - $tmp2=$s[3]; - } - $code.=" movzb ".&lo($s[0]).",$out\n"; - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - - $code.=" mov 2($sbox,$out,8),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $code.=" and \$0x000000ff,$out\n"; - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" movzb ".&lo($tmp1).",$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" mov 0($sbox,$tmp0,8),$tmp0\n"; - $code.=" mov 0($sbox,$tmp1,8),$tmp1\n"; - $code.=" mov 2($sbox,$tmp2,8),$tmp2\n"; - - $code.=" and \$0x0000ff00,$tmp0\n"; - $code.=" and \$0x00ff0000,$tmp1\n"; - $code.=" and \$0xff000000,$tmp2\n"; - - $code.=" xor $tmp0,$out\n"; - $code.=" mov $t0,$s[1]\n" if ($i==3); - $code.=" xor $tmp1,$out\n"; - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" xor $tmp2,$out\n"; - $code.=" mov $t2,$s[3]\n" if ($i==3); - $code.="\n"; -} - -$code.=<<___; -.type _x86_64_AES_encrypt,\@abi-omnipotent -.align 16 -_x86_64_AES_encrypt: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - - mov 240($key),$rnds # load key->rounds - sub \$1,$rnds - jmp .Lenc_loop -.align 16 -.Lenc_loop: -___ - if ($verticalspin) { &encvert(); } - else { &encstep(0,$s0,$s1,$s2,$s3); - &encstep(1,$s1,$s2,$s3,$s0); - &encstep(2,$s2,$s3,$s0,$s1); - &encstep(3,$s3,$s0,$s1,$s2); - } -$code.=<<___; - sub \$1,$rnds - jnz .Lenc_loop -___ - if ($verticalspin) { &enclastvert(); } - else { &enclast(0,$s0,$s1,$s2,$s3); - &enclast(1,$s1,$s2,$s3,$s0); - &enclast(2,$s2,$s3,$s0,$s1); - &enclast(3,$s3,$s0,$s1,$s2); - $code.=<<___; - xor 16+0($key),$s0 # xor with key - xor 16+4($key),$s1 - xor 16+8($key),$s2 - xor 16+12($key),$s3 -___ - } -$code.=<<___; - .byte 0xf3,0xc3 # rep ret -.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt -___ - -# it's possible to implement this by shifting tN by 8, filling least -# significant byte with byte load and finally bswap-ing at the end, -# but such partial register load kills Core 2... -sub enccompactvert() -{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - movzb `&lo("$s0")`,$t0 - movzb `&lo("$s1")`,$t1 - movzb `&lo("$s2")`,$t2 - movzb `&lo("$s3")`,$t3 - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - shr \$16,$s2 - movzb `&hi("$s3")`,$acc2 - movzb ($sbox,$t0,1),$t0 - movzb ($sbox,$t1,1),$t1 - movzb ($sbox,$t2,1),$t2 - movzb ($sbox,$t3,1),$t3 - - movzb ($sbox,$acc0,1),$t4 #$t0 - movzb `&hi("$s0")`,$acc0 - movzb ($sbox,$acc1,1),$t5 #$t1 - movzb `&lo("$s2")`,$acc1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - - shl \$8,$t4 - shr \$16,$s3 - shl \$8,$t5 - xor $t4,$t0 - shr \$16,$s0 - movzb `&lo("$s3")`,$t4 - shr \$16,$s1 - xor $t5,$t1 - shl \$8,$acc2 - movzb `&lo("$s0")`,$t5 - movzb ($sbox,$acc1,1),$acc1 #$t0 - xor $acc2,$t2 - - shl \$8,$acc0 - movzb `&lo("$s1")`,$acc2 - shl \$16,$acc1 - xor $acc0,$t3 - movzb ($sbox,$t4,1),$t4 #$t1 - movzb `&hi("$s3")`,$acc0 - movzb ($sbox,$t5,1),$t5 #$t2 - xor $acc1,$t0 - - shr \$8,$s2 - movzb `&hi("$s0")`,$acc1 - shl \$16,$t4 - shr \$8,$s1 - shl \$16,$t5 - xor $t4,$t1 - movzb ($sbox,$acc2,1),$acc2 #$t3 - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$acc1 #$t1 - movzb ($sbox,$s2,1),$s3 #$t3 - movzb ($sbox,$s1,1),$s2 #$t2 - - shl \$16,$acc2 - xor $t5,$t2 - shl \$24,$acc0 - xor $acc2,$t3 - shl \$24,$acc1 - xor $acc0,$t0 - shl \$24,$s3 - xor $acc1,$t1 - shl \$24,$s2 - mov $t0,$s0 - mov $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub enctransform_ref() -{ my $sn = shift; - my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - mov $sn,$acc - and \$0x80808080,$acc - mov $acc,$tmp - shr \$7,$tmp - lea ($sn,$sn),$r2 - sub $tmp,$acc - and \$0xfefefefe,$r2 - and \$0x1b1b1b1b,$acc - mov $sn,$tmp - xor $acc,$r2 - - xor $r2,$sn - rol \$24,$sn - xor $r2,$sn - ror \$16,$tmp - xor $tmp,$sn - ror \$8,$tmp - xor $tmp,$sn -___ -} - -# unlike decrypt case it does not pay off to parallelize enctransform -sub enctransform() -{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d"); - -$code.=<<___; - mov \$0x80808080,$t0 - mov \$0x80808080,$t1 - and $s0,$t0 - and $s1,$t1 - mov $t0,$acc0 - mov $t1,$acc1 - shr \$7,$t0 - lea ($s0,$s0),$r20 - shr \$7,$t1 - lea ($s1,$s1),$r21 - sub $t0,$acc0 - sub $t1,$acc1 - and \$0xfefefefe,$r20 - and \$0xfefefefe,$r21 - and \$0x1b1b1b1b,$acc0 - and \$0x1b1b1b1b,$acc1 - mov $s0,$t0 - mov $s1,$t1 - xor $acc0,$r20 - xor $acc1,$r21 - - xor $r20,$s0 - xor $r21,$s1 - mov \$0x80808080,$t2 - rol \$24,$s0 - mov \$0x80808080,$t3 - rol \$24,$s1 - and $s2,$t2 - and $s3,$t3 - xor $r20,$s0 - xor $r21,$s1 - mov $t2,$acc0 - ror \$16,$t0 - mov $t3,$acc1 - ror \$16,$t1 - lea ($s2,$s2),$r20 - shr \$7,$t2 - xor $t0,$s0 - shr \$7,$t3 - xor $t1,$s1 - ror \$8,$t0 - lea ($s3,$s3),$r21 - ror \$8,$t1 - sub $t2,$acc0 - sub $t3,$acc1 - xor $t0,$s0 - xor $t1,$s1 - - and \$0xfefefefe,$r20 - and \$0xfefefefe,$r21 - and \$0x1b1b1b1b,$acc0 - and \$0x1b1b1b1b,$acc1 - mov $s2,$t2 - mov $s3,$t3 - xor $acc0,$r20 - xor $acc1,$r21 - - ror \$16,$t2 - xor $r20,$s2 - ror \$16,$t3 - xor $r21,$s3 - rol \$24,$s2 - mov 0($sbox),$acc0 # prefetch Te4 - rol \$24,$s3 - xor $r20,$s2 - mov 64($sbox),$acc1 - xor $r21,$s3 - mov 128($sbox),$r20 - xor $t2,$s2 - ror \$8,$t2 - xor $t3,$s3 - ror \$8,$t3 - xor $t2,$s2 - mov 192($sbox),$r21 - xor $t3,$s3 -___ -} - -$code.=<<___; -.type _x86_64_AES_encrypt_compact,\@abi-omnipotent -.align 16 -_x86_64_AES_encrypt_compact: -.cfi_startproc - lea 128($sbox),$inp # size optimization - mov 0-128($inp),$acc1 # prefetch Te4 - mov 32-128($inp),$acc2 - mov 64-128($inp),$t0 - mov 96-128($inp),$t1 - mov 128-128($inp),$acc1 - mov 160-128($inp),$acc2 - mov 192-128($inp),$t0 - mov 224-128($inp),$t1 - jmp .Lenc_loop_compact -.align 16 -.Lenc_loop_compact: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - lea 16($key),$key -___ - &enccompactvert(); -$code.=<<___; - cmp 16(%rsp),$key - je .Lenc_compact_done -___ - &enctransform(); -$code.=<<___; - jmp .Lenc_loop_compact -.align 16 -.Lenc_compact_done: - xor 0($key),$s0 - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact -___ - -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); -$code.=<<___; -.globl AES_encrypt -.type AES_encrypt,\@function,3 -.align 16 -.globl asm_AES_encrypt -.hidden asm_AES_encrypt -asm_AES_encrypt: -AES_encrypt: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - # allocate frame "above" key schedule - lea -63(%rdx),%rcx # %rdx is key argument - and \$-64,%rsp - sub %rsp,%rcx - neg %rcx - and \$0x3c0,%rcx - sub %rcx,%rsp - sub \$32,%rsp - - mov %rsi,16(%rsp) # save out - mov %rax,24(%rsp) # save original stack pointer -.cfi_cfa_expression %rsp+24,deref,+8 -.Lenc_prologue: - - mov %rdx,$key - mov 240($key),$rnds # load rounds - - mov 0(%rdi),$s0 # load input vector - mov 4(%rdi),$s1 - mov 8(%rdi),$s2 - mov 12(%rdi),$s3 - - shl \$4,$rnds - lea ($key,$rnds),%rbp - mov $key,(%rsp) # key schedule - mov %rbp,8(%rsp) # end of key schedule - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - lea .LAES_Te+2048(%rip),$sbox - lea 768(%rsp),%rbp - sub $sbox,%rbp - and \$0x300,%rbp - lea ($sbox,%rbp),$sbox - - call _x86_64_AES_encrypt_compact - - mov 16(%rsp),$out # restore out - mov 24(%rsp),%rsi # restore saved stack pointer -.cfi_def_cfa %rsi,8 - mov $s0,0($out) # write output vector - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lenc_epilogue: - ret -.cfi_endproc -.size AES_encrypt,.-AES_encrypt -___ - -#------------------------------------------------------------------# - -sub decvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - # favor 3-way issue Opteron pipeline... - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - mov 0($sbox,$acc0,8),$t0 - mov 0($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - movzb `&lo("$s3")`,$acc2 - xor 3($sbox,$acc0,8),$t0 - xor 3($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t3 - - movzb `&hi("$s1")`,$acc0 - shr \$16,$s0 - movzb `&hi("$s2")`,$acc2 - xor 3($sbox,$acc0,8),$t2 - shr \$16,$s3 - xor 3($sbox,$acc2,8),$t3 - - shr \$16,$s1 - lea 16($key),$key - shr \$16,$s2 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - xor 2($sbox,$acc0,8),$t0 - xor 2($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t2 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - movzb `&lo("$s1")`,$acc2 - xor 1($sbox,$acc0,8),$t0 - xor 1($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t3 - - movzb `&hi("$s3")`,$acc0 - mov 12($key),$s3 - movzb `&hi("$s0")`,$acc2 - xor 1($sbox,$acc0,8),$t2 - mov 0($key),$s0 - xor 1($sbox,$acc2,8),$t3 - - xor $t0,$s0 - mov 4($key),$s1 - mov 8($key),$s2 - xor $t2,$s2 - xor $t1,$s1 - xor $t3,$s3 -___ -} - -sub declastvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - lea 2048($sbox),$sbox # size optimization - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - movzb ($sbox,$acc0,1),$t0 - movzb ($sbox,$acc1,1),$t1 - movzb ($sbox,$acc2,1),$t2 - - movzb `&lo("$s3")`,$acc0 - movzb `&hi("$s3")`,$acc1 - movzb `&hi("$s0")`,$acc2 - movzb ($sbox,$acc0,1),$t3 - movzb ($sbox,$acc1,1),$acc1 #$t0 - movzb ($sbox,$acc2,1),$acc2 #$t1 - - shl \$8,$acc1 - shl \$8,$acc2 - - xor $acc1,$t0 - xor $acc2,$t1 - shr \$16,$s3 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - shr \$16,$s0 - movzb ($sbox,$acc0,1),$acc0 #$t2 - movzb ($sbox,$acc1,1),$acc1 #$t3 - - shl \$8,$acc0 - shl \$8,$acc1 - shr \$16,$s1 - xor $acc0,$t2 - xor $acc1,$t3 - shr \$16,$s2 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$acc1 #$t1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - - shl \$16,$acc0 - shl \$16,$acc1 - shl \$16,$acc2 - - xor $acc0,$t0 - xor $acc1,$t1 - xor $acc2,$t2 - - movzb `&lo("$s1")`,$acc0 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - movzb ($sbox,$acc1,1),$acc1 #$t0 - movzb ($sbox,$acc2,1),$acc2 #$t1 - - shl \$16,$acc0 - shl \$24,$acc1 - shl \$24,$acc2 - - xor $acc0,$t3 - xor $acc1,$t0 - xor $acc2,$t1 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - mov 16+12($key),$s3 - movzb ($sbox,$acc0,1),$acc0 #$t2 - movzb ($sbox,$acc1,1),$acc1 #$t3 - mov 16+0($key),$s0 - - shl \$24,$acc0 - shl \$24,$acc1 - - xor $acc0,$t2 - xor $acc1,$t3 - - mov 16+4($key),$s1 - mov 16+8($key),$s2 - lea -2048($sbox),$sbox - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub decstep() -{ my ($i,@s) = @_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - $code.=" mov $s[0],$out\n" if ($i!=3); - $tmp1=$s[2] if ($i==3); - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" and \$0xFF,$out\n"; - - $code.=" mov 0($sbox,$out,8),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $tmp2=$s[3] if ($i==3); - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $tmp0=$s[1] if ($i==3); - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" and \$0xFF,$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" xor 3($sbox,$tmp0,8),$out\n"; - $code.=" xor 2($sbox,$tmp1,8),$out\n"; - $code.=" xor 1($sbox,$tmp2,8),$out\n"; - - $code.=" mov $t2,$s[1]\n" if ($i==3); - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" mov $t0,$s[3]\n" if ($i==3); - $code.="\n"; -} - -sub declast() -{ my ($i,@s)=@_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - $code.=" mov $s[0],$out\n" if ($i!=3); - $tmp1=$s[2] if ($i==3); - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" and \$0xFF,$out\n"; - - $code.=" movzb 2048($sbox,$out,1),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $tmp2=$s[3] if ($i==3); - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $tmp0=$s[1] if ($i==3); - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" and \$0xFF,$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n"; - $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n"; - $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n"; - - $code.=" shl \$8,$tmp0\n"; - $code.=" shl \$16,$tmp1\n"; - $code.=" shl \$24,$tmp2\n"; - - $code.=" xor $tmp0,$out\n"; - $code.=" mov $t2,$s[1]\n" if ($i==3); - $code.=" xor $tmp1,$out\n"; - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" xor $tmp2,$out\n"; - $code.=" mov $t0,$s[3]\n" if ($i==3); - $code.="\n"; -} - -$code.=<<___; -.type _x86_64_AES_decrypt,\@abi-omnipotent -.align 16 -_x86_64_AES_decrypt: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - - mov 240($key),$rnds # load key->rounds - sub \$1,$rnds - jmp .Ldec_loop -.align 16 -.Ldec_loop: -___ - if ($verticalspin) { &decvert(); } - else { &decstep(0,$s0,$s3,$s2,$s1); - &decstep(1,$s1,$s0,$s3,$s2); - &decstep(2,$s2,$s1,$s0,$s3); - &decstep(3,$s3,$s2,$s1,$s0); - $code.=<<___; - lea 16($key),$key - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 -___ - } -$code.=<<___; - sub \$1,$rnds - jnz .Ldec_loop -___ - if ($verticalspin) { &declastvert(); } - else { &declast(0,$s0,$s3,$s2,$s1); - &declast(1,$s1,$s0,$s3,$s2); - &declast(2,$s2,$s1,$s0,$s3); - &declast(3,$s3,$s2,$s1,$s0); - $code.=<<___; - xor 16+0($key),$s0 # xor with key - xor 16+4($key),$s1 - xor 16+8($key),$s2 - xor 16+12($key),$s3 -___ - } -$code.=<<___; - .byte 0xf3,0xc3 # rep ret -.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt -___ - -sub deccompactvert() -{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - movzb `&lo("$s0")`,$t0 - movzb `&lo("$s1")`,$t1 - movzb `&lo("$s2")`,$t2 - movzb `&lo("$s3")`,$t3 - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - shr \$16,$s3 - movzb `&hi("$s1")`,$acc2 - movzb ($sbox,$t0,1),$t0 - movzb ($sbox,$t1,1),$t1 - movzb ($sbox,$t2,1),$t2 - movzb ($sbox,$t3,1),$t3 - - movzb ($sbox,$acc0,1),$t4 #$t0 - movzb `&hi("$s2")`,$acc0 - movzb ($sbox,$acc1,1),$t5 #$t1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - - shr \$16,$s2 - shl \$8,$t5 - shl \$8,$t4 - movzb `&lo("$s2")`,$acc1 - shr \$16,$s0 - xor $t4,$t0 - shr \$16,$s1 - movzb `&lo("$s3")`,$t4 - - shl \$8,$acc2 - xor $t5,$t1 - shl \$8,$acc0 - movzb `&lo("$s0")`,$t5 - movzb ($sbox,$acc1,1),$acc1 #$t0 - xor $acc2,$t2 - movzb `&lo("$s1")`,$acc2 - - shl \$16,$acc1 - xor $acc0,$t3 - movzb ($sbox,$t4,1),$t4 #$t1 - movzb `&hi("$s1")`,$acc0 - movzb ($sbox,$acc2,1),$acc2 #$t3 - xor $acc1,$t0 - movzb ($sbox,$t5,1),$t5 #$t2 - movzb `&hi("$s2")`,$acc1 - - shl \$16,$acc2 - shl \$16,$t4 - shl \$16,$t5 - xor $acc2,$t3 - movzb `&hi("$s3")`,$acc2 - xor $t4,$t1 - shr \$8,$s0 - xor $t5,$t2 - - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$s1 #$t1 - movzb ($sbox,$acc2,1),$s2 #$t2 - movzb ($sbox,$s0,1),$s3 #$t3 - - mov $t0,$s0 - shl \$24,$acc0 - shl \$24,$s1 - shl \$24,$s2 - xor $acc0,$s0 - shl \$24,$s3 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -# parallelized version! input is pair of 64-bit values: %rax=s1.s0 -# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1, -# %ecx=s2 and %edx=s3. -sub dectransform() -{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx"); - my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx"); - my $prefetch = shift; - -$code.=<<___; - mov $mask80,$tp40 - mov $mask80,$tp48 - and $tp10,$tp40 - and $tp18,$tp48 - mov $tp40,$acc0 - mov $tp48,$acc8 - shr \$7,$tp40 - lea ($tp10,$tp10),$tp20 - shr \$7,$tp48 - lea ($tp18,$tp18),$tp28 - sub $tp40,$acc0 - sub $tp48,$acc8 - and $maskfe,$tp20 - and $maskfe,$tp28 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp20 - xor $acc8,$tp28 - mov $mask80,$tp80 - mov $mask80,$tp88 - - and $tp20,$tp80 - and $tp28,$tp88 - mov $tp80,$acc0 - mov $tp88,$acc8 - shr \$7,$tp80 - lea ($tp20,$tp20),$tp40 - shr \$7,$tp88 - lea ($tp28,$tp28),$tp48 - sub $tp80,$acc0 - sub $tp88,$acc8 - and $maskfe,$tp40 - and $maskfe,$tp48 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp40 - xor $acc8,$tp48 - mov $mask80,$tp80 - mov $mask80,$tp88 - - and $tp40,$tp80 - and $tp48,$tp88 - mov $tp80,$acc0 - mov $tp88,$acc8 - shr \$7,$tp80 - xor $tp10,$tp20 # tp2^=tp1 - shr \$7,$tp88 - xor $tp18,$tp28 # tp2^=tp1 - sub $tp80,$acc0 - sub $tp88,$acc8 - lea ($tp40,$tp40),$tp80 - lea ($tp48,$tp48),$tp88 - xor $tp10,$tp40 # tp4^=tp1 - xor $tp18,$tp48 # tp4^=tp1 - and $maskfe,$tp80 - and $maskfe,$tp88 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp80 - xor $acc8,$tp88 - - xor $tp80,$tp10 # tp1^=tp8 - xor $tp88,$tp18 # tp1^=tp8 - xor $tp80,$tp20 # tp2^tp1^=tp8 - xor $tp88,$tp28 # tp2^tp1^=tp8 - mov $tp10,$acc0 - mov $tp18,$acc8 - xor $tp80,$tp40 # tp4^tp1^=tp8 - shr \$32,$acc0 - xor $tp88,$tp48 # tp4^tp1^=tp8 - shr \$32,$acc8 - xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1 - rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8) - xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1 - rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8) - xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 - rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8) - xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 - - rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8) - xor `&LO("$tp80")`,`&LO("$tp10")` - shr \$32,$tp80 - xor `&LO("$tp88")`,`&LO("$tp18")` - shr \$32,$tp88 - xor `&LO("$tp80")`,`&LO("$acc0")` - xor `&LO("$tp88")`,`&LO("$acc8")` - - mov $tp20,$tp80 - rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24) - mov $tp28,$tp88 - rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24) - shr \$32,$tp80 - xor `&LO("$tp20")`,`&LO("$tp10")` - shr \$32,$tp88 - xor `&LO("$tp28")`,`&LO("$tp18")` - rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24) - mov $tp40,$tp20 - rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24) - mov $tp48,$tp28 - shr \$32,$tp20 - xor `&LO("$tp80")`,`&LO("$acc0")` - shr \$32,$tp28 - xor `&LO("$tp88")`,`&LO("$acc8")` - - `"mov 0($sbox),$mask80" if ($prefetch)` - rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16) - `"mov 64($sbox),$maskfe" if ($prefetch)` - rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16) - `"mov 128($sbox),$mask1b" if ($prefetch)` - rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16) - `"mov 192($sbox),$tp80" if ($prefetch)` - xor `&LO("$tp40")`,`&LO("$tp10")` - rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16) - xor `&LO("$tp48")`,`&LO("$tp18")` - `"mov 256($sbox),$tp88" if ($prefetch)` - xor `&LO("$tp20")`,`&LO("$acc0")` - xor `&LO("$tp28")`,`&LO("$acc8")` -___ -} - -$code.=<<___; -.type _x86_64_AES_decrypt_compact,\@abi-omnipotent -.align 16 -_x86_64_AES_decrypt_compact: -.cfi_startproc - lea 128($sbox),$inp # size optimization - mov 0-128($inp),$acc1 # prefetch Td4 - mov 32-128($inp),$acc2 - mov 64-128($inp),$t0 - mov 96-128($inp),$t1 - mov 128-128($inp),$acc1 - mov 160-128($inp),$acc2 - mov 192-128($inp),$t0 - mov 224-128($inp),$t1 - jmp .Ldec_loop_compact - -.align 16 -.Ldec_loop_compact: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - lea 16($key),$key -___ - &deccompactvert(); -$code.=<<___; - cmp 16(%rsp),$key - je .Ldec_compact_done - - mov 256+0($sbox),$mask80 - shl \$32,%rbx - shl \$32,%rdx - mov 256+8($sbox),$maskfe - or %rbx,%rax - or %rdx,%rcx - mov 256+16($sbox),$mask1b -___ - &dectransform(1); -$code.=<<___; - jmp .Ldec_loop_compact -.align 16 -.Ldec_compact_done: - xor 0($key),$s0 - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact -___ - -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -$code.=<<___; -.globl AES_decrypt -.type AES_decrypt,\@function,3 -.align 16 -.globl asm_AES_decrypt -.hidden asm_AES_decrypt -asm_AES_decrypt: -AES_decrypt: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - # allocate frame "above" key schedule - lea -63(%rdx),%rcx # %rdx is key argument - and \$-64,%rsp - sub %rsp,%rcx - neg %rcx - and \$0x3c0,%rcx - sub %rcx,%rsp - sub \$32,%rsp - - mov %rsi,16(%rsp) # save out - mov %rax,24(%rsp) # save original stack pointer -.cfi_cfa_expression %rsp+24,deref,+8 -.Ldec_prologue: - - mov %rdx,$key - mov 240($key),$rnds # load rounds - - mov 0(%rdi),$s0 # load input vector - mov 4(%rdi),$s1 - mov 8(%rdi),$s2 - mov 12(%rdi),$s3 - - shl \$4,$rnds - lea ($key,$rnds),%rbp - mov $key,(%rsp) # key schedule - mov %rbp,8(%rsp) # end of key schedule - - # pick Td4 copy which can't "overlap" with stack frame or key schedule - lea .LAES_Td+2048(%rip),$sbox - lea 768(%rsp),%rbp - sub $sbox,%rbp - and \$0x300,%rbp - lea ($sbox,%rbp),$sbox - shr \$3,%rbp # recall "magic" constants! - add %rbp,$sbox - - call _x86_64_AES_decrypt_compact - - mov 16(%rsp),$out # restore out - mov 24(%rsp),%rsi # restore saved stack pointer -.cfi_def_cfa %rsi,8 - mov $s0,0($out) # write output vector - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Ldec_epilogue: - ret -.cfi_endproc -.size AES_decrypt,.-AES_decrypt -___ -#------------------------------------------------------------------# - -sub enckey() -{ -$code.=<<___; - movz %dl,%esi # rk[i]>>0 - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[i]>>8 - shl \$24,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shr \$16,%edx - movz %dl,%esi # rk[i]>>16 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[i]>>24 - shl \$8,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shl \$16,%ebx - xor %ebx,%eax - - xor 1024-128(%rbp,%rcx,4),%eax # rcon -___ -} - -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -$code.=<<___; -.globl AES_set_encrypt_key -.type AES_set_encrypt_key,\@function,3 -.align 16 -AES_set_encrypt_key: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 # redundant, but allows to share -.cfi_push %r12 - push %r13 # exception handler... -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$8,%rsp -.cfi_adjust_cfa_offset 8 -.Lenc_key_prologue: - - call _x86_64_AES_set_encrypt_key - - mov 40(%rsp),%rbp -.cfi_restore %rbp - mov 48(%rsp),%rbx -.cfi_restore %rbx - add \$56,%rsp -.cfi_adjust_cfa_offset -56 -.Lenc_key_epilogue: - ret -.cfi_endproc -.size AES_set_encrypt_key,.-AES_set_encrypt_key - -.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent -.align 16 -_x86_64_AES_set_encrypt_key: -.cfi_startproc - mov %esi,%ecx # %ecx=bits - mov %rdi,%rsi # %rsi=userKey - mov %rdx,%rdi # %rdi=key - - test \$-1,%rsi - jz .Lbadpointer - test \$-1,%rdi - jz .Lbadpointer - - lea .LAES_Te(%rip),%rbp - lea 2048+128(%rbp),%rbp - - # prefetch Te4 - mov 0-128(%rbp),%eax - mov 32-128(%rbp),%ebx - mov 64-128(%rbp),%r8d - mov 96-128(%rbp),%edx - mov 128-128(%rbp),%eax - mov 160-128(%rbp),%ebx - mov 192-128(%rbp),%r8d - mov 224-128(%rbp),%edx - - cmp \$128,%ecx - je .L10rounds - cmp \$192,%ecx - je .L12rounds - cmp \$256,%ecx - je .L14rounds - mov \$-2,%rax # invalid number of bits - jmp .Lexit - -.L10rounds: - mov 0(%rsi),%rax # copy first 4 dwords - mov 8(%rsi),%rdx - mov %rax,0(%rdi) - mov %rdx,8(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L10shortcut -.align 4 -.L10loop: - mov 0(%rdi),%eax # rk[0] - mov 12(%rdi),%edx # rk[3] -.L10shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,16(%rdi) # rk[4] - xor 4(%rdi),%eax - mov %eax,20(%rdi) # rk[5] - xor 8(%rdi),%eax - mov %eax,24(%rdi) # rk[6] - xor 12(%rdi),%eax - mov %eax,28(%rdi) # rk[7] - add \$1,%ecx - lea 16(%rdi),%rdi - cmp \$10,%ecx - jl .L10loop - - movl \$10,80(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.L12rounds: - mov 0(%rsi),%rax # copy first 6 dwords - mov 8(%rsi),%rbx - mov 16(%rsi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rdx,16(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L12shortcut -.align 4 -.L12loop: - mov 0(%rdi),%eax # rk[0] - mov 20(%rdi),%edx # rk[5] -.L12shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,24(%rdi) # rk[6] - xor 4(%rdi),%eax - mov %eax,28(%rdi) # rk[7] - xor 8(%rdi),%eax - mov %eax,32(%rdi) # rk[8] - xor 12(%rdi),%eax - mov %eax,36(%rdi) # rk[9] - - cmp \$7,%ecx - je .L12break - add \$1,%ecx - - xor 16(%rdi),%eax - mov %eax,40(%rdi) # rk[10] - xor 20(%rdi),%eax - mov %eax,44(%rdi) # rk[11] - - lea 24(%rdi),%rdi - jmp .L12loop -.L12break: - movl \$12,72(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.L14rounds: - mov 0(%rsi),%rax # copy first 8 dwords - mov 8(%rsi),%rbx - mov 16(%rsi),%rcx - mov 24(%rsi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rcx,16(%rdi) - mov %rdx,24(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L14shortcut -.align 4 -.L14loop: - mov 0(%rdi),%eax # rk[0] - mov 28(%rdi),%edx # rk[4] -.L14shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,32(%rdi) # rk[8] - xor 4(%rdi),%eax - mov %eax,36(%rdi) # rk[9] - xor 8(%rdi),%eax - mov %eax,40(%rdi) # rk[10] - xor 12(%rdi),%eax - mov %eax,44(%rdi) # rk[11] - - cmp \$6,%ecx - je .L14break - add \$1,%ecx - - mov %eax,%edx - mov 16(%rdi),%eax # rk[4] - movz %dl,%esi # rk[11]>>0 - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[11]>>8 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shr \$16,%edx - shl \$8,%ebx - movz %dl,%esi # rk[11]>>16 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[11]>>24 - shl \$16,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shl \$24,%ebx - xor %ebx,%eax - - mov %eax,48(%rdi) # rk[12] - xor 20(%rdi),%eax - mov %eax,52(%rdi) # rk[13] - xor 24(%rdi),%eax - mov %eax,56(%rdi) # rk[14] - xor 28(%rdi),%eax - mov %eax,60(%rdi) # rk[15] - - lea 32(%rdi),%rdi - jmp .L14loop -.L14break: - movl \$14,48(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.Lbadpointer: - mov \$-1,%rax -.Lexit: - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key -___ - -sub deckey_ref() -{ my ($i,$ptr,$te,$td) = @_; - my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d"); -$code.=<<___; - mov $i($ptr),$tp1 - mov $tp1,$acc - and \$0x80808080,$acc - mov $acc,$tp4 - shr \$7,$tp4 - lea 0($tp1,$tp1),$tp2 - sub $tp4,$acc - and \$0xfefefefe,$tp2 - and \$0x1b1b1b1b,$acc - xor $tp2,$acc - mov $acc,$tp2 - - and \$0x80808080,$acc - mov $acc,$tp8 - shr \$7,$tp8 - lea 0($tp2,$tp2),$tp4 - sub $tp8,$acc - and \$0xfefefefe,$tp4 - and \$0x1b1b1b1b,$acc - xor $tp1,$tp2 # tp2^tp1 - xor $tp4,$acc - mov $acc,$tp4 - - and \$0x80808080,$acc - mov $acc,$tp8 - shr \$7,$tp8 - sub $tp8,$acc - lea 0($tp4,$tp4),$tp8 - xor $tp1,$tp4 # tp4^tp1 - and \$0xfefefefe,$tp8 - and \$0x1b1b1b1b,$acc - xor $acc,$tp8 - - xor $tp8,$tp1 # tp1^tp8 - rol \$8,$tp1 # ROTATE(tp1^tp8,8) - xor $tp8,$tp2 # tp2^tp1^tp8 - xor $tp8,$tp4 # tp4^tp1^tp8 - xor $tp2,$tp8 - xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2 - - xor $tp8,$tp1 - rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24) - xor $tp2,$tp1 - rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16) - xor $tp4,$tp1 - - mov $tp1,$i($ptr) -___ -} - -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -$code.=<<___; -.globl AES_set_decrypt_key -.type AES_set_decrypt_key,\@function,3 -.align 16 -AES_set_decrypt_key: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - push %rdx # save key schedule -.cfi_adjust_cfa_offset 8 -.Ldec_key_prologue: - - call _x86_64_AES_set_encrypt_key - mov (%rsp),%r8 # restore key schedule - cmp \$0,%eax - jne .Labort - - mov 240(%r8),%r14d # pull number of rounds - xor %rdi,%rdi - lea (%rdi,%r14d,4),%rcx - mov %r8,%rsi - lea (%r8,%rcx,4),%rdi # pointer to last chunk -.align 4 -.Linvert: - mov 0(%rsi),%rax - mov 8(%rsi),%rbx - mov 0(%rdi),%rcx - mov 8(%rdi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rcx,0(%rsi) - mov %rdx,8(%rsi) - lea 16(%rsi),%rsi - lea -16(%rdi),%rdi - cmp %rsi,%rdi - jne .Linvert - - lea .LAES_Te+2048+1024(%rip),%rax # rcon - - mov 40(%rax),$mask80 - mov 48(%rax),$maskfe - mov 56(%rax),$mask1b - - mov %r8,$key - sub \$1,%r14d -.align 4 -.Lpermute: - lea 16($key),$key - mov 0($key),%rax - mov 8($key),%rcx -___ - &dectransform (); -$code.=<<___; - mov %eax,0($key) - mov %ebx,4($key) - mov %ecx,8($key) - mov %edx,12($key) - sub \$1,%r14d - jnz .Lpermute - - xor %rax,%rax -.Labort: - mov 8(%rsp),%r15 -.cfi_restore %r15 - mov 16(%rsp),%r14 -.cfi_restore %r14 - mov 24(%rsp),%r13 -.cfi_restore %r13 - mov 32(%rsp),%r12 -.cfi_restore %r12 - mov 40(%rsp),%rbp -.cfi_restore %rbp - mov 48(%rsp),%rbx -.cfi_restore %rbx - add \$56,%rsp -.cfi_adjust_cfa_offset -56 -.Ldec_key_epilogue: - ret -.cfi_endproc -.size AES_set_decrypt_key,.-AES_set_decrypt_key -___ - -# void AES_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -8(%rsp) return address -my $keyp="0(%rsp)"; # one to pass as $key -my $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds]) -my $_rsp="16(%rsp)"; # saved %rsp -my $_inp="24(%rsp)"; # copy of 1st parameter, inp -my $_out="32(%rsp)"; # copy of 2nd parameter, out -my $_len="40(%rsp)"; # copy of 3rd parameter, length -my $_key="48(%rsp)"; # copy of 4th parameter, key -my $_ivp="56(%rsp)"; # copy of 5th parameter, ivp -my $ivec="64(%rsp)"; # ivec[16] -my $aes_key="80(%rsp)"; # copy of aes_key -my $mark="80+240(%rsp)"; # copy of aes_key->rounds - -$code.=<<___; -.globl AES_cbc_encrypt -.type AES_cbc_encrypt,\@function,6 -.align 16 -.extern OPENSSL_ia32cap_P -.globl asm_AES_cbc_encrypt -.hidden asm_AES_cbc_encrypt -asm_AES_cbc_encrypt: -AES_cbc_encrypt: -.cfi_startproc - cmp \$0,%rdx # check length - je .Lcbc_epilogue - pushfq -# This could be .cfi_push 49, but libunwind fails on registers it does not -# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. -.cfi_adjust_cfa_offset 8 - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lcbc_prologue: - - cld - mov %r9d,%r9d # clear upper half of enc - - lea .LAES_Te(%rip),$sbox - lea .LAES_Td(%rip),%r10 - cmp \$0,%r9 - cmoveq %r10,$sbox - -.cfi_remember_state - mov OPENSSL_ia32cap_P(%rip),%r10d - cmp \$$speed_limit,%rdx - jb .Lcbc_slow_prologue - test \$15,%rdx - jnz .Lcbc_slow_prologue - bt \$28,%r10d - jc .Lcbc_slow_prologue - - # allocate aligned stack frame... - lea -88-248(%rsp),$key - and \$-64,$key - - # ... and make sure it doesn't alias with AES_T[ed] modulo 4096 - mov $sbox,%r10 - lea 2304($sbox),%r11 - mov $key,%r12 - and \$0xFFF,%r10 # s = $sbox&0xfff - and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff - and \$0xFFF,%r12 # p = %rsp&0xfff - - cmp %r11,%r12 # if (p=>e) %rsp =- (p-e); - jb .Lcbc_te_break_out - sub %r11,%r12 - sub %r12,$key - jmp .Lcbc_te_ok -.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz - sub %r10,%r12 - and \$0xFFF,%r12 - add \$320,%r12 - sub %r12,$key -.align 4 -.Lcbc_te_ok: - - xchg %rsp,$key -.cfi_def_cfa_register $key - #add \$8,%rsp # reserve for return address! - mov $key,$_rsp # save %rsp -.cfi_cfa_expression $_rsp,deref,+64 -.Lcbc_fast_body: - mov %rdi,$_inp # save copy of inp - mov %rsi,$_out # save copy of out - mov %rdx,$_len # save copy of len - mov %rcx,$_key # save copy of key - mov %r8,$_ivp # save copy of ivp - movl \$0,$mark # copy of aes_key->rounds = 0; - mov %r8,%rbp # rearrange input arguments - mov %r9,%rbx - mov %rsi,$out - mov %rdi,$inp - mov %rcx,$key - - mov 240($key),%eax # key->rounds - # do we copy key schedule to stack? - mov $key,%r10 - sub $sbox,%r10 - and \$0xfff,%r10 - cmp \$2304,%r10 - jb .Lcbc_do_ecopy - cmp \$4096-248,%r10 - jb .Lcbc_skip_ecopy -.align 4 -.Lcbc_do_ecopy: - mov $key,%rsi - lea $aes_key,%rdi - lea $aes_key,$key - mov \$240/8,%ecx - .long 0x90A548F3 # rep movsq - mov %eax,(%rdi) # copy aes_key->rounds -.Lcbc_skip_ecopy: - mov $key,$keyp # save key pointer - - mov \$18,%ecx -.align 4 -.Lcbc_prefetch_te: - mov 0($sbox),%r10 - mov 32($sbox),%r11 - mov 64($sbox),%r12 - mov 96($sbox),%r13 - lea 128($sbox),$sbox - sub \$1,%ecx - jnz .Lcbc_prefetch_te - lea -2304($sbox),$sbox - - cmp \$0,%rbx - je .LFAST_DECRYPT - -#----------------------------- ENCRYPT -----------------------------# - mov 0(%rbp),$s0 # load iv - mov 4(%rbp),$s1 - mov 8(%rbp),$s2 - mov 12(%rbp),$s3 - -.align 4 -.Lcbc_fast_enc_loop: - xor 0($inp),$s0 - xor 4($inp),$s1 - xor 8($inp),$s2 - xor 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_encrypt - - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 - mov $s0,0($out) - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - sub \$16,%r10 - test \$-16,%r10 - mov %r10,$_len - jnz .Lcbc_fast_enc_loop - mov $_ivp,%rbp # restore ivp - mov $s0,0(%rbp) # save ivec - mov $s1,4(%rbp) - mov $s2,8(%rbp) - mov $s3,12(%rbp) - - jmp .Lcbc_fast_cleanup - -#----------------------------- DECRYPT -----------------------------# -.align 16 -.LFAST_DECRYPT: - cmp $inp,$out - je .Lcbc_fast_dec_in_place - - mov %rbp,$ivec -.align 4 -.Lcbc_fast_dec_loop: - mov 0($inp),$s0 # read input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_decrypt - - mov $ivec,%rbp # load ivp - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 # load len - xor 0(%rbp),$s0 # xor iv - xor 4(%rbp),$s1 - xor 8(%rbp),$s2 - xor 12(%rbp),$s3 - mov $inp,%rbp # current input, next iv - - sub \$16,%r10 - mov %r10,$_len # update len - mov %rbp,$ivec # update ivp - - mov $s0,0($out) # write output - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - jnz .Lcbc_fast_dec_loop - mov $_ivp,%r12 # load user ivp - mov 0(%rbp),%r10 # load iv - mov 8(%rbp),%r11 - mov %r10,0(%r12) # copy back to user - mov %r11,8(%r12) - jmp .Lcbc_fast_cleanup - -.align 16 -.Lcbc_fast_dec_in_place: - mov 0(%rbp),%r10 # copy iv to stack - mov 8(%rbp),%r11 - mov %r10,0+$ivec - mov %r11,8+$ivec -.align 4 -.Lcbc_fast_dec_in_place_loop: - mov 0($inp),$s0 # load input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_decrypt - - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 - xor 0+$ivec,$s0 - xor 4+$ivec,$s1 - xor 8+$ivec,$s2 - xor 12+$ivec,$s3 - - mov 0($inp),%r11 # load input - mov 8($inp),%r12 - sub \$16,%r10 - jz .Lcbc_fast_dec_in_place_done - - mov %r11,0+$ivec # copy input to iv - mov %r12,8+$ivec - - mov $s0,0($out) # save output [zaps input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - mov %r10,$_len - jmp .Lcbc_fast_dec_in_place_loop -.Lcbc_fast_dec_in_place_done: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0($out) # save output [zaps input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - -.align 4 -.Lcbc_fast_cleanup: - cmpl \$0,$mark # was the key schedule copied? - lea $aes_key,%rdi - je .Lcbc_exit - mov \$240/8,%ecx - xor %rax,%rax - .long 0x90AB48F3 # rep stosq - - jmp .Lcbc_exit - -#--------------------------- SLOW ROUTINE ---------------------------# -.align 16 -.Lcbc_slow_prologue: -.cfi_restore_state - # allocate aligned stack frame... - lea -88(%rsp),%rbp - and \$-64,%rbp - # ... just "above" key schedule - lea -88-63(%rcx),%r10 - sub %rbp,%r10 - neg %r10 - and \$0x3c0,%r10 - sub %r10,%rbp - - xchg %rsp,%rbp -.cfi_def_cfa_register %rbp - #add \$8,%rsp # reserve for return address! - mov %rbp,$_rsp # save %rsp -.cfi_cfa_expression $_rsp,deref,+64 -.Lcbc_slow_body: - #mov %rdi,$_inp # save copy of inp - #mov %rsi,$_out # save copy of out - #mov %rdx,$_len # save copy of len - #mov %rcx,$_key # save copy of key - mov %r8,$_ivp # save copy of ivp - mov %r8,%rbp # rearrange input arguments - mov %r9,%rbx - mov %rsi,$out - mov %rdi,$inp - mov %rcx,$key - mov %rdx,%r10 - - mov 240($key),%eax - mov $key,$keyp # save key pointer - shl \$4,%eax - lea ($key,%rax),%rax - mov %rax,$keyend - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - lea 2048($sbox),$sbox - lea 768-8(%rsp),%rax - sub $sbox,%rax - and \$0x300,%rax - lea ($sbox,%rax),$sbox - - cmp \$0,%rbx - je .LSLOW_DECRYPT - -#--------------------------- SLOW ENCRYPT ---------------------------# - test \$-16,%r10 # check upon length - mov 0(%rbp),$s0 # load iv - mov 4(%rbp),$s1 - mov 8(%rbp),$s2 - mov 12(%rbp),$s3 - jz .Lcbc_slow_enc_tail # short input... - -.align 4 -.Lcbc_slow_enc_loop: - xor 0($inp),$s0 - xor 4($inp),$s1 - xor 8($inp),$s2 - xor 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # save inp - mov $out,$_out # save out - mov %r10,$_len # save len - - call _x86_64_AES_encrypt_compact - - mov $_inp,$inp # restore inp - mov $_out,$out # restore out - mov $_len,%r10 # restore len - mov $s0,0($out) - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - sub \$16,%r10 - test \$-16,%r10 - jnz .Lcbc_slow_enc_loop - test \$15,%r10 - jnz .Lcbc_slow_enc_tail - mov $_ivp,%rbp # restore ivp - mov $s0,0(%rbp) # save ivec - mov $s1,4(%rbp) - mov $s2,8(%rbp) - mov $s3,12(%rbp) - - jmp .Lcbc_exit - -.align 4 -.Lcbc_slow_enc_tail: - mov %rax,%r11 - mov %rcx,%r12 - mov %r10,%rcx - mov $inp,%rsi - mov $out,%rdi - .long 0x9066A4F3 # rep movsb - mov \$16,%rcx # zero tail - sub %r10,%rcx - xor %rax,%rax - .long 0x9066AAF3 # rep stosb - mov $out,$inp # this is not a mistake! - mov \$16,%r10 # len=16 - mov %r11,%rax - mov %r12,%rcx - jmp .Lcbc_slow_enc_loop # one more spin... -#--------------------------- SLOW DECRYPT ---------------------------# -.align 16 -.LSLOW_DECRYPT: - shr \$3,%rax - add %rax,$sbox # recall "magic" constants! - - mov 0(%rbp),%r11 # copy iv to stack - mov 8(%rbp),%r12 - mov %r11,0+$ivec - mov %r12,8+$ivec - -.align 4 -.Lcbc_slow_dec_loop: - mov 0($inp),$s0 # load input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # save inp - mov $out,$_out # save out - mov %r10,$_len # save len - - call _x86_64_AES_decrypt_compact - - mov $_inp,$inp # restore inp - mov $_out,$out # restore out - mov $_len,%r10 - xor 0+$ivec,$s0 - xor 4+$ivec,$s1 - xor 8+$ivec,$s2 - xor 12+$ivec,$s3 - - mov 0($inp),%r11 # load input - mov 8($inp),%r12 - sub \$16,%r10 - jc .Lcbc_slow_dec_partial - jz .Lcbc_slow_dec_done - - mov %r11,0+$ivec # copy input to iv - mov %r12,8+$ivec - - mov $s0,0($out) # save output [can zap input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - jmp .Lcbc_slow_dec_loop -.Lcbc_slow_dec_done: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0($out) # save output [can zap input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - jmp .Lcbc_exit - -.align 4 -.Lcbc_slow_dec_partial: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0+$ivec # save output to stack - mov $s1,4+$ivec - mov $s2,8+$ivec - mov $s3,12+$ivec - - mov $out,%rdi - lea $ivec,%rsi - lea 16(%r10),%rcx - .long 0x9066A4F3 # rep movsb - jmp .Lcbc_exit - -.align 16 -.Lcbc_exit: - mov $_rsp,%rsi -.cfi_def_cfa %rsi,64 - mov (%rsi),%r15 -.cfi_restore %r15 - mov 8(%rsi),%r14 -.cfi_restore %r14 - mov 16(%rsi),%r13 -.cfi_restore %r13 - mov 24(%rsi),%r12 -.cfi_restore %r12 - mov 32(%rsi),%rbp -.cfi_restore %rbp - mov 40(%rsi),%rbx -.cfi_restore %rbx - lea 48(%rsi),%rsp -.cfi_def_cfa %rsp,16 -.Lcbc_popfq: - popfq -# This could be .cfi_pop 49, but libunwind fails on registers it does not -# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. -.cfi_adjust_cfa_offset -8 -.Lcbc_epilogue: - ret -.cfi_endproc -.size AES_cbc_encrypt,.-AES_cbc_encrypt -___ -} - -$code.=<<___; -.align 64 -.LAES_Te: -___ - &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); - &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); - &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); - &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); - &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); - &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); - &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); - &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); - &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); - &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); - &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); - &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); - &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); - &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); - &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); - &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); - &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); - &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); - &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); - &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); - &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); - &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); - &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); - &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); - &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); - &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); - &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); - &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); - &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); - &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); - &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); - &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); - &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); - &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); - &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); - &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); - &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); - &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); - &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); - &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); - &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); - &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); - &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); - &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); - &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); - &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); - &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); - &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); - &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); - &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); - &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); - &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); - &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); - &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); - &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); - &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); - &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); - &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); - &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); - &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); - &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); - &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); - &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); - &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); - -#Te4 # four copies of Te4 to choose from to avoid L1 aliasing - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); -#rcon: -$code.=<<___; - .long 0x00000001, 0x00000002, 0x00000004, 0x00000008 - .long 0x00000010, 0x00000020, 0x00000040, 0x00000080 - .long 0x0000001b, 0x00000036, 0x80808080, 0x80808080 - .long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b -___ -$code.=<<___; -.align 64 -.LAES_Td: -___ - &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); - &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); - &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); - &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); - &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); - &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); - &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); - &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); - &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); - &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); - &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); - &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); - &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); - &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); - &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); - &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); - &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); - &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); - &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); - &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); - &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); - &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); - &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); - &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); - &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); - &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); - &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); - &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); - &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); - &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); - &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); - &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); - &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); - &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); - &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); - &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); - &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); - &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); - &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); - &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); - &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); - &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); - &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); - &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); - &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); - &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); - &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); - &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); - &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); - &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); - &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); - &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); - &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); - &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); - &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); - &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); - &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); - &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); - &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); - &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); - &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); - &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); - &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); - &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); - -#Td4: # four copies of Td4 to choose from to avoid L1 aliasing - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -.asciz "AES for x86_64, CRYPTOGAMS by " -.align 64 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type block_se_handler,\@abi-omnipotent -.align 16 -block_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_block_prologue - - mov 24(%rax),%rax # pull saved real stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_block_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size block_se_handler,.-block_se_handler - -.type key_se_handler,\@abi-omnipotent -.align 16 -key_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_key_prologue - - lea 56(%rax),%rax - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_key_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size key_se_handler,.-key_se_handler - -.type cbc_se_handler,\@abi-omnipotent -.align 16 -cbc_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lcbc_prologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_prologue - jb .Lin_cbc_prologue - - lea .Lcbc_fast_body(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_fast_body - jb .Lin_cbc_frame_setup - - lea .Lcbc_slow_prologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_slow_prologue - jb .Lin_cbc_body - - lea .Lcbc_slow_body(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_slow_body - jb .Lin_cbc_frame_setup - -.Lin_cbc_body: - mov 152($context),%rax # pull context->Rsp - - lea .Lcbc_epilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lcbc_epilogue - jae .Lin_cbc_prologue - - lea 8(%rax),%rax - - lea .Lcbc_popfq(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lcbc_popfq - jae .Lin_cbc_prologue - - mov `16-8`(%rax),%rax # biased $_rsp - lea 56(%rax),%rax - -.Lin_cbc_frame_setup: - mov -16(%rax),%rbx - mov -24(%rax),%rbp - mov -32(%rax),%r12 - mov -40(%rax),%r13 - mov -48(%rax),%r14 - mov -56(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_cbc_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - -.Lcommon_seh_exit: - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size cbc_se_handler,.-cbc_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_AES_encrypt - .rva .LSEH_end_AES_encrypt - .rva .LSEH_info_AES_encrypt - - .rva .LSEH_begin_AES_decrypt - .rva .LSEH_end_AES_decrypt - .rva .LSEH_info_AES_decrypt - - .rva .LSEH_begin_AES_set_encrypt_key - .rva .LSEH_end_AES_set_encrypt_key - .rva .LSEH_info_AES_set_encrypt_key - - .rva .LSEH_begin_AES_set_decrypt_key - .rva .LSEH_end_AES_set_decrypt_key - .rva .LSEH_info_AES_set_decrypt_key - - .rva .LSEH_begin_AES_cbc_encrypt - .rva .LSEH_end_AES_cbc_encrypt - .rva .LSEH_info_AES_cbc_encrypt - -.section .xdata -.align 8 -.LSEH_info_AES_encrypt: - .byte 9,0,0,0 - .rva block_se_handler - .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[] -.LSEH_info_AES_decrypt: - .byte 9,0,0,0 - .rva block_se_handler - .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] -.LSEH_info_AES_set_encrypt_key: - .byte 9,0,0,0 - .rva key_se_handler - .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] -.LSEH_info_AES_set_decrypt_key: - .byte 9,0,0,0 - .rva key_se_handler - .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] -.LSEH_info_AES_cbc_encrypt: - .byte 9,0,0,0 - .rva cbc_se_handler -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesfx-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesfx-sparcv9.pl index 9ddf0b4b0..1678c4f78 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesfx-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesfx-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1267,4 +1267,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-mb-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-mb-x86_64.pl index 1f356d2d3..a80cfdc13 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-mb-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1471,4 +1471,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; $code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha1-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha1-x86_64.pl index b01a4c55c..04fd13be5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -108,7 +108,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && `ml64 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); -$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); +$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); $shaext=1; ### set to zero if compiling for 1.0.1 @@ -133,6 +133,7 @@ $code.=<<___; .type aesni_cbc_sha1_enc,\@abi-omnipotent .align 32 aesni_cbc_sha1_enc: +.cfi_startproc # caller should check for SSSE3 and AES-NI bits mov OPENSSL_ia32cap_P+0(%rip),%r10d mov OPENSSL_ia32cap_P+4(%rip),%r11 @@ -151,6 +152,7 @@ ___ $code.=<<___; jmp aesni_cbc_sha1_enc_ssse3 ret +.cfi_endproc .size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc ___ @@ -840,6 +842,7 @@ $code.=<<___; .type aesni256_cbc_sha1_dec,\@abi-omnipotent .align 32 aesni256_cbc_sha1_dec: +.cfi_startproc # caller should check for SSSE3 and AES-NI bits mov OPENSSL_ia32cap_P+0(%rip),%r10d mov OPENSSL_ia32cap_P+4(%rip),%r11d @@ -854,6 +857,7 @@ ___ $code.=<<___; jmp aesni256_cbc_sha1_dec_ssse3 ret +.cfi_endproc .size aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec .type aesni256_cbc_sha1_dec_ssse3,\@function,6 @@ -1760,6 +1764,7 @@ $code.=<<___; .type aesni_cbc_sha1_enc_shaext,\@function,6 .align 32 aesni_cbc_sha1_enc_shaext: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument ___ $code.=<<___ if ($win64); @@ -1911,6 +1916,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext ___ }}} @@ -2137,4 +2143,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha256-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha256-x86_64.pl index ef4602371..ff9b18507 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -123,6 +123,7 @@ $code=<<___; .type $func,\@abi-omnipotent .align 16 $func: +.cfi_startproc ___ if ($avx) { $code.=<<___; @@ -162,6 +163,7 @@ $code.=<<___; ud2 .Lprobe: ret +.cfi_endproc .size $func,.-$func .align 64 @@ -1084,7 +1086,23 @@ $code.=<<___; vmovdqa $t0,0x00(%rsp) xor $a1,$a1 vmovdqa $t1,0x20(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rsi as frame pointer + mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rsi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; mov $B,$a3 vmovdqa $t2,0x00(%rsp) xor $C,$a3 # magic @@ -1106,7 +1124,17 @@ my @X = @_; my @insns = (&$body,&$body,&$body,&$body); # 96 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%2)==0); + if (($j%2)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } foreach (Xupdate_256_AVX()) { # 29 instructions eval; eval(shift(@insns)); @@ -1232,26 +1260,28 @@ $code.=<<___; jbe .Loop_avx2 lea (%rsp),$Tbl +# temporarily use $Tbl as index to $_rsp +# this avoids the need to save a secondary frame pointer at -8(%rsp) +.cfi_cfa_expression $Tbl+`16*$SZ+7*8`,deref,+8 .Ldone_avx2: - lea ($Tbl),%rsp - mov $_ivp,$ivp - mov $_rsp,%rsi + mov 16*$SZ+4*8($Tbl),$ivp + mov 16*$SZ+7*8($Tbl),%rsi .cfi_def_cfa %rsi,8 vmovdqu $iv,($ivp) # output IV vzeroall ___ $code.=<<___ if ($win64); - movaps `$framesz+16*0`(%rsp),%xmm6 - movaps `$framesz+16*1`(%rsp),%xmm7 - movaps `$framesz+16*2`(%rsp),%xmm8 - movaps `$framesz+16*3`(%rsp),%xmm9 - movaps `$framesz+16*4`(%rsp),%xmm10 - movaps `$framesz+16*5`(%rsp),%xmm11 - movaps `$framesz+16*6`(%rsp),%xmm12 - movaps `$framesz+16*7`(%rsp),%xmm13 - movaps `$framesz+16*8`(%rsp),%xmm14 - movaps `$framesz+16*9`(%rsp),%xmm15 + movaps `$framesz+16*0`($Tbl),%xmm6 + movaps `$framesz+16*1`($Tbl),%xmm7 + movaps `$framesz+16*2`($Tbl),%xmm8 + movaps `$framesz+16*3`($Tbl),%xmm9 + movaps `$framesz+16*4`($Tbl),%xmm10 + movaps `$framesz+16*5`($Tbl),%xmm11 + movaps `$framesz+16*6`($Tbl),%xmm12 + movaps `$framesz+16*7`($Tbl),%xmm13 + movaps `$framesz+16*8`($Tbl),%xmm14 + movaps `$framesz+16*9`($Tbl),%xmm15 ___ $code.=<<___; mov -48(%rsi),%r15 @@ -1339,6 +1369,7 @@ $code.=<<___; .type ${func}_shaext,\@function,6 .align 32 ${func}_shaext: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument ___ $code.=<<___ if ($win64); @@ -1555,6 +1586,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size ${func}_shaext,.-${func}_shaext ___ } @@ -1767,4 +1799,4 @@ sub rex { $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86.pl index b351fca28..fe2b26542 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -3412,4 +3412,4 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86_64.pl index b68c14da6..f8c2e2393 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/aesni-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,7 @@ # nothing one can do and the result appears optimal. CCM result is # identical to CBC, because CBC-MAC is essentially CBC encrypt without # saving output. CCM CTR "stays invisible," because it's neatly -# interleaved wih CBC-MAC. This provides ~30% improvement over +# interleaved with CBC-MAC. This provides ~30% improvement over # "straightforward" CCM implementation with CTR and CBC-MAC performed # disjointly. Parallelizable modes practically achieve the theoretical # limit. @@ -984,6 +984,7 @@ $code.=<<___; .type aesni_ccm64_encrypt_blocks,\@function,6 .align 16 aesni_ccm64_encrypt_blocks: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp @@ -1066,6 +1067,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks ___ ###################################################################### @@ -1074,6 +1076,7 @@ $code.=<<___; .type aesni_ccm64_decrypt_blocks,\@function,6 .align 16 aesni_ccm64_decrypt_blocks: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp @@ -1173,6 +1176,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks ___ } @@ -2339,7 +2343,7 @@ $code.=<<___; movdqu `16*0`($inp),$inout0 # load input movdqa $rndkey0,$twmask movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 # intput^=tweak^round[0] + pxor @tweak[0],$inout0 # input^=tweak^round[0] movdqu `16*2`($inp),$inout2 pxor @tweak[1],$inout1 aesdec $rndkey1,$inout0 @@ -3031,6 +3035,7 @@ $code.=<<___; .type __ocb_encrypt6,\@abi-omnipotent .align 32 __ocb_encrypt6: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3128,11 +3133,13 @@ __ocb_encrypt6: aesenclast @offset[4],$inout4 aesenclast @offset[5],$inout5 ret +.cfi_endproc .size __ocb_encrypt6,.-__ocb_encrypt6 .type __ocb_encrypt4,\@abi-omnipotent .align 32 __ocb_encrypt4: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3197,11 +3204,13 @@ __ocb_encrypt4: aesenclast @offset[2],$inout2 aesenclast @offset[3],$inout3 ret +.cfi_endproc .size __ocb_encrypt4,.-__ocb_encrypt4 .type __ocb_encrypt1,\@abi-omnipotent .align 32 __ocb_encrypt1: +.cfi_startproc pxor @offset[5],$inout5 # offset_i pxor $rndkey0l,$inout5 # offset_i ^ round[0] pxor $inout0,$checksum # accumulate checksum @@ -3232,6 +3241,7 @@ __ocb_encrypt1: aesenclast $inout5,$inout0 ret +.cfi_endproc .size __ocb_encrypt1,.-__ocb_encrypt1 .globl aesni_ocb_decrypt @@ -3513,6 +3523,7 @@ $code.=<<___; .type __ocb_decrypt6,\@abi-omnipotent .align 32 __ocb_decrypt6: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3604,11 +3615,13 @@ __ocb_decrypt6: aesdeclast @offset[4],$inout4 aesdeclast @offset[5],$inout5 ret +.cfi_endproc .size __ocb_decrypt6,.-__ocb_decrypt6 .type __ocb_decrypt4,\@abi-omnipotent .align 32 __ocb_decrypt4: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3669,11 +3682,13 @@ __ocb_decrypt4: aesdeclast @offset[2],$inout2 aesdeclast @offset[3],$inout3 ret +.cfi_endproc .size __ocb_decrypt4,.-__ocb_decrypt4 .type __ocb_decrypt1,\@abi-omnipotent .align 32 __ocb_decrypt1: +.cfi_startproc pxor @offset[5],$inout5 # offset_i pxor $rndkey0l,$inout5 # offset_i ^ round[0] pxor $inout5,$inout0 # input ^ round[0] ^ offset_i @@ -3703,6 +3718,7 @@ __ocb_decrypt1: aesdeclast $inout5,$inout0 ret +.cfi_endproc .size __ocb_decrypt1,.-__ocb_decrypt1 ___ } }} @@ -4637,7 +4653,6 @@ __aesni_set_encrypt_key: add \$8,%rsp .cfi_adjust_cfa_offset -8 ret -.cfi_endproc .LSEH_end_set_encrypt_key: .align 16 @@ -4708,6 +4723,7 @@ __aesni_set_encrypt_key: shufps \$0b10101010,%xmm1,%xmm1 # critical path xorps %xmm1,%xmm2 ret +.cfi_endproc .size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key ___ @@ -4812,7 +4828,7 @@ ctr_xts_se_handler: mov 56($disp),%r11 # disp->HandlerData mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue lable + lea (%rsi,%r10),%r10 # prologue label cmp %r10,%rbx # context->RipHandlerData mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue lable + lea (%rsi,%r10),%r10 # prologue label cmp %r10,%rbx # context->Rip5x size reduction -# from 12.5KB to 2.2KB; -# - above was possibile thanks to mixcolumns() modification that -# allowed to feed its output back to aesenc[last], this was -# achieved at cost of two additional inter-registers moves; -# - some instruction reordering and interleaving; -# - this module doesn't implement key setup subroutine, instead it -# relies on conversion of "conventional" key schedule as returned -# by AES_set_encrypt_key (see discussion below); -# - first and last round keys are treated differently, which allowed -# to skip one shiftrows(), reduce bit-sliced key schedule and -# speed-up conversion by 22%; -# - support for 192- and 256-bit keys was added; -# -# Resulting performance in CPU cycles spent to encrypt one byte out -# of 4096-byte buffer with 128-bit key is: -# -# Emilia's this(*) difference -# -# Core 2 9.30 8.69 +7% -# Nehalem(**) 7.63 6.88 +11% -# Atom 17.1 16.4 +4% -# Silvermont - 12.9 -# Goldmont - 8.85 -# -# (*) Comparison is not completely fair, because "this" is ECB, -# i.e. no extra processing such as counter values calculation -# and xor-ing input as in Emilia's CTR implementation is -# performed. However, the CTR calculations stand for not more -# than 1% of total time, so comparison is *rather* fair. -# -# (**) Results were collected on Westmere, which is considered to -# be equivalent to Nehalem for this code. -# -# As for key schedule conversion subroutine. Interface to OpenSSL -# relies on per-invocation on-the-fly conversion. This naturally -# has impact on performance, especially for short inputs. Conversion -# time in CPU cycles and its ratio to CPU cycles spent in 8x block -# function is: -# -# conversion conversion/8x block -# Core 2 240 0.22 -# Nehalem 180 0.20 -# Atom 430 0.20 -# -# The ratio values mean that 128-byte blocks will be processed -# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%, -# etc. Then keep in mind that input sizes not divisible by 128 are -# *effectively* slower, especially shortest ones, e.g. consecutive -# 144-byte blocks are processed 44% slower than one would expect, -# 272 - 29%, 400 - 22%, etc. Yet, despite all these "shortcomings" -# it's still faster than ["hyper-threading-safe" code path in] -# aes-x86_64.pl on all lengths above 64 bytes... -# -# October 2011. -# -# Add decryption procedure. Performance in CPU cycles spent to decrypt -# one byte out of 4096-byte buffer with 128-bit key is: -# -# Core 2 9.98 -# Nehalem 7.80 -# Atom 17.9 -# Silvermont 14.0 -# Goldmont 10.2 -# -# November 2011. -# -# Add bsaes_xts_[en|de]crypt. Less-than-80-bytes-block performance is -# suboptimal, but XTS is meant to be used with larger blocks... -# -# - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; -*STDOUT=*OUT; - -my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx"); -my @XMM=map("%xmm$_",(15,0..14)); # best on Atom, +10% over (0..15) -my $ecb=0; # suppress unreferenced ECB subroutines, spare some space... - -{ -my ($key,$rounds,$const)=("%rax","%r10d","%r11"); - -sub Sbox { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb -my @b=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; - &InBasisChange (@b); - &Inv_GF256 (@b[6,5,0,3,7,1,4,2],@t,@s); - &OutBasisChange (@b[7,1,4,2,6,5,0,3]); -} - -sub InBasisChange { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb -my @b=@_[0..7]; -$code.=<<___; - pxor @b[6], @b[5] - pxor @b[1], @b[2] - pxor @b[0], @b[3] - pxor @b[2], @b[6] - pxor @b[0], @b[5] - - pxor @b[3], @b[6] - pxor @b[7], @b[3] - pxor @b[5], @b[7] - pxor @b[4], @b[3] - pxor @b[5], @b[4] - pxor @b[1], @b[3] - - pxor @b[7], @b[2] - pxor @b[5], @b[1] -___ -} - -sub OutBasisChange { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb -my @b=@_[0..7]; -$code.=<<___; - pxor @b[6], @b[0] - pxor @b[4], @b[1] - pxor @b[0], @b[2] - pxor @b[6], @b[4] - pxor @b[1], @b[6] - - pxor @b[5], @b[1] - pxor @b[3], @b[5] - pxor @b[7], @b[3] - pxor @b[5], @b[7] - pxor @b[5], @b[2] - - pxor @b[7], @b[4] -___ -} - -sub InvSbox { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b0, b1, b6, b4, b2, b7, b3, b5] < msb -my @b=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; - &InvInBasisChange (@b); - &Inv_GF256 (@b[5,1,2,6,3,7,0,4],@t,@s); - &InvOutBasisChange (@b[3,7,0,4,5,1,2,6]); -} - -sub InvInBasisChange { # OutBasisChange in reverse -my @b=@_[5,1,2,6,3,7,0,4]; -$code.=<<___ - pxor @b[7], @b[4] - - pxor @b[5], @b[7] - pxor @b[5], @b[2] - pxor @b[7], @b[3] - pxor @b[3], @b[5] - pxor @b[5], @b[1] - - pxor @b[1], @b[6] - pxor @b[0], @b[2] - pxor @b[6], @b[4] - pxor @b[6], @b[0] - pxor @b[4], @b[1] -___ -} - -sub InvOutBasisChange { # InBasisChange in reverse -my @b=@_[2,5,7,3,6,1,0,4]; -$code.=<<___; - pxor @b[5], @b[1] - pxor @b[7], @b[2] - - pxor @b[1], @b[3] - pxor @b[5], @b[4] - pxor @b[5], @b[7] - pxor @b[4], @b[3] - pxor @b[0], @b[5] - pxor @b[7], @b[3] - pxor @b[2], @b[6] - pxor @b[1], @b[2] - pxor @b[3], @b[6] - - pxor @b[0], @b[3] - pxor @b[6], @b[5] -___ -} - -sub Mul_GF4 { -#;************************************************************* -#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) * -#;************************************************************* -my ($x0,$x1,$y0,$y1,$t0)=@_; -$code.=<<___; - movdqa $y0, $t0 - pxor $y1, $t0 - pand $x0, $t0 - pxor $x1, $x0 - pand $y0, $x1 - pand $y1, $x0 - pxor $x1, $x0 - pxor $t0, $x1 -___ -} - -sub Mul_GF4_N { # not used, see next subroutine -# multiply and scale by N -my ($x0,$x1,$y0,$y1,$t0)=@_; -$code.=<<___; - movdqa $y0, $t0 - pxor $y1, $t0 - pand $x0, $t0 - pxor $x1, $x0 - pand $y0, $x1 - pand $y1, $x0 - pxor $x0, $x1 - pxor $t0, $x0 -___ -} - -sub Mul_GF4_N_GF4 { -# interleaved Mul_GF4_N and Mul_GF4 -my ($x0,$x1,$y0,$y1,$t0, - $x2,$x3,$y2,$y3,$t1)=@_; -$code.=<<___; - movdqa $y0, $t0 - movdqa $y2, $t1 - pxor $y1, $t0 - pxor $y3, $t1 - pand $x0, $t0 - pand $x2, $t1 - pxor $x1, $x0 - pxor $x3, $x2 - pand $y0, $x1 - pand $y2, $x3 - pand $y1, $x0 - pand $y3, $x2 - pxor $x0, $x1 - pxor $x3, $x2 - pxor $t0, $x0 - pxor $t1, $x3 -___ -} -sub Mul_GF16_2 { -my @x=@_[0..7]; -my @y=@_[8..11]; -my @t=@_[12..15]; -$code.=<<___; - movdqa @x[0], @t[0] - movdqa @x[1], @t[1] -___ - &Mul_GF4 (@x[0], @x[1], @y[0], @y[1], @t[2]); -$code.=<<___; - pxor @x[2], @t[0] - pxor @x[3], @t[1] - pxor @y[2], @y[0] - pxor @y[3], @y[1] -___ - Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], - @x[2], @x[3], @y[2], @y[3], @t[2]); -$code.=<<___; - pxor @t[0], @x[0] - pxor @t[0], @x[2] - pxor @t[1], @x[1] - pxor @t[1], @x[3] - - movdqa @x[4], @t[0] - movdqa @x[5], @t[1] - pxor @x[6], @t[0] - pxor @x[7], @t[1] -___ - &Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], - @x[6], @x[7], @y[2], @y[3], @t[2]); -$code.=<<___; - pxor @y[2], @y[0] - pxor @y[3], @y[1] -___ - &Mul_GF4 (@x[4], @x[5], @y[0], @y[1], @t[3]); -$code.=<<___; - pxor @t[0], @x[4] - pxor @t[0], @x[6] - pxor @t[1], @x[5] - pxor @t[1], @x[7] -___ -} -sub Inv_GF256 { -#;******************************************************************** -#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144) * -#;******************************************************************** -my @x=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; -# direct optimizations from hardware -$code.=<<___; - movdqa @x[4], @t[3] - movdqa @x[5], @t[2] - movdqa @x[1], @t[1] - movdqa @x[7], @s[1] - movdqa @x[0], @s[0] - - pxor @x[6], @t[3] - pxor @x[7], @t[2] - pxor @x[3], @t[1] - movdqa @t[3], @s[2] - pxor @x[6], @s[1] - movdqa @t[2], @t[0] - pxor @x[2], @s[0] - movdqa @t[3], @s[3] - - por @t[1], @t[2] - por @s[0], @t[3] - pxor @t[0], @s[3] - pand @s[0], @s[2] - pxor @t[1], @s[0] - pand @t[1], @t[0] - pand @s[0], @s[3] - movdqa @x[3], @s[0] - pxor @x[2], @s[0] - pand @s[0], @s[1] - pxor @s[1], @t[3] - pxor @s[1], @t[2] - movdqa @x[4], @s[1] - movdqa @x[1], @s[0] - pxor @x[5], @s[1] - pxor @x[0], @s[0] - movdqa @s[1], @t[1] - pand @s[0], @s[1] - por @s[0], @t[1] - pxor @s[1], @t[0] - pxor @s[3], @t[3] - pxor @s[2], @t[2] - pxor @s[3], @t[1] - movdqa @x[7], @s[0] - pxor @s[2], @t[0] - movdqa @x[6], @s[1] - pxor @s[2], @t[1] - movdqa @x[5], @s[2] - pand @x[3], @s[0] - movdqa @x[4], @s[3] - pand @x[2], @s[1] - pand @x[1], @s[2] - por @x[0], @s[3] - pxor @s[0], @t[3] - pxor @s[1], @t[2] - pxor @s[2], @t[1] - pxor @s[3], @t[0] - - #Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3 - - # new smaller inversion - - movdqa @t[3], @s[0] - pand @t[1], @t[3] - pxor @t[2], @s[0] - - movdqa @t[0], @s[2] - movdqa @s[0], @s[3] - pxor @t[3], @s[2] - pand @s[2], @s[3] - - movdqa @t[1], @s[1] - pxor @t[2], @s[3] - pxor @t[0], @s[1] - - pxor @t[2], @t[3] - - pand @t[3], @s[1] - - movdqa @s[2], @t[2] - pxor @t[0], @s[1] - - pxor @s[1], @t[2] - pxor @s[1], @t[1] - - pand @t[0], @t[2] - - pxor @t[2], @s[2] - pxor @t[2], @t[1] - - pand @s[3], @s[2] - - pxor @s[0], @s[2] -___ -# output in s3, s2, s1, t1 - -# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3 - -# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3 - &Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]); - -### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb -} - -# AES linear components - -sub ShiftRows { -my @x=@_[0..7]; -my $mask=pop; -$code.=<<___; - pxor 0x00($key),@x[0] - pxor 0x10($key),@x[1] - pxor 0x20($key),@x[2] - pxor 0x30($key),@x[3] - pshufb $mask,@x[0] - pshufb $mask,@x[1] - pxor 0x40($key),@x[4] - pxor 0x50($key),@x[5] - pshufb $mask,@x[2] - pshufb $mask,@x[3] - pxor 0x60($key),@x[6] - pxor 0x70($key),@x[7] - pshufb $mask,@x[4] - pshufb $mask,@x[5] - pshufb $mask,@x[6] - pshufb $mask,@x[7] - lea 0x80($key),$key -___ -} - -sub MixColumns { -# modified to emit output in order suitable for feeding back to aesenc[last] -my @x=@_[0..7]; -my @t=@_[8..15]; -my $inv=@_[16]; # optional -$code.=<<___; - pshufd \$0x93, @x[0], @t[0] # x0 <<< 32 - pshufd \$0x93, @x[1], @t[1] - pxor @t[0], @x[0] # x0 ^ (x0 <<< 32) - pshufd \$0x93, @x[2], @t[2] - pxor @t[1], @x[1] - pshufd \$0x93, @x[3], @t[3] - pxor @t[2], @x[2] - pshufd \$0x93, @x[4], @t[4] - pxor @t[3], @x[3] - pshufd \$0x93, @x[5], @t[5] - pxor @t[4], @x[4] - pshufd \$0x93, @x[6], @t[6] - pxor @t[5], @x[5] - pshufd \$0x93, @x[7], @t[7] - pxor @t[6], @x[6] - pxor @t[7], @x[7] - - pxor @x[0], @t[1] - pxor @x[7], @t[0] - pxor @x[7], @t[1] - pshufd \$0x4E, @x[0], @x[0] # (x0 ^ (x0 <<< 32)) <<< 64) - pxor @x[1], @t[2] - pshufd \$0x4E, @x[1], @x[1] - pxor @x[4], @t[5] - pxor @t[0], @x[0] - pxor @x[5], @t[6] - pxor @t[1], @x[1] - pxor @x[3], @t[4] - pshufd \$0x4E, @x[4], @t[0] - pxor @x[6], @t[7] - pshufd \$0x4E, @x[5], @t[1] - pxor @x[2], @t[3] - pshufd \$0x4E, @x[3], @x[4] - pxor @x[7], @t[3] - pshufd \$0x4E, @x[7], @x[5] - pxor @x[7], @t[4] - pshufd \$0x4E, @x[6], @x[3] - pxor @t[4], @t[0] - pshufd \$0x4E, @x[2], @x[6] - pxor @t[5], @t[1] -___ -$code.=<<___ if (!$inv); - pxor @t[3], @x[4] - pxor @t[7], @x[5] - pxor @t[6], @x[3] - movdqa @t[0], @x[2] - pxor @t[2], @x[6] - movdqa @t[1], @x[7] -___ -$code.=<<___ if ($inv); - pxor @x[4], @t[3] - pxor @t[7], @x[5] - pxor @x[3], @t[6] - movdqa @t[0], @x[3] - pxor @t[2], @x[6] - movdqa @t[6], @x[2] - movdqa @t[1], @x[7] - movdqa @x[6], @x[4] - movdqa @t[3], @x[6] -___ -} - -sub InvMixColumns_orig { -my @x=@_[0..7]; -my @t=@_[8..15]; - -$code.=<<___; - # multiplication by 0x0e - pshufd \$0x93, @x[7], @t[7] - movdqa @x[2], @t[2] - pxor @x[5], @x[7] # 7 5 - pxor @x[5], @x[2] # 2 5 - pshufd \$0x93, @x[0], @t[0] - movdqa @x[5], @t[5] - pxor @x[0], @x[5] # 5 0 [1] - pxor @x[1], @x[0] # 0 1 - pshufd \$0x93, @x[1], @t[1] - pxor @x[2], @x[1] # 1 25 - pxor @x[6], @x[0] # 01 6 [2] - pxor @x[3], @x[1] # 125 3 [4] - pshufd \$0x93, @x[3], @t[3] - pxor @x[0], @x[2] # 25 016 [3] - pxor @x[7], @x[3] # 3 75 - pxor @x[6], @x[7] # 75 6 [0] - pshufd \$0x93, @x[6], @t[6] - movdqa @x[4], @t[4] - pxor @x[4], @x[6] # 6 4 - pxor @x[3], @x[4] # 4 375 [6] - pxor @x[7], @x[3] # 375 756=36 - pxor @t[5], @x[6] # 64 5 [7] - pxor @t[2], @x[3] # 36 2 - pxor @t[4], @x[3] # 362 4 [5] - pshufd \$0x93, @t[5], @t[5] -___ - my @y = @x[7,5,0,2,1,3,4,6]; -$code.=<<___; - # multiplication by 0x0b - pxor @y[0], @y[1] - pxor @t[0], @y[0] - pxor @t[1], @y[1] - pshufd \$0x93, @t[2], @t[2] - pxor @t[5], @y[0] - pxor @t[6], @y[1] - pxor @t[7], @y[0] - pshufd \$0x93, @t[4], @t[4] - pxor @t[6], @t[7] # clobber t[7] - pxor @y[0], @y[1] - - pxor @t[0], @y[3] - pshufd \$0x93, @t[0], @t[0] - pxor @t[1], @y[2] - pxor @t[1], @y[4] - pxor @t[2], @y[2] - pshufd \$0x93, @t[1], @t[1] - pxor @t[2], @y[3] - pxor @t[2], @y[5] - pxor @t[7], @y[2] - pshufd \$0x93, @t[2], @t[2] - pxor @t[3], @y[3] - pxor @t[3], @y[6] - pxor @t[3], @y[4] - pshufd \$0x93, @t[3], @t[3] - pxor @t[4], @y[7] - pxor @t[4], @y[5] - pxor @t[7], @y[7] - pxor @t[5], @y[3] - pxor @t[4], @y[4] - pxor @t[5], @t[7] # clobber t[7] even more - - pxor @t[7], @y[5] - pshufd \$0x93, @t[4], @t[4] - pxor @t[7], @y[6] - pxor @t[7], @y[4] - - pxor @t[5], @t[7] - pshufd \$0x93, @t[5], @t[5] - pxor @t[6], @t[7] # restore t[7] - - # multiplication by 0x0d - pxor @y[7], @y[4] - pxor @t[4], @y[7] - pshufd \$0x93, @t[6], @t[6] - pxor @t[0], @y[2] - pxor @t[5], @y[7] - pxor @t[2], @y[2] - pshufd \$0x93, @t[7], @t[7] - - pxor @y[1], @y[3] - pxor @t[1], @y[1] - pxor @t[0], @y[0] - pxor @t[0], @y[3] - pxor @t[5], @y[1] - pxor @t[5], @y[0] - pxor @t[7], @y[1] - pshufd \$0x93, @t[0], @t[0] - pxor @t[6], @y[0] - pxor @y[1], @y[3] - pxor @t[1], @y[4] - pshufd \$0x93, @t[1], @t[1] - - pxor @t[7], @y[7] - pxor @t[2], @y[4] - pxor @t[2], @y[5] - pshufd \$0x93, @t[2], @t[2] - pxor @t[6], @y[2] - pxor @t[3], @t[6] # clobber t[6] - pxor @y[7], @y[4] - pxor @t[6], @y[3] - - pxor @t[6], @y[6] - pxor @t[5], @y[5] - pxor @t[4], @y[6] - pshufd \$0x93, @t[4], @t[4] - pxor @t[6], @y[5] - pxor @t[7], @y[6] - pxor @t[3], @t[6] # restore t[6] - - pshufd \$0x93, @t[5], @t[5] - pshufd \$0x93, @t[6], @t[6] - pshufd \$0x93, @t[7], @t[7] - pshufd \$0x93, @t[3], @t[3] - - # multiplication by 0x09 - pxor @y[1], @y[4] - pxor @y[1], @t[1] # t[1]=y[1] - pxor @t[5], @t[0] # clobber t[0] - pxor @t[5], @t[1] - pxor @t[0], @y[3] - pxor @y[0], @t[0] # t[0]=y[0] - pxor @t[6], @t[1] - pxor @t[7], @t[6] # clobber t[6] - pxor @t[1], @y[4] - pxor @t[4], @y[7] - pxor @y[4], @t[4] # t[4]=y[4] - pxor @t[3], @y[6] - pxor @y[3], @t[3] # t[3]=y[3] - pxor @t[2], @y[5] - pxor @y[2], @t[2] # t[2]=y[2] - pxor @t[7], @t[3] - pxor @y[5], @t[5] # t[5]=y[5] - pxor @t[6], @t[2] - pxor @t[6], @t[5] - pxor @y[6], @t[6] # t[6]=y[6] - pxor @y[7], @t[7] # t[7]=y[7] - - movdqa @t[0],@XMM[0] - movdqa @t[1],@XMM[1] - movdqa @t[2],@XMM[2] - movdqa @t[3],@XMM[3] - movdqa @t[4],@XMM[4] - movdqa @t[5],@XMM[5] - movdqa @t[6],@XMM[6] - movdqa @t[7],@XMM[7] -___ -} - -sub InvMixColumns { -my @x=@_[0..7]; -my @t=@_[8..15]; - -# Thanks to Jussi Kivilinna for providing pointer to -# -# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 | -# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 | -# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 | -# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 | - -$code.=<<___; - # multiplication by 0x05-0x00-0x04-0x00 - pshufd \$0x4E, @x[0], @t[0] - pshufd \$0x4E, @x[6], @t[6] - pxor @x[0], @t[0] - pshufd \$0x4E, @x[7], @t[7] - pxor @x[6], @t[6] - pshufd \$0x4E, @x[1], @t[1] - pxor @x[7], @t[7] - pshufd \$0x4E, @x[2], @t[2] - pxor @x[1], @t[1] - pshufd \$0x4E, @x[3], @t[3] - pxor @x[2], @t[2] - pxor @t[6], @x[0] - pxor @t[6], @x[1] - pshufd \$0x4E, @x[4], @t[4] - pxor @x[3], @t[3] - pxor @t[0], @x[2] - pxor @t[1], @x[3] - pshufd \$0x4E, @x[5], @t[5] - pxor @x[4], @t[4] - pxor @t[7], @x[1] - pxor @t[2], @x[4] - pxor @x[5], @t[5] - - pxor @t[7], @x[2] - pxor @t[6], @x[3] - pxor @t[6], @x[4] - pxor @t[3], @x[5] - pxor @t[4], @x[6] - pxor @t[7], @x[4] - pxor @t[7], @x[5] - pxor @t[5], @x[7] -___ - &MixColumns (@x,@t,1); # flipped 2<->3 and 4<->6 -} - -sub aesenc { # not used -my @b=@_[0..7]; -my @t=@_[8..15]; -$code.=<<___; - movdqa 0x30($const),@t[0] # .LSR -___ - &ShiftRows (@b,@t[0]); - &Sbox (@b,@t); - &MixColumns (@b[0,1,4,6,3,7,2,5],@t); -} - -sub aesenclast { # not used -my @b=@_[0..7]; -my @t=@_[8..15]; -$code.=<<___; - movdqa 0x40($const),@t[0] # .LSRM0 -___ - &ShiftRows (@b,@t[0]); - &Sbox (@b,@t); -$code.=<<___ - pxor 0x00($key),@b[0] - pxor 0x10($key),@b[1] - pxor 0x20($key),@b[4] - pxor 0x30($key),@b[6] - pxor 0x40($key),@b[3] - pxor 0x50($key),@b[7] - pxor 0x60($key),@b[2] - pxor 0x70($key),@b[5] -___ -} - -sub swapmove { -my ($a,$b,$n,$mask,$t)=@_; -$code.=<<___; - movdqa $b,$t - psrlq \$$n,$b - pxor $a,$b - pand $mask,$b - pxor $b,$a - psllq \$$n,$b - pxor $t,$b -___ -} -sub swapmove2x { -my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_; -$code.=<<___; - movdqa $b0,$t0 - psrlq \$$n,$b0 - movdqa $b1,$t1 - psrlq \$$n,$b1 - pxor $a0,$b0 - pxor $a1,$b1 - pand $mask,$b0 - pand $mask,$b1 - pxor $b0,$a0 - psllq \$$n,$b0 - pxor $b1,$a1 - psllq \$$n,$b1 - pxor $t0,$b0 - pxor $t1,$b1 -___ -} - -sub bitslice { -my @x=reverse(@_[0..7]); -my ($t0,$t1,$t2,$t3)=@_[8..11]; -$code.=<<___; - movdqa 0x00($const),$t0 # .LBS0 - movdqa 0x10($const),$t1 # .LBS1 -___ - &swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3); - &swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); -$code.=<<___; - movdqa 0x20($const),$t0 # .LBS2 -___ - &swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3); - &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); - - &swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3); - &swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3); -} - -$code.=<<___; -.text - -.extern asm_AES_encrypt -.extern asm_AES_decrypt - -.type _bsaes_encrypt8,\@abi-omnipotent -.align 64 -_bsaes_encrypt8: -.cfi_startproc - lea .LBS0(%rip), $const # constants table - - movdqa ($key), @XMM[9] # round 0 key - lea 0x10($key), $key - movdqa 0x50($const), @XMM[8] # .LM0SR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] -_bsaes_encrypt8_bitslice: -___ - &bitslice (@XMM[0..7, 8..11]); -$code.=<<___; - dec $rounds - jmp .Lenc_sbox -.align 16 -.Lenc_loop: -___ - &ShiftRows (@XMM[0..7, 8]); -$code.=".Lenc_sbox:\n"; - &Sbox (@XMM[0..7, 8..15]); -$code.=<<___; - dec $rounds - jl .Lenc_done -___ - &MixColumns (@XMM[0,1,4,6,3,7,2,5, 8..15]); -$code.=<<___; - movdqa 0x30($const), @XMM[8] # .LSR - jnz .Lenc_loop - movdqa 0x40($const), @XMM[8] # .LSRM0 - jmp .Lenc_loop -.align 16 -.Lenc_done: -___ - # output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb - &bitslice (@XMM[0,1,4,6,3,7,2,5, 8..11]); -$code.=<<___; - movdqa ($key), @XMM[8] # last round key - pxor @XMM[8], @XMM[4] - pxor @XMM[8], @XMM[6] - pxor @XMM[8], @XMM[3] - pxor @XMM[8], @XMM[7] - pxor @XMM[8], @XMM[2] - pxor @XMM[8], @XMM[5] - pxor @XMM[8], @XMM[0] - pxor @XMM[8], @XMM[1] - ret -.cfi_endproc -.size _bsaes_encrypt8,.-_bsaes_encrypt8 - -.type _bsaes_decrypt8,\@abi-omnipotent -.align 64 -_bsaes_decrypt8: -.cfi_startproc - lea .LBS0(%rip), $const # constants table - - movdqa ($key), @XMM[9] # round 0 key - lea 0x10($key), $key - movdqa -0x30($const), @XMM[8] # .LM0ISR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] -___ - &bitslice (@XMM[0..7, 8..11]); -$code.=<<___; - dec $rounds - jmp .Ldec_sbox -.align 16 -.Ldec_loop: -___ - &ShiftRows (@XMM[0..7, 8]); -$code.=".Ldec_sbox:\n"; - &InvSbox (@XMM[0..7, 8..15]); -$code.=<<___; - dec $rounds - jl .Ldec_done -___ - &InvMixColumns (@XMM[0,1,6,4,2,7,3,5, 8..15]); -$code.=<<___; - movdqa -0x10($const), @XMM[8] # .LISR - jnz .Ldec_loop - movdqa -0x20($const), @XMM[8] # .LISRM0 - jmp .Ldec_loop -.align 16 -.Ldec_done: -___ - &bitslice (@XMM[0,1,6,4,2,7,3,5, 8..11]); -$code.=<<___; - movdqa ($key), @XMM[8] # last round key - pxor @XMM[8], @XMM[6] - pxor @XMM[8], @XMM[4] - pxor @XMM[8], @XMM[2] - pxor @XMM[8], @XMM[7] - pxor @XMM[8], @XMM[3] - pxor @XMM[8], @XMM[5] - pxor @XMM[8], @XMM[0] - pxor @XMM[8], @XMM[1] - ret -.cfi_endproc -.size _bsaes_decrypt8,.-_bsaes_decrypt8 -___ -} -{ -my ($out,$inp,$rounds,$const)=("%rax","%rcx","%r10d","%r11"); - -sub bitslice_key { -my @x=reverse(@_[0..7]); -my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12]; - - &swapmove (@x[0,1],1,$bs0,$t2,$t3); -$code.=<<___; - #&swapmove(@x[2,3],1,$t0,$t2,$t3); - movdqa @x[0], @x[2] - movdqa @x[1], @x[3] -___ - #&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); - - &swapmove2x (@x[0,2,1,3],2,$bs1,$t2,$t3); -$code.=<<___; - #&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); - movdqa @x[0], @x[4] - movdqa @x[2], @x[6] - movdqa @x[1], @x[5] - movdqa @x[3], @x[7] -___ - &swapmove2x (@x[0,4,1,5],4,$bs2,$t2,$t3); - &swapmove2x (@x[2,6,3,7],4,$bs2,$t2,$t3); -} - -$code.=<<___; -.type _bsaes_key_convert,\@abi-omnipotent -.align 16 -_bsaes_key_convert: -.cfi_startproc - lea .Lmasks(%rip), $const - movdqu ($inp), %xmm7 # load round 0 key - lea 0x10($inp), $inp - movdqa 0x00($const), %xmm0 # 0x01... - movdqa 0x10($const), %xmm1 # 0x02... - movdqa 0x20($const), %xmm2 # 0x04... - movdqa 0x30($const), %xmm3 # 0x08... - movdqa 0x40($const), %xmm4 # .LM0 - pcmpeqd %xmm5, %xmm5 # .LNOT - - movdqu ($inp), %xmm6 # load round 1 key - movdqa %xmm7, ($out) # save round 0 key - lea 0x10($out), $out - dec $rounds - jmp .Lkey_loop -.align 16 -.Lkey_loop: - pshufb %xmm4, %xmm6 # .LM0 - - movdqa %xmm0, %xmm8 - movdqa %xmm1, %xmm9 - - pand %xmm6, %xmm8 - pand %xmm6, %xmm9 - movdqa %xmm2, %xmm10 - pcmpeqb %xmm0, %xmm8 - psllq \$4, %xmm0 # 0x10... - movdqa %xmm3, %xmm11 - pcmpeqb %xmm1, %xmm9 - psllq \$4, %xmm1 # 0x20... - - pand %xmm6, %xmm10 - pand %xmm6, %xmm11 - movdqa %xmm0, %xmm12 - pcmpeqb %xmm2, %xmm10 - psllq \$4, %xmm2 # 0x40... - movdqa %xmm1, %xmm13 - pcmpeqb %xmm3, %xmm11 - psllq \$4, %xmm3 # 0x80... - - movdqa %xmm2, %xmm14 - movdqa %xmm3, %xmm15 - pxor %xmm5, %xmm8 # "pnot" - pxor %xmm5, %xmm9 - - pand %xmm6, %xmm12 - pand %xmm6, %xmm13 - movdqa %xmm8, 0x00($out) # write bit-sliced round key - pcmpeqb %xmm0, %xmm12 - psrlq \$4, %xmm0 # 0x01... - movdqa %xmm9, 0x10($out) - pcmpeqb %xmm1, %xmm13 - psrlq \$4, %xmm1 # 0x02... - lea 0x10($inp), $inp - - pand %xmm6, %xmm14 - pand %xmm6, %xmm15 - movdqa %xmm10, 0x20($out) - pcmpeqb %xmm2, %xmm14 - psrlq \$4, %xmm2 # 0x04... - movdqa %xmm11, 0x30($out) - pcmpeqb %xmm3, %xmm15 - psrlq \$4, %xmm3 # 0x08... - movdqu ($inp), %xmm6 # load next round key - - pxor %xmm5, %xmm13 # "pnot" - pxor %xmm5, %xmm14 - movdqa %xmm12, 0x40($out) - movdqa %xmm13, 0x50($out) - movdqa %xmm14, 0x60($out) - movdqa %xmm15, 0x70($out) - lea 0x80($out),$out - dec $rounds - jnz .Lkey_loop - - movdqa 0x50($const), %xmm7 # .L63 - #movdqa %xmm6, ($out) # don't save last round key - ret -.cfi_endproc -.size _bsaes_key_convert,.-_bsaes_key_convert -___ -} - -if (0 && !$win64) { # following four functions are unsupported interface - # used for benchmarking... -$code.=<<___; -.globl bsaes_enc_key_convert -.type bsaes_enc_key_convert,\@function,2 -.align 16 -bsaes_enc_key_convert: - mov 240($inp),%r10d # pass rounds - mov $inp,%rcx # pass key - mov $out,%rax # pass key schedule - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - ret -.size bsaes_enc_key_convert,.-bsaes_enc_key_convert - -.globl bsaes_encrypt_128 -.type bsaes_encrypt_128,\@function,4 -.align 16 -bsaes_encrypt_128: -.Lenc128_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - movdqu 0x60($inp), @XMM[6] - movdqu 0x70($inp), @XMM[7] - mov $key, %rax # pass the $key - lea 0x80($inp), $inp - mov \$10,%r10d - - call _bsaes_encrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$0x80,$len - ja .Lenc128_loop - ret -.size bsaes_encrypt_128,.-bsaes_encrypt_128 - -.globl bsaes_dec_key_convert -.type bsaes_dec_key_convert,\@function,2 -.align 16 -bsaes_dec_key_convert: - mov 240($inp),%r10d # pass rounds - mov $inp,%rcx # pass key - mov $out,%rax # pass key schedule - call _bsaes_key_convert - pxor ($out),%xmm7 # fix up round 0 key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,($out) - ret -.size bsaes_dec_key_convert,.-bsaes_dec_key_convert - -.globl bsaes_decrypt_128 -.type bsaes_decrypt_128,\@function,4 -.align 16 -bsaes_decrypt_128: -.Ldec128_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - movdqu 0x60($inp), @XMM[6] - movdqu 0x70($inp), @XMM[7] - mov $key, %rax # pass the $key - lea 0x80($inp), $inp - mov \$10,%r10d - - call _bsaes_decrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$0x80,$len - ja .Ldec128_loop - ret -.size bsaes_decrypt_128,.-bsaes_decrypt_128 -___ -} -{ -###################################################################### -# -# OpenSSL interface -# -my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64 ? ("%rcx","%rdx","%r8","%r9","%r10","%r11d") - : ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d"); -my ($inp,$out,$len,$key)=("%r12","%r13","%r14","%r15"); - -if ($ecb) { -$code.=<<___; -.globl bsaes_ecb_encrypt_blocks -.type bsaes_ecb_encrypt_blocks,\@abi-omnipotent -.align 16 -bsaes_ecb_encrypt_blocks: -.cfi_startproc - mov %rsp, %rax -.Lecb_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp),%rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lecb_enc_body: -___ -$code.=<<___; - mov %rsp,%rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4),%eax # rounds - mov $arg1,$inp # backup arguments - mov $arg2,$out - mov $arg3,$len - mov $arg4,$key - cmp \$8,$arg3 - jb .Lecb_enc_short - - mov %eax,%ebx # backup rounds - shl \$7,%rax # 128 bytes per inner round key - sub \$`128-32`,%rax # size of bit-sliced key schedule - sub %rax,%rsp - mov %rsp,%rax # pass key schedule - mov $key,%rcx # pass key - mov %ebx,%r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - - sub \$8,$len -.Lecb_enc_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %ebx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - lea 0x80($inp), $inp - - call _bsaes_encrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lecb_enc_loop - - add \$8,$len - jz .Lecb_enc_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %ebx,%r10d # pass rounds - cmp \$2,$len - jb .Lecb_enc_one - movdqu 0x10($inp), @XMM[1] - je .Lecb_enc_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lecb_enc_three - movdqu 0x30($inp), @XMM[3] - je .Lecb_enc_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lecb_enc_five - movdqu 0x50($inp), @XMM[5] - je .Lecb_enc_six - movdqu 0x60($inp), @XMM[6] - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_six: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_five: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_four: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_three: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_two: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_one: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_short: - lea ($inp), $arg1 - lea ($out), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt - lea 16($inp), $inp - lea 16($out), $out - dec $len - jnz .Lecb_enc_short - -.Lecb_enc_done: - lea (%rsp),%rax - pxor %xmm0, %xmm0 -.Lecb_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - jb .Lecb_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lecb_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lecb_enc_epilogue: - ret -.cfi_endproc -.size bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks - -.globl bsaes_ecb_decrypt_blocks -.type bsaes_ecb_decrypt_blocks,\@abi-omnipotent -.align 16 -bsaes_ecb_decrypt_blocks: -.cfi_startproc - mov %rsp, %rax -.Lecb_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp),%rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lecb_dec_body: -___ -$code.=<<___; - mov %rsp,%rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4),%eax # rounds - mov $arg1,$inp # backup arguments - mov $arg2,$out - mov $arg3,$len - mov $arg4,$key - cmp \$8,$arg3 - jb .Lecb_dec_short - - mov %eax,%ebx # backup rounds - shl \$7,%rax # 128 bytes per inner round key - sub \$`128-32`,%rax # size of bit-sliced key schedule - sub %rax,%rsp - mov %rsp,%rax # pass key schedule - mov $key,%rcx # pass key - mov %ebx,%r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp),%xmm7 # fix up 0 round key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,(%rsp) - - sub \$8,$len -.Lecb_dec_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %ebx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - lea 0x80($inp), $inp - - call _bsaes_decrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lecb_dec_loop - - add \$8,$len - jz .Lecb_dec_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %ebx,%r10d # pass rounds - cmp \$2,$len - jb .Lecb_dec_one - movdqu 0x10($inp), @XMM[1] - je .Lecb_dec_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lecb_dec_three - movdqu 0x30($inp), @XMM[3] - je .Lecb_dec_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lecb_dec_five - movdqu 0x50($inp), @XMM[5] - je .Lecb_dec_six - movdqu 0x60($inp), @XMM[6] - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_six: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_five: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_four: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_three: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_two: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_one: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_short: - lea ($inp), $arg1 - lea ($out), $arg2 - lea ($key), $arg3 - call asm_AES_decrypt - lea 16($inp), $inp - lea 16($out), $out - dec $len - jnz .Lecb_dec_short - -.Lecb_dec_done: - lea (%rsp),%rax - pxor %xmm0, %xmm0 -.Lecb_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - jb .Lecb_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lecb_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lecb_dec_epilogue: - ret -.cfi_endproc -.size bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks -___ -} -$code.=<<___; -.extern asm_AES_cbc_encrypt -.globl bsaes_cbc_encrypt -.type bsaes_cbc_encrypt,\@abi-omnipotent -.align 16 -bsaes_cbc_encrypt: -.cfi_startproc -___ -$code.=<<___ if ($win64); - mov 48(%rsp),$arg6 # pull direction flag -___ -$code.=<<___; - cmp \$0,$arg6 - jne asm_AES_cbc_encrypt - cmp \$128,$arg3 - jb asm_AES_cbc_encrypt - - mov %rsp, %rax -.Lcbc_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lcbc_dec_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4), %eax # rounds - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - mov $arg5, %rbx - shr \$4, $len # bytes to blocks - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp),%xmm7 # fix up 0 round key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,(%rsp) - - movdqu (%rbx), @XMM[15] # load IV - sub \$8,$len -.Lcbc_dec_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %edx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - movdqa @XMM[15], 0x20(%rbp) # put aside IV - - call _bsaes_decrypt8 - - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[13] - pxor @XMM[12], @XMM[7] - movdqu 0x60($inp), @XMM[14] - pxor @XMM[13], @XMM[3] - movdqu 0x70($inp), @XMM[15] # IV - pxor @XMM[14], @XMM[5] - movdqu @XMM[0], 0x00($out) # write output - lea 0x80($inp), $inp - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lcbc_dec_loop - - add \$8,$len - jz .Lcbc_dec_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %edx, %r10d # pass rounds - cmp \$2,$len - jb .Lcbc_dec_one - movdqu 0x10($inp), @XMM[1] - je .Lcbc_dec_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lcbc_dec_three - movdqu 0x30($inp), @XMM[3] - je .Lcbc_dec_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lcbc_dec_five - movdqu 0x50($inp), @XMM[5] - je .Lcbc_dec_six - movdqu 0x60($inp), @XMM[6] - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[13] - pxor @XMM[12], @XMM[7] - movdqu 0x60($inp), @XMM[15] # IV - pxor @XMM[13], @XMM[3] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_six: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[15] # IV - pxor @XMM[12], @XMM[7] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_five: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[15] # IV - pxor @XMM[11], @XMM[2] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_four: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[15] # IV - pxor @XMM[10], @XMM[4] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_three: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[15] # IV - pxor @XMM[9], @XMM[6] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_two: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[15] # IV - pxor @XMM[8], @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_one: - lea ($inp), $arg1 - lea 0x20(%rbp), $arg2 # buffer output - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[15] # ^= IV - movdqu @XMM[15], ($out) # write output - movdqa @XMM[0], @XMM[15] # IV - -.Lcbc_dec_done: - movdqu @XMM[15], (%rbx) # return IV - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lcbc_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lcbc_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lcbc_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lcbc_dec_epilogue: - ret -.cfi_endproc -.size bsaes_cbc_encrypt,.-bsaes_cbc_encrypt - -.globl bsaes_ctr32_encrypt_blocks -.type bsaes_ctr32_encrypt_blocks,\@abi-omnipotent -.align 16 -bsaes_ctr32_encrypt_blocks: -.cfi_startproc - mov %rsp, %rax -.Lctr_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lctr_enc_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - movdqu ($arg5), %xmm0 # load counter - mov 240($arg4), %eax # rounds - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - movdqa %xmm0, 0x20(%rbp) # copy counter - cmp \$8, $arg3 - jb .Lctr_enc_short - - mov %eax, %ebx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %ebx, %r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - - movdqa (%rsp), @XMM[9] # load round0 key - lea .LADD1(%rip), %r11 - movdqa 0x20(%rbp), @XMM[0] # counter copy - movdqa -0x20(%r11), @XMM[8] # .LSWPUP - pshufb @XMM[8], @XMM[9] # byte swap upper part - pshufb @XMM[8], @XMM[0] - movdqa @XMM[9], (%rsp) # save adjusted round0 key - jmp .Lctr_enc_loop -.align 16 -.Lctr_enc_loop: - movdqa @XMM[0], 0x20(%rbp) # save counter - movdqa @XMM[0], @XMM[1] # prepare 8 counter values - movdqa @XMM[0], @XMM[2] - paddd 0x00(%r11), @XMM[1] # .LADD1 - movdqa @XMM[0], @XMM[3] - paddd 0x10(%r11), @XMM[2] # .LADD2 - movdqa @XMM[0], @XMM[4] - paddd 0x20(%r11), @XMM[3] # .LADD3 - movdqa @XMM[0], @XMM[5] - paddd 0x30(%r11), @XMM[4] # .LADD4 - movdqa @XMM[0], @XMM[6] - paddd 0x40(%r11), @XMM[5] # .LADD5 - movdqa @XMM[0], @XMM[7] - paddd 0x50(%r11), @XMM[6] # .LADD6 - paddd 0x60(%r11), @XMM[7] # .LADD7 - - # Borrow prologue from _bsaes_encrypt8 to use the opportunity - # to flip byte order in 32-bit counter - movdqa (%rsp), @XMM[9] # round 0 key - lea 0x10(%rsp), %rax # pass key schedule - movdqa -0x10(%r11), @XMM[8] # .LSWPUPM0SR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] - lea .LBS0(%rip), %r11 # constants table - mov %ebx,%r10d # pass rounds - - call _bsaes_encrypt8_bitslice - - sub \$8,$len - jc .Lctr_enc_loop_done - - movdqu 0x00($inp), @XMM[8] # load input - movdqu 0x10($inp), @XMM[9] - movdqu 0x20($inp), @XMM[10] - movdqu 0x30($inp), @XMM[11] - movdqu 0x40($inp), @XMM[12] - movdqu 0x50($inp), @XMM[13] - movdqu 0x60($inp), @XMM[14] - movdqu 0x70($inp), @XMM[15] - lea 0x80($inp),$inp - pxor @XMM[0], @XMM[8] - movdqa 0x20(%rbp), @XMM[0] # load counter - pxor @XMM[9], @XMM[1] - movdqu @XMM[8], 0x00($out) # write output - pxor @XMM[10], @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor @XMM[11], @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor @XMM[12], @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor @XMM[13], @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor @XMM[14], @XMM[2] - movdqu @XMM[7], 0x50($out) - pxor @XMM[15], @XMM[5] - movdqu @XMM[2], 0x60($out) - lea .LADD1(%rip), %r11 - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - paddd 0x70(%r11), @XMM[0] # .LADD8 - jnz .Lctr_enc_loop - - jmp .Lctr_enc_done -.align 16 -.Lctr_enc_loop_done: - add \$8, $len - movdqu 0x00($inp), @XMM[8] # load input - pxor @XMM[8], @XMM[0] - movdqu @XMM[0], 0x00($out) # write output - cmp \$2,$len - jb .Lctr_enc_done - movdqu 0x10($inp), @XMM[9] - pxor @XMM[9], @XMM[1] - movdqu @XMM[1], 0x10($out) - je .Lctr_enc_done - movdqu 0x20($inp), @XMM[10] - pxor @XMM[10], @XMM[4] - movdqu @XMM[4], 0x20($out) - cmp \$4,$len - jb .Lctr_enc_done - movdqu 0x30($inp), @XMM[11] - pxor @XMM[11], @XMM[6] - movdqu @XMM[6], 0x30($out) - je .Lctr_enc_done - movdqu 0x40($inp), @XMM[12] - pxor @XMM[12], @XMM[3] - movdqu @XMM[3], 0x40($out) - cmp \$6,$len - jb .Lctr_enc_done - movdqu 0x50($inp), @XMM[13] - pxor @XMM[13], @XMM[7] - movdqu @XMM[7], 0x50($out) - je .Lctr_enc_done - movdqu 0x60($inp), @XMM[14] - pxor @XMM[14], @XMM[2] - movdqu @XMM[2], 0x60($out) - jmp .Lctr_enc_done - -.align 16 -.Lctr_enc_short: - lea 0x20(%rbp), $arg1 - lea 0x30(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt - movdqu ($inp), @XMM[1] - lea 16($inp), $inp - mov 0x2c(%rbp), %eax # load 32-bit counter - bswap %eax - pxor 0x30(%rbp), @XMM[1] - inc %eax # increment - movdqu @XMM[1], ($out) - bswap %eax - lea 16($out), $out - mov %eax, 0x2c(%rsp) # save 32-bit counter - dec $len - jnz .Lctr_enc_short - -.Lctr_enc_done: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lctr_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lctr_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lctr_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lctr_enc_epilogue: - ret -.cfi_endproc -.size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks -___ -###################################################################### -# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, -# const unsigned char iv[16]); -# -my ($twmask,$twres,$twtmp)=@XMM[13..15]; -$arg6=~s/d$//; - -$code.=<<___; -.globl bsaes_xts_encrypt -.type bsaes_xts_encrypt,\@abi-omnipotent -.align 16 -bsaes_xts_encrypt: -.cfi_startproc - mov %rsp, %rax -.Lxts_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull key2 - mov 0xa8(%rsp),$arg6 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lxts_enc_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - - lea ($arg6), $arg1 - lea 0x20(%rbp), $arg2 - lea ($arg5), $arg3 - call asm_AES_encrypt # generate initial tweak - - mov 240($key), %eax # rounds - mov $len, %rbx # backup $len - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6, %xmm7 # fix up last round key - movdqa %xmm7, (%rax) # save last round key - - and \$-16, $len - sub \$0x80, %rsp # place for tweak[8] - movdqa 0x20(%rbp), @XMM[7] # initial tweak - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - - sub \$0x80, $len - jc .Lxts_enc_short - jmp .Lxts_enc_loop - -.align 16 -.Lxts_enc_loop: -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqu 0x70($inp), @XMM[8+7] - lea 0x80($inp), $inp - movdqa @XMM[7], 0x70(%rsp) - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - pxor @XMM[8+7], @XMM[7] - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor 0x60(%rsp), @XMM[2] - movdqu @XMM[7], 0x50($out) - pxor 0x70(%rsp), @XMM[5] - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - - movdqa 0x70(%rsp), @XMM[7] # prepare next iteration tweak - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] - - sub \$0x80,$len - jnc .Lxts_enc_loop - -.Lxts_enc_short: - add \$0x80, $len - jz .Lxts_enc_done -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] - cmp \$`0x10*$i`,$len - je .Lxts_enc_$i -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqa @XMM[7], 0x70(%rsp) - lea 0x70($inp), $inp - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor 0x60(%rsp), @XMM[2] - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - lea 0x70($out), $out - - movdqa 0x70(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_6: - pxor @XMM[8+4], @XMM[4] - lea 0x60($inp), $inp - pxor @XMM[8+5], @XMM[5] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - lea 0x60($out), $out - - movdqa 0x60(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_5: - pxor @XMM[8+3], @XMM[3] - lea 0x50($inp), $inp - pxor @XMM[8+4], @XMM[4] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - lea 0x50($out), $out - - movdqa 0x50(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_4: - pxor @XMM[8+2], @XMM[2] - lea 0x40($inp), $inp - pxor @XMM[8+3], @XMM[3] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - lea 0x40($out), $out - - movdqa 0x40(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_3: - pxor @XMM[8+1], @XMM[1] - lea 0x30($inp), $inp - pxor @XMM[8+2], @XMM[2] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - lea 0x30($out), $out - - movdqa 0x30(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_2: - pxor @XMM[8+0], @XMM[0] - lea 0x20($inp), $inp - pxor @XMM[8+1], @XMM[1] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - lea 0x20($out), $out - - movdqa 0x20(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_1: - pxor @XMM[0], @XMM[8] - lea 0x10($inp), $inp - movdqa @XMM[8], 0x20(%rbp) - lea 0x20(%rbp), $arg1 - lea 0x20(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[0] # ^= tweak[] - #pxor @XMM[8], @XMM[0] - #lea 0x80(%rsp), %rax # pass key schedule - #mov %edx, %r10d # pass rounds - #call _bsaes_encrypt8 - #pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - movdqu @XMM[0], 0x00($out) # write output - lea 0x10($out), $out - - movdqa 0x10(%rsp), @XMM[7] # next iteration tweak - -.Lxts_enc_done: - and \$15, %ebx - jz .Lxts_enc_ret - mov $out, %rdx - -.Lxts_enc_steal: - movzb ($inp), %eax - movzb -16(%rdx), %ecx - lea 1($inp), $inp - mov %al, -16(%rdx) - mov %cl, 0(%rdx) - lea 1(%rdx), %rdx - sub \$1,%ebx - jnz .Lxts_enc_steal - - movdqu -16($out), @XMM[0] - lea 0x20(%rbp), $arg1 - pxor @XMM[7], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_encrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[7] - movdqu @XMM[7], -16($out) - -.Lxts_enc_ret: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lxts_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lxts_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lxts_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lxts_enc_epilogue: - ret -.cfi_endproc -.size bsaes_xts_encrypt,.-bsaes_xts_encrypt - -.globl bsaes_xts_decrypt -.type bsaes_xts_decrypt,\@abi-omnipotent -.align 16 -bsaes_xts_decrypt: -.cfi_startproc - mov %rsp, %rax -.Lxts_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull key2 - mov 0xa8(%rsp),$arg6 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lxts_dec_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - - lea ($arg6), $arg1 - lea 0x20(%rbp), $arg2 - lea ($arg5), $arg3 - call asm_AES_encrypt # generate initial tweak - - mov 240($key), %eax # rounds - mov $len, %rbx # backup $len - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp), %xmm7 # fix up round 0 key - movdqa %xmm6, (%rax) # save last round key - movdqa %xmm7, (%rsp) - - xor %eax, %eax # if ($len%16) len-=16; - and \$-16, $len - test \$15, %ebx - setnz %al - shl \$4, %rax - sub %rax, $len - - sub \$0x80, %rsp # place for tweak[8] - movdqa 0x20(%rbp), @XMM[7] # initial tweak - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - - sub \$0x80, $len - jc .Lxts_dec_short - jmp .Lxts_dec_loop - -.align 16 -.Lxts_dec_loop: -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqu 0x70($inp), @XMM[8+7] - lea 0x80($inp), $inp - movdqa @XMM[7], 0x70(%rsp) - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - pxor @XMM[8+7], @XMM[7] - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - pxor 0x60(%rsp), @XMM[3] - movdqu @XMM[7], 0x50($out) - pxor 0x70(%rsp), @XMM[5] - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - - movdqa 0x70(%rsp), @XMM[7] # prepare next iteration tweak - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] - - sub \$0x80,$len - jnc .Lxts_dec_loop - -.Lxts_dec_short: - add \$0x80, $len - jz .Lxts_dec_done -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] - cmp \$`0x10*$i`,$len - je .Lxts_dec_$i -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqa @XMM[7], 0x70(%rsp) - lea 0x70($inp), $inp - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - pxor 0x60(%rsp), @XMM[3] - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - lea 0x70($out), $out - - movdqa 0x70(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_6: - pxor @XMM[8+4], @XMM[4] - lea 0x60($inp), $inp - pxor @XMM[8+5], @XMM[5] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - lea 0x60($out), $out - - movdqa 0x60(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_5: - pxor @XMM[8+3], @XMM[3] - lea 0x50($inp), $inp - pxor @XMM[8+4], @XMM[4] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - lea 0x50($out), $out - - movdqa 0x50(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_4: - pxor @XMM[8+2], @XMM[2] - lea 0x40($inp), $inp - pxor @XMM[8+3], @XMM[3] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - lea 0x40($out), $out - - movdqa 0x40(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_3: - pxor @XMM[8+1], @XMM[1] - lea 0x30($inp), $inp - pxor @XMM[8+2], @XMM[2] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - lea 0x30($out), $out - - movdqa 0x30(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_2: - pxor @XMM[8+0], @XMM[0] - lea 0x20($inp), $inp - pxor @XMM[8+1], @XMM[1] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - lea 0x20($out), $out - - movdqa 0x20(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_1: - pxor @XMM[0], @XMM[8] - lea 0x10($inp), $inp - movdqa @XMM[8], 0x20(%rbp) - lea 0x20(%rbp), $arg1 - lea 0x20(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[0] # ^= tweak[] - #pxor @XMM[8], @XMM[0] - #lea 0x80(%rsp), %rax # pass key schedule - #mov %edx, %r10d # pass rounds - #call _bsaes_decrypt8 - #pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - movdqu @XMM[0], 0x00($out) # write output - lea 0x10($out), $out - - movdqa 0x10(%rsp), @XMM[7] # next iteration tweak - -.Lxts_dec_done: - and \$15, %ebx - jz .Lxts_dec_ret - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - movdqa @XMM[7], @XMM[6] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - movdqu ($inp), @XMM[0] - pxor $twres, @XMM[7] - - lea 0x20(%rbp), $arg1 - pxor @XMM[7], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[7] - mov $out, %rdx - movdqu @XMM[7], ($out) - -.Lxts_dec_steal: - movzb 16($inp), %eax - movzb (%rdx), %ecx - lea 1($inp), $inp - mov %al, (%rdx) - mov %cl, 16(%rdx) - lea 1(%rdx), %rdx - sub \$1,%ebx - jnz .Lxts_dec_steal - - movdqu ($out), @XMM[0] - lea 0x20(%rbp), $arg1 - pxor @XMM[6], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[6] - movdqu @XMM[6], ($out) - -.Lxts_dec_ret: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lxts_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lxts_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lxts_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lxts_dec_epilogue: - ret -.cfi_endproc -.size bsaes_xts_decrypt,.-bsaes_xts_decrypt -___ -} -$code.=<<___; -.type _bsaes_const,\@object -.align 64 -_bsaes_const: -.LM0ISR: # InvShiftRows constants - .quad 0x0a0e0206070b0f03, 0x0004080c0d010509 -.LISRM0: - .quad 0x01040b0e0205080f, 0x0306090c00070a0d -.LISR: - .quad 0x0504070602010003, 0x0f0e0d0c080b0a09 -.LBS0: # bit-slice constants - .quad 0x5555555555555555, 0x5555555555555555 -.LBS1: - .quad 0x3333333333333333, 0x3333333333333333 -.LBS2: - .quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f -.LSR: # shiftrows constants - .quad 0x0504070600030201, 0x0f0e0d0c0a09080b -.LSRM0: - .quad 0x0304090e00050a0f, 0x01060b0c0207080d -.LM0SR: - .quad 0x0a0e02060f03070b, 0x0004080c05090d01 -.LSWPUP: # byte-swap upper dword - .quad 0x0706050403020100, 0x0c0d0e0f0b0a0908 -.LSWPUPM0SR: - .quad 0x0a0d02060c03070b, 0x0004080f05090e01 -.LADD1: # counter increment constants - .quad 0x0000000000000000, 0x0000000100000000 -.LADD2: - .quad 0x0000000000000000, 0x0000000200000000 -.LADD3: - .quad 0x0000000000000000, 0x0000000300000000 -.LADD4: - .quad 0x0000000000000000, 0x0000000400000000 -.LADD5: - .quad 0x0000000000000000, 0x0000000500000000 -.LADD6: - .quad 0x0000000000000000, 0x0000000600000000 -.LADD7: - .quad 0x0000000000000000, 0x0000000700000000 -.LADD8: - .quad 0x0000000000000000, 0x0000000800000000 -.Lxts_magic: - .long 0x87,0,1,0 -.Lmasks: - .quad 0x0101010101010101, 0x0101010101010101 - .quad 0x0202020202020202, 0x0202020202020202 - .quad 0x0404040404040404, 0x0404040404040404 - .quad 0x0808080808080808, 0x0808080808080808 -.LM0: - .quad 0x02060a0e03070b0f, 0x0004080c0105090d -.L63: - .quad 0x6363636363636363, 0x6363636363636363 -.asciz "Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov" -.align 64 -.size _bsaes_const,.-_bsaes_const -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->Rip<=prologue label - jbe .Lin_prologue - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=tail label - jae .Lin_tail - - mov 160($context),%rax # pull context->Rbp - - lea 0x40(%rax),%rsi # %xmm save area - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - lea 0xa0+0x78(%rax),%rax # adjust stack pointer - -.Lin_tail: - mov -48(%rax),%rbp - mov -40(%rax),%rbx - mov -32(%rax),%r12 - mov -24(%rax),%r13 - mov -16(%rax),%r14 - mov -8(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov %rax,152($context) # restore context->Rsp - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 -___ -$code.=<<___ if ($ecb); - .rva .Lecb_enc_prologue - .rva .Lecb_enc_epilogue - .rva .Lecb_enc_info - - .rva .Lecb_dec_prologue - .rva .Lecb_dec_epilogue - .rva .Lecb_dec_info -___ -$code.=<<___; - .rva .Lcbc_dec_prologue - .rva .Lcbc_dec_epilogue - .rva .Lcbc_dec_info - - .rva .Lctr_enc_prologue - .rva .Lctr_enc_epilogue - .rva .Lctr_enc_info - - .rva .Lxts_enc_prologue - .rva .Lxts_enc_epilogue - .rva .Lxts_enc_info - - .rva .Lxts_dec_prologue - .rva .Lxts_dec_epilogue - .rva .Lxts_dec_info - -.section .xdata -.align 8 -___ -$code.=<<___ if ($ecb); -.Lecb_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lecb_enc_body,.Lecb_enc_epilogue # HandlerData[] - .rva .Lecb_enc_tail - .long 0 -.Lecb_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lecb_dec_body,.Lecb_dec_epilogue # HandlerData[] - .rva .Lecb_dec_tail - .long 0 -___ -$code.=<<___; -.Lcbc_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lcbc_dec_body,.Lcbc_dec_epilogue # HandlerData[] - .rva .Lcbc_dec_tail - .long 0 -.Lctr_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lctr_enc_body,.Lctr_enc_epilogue # HandlerData[] - .rva .Lctr_enc_tail - .long 0 -.Lxts_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[] - .rva .Lxts_enc_tail - .long 0 -.Lxts_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[] - .rva .Lxts_dec_tail - .long 0 -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-armv8.pl index e38288af5..7a9ffbd7d 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-armv8.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1274,4 +1274,4 @@ ___ } } print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-ppc.pl index 3c771a7e9..0260a5c9b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1591,4 +1591,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86.pl index 7d57edc0e..fb02a4133 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -913,4 +913,4 @@ $k_dsbo=0x2c0; # decryption sbox final output &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86_64.pl index 33d293e62..099a686a4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aes/asm/vpaes-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1238,4 +1238,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/alphacpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/alphacpuid.pl index 6c7fd4c9d..23fe30226 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/alphacpuid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/alphacpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -254,4 +254,4 @@ OPENSSL_instrument_bus2: ___ } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/aria/aria.c b/trunk/3rdparty/openssl-1.1-fit/crypto/aria/aria.c index 293bcc72b..ce55d5266 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/aria/aria.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/aria/aria.c @@ -19,7 +19,7 @@ */ #include -#include "internal/aria.h" +#include "crypto/aria.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/arm64cpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/arm64cpuid.pl index 06c8add7a..319927e6c 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/arm64cpuid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/arm64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -144,4 +144,4 @@ CRYPTO_memcmp: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/arm_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/arm_arch.h index f11b543df..8b7105571 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/arm_arch.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/arm_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef __ARM_ARCH_H__ -# define __ARM_ARCH_H__ +#ifndef OSSL_CRYPTO_ARM_ARCH_H +# define OSSL_CRYPTO_ARM_ARCH_H # if !defined(__ARM_ARCH__) # if defined(__CC_ARM) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/armcap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/armcap.c index 58e54f0da..c5685bde5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/armcap.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -68,7 +68,39 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); # include # define OSSL_IMPLEMENT_GETAUXVAL # endif +# elif defined(__ANDROID_API__) +/* see https://developer.android.google.cn/ndk/guides/cpu-features */ +# if __ANDROID_API__ >= 18 +# include +# define OSSL_IMPLEMENT_GETAUXVAL +# endif # endif +# if defined(__FreeBSD__) +# include +# if __FreeBSD_version >= 1200000 +# include +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} +# endif +# endif + +/* + * Android: according to https://developer.android.com/ndk/guides/cpu-features, + * getauxval is supported starting with API level 18 + */ +# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18 +# include +# define OSSL_IMPLEMENT_GETAUXVAL +# endif /* * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/armv4cpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/armv4cpuid.pl index ab007c19c..d1b71f836 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/armv4cpuid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/armv4cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -293,4 +293,4 @@ atomic_add_spinlock: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_bitstr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_bitstr.c index bffbd160a..f462dd107 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_bitstr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_bitstr.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_d2i_fp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_d2i_fp.c index a1a17901b..a452b3deb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_d2i_fp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_d2i_fp.c @@ -13,7 +13,7 @@ #include "internal/numbers.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #ifndef NO_OLD_ASN1 # ifndef OPENSSL_NO_STDIO diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_gentm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_gentm.c index d3878d6e5..133bbb158 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_gentm.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_gentm.c @@ -15,7 +15,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" /* This is the primary function used to parse ASN1_GENERALIZEDTIME */ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_int.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_int.c index 70a45cb3c..9c1a9f52b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_int.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_int.c @@ -13,7 +13,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_mbstr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_mbstr.c index 949fe6c16..bdb697ab3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_mbstr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_mbstr.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_object.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_object.c index 5e1424a80..8ade9e50a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_object.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_object.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,14 +9,14 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) { @@ -286,16 +286,13 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, } } - /* - * only the ASN1_OBJECTs from the 'table' will have values for ->sn or - * ->ln - */ if ((a == NULL) || ((*a) == NULL) || !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { if ((ret = ASN1_OBJECT_new()) == NULL) return NULL; - } else + } else { ret = (*a); + } p = *pp; /* detach data from object */ @@ -313,6 +310,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; } memcpy(data, p, length); + /* If there are dynamic strings, free them here, and clear the flag */ + if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) { + OPENSSL_free((char *)ret->sn); + OPENSSL_free((char *)ret->ln); + ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS; + } /* reattach data to object, after which it remains const */ ret->data = data; ret->length = length; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_print.c index 8a373d9da..85a631a27 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_print.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_print.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_sign.c index 146fdb962..72381b665 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_sign.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_sign.c @@ -18,8 +18,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #ifndef NO_ASN1_OLD diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strex.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strex.c index ea4dd1c5b..284dde274 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strex.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_strex.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include #include @@ -280,6 +280,8 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, t.type = str->type; t.value.ptr = (char *)str; der_len = i2d_ASN1_TYPE(&t, NULL); + if (der_len <= 0) + return -1; if ((der_buf = OPENSSL_malloc(der_len)) == NULL) { ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE); return -1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_time.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_time.c index 1babb9636..54e0de193 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_time.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,10 +16,10 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) @@ -67,7 +67,7 @@ static void determine_days(struct tm *tm) } c = y / 100; y %= 100; - /* Zeller's congruance */ + /* Zeller's congruence */ tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7; } @@ -79,7 +79,11 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) char *a; int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md; struct tm tmp; - +#if defined(CHARSET_EBCDIC) + const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B; +#else + const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+'; +#endif /* * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280 * time string format, in which: @@ -120,20 +124,20 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) if (l < min_l) goto err; for (i = 0; i < end; i++) { - if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { + if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) { i++; break; } - if (!ossl_isdigit(a[o])) + if (!ascii_isdigit(a[o])) goto err; - n = a[o] - '0'; + n = a[o] - num_zero; /* incomplete 2-digital number */ if (++o == l) goto err; - if (!ossl_isdigit(a[o])) + if (!ascii_isdigit(a[o])) goto err; - n = (n * 10) + a[o] - '0'; + n = (n * 10) + a[o] - num_zero; /* no more bytes to read, but we haven't seen time-zone yet */ if (++o == l) goto err; @@ -185,14 +189,14 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) * Optional fractional seconds: decimal point followed by one or more * digits. */ - if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') { + if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) { if (strict) /* RFC 5280 forbids fractional seconds */ goto err; if (++o == l) goto err; i = o; - while ((o < l) && ossl_isdigit(a[o])) + while ((o < l) && ascii_isdigit(a[o])) o++; /* Must have at least one digit after decimal point */ if (i == o) @@ -207,10 +211,10 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) * 'o' can point to '\0' is either the subsequent if or the first * else if is true. */ - if (a[o] == 'Z') { + if (a[o] == upper_z) { o++; - } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) { - int offsign = a[o] == '-' ? 1 : -1; + } else if (!strict && ((a[o] == plus) || (a[o] == minus))) { + int offsign = a[o] == minus ? 1 : -1; int offset = 0; o++; @@ -223,13 +227,13 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) if (o + 4 != l) goto err; for (i = end; i < end + 2; i++) { - if (!ossl_isdigit(a[o])) + if (!ascii_isdigit(a[o])) goto err; - n = a[o] - '0'; + n = a[o] - num_zero; o++; - if (!ossl_isdigit(a[o])) + if (!ascii_isdigit(a[o])) goto err; - n = (n * 10) + a[o] - '0'; + n = (n * 10) + a[o] - num_zero; i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i; if ((n < min[i2]) || (n > max[i2])) goto err; @@ -300,7 +304,7 @@ ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec); -#ifdef CHARSET_EBCDIC_not +#ifdef CHARSET_EBCDIC ebcdic2ascii(tmps->data, tmps->data, tmps->length); #endif return tmps; @@ -467,6 +471,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) char *v; int gmt = 0, l; struct tm stm; + const char upper_z = 0x5A, period = 0x2E; if (!asn1_time_to_tm(&stm, tm)) { /* asn1_time_to_tm will check the time type */ @@ -475,7 +480,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) l = tm->length; v = (char *)tm->data; - if (v[l - 1] == 'Z') + if (v[l - 1] == upper_z) gmt = 1; if (tm->type == V_ASN1_GENERALIZEDTIME) { @@ -486,10 +491,10 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) * Try to parse fractional seconds. '14' is the place of * 'fraction point' in a GeneralizedTime string. */ - if (tm->length > 15 && v[14] == '.') { + if (tm->length > 15 && v[14] == period) { f = &v[14]; f_len = 1; - while (14 + f_len < l && ossl_isdigit(f[f_len])) + while (14 + f_len < l && ascii_isdigit(f[f_len])) ++f_len; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_type.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_type.c index 0c7aebe30..4a96315df 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_type.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_type.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,11 +11,13 @@ #include "internal/cryptlib.h" #include #include -#include "asn1_locl.h" +#include "asn1_local.h" int ASN1_TYPE_get(const ASN1_TYPE *a) { - if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) + if (a->type == V_ASN1_BOOLEAN + || a->type == V_ASN1_NULL + || a->value.ptr != NULL) return a->type; else return 0; @@ -23,7 +25,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) { - if (a->value.ptr != NULL) { + if (a->type != V_ASN1_BOOLEAN + && a->type != V_ASN1_NULL + && a->value.ptr != NULL) { ASN1_TYPE **tmp_a = &a; asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utctm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utctm.c index b224991aa..0ff37b16c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utctm.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_utctm.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" /* This is the primary function used to parse ASN1_UTCTIME */ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_verify.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_verify.c index cdaf17c3c..4b5f54234 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_verify.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/a_verify.c @@ -18,8 +18,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #ifndef NO_ASN1_OLD diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/ameth_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/ameth_lib.c index d7d270dbb..5e8c3ed1d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/ameth_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/ameth_lib.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include "standard_methods.h" diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_err.c index 613f9ae71..cc0a59ca4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,6 +49,7 @@ static const ERR_STRING_DATA ASN1_str_functs[] = { "asn1_item_embed_d2i"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0), "asn1_item_embed_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0), "asn1_item_flags_i2d"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"}, @@ -160,6 +161,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { "asn1 sig parse error"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "bmpstring is wrong length"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"}, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_lib.c index 88c4b5391..3d99d1383 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, long max); @@ -268,20 +268,36 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) return ret; } -int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) +int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) { unsigned char *c; const char *data = _data; + size_t len; - if (len < 0) { + if (len_in < 0) { if (data == NULL) return 0; - else - len = strlen(data); + len = strlen(data); + } else { + len = (size_t)len_in; } - if ((str->length <= len) || (str->data == NULL)) { + /* + * Verify that the length fits within an integer for assignment to + * str->length below. The additional 1 is subtracted to allow for the + * '\0' terminator even though this isn't strictly necessary. + */ + if (len > INT_MAX - 1) { + ASN1err(0, ASN1_R_TOO_LARGE); + return 0; + } + if ((size_t)str->length <= len || str->data == NULL) { c = str->data; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* No NUL terminator in fuzzing builds */ + str->data = OPENSSL_realloc(c, len); +#else str->data = OPENSSL_realloc(c, len + 1); +#endif if (str->data == NULL) { ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); str->data = c; @@ -291,8 +307,13 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) str->length = len; if (data != NULL) { memcpy(str->data, data, len); - /* an allowance for strings :-) */ +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* + * Add a NUL terminator. This should not be necessary - but we add it as + * a safety precaution + */ str->data[len] = '\0'; +#endif } return 1; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_par.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_par.c index 4b60c615d..a32fa47f2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_par.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn1_par.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,6 +75,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int nl, hl, j, r; ASN1_OBJECT *o = NULL; ASN1_OCTET_STRING *os = NULL; + ASN1_INTEGER *ai = NULL; + ASN1_ENUMERATED *ae = NULL; /* ASN1_BMPSTRING *bmp=NULL; */ int dump_indent, dump_cont = 0; @@ -250,22 +252,21 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ASN1_OCTET_STRING_free(os); os = NULL; } else if (tag == V_ASN1_INTEGER) { - ASN1_INTEGER *bs; int i; opp = op; - bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); - if (bs != NULL) { + ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl); + if (ai != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; - if (bs->type == V_ASN1_NEG_INTEGER) + if (ai->type == V_ASN1_NEG_INTEGER) if (BIO_write(bp, "-", 1) <= 0) goto end; - for (i = 0; i < bs->length; i++) { - if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) + for (i = 0; i < ai->length; i++) { + if (BIO_printf(bp, "%02X", ai->data[i]) <= 0) goto end; } - if (bs->length == 0) { + if (ai->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } @@ -274,24 +275,24 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; dump_cont = 1; } - ASN1_INTEGER_free(bs); + ASN1_INTEGER_free(ai); + ai = NULL; } else if (tag == V_ASN1_ENUMERATED) { - ASN1_ENUMERATED *bs; int i; opp = op; - bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); - if (bs != NULL) { + ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); + if (ae != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; - if (bs->type == V_ASN1_NEG_ENUMERATED) + if (ae->type == V_ASN1_NEG_ENUMERATED) if (BIO_write(bp, "-", 1) <= 0) goto end; - for (i = 0; i < bs->length; i++) { - if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) + for (i = 0; i < ae->length; i++) { + if (BIO_printf(bp, "%02X", ae->data[i]) <= 0) goto end; } - if (bs->length == 0) { + if (ae->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } @@ -300,7 +301,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; dump_cont = 1; } - ASN1_ENUMERATED_free(bs); + ASN1_ENUMERATED_free(ae); + ae = NULL; } else if (len > 0 && dump) { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) @@ -323,6 +325,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, } if (BIO_puts(bp, "]") <= 0) goto end; + dump_cont = 0; } if (!nl) { @@ -341,6 +344,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, end: ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); + ASN1_INTEGER_free(ai); + ASN1_ENUMERATED_free(ae); *pp = p; return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mime.c index dfd5be634..38735cd86 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mime.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_mime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,15 +8,15 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include "internal/bio.h" -#include "asn1_locl.h" +#include "asn1_local.h" /* * Generalised MIME like utilities for streaming ASN1. Although many have a @@ -198,6 +198,14 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) BIO_puts(out, "gostr3411-94"); goto err; + case NID_id_GostR3411_2012_256: + BIO_puts(out, "gostr3411-2012-256"); + goto err; + + case NID_id_GostR3411_2012_512: + BIO_puts(out, "gostr3411-2012-512"); + goto err; + default: if (have_unknown) write_comma = 0; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_moid.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_moid.c index 68a01f311..732ce972a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_moid.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/asn_moid.c @@ -8,13 +8,13 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/objects.h" +#include "crypto/asn1.h" +#include "crypto/objects.h" /* Simple ASN1 OID module: add all objects in a given section */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_asn1.c index 86ee56632..914d77c86 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -138,6 +138,11 @@ static int asn1_bio_free(BIO *b) if (ctx == NULL) return 0; + if (ctx->prefix_free != NULL) + ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg); + if (ctx->suffix_free != NULL) + ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg); + OPENSSL_free(ctx->buf); OPENSSL_free(ctx); BIO_set_data(b, NULL); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_ndef.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_ndef.c index 6222c9907..760e4846a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_ndef.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/bio_ndef.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -113,6 +113,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ndef_aux = *(NDEF_SUPPORT **)parg; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + if (derlen < 0) + return 0; if ((p = OPENSSL_malloc(derlen)) == NULL) { ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE); return 0; @@ -140,6 +142,9 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, ndef_aux = *(NDEF_SUPPORT **)parg; + if (ndef_aux == NULL) + return 0; + OPENSSL_free(ndef_aux->derbuf); ndef_aux->derbuf = NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.h b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.h index f15d72d73..e234c9e61 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pr.c index aa0d6ad6a..209496303 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,8 +15,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) @@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, goto err; EVP_PKEY_free(ret); ret = tmp; + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret)) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; @@ -76,13 +78,53 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, * type */ +static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on) +{ + const unsigned char *p = *pp; + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); + EVP_PKEY *ret; + + if (p8 == NULL) + return NULL; + + ret = EVP_PKCS82PKEY(p8); + if (ret == NULL) + *carry_on = 0; + + PKCS8_PRIV_KEY_INFO_free(p8); + + if (ret != NULL) + *pp = p; + + return ret; +} + EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length) { STACK_OF(ASN1_TYPE) *inkey; const unsigned char *p; int keytype; + EVP_PKEY *ret = NULL; + int carry_on = 1; + + ERR_set_mark(); + ret = key_as_pkcs8(pp, length, &carry_on); + if (ret != NULL) { + ERR_clear_last_mark(); + if (a != NULL) + *a = ret; + return ret; + } + + if (carry_on == 0) { + ERR_clear_last_mark(); + ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY, + ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return NULL; + } p = *pp; + /* * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by * analyzing it we can determine the passed structure: this assumes the @@ -98,28 +140,15 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, keytype = EVP_PKEY_DSA; else if (sk_ASN1_TYPE_num(inkey) == 4) keytype = EVP_PKEY_EC; - else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not - * traditional format */ - PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); - EVP_PKEY *ret; - - sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); - if (!p8) { - ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY, - ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return NULL; - } - ret = EVP_PKCS82PKEY(p8); - PKCS8_PRIV_KEY_INFO_free(p8); - if (ret == NULL) - return NULL; - *pp = p; - if (a) { - *a = ret; - } - return ret; - } else + else keytype = EVP_PKEY_RSA; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); - return d2i_PrivateKey(keytype, a, pp, length); + + ret = d2i_PrivateKey(keytype, a, pp, length); + if (ret != NULL) + ERR_pop_to_mark(); + else + ERR_clear_last_mark(); + + return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pu.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pu.c index 7bc16c7bc..8327ac16c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pu.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/d2i_pu.c @@ -17,7 +17,7 @@ #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_int.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_int.c index 6d6bddc65..3a1838117 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_int.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_int.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_string.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_string.c index f893489a6..53dfec71b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_string.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/f_string.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pr.c index 445b0c842..0374c0bfb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/i2d_pr.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p8_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p8_pkey.c index dbee827e0..ab509b1ac 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p8_pkey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/p8_pkey.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* Minor tweak to operation: zero private key data */ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_pkey.c index 3b2c9df89..651622aed 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_pkey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_pkey.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/bn_int.h" +#include "crypto/bn.h" /* Number of octets per line */ #define ASN1_BUF_PRINT_WIDTH 15 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_spki.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_spki.c index 51b56d0aa..3d4aea8ad 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_spki.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/t_spki.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) } chal = spki->spkac->challenge; if (chal->length) - BIO_printf(out, " Challenge String: %s\n", chal->data); + BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); i = OBJ_obj2nid(spki->sig_algor.algorithm); BIO_printf(out, " Signature Algorithm: %s", (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_dec.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_dec.c index c2a521ed5..82577b1ed 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_dec.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_dec.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ #include #include #include "internal/numbers.h" -#include "asn1_locl.h" +#include "asn1_local.h" /* @@ -182,6 +182,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, tag, aclass, opt, ctx); case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE); + goto err; + } + p = *in; /* Just read in tag and class */ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, @@ -199,6 +208,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); goto err; } + /* Check tag matches bit map */ if (!(ASN1_tag2bit(otag) & it->utype)) { /* If OPTIONAL, assume this is OK */ @@ -215,6 +225,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE); + goto err; + } + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; if (*pval) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_enc.c index 30be314ff..bcc96337b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); @@ -103,9 +103,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); + return -1; + } return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); + return -1; + } if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) return 0; i = asn1_get_choice_selector(pval, it); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_fre.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_fre.c index bbce489fe..2916bef78 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_fre.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_fre.c @@ -11,7 +11,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* Free up an ASN1 structure */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_new.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_new.c index 6b8ea8ddd..287f2af33 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_new.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_new.c @@ -13,7 +13,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_prn.c index 1fb66f106..56d5ea0f3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_prn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_prn.c @@ -15,8 +15,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" /* * Print routines. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_scn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_scn.c index e1df2cfca..f0f218ae8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_scn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_scn.c @@ -15,7 +15,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* * General ASN1 structure recursive scanner: iterate through all fields diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_utl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_utl.c index 7ceecffce..a448685e1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_utl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/tasn_utl.c @@ -15,7 +15,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* Utility functions for manipulating fields and offsets */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_algor.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_algor.c index 853d45b8b..c9a8f1e9d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_algor.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_algor.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" ASN1_SEQUENCE(X509_ALGOR) = { ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), @@ -92,3 +92,35 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) return 0; return ASN1_TYPE_cmp(a->parameter, b->parameter); } + +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) +{ + if (src == NULL || dest == NULL) + return 0; + + if (dest->algorithm) + ASN1_OBJECT_free(dest->algorithm); + dest->algorithm = NULL; + + if (dest->parameter) + ASN1_TYPE_free(dest->parameter); + dest->parameter = NULL; + + if (src->algorithm) + if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL) + return 0; + + if (src->parameter) { + dest->parameter = ASN1_TYPE_new(); + if (dest->parameter == NULL) + return 0; + + /* Assuming this is also correct for a BOOL. + * set does copy as a side effect. + */ + if (ASN1_TYPE_set1(dest->parameter, + src->parameter->type, src->parameter->value.ptr) == 0) + return 0; + } + return 1; +} diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_bignum.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_bignum.c index da57e77a7..c6b3accd3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_bignum.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_bignum.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -82,7 +82,7 @@ static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if (!*pval) + if (*pval == NULL) return; if (it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); @@ -96,7 +96,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, { BIGNUM *bn; int pad; - if (!*pval) + if (*pval == NULL) return -1; bn = (BIGNUM *)*pval; /* If MSB set in an octet we need a padding byte */ @@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - if (!*pval) - bn_secure_new(pval, it); - return bn_c2i(pval, cont, len, utype, free_cont, it); + int ret; + BIGNUM *bn; + + if (*pval == NULL && !bn_secure_new(pval, it)) + return 0; + + ret = bn_c2i(pval, cont, len, utype, free_cont, it); + if (!ret) + return 0; + + /* Set constant-time flag for all secure BIGNUMS */ + bn = (BIGNUM *)*pval; + BN_set_flags(bn, BN_FLG_CONSTTIME); + return ret; } static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_int64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_int64.c index 0ee552cf0..96c1a259e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_int64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_int64.c @@ -12,7 +12,7 @@ #include "internal/numbers.h" #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_sig.c b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_sig.c index e465cf2d4..fb24e240c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_sig.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/asn1/x_sig.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" ASN1_SEQUENCE(X509_SIG) = { ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.c index 3eaf170f2..26801f873 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_null.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "../async_locl.h" +#include "../async_local.h" #ifdef ASYNC_NULL int ASYNC_is_capable(void) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.c index 02c342d3d..95678d4fa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "../async_locl.h" +#include "../async_local.h" #ifdef ASYNC_POSIX diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.h b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.h index 62449fe60..873c0316d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_posix.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H -#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H +#ifndef OSSL_CRYPTO_ASYNC_POSIX_H +#define OSSL_CRYPTO_ASYNC_POSIX_H #include #if defined(OPENSSL_SYS_UNIX) \ @@ -55,4 +55,4 @@ void async_fibre_free(async_fibre *fibre); # endif #endif -#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */ +#endif /* OSSL_CRYPTO_ASYNC_POSIX_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.c index 077d56ced..1f360d895 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/arch/async_win.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "../async_locl.h" +#include "../async_local.h" #ifdef ASYNC_WIN diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async.c index 1d83e4576..326015c60 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async.c @@ -16,10 +16,10 @@ #undef _FORTIFY_SOURCE /* This must be the first #include file */ -#include "async_locl.h" +#include "async_local.h" #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #define ASYNC_JOB_RUNNING 0 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_local.h similarity index 98% rename from trunk/3rdparty/openssl-1.1-fit/crypto/async/async_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/async/async_local.h index d7790293f..dd1a85e02 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_local.h @@ -20,7 +20,7 @@ # include #endif -#include "internal/async.h" +#include "crypto/async.h" #include typedef struct async_ctx_st async_ctx; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_wait.c b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_wait.c index b23e43e8c..7723f949a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_wait.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/async/async_wait.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "async_locl.h" +#include "async_local.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/asm/bf-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/asm/bf-586.pl index 4e913aecf..cddc17bdd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/asm/bf-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/asm/bf-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ $tmp4="edx"; &cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub BF_encrypt { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_cfb64.c index ce6e13b5a..12332c540 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_cfb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ecb.c index dc1becdbe..38e784cc2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ecb.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" #include /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_enc.c index 67c0d78ae..423a4697a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_enc.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_local.h similarity index 98% rename from trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_local.h index b1a415e51..8c76976fa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BF_LOCL_H -# define HEADER_BF_LOCL_H +#ifndef OSSL_CRYPTO_BF_LOCAL_H +# define OSSL_CRYPTO_BF_LOCAL_H # include /* NOTE - c is not incremented as per n2l */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ofb64.c index 6418217b3..5d75401fc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ofb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_skey.c index a4903a2a7..ed29cf915 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_skey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bf/bf_skey.c @@ -10,7 +10,7 @@ #include #include #include -#include "bf_locl.h" +#include "bf_local.h" #include "bf_pi.h" void BF_set_key(BF_KEY *key, int len, const unsigned char *data) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_addr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_addr.c index 4395ab7a0..8ea32bce4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_addr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,10 +7,14 @@ * https://www.openssl.org/source/license.html */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include #ifndef OPENSSL_NO_SOCK @@ -22,7 +26,7 @@ CRYPTO_RWLOCK *bio_lookup_lock; static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; /* - * Throughout this file and bio_lcl.h, the existence of the macro + * Throughout this file and bio_local.h, the existence of the macro * AI_PASSIVE is used to detect the availability of struct addrinfo, * getnameinfo() and getaddrinfo(). If that macro doesn't exist, * we use our own implementation instead, using gethostbyname, @@ -675,7 +679,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, if (1) { #ifdef AI_PASSIVE - int gai_ret = 0; + int gai_ret = 0, old_ret = 0; struct addrinfo hints; memset(&hints, 0, sizeof(hints)); @@ -683,26 +687,48 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, hints.ai_family = family; hints.ai_socktype = socktype; hints.ai_protocol = protocol; +# ifdef AI_ADDRCONFIG +# ifdef AF_UNSPEC + if (host != NULL && family == AF_UNSPEC) +# endif + hints.ai_flags |= AI_ADDRCONFIG; +# endif if (lookup_type == BIO_LOOKUP_SERVER) hints.ai_flags |= AI_PASSIVE; /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to - * macro magic in bio_lcl.h + * macro magic in bio_local.h */ +# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) + retry: +# endif switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { # ifdef EAI_SYSTEM case EAI_SYSTEM: SYSerr(SYS_F_GETADDRINFO, get_last_socket_error()); BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB); break; +# endif +# ifdef EAI_MEMORY + case EAI_MEMORY: + BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE); + break; # endif case 0: ret = 1; /* Success */ break; default: +# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) + if (hints.ai_flags & AI_ADDRCONFIG) { + hints.ai_flags &= ~AI_ADDRCONFIG; + hints.ai_flags |= AI_NUMERICHOST; + old_ret = gai_ret; + goto retry; + } +# endif BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB); - ERR_add_error_data(1, gai_strerror(gai_ret)); + ERR_add_error_data(1, gai_strerror(old_ret ? old_ret : gai_ret)); break; } } else { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_dump.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_dump.c index 0d06414e7..f175e244b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_dump.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_dump.c @@ -12,7 +12,7 @@ */ #include -#include "bio_lcl.h" +#include "bio_local.h" #define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4)) @@ -36,8 +36,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if (indent < 0) indent = 0; - else if (indent > 128) - indent = 128; + else if (indent > 64) + indent = 64; dump_width = DUMP_WIDTH_LESS_INDENT(indent); rows = len / dump_width; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_print.c index 9e907fcaa..41b7f5e2f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_print.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/numbers.h" #include @@ -635,7 +635,11 @@ fmtfp(char **sbuffer, fvalue = tmpvalue; } ufvalue = abs_val(fvalue); - if (ufvalue > ULONG_MAX) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order 15 bits + * of ULONG_MAX to avoid using imprecise floating point values. + */ + if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ return 0; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock.c index e7a24d02c..df431e6d5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK # define SOCKET_PROTOCOL IPPROTO_TCP # ifdef SO_MAXCONN diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock2.c index 5d82ab22d..104ff31b0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock2.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/b_sock2.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include @@ -243,7 +243,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) } } -# ifdef IPV6_V6ONLY + /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */ +# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) if (BIO_ADDR_family(addr) == AF_INET6) { /* * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_buff.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_buff.c index 8e87a629b..51ae1f918 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_buff.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_buff.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int buffer_write(BIO *h, const char *buf, int num); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_lbuf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_lbuf.c index 194c7b8af..72f990181 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_lbuf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_lbuf.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_nbio.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_nbio.c index 4bc84eeba..dd7011ab6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_nbio.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_nbio.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_null.c index 613fb2e05..48c6be692 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_null.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bf_null.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_cb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_cb.c index 1154c233a..a153100a8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_cb.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_cb.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lib.c index ca375b911..d2202e537 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lib.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_local.h similarity index 97% rename from trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_local.h index e2c05a20d..8b2122129 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_local.h @@ -27,11 +27,11 @@ * For clarity, we check for internal/cryptlib.h since it's a common header * that also includes bio.h. */ -# ifdef HEADER_CRYPTLIB_H -# error internal/cryptlib.h included before bio_lcl.h +# ifdef OSSL_INTERNAL_CRYPTLIB_H +# error internal/cryptlib.h included before bio_local.h # endif # ifdef HEADER_BIO_H -# error openssl/bio.h included before bio_lcl.h +# error openssl/bio.h included before bio_local.h # endif /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_meth.c index 493ff63a9..da1164619 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_meth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bio_meth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/thread_once.h" CRYPTO_RWLOCK *bio_type_lock = NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_acpt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_acpt.c index 993e5903a..4461eae23 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_acpt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_acpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK @@ -222,10 +222,10 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c) break; case ACPT_S_CREATE_SOCKET: - ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), - BIO_ADDRINFO_socktype(c->addr_iter), - BIO_ADDRINFO_protocol(c->addr_iter), 0); - if (ret == (int)INVALID_SOCKET) { + s = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), + BIO_ADDRINFO_socktype(c->addr_iter), + BIO_ADDRINFO_protocol(c->addr_iter), 0); + if (s == (int)INVALID_SOCKET) { SYSerr(SYS_F_SOCKET, get_last_socket_error()); ERR_add_error_data(4, "hostname=", c->param_addr, @@ -233,9 +233,10 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c) BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET); goto exit_loop; } - c->accept_sock = ret; - b->num = ret; + c->accept_sock = s; + b->num = s; c->state = ACPT_S_LISTEN; + s = -1; break; case ACPT_S_LISTEN: @@ -433,8 +434,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) b->init = 1; } else if (num == 1) { OPENSSL_free(data->param_serv); - data->param_serv = BUF_strdup(ptr); - b->init = 1; + if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + else + b->init = 1; } else if (num == 2) { data->bind_mode |= BIO_SOCK_NONBLOCK; } else if (num == 3) { @@ -527,7 +530,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_DUP: break; - + case BIO_CTRL_EOF: + if (b->next_bio == NULL) + ret = 0; + else + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; default: ret = 0; break; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_bio.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_bio.c index e34382c55..c97349e43 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_bio.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_bio.c @@ -21,7 +21,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_conn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_conn.c index e9673fe78..807a82b23 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_conn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_conn.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK @@ -54,6 +54,7 @@ void BIO_CONNECT_free(BIO_CONNECT *a); #define BIO_CONN_S_CONNECT 4 #define BIO_CONN_S_OK 5 #define BIO_CONN_S_BLOCKED_CONNECT 6 +#define BIO_CONN_S_CONNECT_ERROR 7 static const BIO_METHOD methods_connectp = { BIO_TYPE_CONNECT, @@ -174,7 +175,8 @@ static int conn_state(BIO *b, BIO_CONNECT *c) ERR_add_error_data(4, "hostname=", c->param_hostname, " service=", c->param_service); - BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); + c->state = BIO_CONN_S_CONNECT_ERROR; + break; } goto exit_loop; } else { @@ -184,8 +186,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_BLOCKED_CONNECT: i = BIO_sock_error(b->num); - if (i) { + if (i != 0) { BIO_clear_retry_flags(b); + if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { + /* + * if there are more addresses to try, do that first + */ + BIO_closesocket(b->num); + c->state = BIO_CONN_S_CREATE_SOCKET; + ERR_clear_error(); + break; + } SYSerr(SYS_F_CONNECT, i); ERR_add_error_data(4, "hostname=", c->param_hostname, @@ -197,6 +208,11 @@ static int conn_state(BIO *b, BIO_CONNECT *c) c->state = BIO_CONN_S_OK; break; + case BIO_CONN_S_CONNECT_ERROR: + BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); + ret = 0; + goto exit_loop; + case BIO_CONN_S_OK: ret = 1; goto exit_loop; @@ -309,6 +325,8 @@ static int conn_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -398,12 +416,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_SET_CONNECT: if (ptr != NULL) { b->init = 1; - if (num == 0) { + if (num == 0) { /* BIO_set_conn_hostname */ char *hold_service = data->param_service; /* We affect the hostname regardless. However, the input * string might contain a host:service spec, so we must * parse it, which might or might not affect the service */ + OPENSSL_free(data->param_hostname); data->param_hostname = NULL; ret = BIO_parse_hostserv(ptr, @@ -412,19 +431,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_PARSE_PRIO_HOST); if (hold_service != data->param_service) OPENSSL_free(hold_service); - } else if (num == 1) { + } else if (num == 1) { /* BIO_set_conn_port */ OPENSSL_free(data->param_service); - data->param_service = BUF_strdup(ptr); - } else if (num == 2) { + if ((data->param_service = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + } else if (num == 2) { /* BIO_set_conn_address */ const BIO_ADDR *addr = (const BIO_ADDR *)ptr; + char *host = BIO_ADDR_hostname_string(addr, 1); + char *service = BIO_ADDR_service_string(addr, 1); + + ret = host != NULL && service != NULL; if (ret) { - data->param_hostname = BIO_ADDR_hostname_string(addr, 1); - data->param_service = BIO_ADDR_service_string(addr, 1); + OPENSSL_free(data->param_hostname); + data->param_hostname = host; + OPENSSL_free(data->param_service); + data->param_service = service; BIO_ADDRINFO_free(data->addr_first); data->addr_first = NULL; data->addr_iter = NULL; + } else { + OPENSSL_free(host); + OPENSSL_free(service); } - } else if (num == 3) { + } else if (num == 3) { /* BIO_set_conn_ip_family */ data->connect_family = *(int *)ptr; } else { ret = 0; @@ -488,6 +517,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) *fptr = data->info_callback; } break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_dgram.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_dgram.c index d5fe5bb5a..942fd8b51 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_dgram.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_dgram.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_DGRAM # ifndef OPENSSL_NO_SCTP @@ -784,7 +784,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The * value has been updated to a non-clashing value. However to preserve - * binary compatiblity we now respond to both the old value and the new one + * binary compatibility we now respond to both the old value and the new one */ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: case BIO_CTRL_DGRAM_SET_PEEK_MODE: diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_fd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_fd.c index 5bc539c90..ccbe1626b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_fd.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_fd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #if defined(OPENSSL_NO_POSIX_IO) /* @@ -123,6 +123,8 @@ static int fd_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_fd_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -186,6 +188,9 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: ret = 1; break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_file.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_file.c index 057344783..1a70ce799 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_file.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_file.c @@ -7,10 +7,7 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BSS_FILE_C -# define HEADER_BSS_FILE_C - -# if defined(__linux) || defined(__sun) || defined(__hpux) +#if defined(__linux) || defined(__sun) || defined(__hpux) /* * Following definition aliases fopen to fopen64 on above mentioned * platforms. This makes it possible to open and sequentially access files @@ -23,17 +20,17 @@ * of 32-bit platforms which allow for sequential access of large files * without extra "magic" comprise *BSD, Darwin, IRIX... */ -# ifndef _FILE_OFFSET_BITS -# define _FILE_OFFSET_BITS 64 -# endif +# ifndef _FILE_OFFSET_BITS +# define _FILE_OFFSET_BITS 64 # endif +#endif -# include -# include -# include "bio_lcl.h" -# include +#include +#include +#include "bio_local.h" +#include -# if !defined(OPENSSL_NO_STDIO) +#if !defined(OPENSSL_NO_STDIO) static int file_write(BIO *h, const char *buf, int num); static int file_read(BIO *h, char *buf, int size); @@ -72,9 +69,9 @@ BIO *BIO_new_file(const char *filename, const char *mode) SYSerr(SYS_F_FOPEN, get_last_sys_error()); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); if (errno == ENOENT -# ifdef ENXIO +#ifdef ENXIO || errno == ENXIO -# endif +#endif ) BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE); else @@ -212,33 +209,33 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num & BIO_CLOSE; b->ptr = ptr; b->init = 1; -# if BIO_FLAGS_UPLINK!=0 -# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) -# define _IOB_ENTRIES 20 -# endif +# if BIO_FLAGS_UPLINK!=0 +# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) +# define _IOB_ENTRIES 20 +# endif /* Safety net to catch purely internal BIO_set_fp calls */ -# if defined(_MSC_VER) && _MSC_VER>=1900 +# if defined(_MSC_VER) && _MSC_VER>=1900 if (ptr == stdin || ptr == stdout || ptr == stderr) BIO_clear_flags(b, BIO_FLAGS_UPLINK); -# elif defined(_IOB_ENTRIES) +# elif defined(_IOB_ENTRIES) if ((size_t)ptr >= (size_t)stdin && (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) BIO_clear_flags(b, BIO_FLAGS_UPLINK); -# endif # endif -# ifdef UP_fsetmod +# endif +# ifdef UP_fsetmod if (b->flags & BIO_FLAGS_UPLINK) UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b')); else -# endif +# endif { -# if defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_WINDOWS) int fd = _fileno((FILE *)ptr); if (num & BIO_FP_TEXT) _setmode(fd, _O_TEXT); else _setmode(fd, _O_BINARY); -# elif defined(OPENSSL_SYS_MSDOS) +# elif defined(OPENSSL_SYS_MSDOS) int fd = fileno((FILE *)ptr); /* Set correct text/binary mode */ if (num & BIO_FP_TEXT) @@ -251,11 +248,11 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) } else _setmode(fd, _O_BINARY); } -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) int fd = fileno((FILE *)ptr); if (!(num & BIO_FP_TEXT)) setmode(fd, O_BINARY); -# endif +# endif } break; case BIO_C_SET_FILENAME: @@ -277,15 +274,15 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); else OPENSSL_strlcat(p, "t", sizeof(p)); -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) +# elif defined(OPENSSL_SYS_WIN32_CYGWIN) if (!(num & BIO_FP_TEXT)) OPENSSL_strlcat(p, "b", sizeof(p)); -# endif +# endif fp = openssl_fopen(ptr, p); if (fp == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); @@ -422,6 +419,4 @@ BIO *BIO_new_file(const char *filename, const char *mode) return NULL; } -# endif /* OPENSSL_NO_STDIO */ - -#endif /* HEADER_BSS_FILE_C */ +#endif /* OPENSSL_NO_STDIO */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_log.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_log.c index e9ab932ec..b9579faaa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_log.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_log.c @@ -19,7 +19,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #if defined(OPENSSL_SYS_WINCE) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_mem.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_mem.c index 10fcbf7a7..7cb4a5781 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_mem.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_mem.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int mem_write(BIO *h, const char *buf, int num); @@ -57,7 +57,12 @@ static const BIO_METHOD secmem_method = { NULL, /* mem_callback_ctrl */ }; -/* BIO memory stores buffer and read pointer */ +/* + * BIO memory stores buffer and read pointer + * however the roles are different for read only BIOs. + * In that case the readp just stores the original state + * to be used for reset. + */ typedef struct bio_buf_mem_st { struct buf_mem_st *buf; /* allocated buffer */ struct buf_mem_st *readp; /* read pointer */ @@ -192,11 +197,14 @@ static int mem_read(BIO *b, char *out, int outl) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; BUF_MEM *bm = bbm->readp; + if (b->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; BIO_clear_retry_flags(b); ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl; if ((out != NULL) && (ret > 0)) { memcpy(out, bm->data, ret); bm->length -= ret; + bm->max -= ret; bm->data += ret; } else if (bm->length == 0) { ret = b->num; @@ -241,29 +249,34 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; BUF_MEM *bm; + if (b->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; + else + bm = bbm->readp; + switch (cmd) { case BIO_CTRL_RESET: bm = bbm->buf; if (bm->data != NULL) { - /* For read only case reset to the start again */ - if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) { - bm->length = bm->max; + if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) { + if (!(b->flags & BIO_FLAGS_NONCLEAR_RST)) { + memset(bm->data, 0, bm->max); + bm->length = 0; + } + *bbm->readp = *bbm->buf; } else { - memset(bm->data, 0, bm->max); - bm->length = 0; + /* For read only case just reset to the start again */ + *bbm->buf = *bbm->readp; } - *bbm->readp = *bbm->buf; } break; case BIO_CTRL_EOF: - bm = bbm->readp; ret = (long)(bm->length == 0); break; case BIO_C_SET_BUF_MEM_EOF_RETURN: b->num = (int)num; break; case BIO_CTRL_INFO: - bm = bbm->readp; ret = (long)bm->length; if (ptr != NULL) { pptr = (char **)ptr; @@ -278,8 +291,9 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { - mem_buf_sync(b); - bm = bbm->readp; + if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) + mem_buf_sync(b); + bm = bbm->buf; pptr = (char **)ptr; *pptr = (char *)bm; } @@ -294,7 +308,6 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0L; break; case BIO_CTRL_PENDING: - bm = bbm->readp; ret = (long)bm->length; break; case BIO_CTRL_DUP: @@ -318,6 +331,8 @@ static int mem_gets(BIO *bp, char *buf, int size) BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr; BUF_MEM *bm = bbm->readp; + if (bp->flags & BIO_FLAGS_MEM_RDONLY) + bm = bbm->buf; BIO_clear_retry_flags(bp); j = bm->length; if ((size - 1) < j) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_null.c index 08f1d2bc9..e73ce7841 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_null.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_null.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int null_write(BIO *h, const char *buf, int num); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_sock.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_sock.c index ad3845320..6251f3d46 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_sock.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bio/bss_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #ifndef OPENSSL_NO_SOCK @@ -101,6 +101,8 @@ static int sock_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -151,6 +153,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: ret = 1; break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2b.c b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2b.c index 829ba5b50..fc6e5f1a3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2b.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2b.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,15 +18,15 @@ #include #include -#include "blake2_locl.h" +#include "blake2_local.h" #include "blake2_impl.h" static const uint64_t blake2b_IV[8] = { - 0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU, - 0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U, - 0x510e527fade682d1U, 0x9b05688c2b3e6c1fU, - 0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; static const uint8_t blake2b_sigma[12][16] = diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2s.c b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2s.c index 8211374d1..d072e05ca 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2s.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/blake2s.c @@ -18,7 +18,7 @@ #include #include -#include "blake2_locl.h" +#include "blake2_local.h" #include "blake2_impl.h" static const uint32_t blake2s_IV[8] = diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2b.c b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2b.c index c493648c3..ce4d8f956 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2b.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2b.c @@ -20,8 +20,8 @@ # include # include -# include "blake2_locl.h" -# include "internal/evp_int.h" +# include "blake2_local.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2s.c b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2s.c index 83b2811e4..b8fb048b3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2s.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/blake2/m_blake2s.c @@ -20,8 +20,8 @@ # include # include -# include "blake2_locl.h" -# include "internal/evp_int.h" +# include "blake2_local.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/README.pod b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/README.pod index 706a14034..5d5c4fa99 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/README.pod +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/README.pod @@ -188,7 +188,7 @@ B and the 2*B word arrays B and B. The implementations use the following macros which, depending on the architecture, may use "long long" C operations or inline assembler. -They are defined in C. +They are defined in C. mul(B, B, B, B) computes B*B+B and places the low word of the result in B and the high word in B. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/alpha-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/alpha-mont.pl index c9b962a15..83717921e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/alpha-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/alpha-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -325,4 +325,4 @@ bn_mul_mont: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-gf2m.pl index 7a0cdb2e8..3a83cb855 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-gf2m.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -329,4 +329,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-mont.pl index 6bedc62ba..eadc8bbf6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -754,4 +754,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv8-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv8-mont.pl index d8347bf93..bc9a18dc4 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv8-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/armv8-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1511,4 +1511,4 @@ ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-586.pl index 58effc880..e0422405d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/bn-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub bn_mul_add_words { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/c64xplus-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/c64xplus-gf2m.pl index 9c46da3af..3bb8d120e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/c64xplus-gf2m.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/c64xplus-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -157,4 +157,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/co-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/co-586.pl index 97f5e3a19..3c34fa885 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/co-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/co-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,7 @@ open STDOUT,">$output"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub mul_add_c { @@ -39,17 +39,17 @@ sub mul_add_c &mul("edx"); &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a + &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a &mov("eax",&wparam(0)) if $pos > 0; # load r[] ### &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b + &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # load next b + &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # load next b ### &adc($c2,0); # is pos > 1, it means it is the last loop &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a + &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next a } sub sqr_add_c diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64-mont.pl index ec486f777..7a4e74d71 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ia64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -857,4 +857,4 @@ ___ open STDOUT,">$output" if $output; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips-mont.pl index fbe5d04f7..3b79a4b18 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -430,4 +430,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips.pl index 3875132bd..8ad715bda 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -89,7 +89,7 @@ if ($flavour =~ /64|n32/i) { $SZREG=4; $REG_S="sw"; $REG_L="lw"; - $code=".set mips2\n"; + $code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set mips2\n#endif\n"; } # Below is N32/64 register layout used in the original module. @@ -801,7 +801,7 @@ $code.=<<___; #if 0 /* * The bn_div_3_words entry point is re-used for constant-time interface. - * Implementation is retained as hystorical reference. + * Implementation is retained as historical reference. */ .align 5 .globl bn_div_3_words @@ -2260,4 +2260,4 @@ $code.=<<___; .end bn_sqr_comba4 ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/parisc-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/parisc-mont.pl index aa9f626ed..6a7c714a1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/parisc-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/parisc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1003,4 +1003,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc-mont.pl index ec7e019a4..278314c57 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1987,4 +1987,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc.pl index e37068192..a8d3f14e9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -258,6 +258,7 @@ $data=<=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -1979,4 +1979,4 @@ rsaz_1024_gather5_avx2: ___ }}} -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-x86_64.pl index b1797b649..cf08ce9b8 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/rsaz-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -116,7 +116,7 @@ rsaz_512_sqr: # 25-29% faster than rsaz_512_mul subq \$128+24, %rsp .cfi_adjust_cfa_offset 128+24 .Lsqr_body: - movq $mod, %rbp # common argument + movq $mod, %xmm1 # common off-load movq ($inp), %rdx movq 8($inp), %rax movq $n0, 128(%rsp) @@ -134,7 +134,8 @@ $code.=<<___; .Loop_sqr: movl $times,128+8(%rsp) #first iteration - movq %rdx, %rbx + movq %rdx, %rbx # 0($inp) + mov %rax, %rbp # 8($inp) mulq %rdx movq %rax, %r8 movq 16($inp), %rax @@ -173,31 +174,29 @@ $code.=<<___; mulq %rbx addq %rax, %r14 movq %rbx, %rax - movq %rdx, %r15 - adcq \$0, %r15 + adcq \$0, %rdx - addq %r8, %r8 #shlq \$1, %r8 - movq %r9, %rcx - adcq %r9, %r9 #shld \$1, %r8, %r9 + xorq %rcx,%rcx # rcx:r8 = r8 << 1 + addq %r8, %r8 + movq %rdx, %r15 + adcq \$0, %rcx mulq %rax - movq %rax, (%rsp) - addq %rdx, %r8 - adcq \$0, %r9 + addq %r8, %rdx + adcq \$0, %rcx - movq %r8, 8(%rsp) - shrq \$63, %rcx + movq %rax, (%rsp) + movq %rdx, 8(%rsp) #second iteration - movq 8($inp), %r8 movq 16($inp), %rax - mulq %r8 + mulq %rbp addq %rax, %r10 movq 24($inp), %rax movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r11 movq 32($inp), %rax adcq \$0, %rdx @@ -205,7 +204,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r12 movq 40($inp), %rax adcq \$0, %rdx @@ -213,7 +212,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r13 movq 48($inp), %rax adcq \$0, %rdx @@ -221,7 +220,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r14 movq 56($inp), %rax adcq \$0, %rdx @@ -229,39 +228,39 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r15 - movq %r8, %rax + movq %rbp, %rax adcq \$0, %rdx addq %rbx, %r15 - movq %rdx, %r8 - movq %r10, %rdx - adcq \$0, %r8 + adcq \$0, %rdx - add %rdx, %rdx - lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - movq %r11, %rbx - adcq %r11, %r11 #shld \$1, %r10, %r11 + xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 + addq %r9, %r9 + movq %rdx, %r8 + adcq %r10, %r10 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax + movq 16($inp), %rbp addq %rax, %r9 + movq 24($inp), %rax adcq %rdx, %r10 - adcq \$0, %r11 + adcq \$0, %rbx movq %r9, 16(%rsp) movq %r10, 24(%rsp) - shrq \$63, %rbx #third iteration - movq 16($inp), %r9 - movq 24($inp), %rax - mulq %r9 + mulq %rbp addq %rax, %r12 movq 32($inp), %rax movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 + mulq %rbp addq %rax, %r13 movq 40($inp), %rax adcq \$0, %rdx @@ -269,7 +268,7 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 + mulq %rbp addq %rax, %r14 movq 48($inp), %rax adcq \$0, %rdx @@ -277,9 +276,7 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 - movq %r12, %r10 - lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 + mulq %rbp addq %rax, %r15 movq 56($inp), %rax adcq \$0, %rdx @@ -287,36 +284,40 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 - shrq \$63, %r10 + mulq %rbp addq %rax, %r8 - movq %r9, %rax + movq %rbp, %rax adcq \$0, %rdx addq %rcx, %r8 - movq %rdx, %r9 - adcq \$0, %r9 + adcq \$0, %rdx - movq %r13, %rcx - leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 + xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 + addq %r11, %r11 + movq %rdx, %r9 + adcq %r12, %r12 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax + movq 24($inp), %r10 addq %rax, %r11 + movq 32($inp), %rax adcq %rdx, %r12 - adcq \$0, %r13 + adcq \$0, %rcx movq %r11, 32(%rsp) movq %r12, 40(%rsp) - shrq \$63, %rcx #fourth iteration - movq 24($inp), %r10 - movq 32($inp), %rax + mov %rax, %r11 # 32($inp) mulq %r10 addq %rax, %r14 movq 40($inp), %rax movq %rdx, %rbx adcq \$0, %rbx + mov %rax, %r12 # 40($inp) mulq %r10 addq %rax, %r15 movq 48($inp), %rax @@ -325,9 +326,8 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx + mov %rax, %rbp # 48($inp) mulq %r10 - movq %r14, %r12 - leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 addq %rax, %r8 movq 56($inp), %rax adcq \$0, %rdx @@ -336,32 +336,33 @@ $code.=<<___; adcq \$0, %rbx mulq %r10 - shrq \$63, %r12 addq %rax, %r9 movq %r10, %rax adcq \$0, %rdx addq %rbx, %r9 - movq %rdx, %r10 - adcq \$0, %r10 + adcq \$0, %rdx - movq %r15, %rbx - leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 + xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 + addq %r13, %r13 + movq %rdx, %r10 + adcq %r14, %r14 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax addq %rax, %r13 + movq %r12, %rax # 40($inp) adcq %rdx, %r14 - adcq \$0, %r15 + adcq \$0, %rbx movq %r13, 48(%rsp) movq %r14, 56(%rsp) - shrq \$63, %rbx #fifth iteration - movq 32($inp), %r11 - movq 40($inp), %rax mulq %r11 addq %rax, %r8 - movq 48($inp), %rax + movq %rbp, %rax # 48($inp) movq %rdx, %rcx adcq \$0, %rcx @@ -369,97 +370,99 @@ $code.=<<___; addq %rax, %r9 movq 56($inp), %rax adcq \$0, %rdx - movq %r8, %r12 - leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 addq %rcx, %r9 movq %rdx, %rcx adcq \$0, %rcx + mov %rax, %r14 # 56($inp) mulq %r11 - shrq \$63, %r12 addq %rax, %r10 movq %r11, %rax adcq \$0, %rdx addq %rcx, %r10 - movq %rdx, %r11 - adcq \$0, %r11 + adcq \$0, %rdx - movq %r9, %rcx - leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 + xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 + addq %r15, %r15 + movq %rdx, %r11 + adcq %r8, %r8 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax addq %rax, %r15 + movq %rbp, %rax # 48($inp) adcq %rdx, %r8 - adcq \$0, %r9 + adcq \$0, %rcx movq %r15, 64(%rsp) movq %r8, 72(%rsp) - shrq \$63, %rcx #sixth iteration - movq 40($inp), %r12 - movq 48($inp), %rax mulq %r12 addq %rax, %r10 - movq 56($inp), %rax + movq %r14, %rax # 56($inp) movq %rdx, %rbx adcq \$0, %rbx mulq %r12 addq %rax, %r11 movq %r12, %rax - movq %r10, %r15 - leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 adcq \$0, %rdx - shrq \$63, %r15 addq %rbx, %r11 - movq %rdx, %r12 - adcq \$0, %r12 + adcq \$0, %rdx - movq %r11, %rbx - leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 + xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 + addq %r9, %r9 + movq %rdx, %r12 + adcq %r10, %r10 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax addq %rax, %r9 + movq %r14, %rax # 56($inp) adcq %rdx, %r10 - adcq \$0, %r11 + adcq \$0, %rbx movq %r9, 80(%rsp) movq %r10, 88(%rsp) #seventh iteration - movq 48($inp), %r13 - movq 56($inp), %rax - mulq %r13 + mulq %rbp addq %rax, %r12 - movq %r13, %rax - movq %rdx, %r13 - adcq \$0, %r13 + movq %rbp, %rax + adcq \$0, %rdx - xorq %r14, %r14 - shlq \$1, %rbx - adcq %r12, %r12 #shld \$1, %rbx, %r12 - adcq %r13, %r13 #shld \$1, %r12, %r13 - adcq %r14, %r14 #shld \$1, %r13, %r14 + xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 + addq %r11, %r11 + movq %rdx, %r13 + adcq %r12, %r12 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax addq %rax, %r11 + movq %r14, %rax # 56($inp) adcq %rdx, %r12 - adcq \$0, %r13 + adcq \$0, %rcx movq %r11, 96(%rsp) movq %r12, 104(%rsp) #eighth iteration - movq 56($inp), %rax + xorq %rbx, %rbx # rbx:r13 = r13 << 1 + addq %r13, %r13 + adcq \$0, %rbx + mulq %rax - addq %rax, %r13 - adcq \$0, %rdx - - addq %rdx, %r14 - - movq %r13, 112(%rsp) - movq %r14, 120(%rsp) + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax + addq %r13, %rax + adcq %rbx, %rdx movq (%rsp), %r8 movq 8(%rsp), %r9 @@ -469,6 +472,10 @@ $code.=<<___; movq 40(%rsp), %r13 movq 48(%rsp), %r14 movq 56(%rsp), %r15 + movq %xmm1, %rbp + + movq %rax, 112(%rsp) + movq %rdx, 120(%rsp) call __rsaz_512_reduce @@ -500,9 +507,9 @@ $code.=<<___; .Loop_sqrx: movl $times,128+8(%rsp) movq $out, %xmm0 # off-load - movq %rbp, %xmm1 # off-load #first iteration mulx %rax, %r8, %r9 + mov %rax, %rbx mulx 16($inp), %rcx, %r10 xor %rbp, %rbp # cf=0, of=0 @@ -510,40 +517,39 @@ $code.=<<___; mulx 24($inp), %rax, %r11 adcx %rcx, %r9 - mulx 32($inp), %rcx, %r12 + .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 adcx %rax, %r10 - mulx 40($inp), %rax, %r13 + .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 adcx %rcx, %r11 - .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 + mulx 48($inp), %rcx, %r14 adcx %rax, %r12 adcx %rcx, %r13 - .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 + mulx 56($inp), %rax, %r15 adcx %rax, %r14 adcx %rbp, %r15 # %rbp is 0 - mov %r9, %rcx - shld \$1, %r8, %r9 - shl \$1, %r8 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rdx, %r8 - mov 8($inp), %rdx - adcx %rbp, %r9 + mulx %rdx, %rax, $out + mov %rbx, %rdx # 8($inp) + xor %rcx, %rcx + adox %r8, %r8 + adcx $out, %r8 + adox %rbp, %rcx + adcx %rbp, %rcx mov %rax, (%rsp) mov %r8, 8(%rsp) #second iteration - mulx 16($inp), %rax, %rbx + .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx adox %rax, %r10 adcx %rbx, %r11 - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 + mulx 24($inp), $out, %r8 adox $out, %r11 + .byte 0x66 adcx %r8, %r12 mulx 32($inp), %rax, %rbx @@ -561,24 +567,25 @@ $code.=<<___; .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 adox $out, %r15 adcx %rbp, %r8 + mulx %rdx, %rax, $out adox %rbp, %r8 + .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx - mov %r11, %rbx - shld \$1, %r10, %r11 - shld \$1, %rcx, %r10 - - xor %ebp,%ebp - mulx %rdx, %rax, %rcx - mov 16($inp), %rdx + xor %rbx, %rbx + adox %r9, %r9 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r10, %r10 adcx %rax, %r9 - adcx %rcx, %r10 - adcx %rbp, %r11 + adox %rbp, %rbx + adcx $out, %r10 + adcx %rbp, %rbx mov %r9, 16(%rsp) .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) #third iteration - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 + mulx 24($inp), $out, %r9 adox $out, %r12 adcx %r9, %r13 @@ -586,7 +593,7 @@ $code.=<<___; adox %rax, %r13 adcx %rcx, %r14 - mulx 40($inp), $out, %r9 + .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 adox $out, %r14 adcx %r9, %r15 @@ -594,27 +601,28 @@ $code.=<<___; adox %rax, %r15 adcx %rcx, %r8 - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 + mulx 56($inp), $out, %r9 adox $out, %r8 adcx %rbp, %r9 + mulx %rdx, %rax, $out adox %rbp, %r9 - - mov %r13, %rcx - shld \$1, %r12, %r13 - shld \$1, %rbx, %r12 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r11 - adcx %rdx, %r12 mov 24($inp), %rdx - adcx %rbp, %r13 + + xor %rcx, %rcx + adox %r11, %r11 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r12, %r12 + adcx %rax, %r11 + adox %rbp, %rcx + adcx $out, %r12 + adcx %rbp, %rcx mov %r11, 32(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) + mov %r12, 40(%rsp) #fourth iteration - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx + mulx 32($inp), %rax, %rbx adox %rax, %r14 adcx %rbx, %r15 @@ -629,25 +637,25 @@ $code.=<<___; mulx 56($inp), $out, %r10 adox $out, %r9 adcx %rbp, %r10 + mulx %rdx, %rax, $out adox %rbp, %r10 - - .byte 0x66 - mov %r15, %rbx - shld \$1, %r14, %r15 - shld \$1, %rcx, %r14 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r13 - adcx %rdx, %r14 mov 32($inp), %rdx - adcx %rbp, %r15 + + xor %rbx, %rbx + adox %r13, %r13 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r14, %r14 + adcx %rax, %r13 + adox %rbp, %rbx + adcx $out, %r14 + adcx %rbp, %rbx mov %r13, 48(%rsp) mov %r14, 56(%rsp) #fifth iteration - .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 + mulx 40($inp), $out, %r11 adox $out, %r8 adcx %r11, %r9 @@ -658,18 +666,19 @@ $code.=<<___; mulx 56($inp), $out, %r11 adox $out, %r10 adcx %rbp, %r11 + mulx %rdx, %rax, $out + mov 40($inp), %rdx adox %rbp, %r11 - mov %r9, %rcx - shld \$1, %r8, %r9 - shld \$1, %rbx, %r8 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx + xor %rcx, %rcx + adox %r15, %r15 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r8, %r8 adcx %rax, %r15 - adcx %rdx, %r8 - mov 40($inp), %rdx - adcx %rbp, %r9 + adox %rbp, %rcx + adcx $out, %r8 + adcx %rbp, %rcx mov %r15, 64(%rsp) mov %r8, 72(%rsp) @@ -682,18 +691,19 @@ $code.=<<___; .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 adox $out, %r11 adcx %rbp, %r12 + mulx %rdx, %rax, $out adox %rbp, %r12 - - mov %r11, %rbx - shld \$1, %r10, %r11 - shld \$1, %rcx, %r10 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r9 - adcx %rdx, %r10 mov 48($inp), %rdx - adcx %rbp, %r11 + + xor %rbx, %rbx + adox %r9, %r9 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r10, %r10 + adcx %rax, %r9 + adcx $out, %r10 + adox %rbp, %rbx + adcx %rbp, %rbx mov %r9, 80(%rsp) mov %r10, 88(%rsp) @@ -703,31 +713,31 @@ $code.=<<___; adox %rax, %r12 adox %rbp, %r13 - xor %r14, %r14 - shld \$1, %r13, %r14 - shld \$1, %r12, %r13 - shld \$1, %rbx, %r12 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r11 - adcx %rdx, %r12 + mulx %rdx, %rax, $out + xor %rcx, %rcx mov 56($inp), %rdx - adcx %rbp, %r13 + adox %r11, %r11 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r12, %r12 + adcx %rax, %r11 + adox %rbp, %rcx + adcx $out, %r12 + adcx %rbp, %rcx .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) #eighth iteration mulx %rdx, %rax, %rdx - adox %rax, %r13 - adox %rbp, %rdx + xor %rbx, %rbx + adox %r13, %r13 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %rbp, %rbx + adcx %r13, %rax + adcx %rdx, %rbx - .byte 0x66 - add %rdx, %r14 - - movq %r13, 112(%rsp) - movq %r14, 120(%rsp) movq %xmm0, $out movq %xmm1, %rbp @@ -741,6 +751,9 @@ $code.=<<___; movq 48(%rsp), %r14 movq 56(%rsp), %r15 + movq %rax, 112(%rsp) + movq %rbx, 120(%rsp) + call __rsaz_512_reducex addq 64(%rsp), %r8 @@ -1606,6 +1619,7 @@ $code.=<<___; .type __rsaz_512_reduce,\@abi-omnipotent .align 32 __rsaz_512_reduce: +.cfi_startproc movq %r8, %rbx imulq 128+8(%rsp), %rbx movq 0(%rbp), %rax @@ -1685,6 +1699,7 @@ __rsaz_512_reduce: jne .Lreduction_loop ret +.cfi_endproc .size __rsaz_512_reduce,.-__rsaz_512_reduce ___ } @@ -1698,6 +1713,7 @@ $code.=<<___; .type __rsaz_512_reducex,\@abi-omnipotent .align 32 __rsaz_512_reducex: +.cfi_startproc #movq 128+8(%rsp), %rdx # pull $n0 imulq %r8, %rdx xorq %rsi, %rsi # cf=0,of=0 @@ -1750,6 +1766,7 @@ __rsaz_512_reducex: jne .Lreduction_loopx ret +.cfi_endproc .size __rsaz_512_reducex,.-__rsaz_512_reducex ___ } @@ -1761,6 +1778,7 @@ $code.=<<___; .type __rsaz_512_subtract,\@abi-omnipotent .align 32 __rsaz_512_subtract: +.cfi_startproc movq %r8, ($out) movq %r9, 8($out) movq %r10, 16($out) @@ -1814,6 +1832,7 @@ __rsaz_512_subtract: movq %r15, 56($out) ret +.cfi_endproc .size __rsaz_512_subtract,.-__rsaz_512_subtract ___ } @@ -1827,6 +1846,7 @@ $code.=<<___; .type __rsaz_512_mul,\@abi-omnipotent .align 32 __rsaz_512_mul: +.cfi_startproc leaq 8(%rsp), %rdi movq ($ap), %rax @@ -1965,6 +1985,7 @@ __rsaz_512_mul: movq %r15, 56(%rdi) ret +.cfi_endproc .size __rsaz_512_mul,.-__rsaz_512_mul ___ } @@ -1979,6 +2000,7 @@ $code.=<<___; .type __rsaz_512_mulx,\@abi-omnipotent .align 32 __rsaz_512_mulx: +.cfi_startproc mulx ($ap), %rbx, %r8 # initial %rdx preloaded by caller mov \$-6, %rcx @@ -2095,6 +2117,7 @@ __rsaz_512_mulx: mov %r15, 8+64+56(%rsp) ret +.cfi_endproc .size __rsaz_512_mulx,.-__rsaz_512_mulx ___ } @@ -2105,6 +2128,7 @@ $code.=<<___; .type rsaz_512_scatter4,\@abi-omnipotent .align 16 rsaz_512_scatter4: +.cfi_startproc leaq ($out,$power,8), $out movl \$8, %r9d jmp .Loop_scatter @@ -2117,12 +2141,14 @@ rsaz_512_scatter4: decl %r9d jnz .Loop_scatter ret +.cfi_endproc .size rsaz_512_scatter4,.-rsaz_512_scatter4 .globl rsaz_512_gather4 .type rsaz_512_gather4,\@abi-omnipotent .align 16 rsaz_512_gather4: +.cfi_startproc ___ $code.=<<___ if ($win64); .LSEH_begin_rsaz_512_gather4: @@ -2217,6 +2243,7 @@ ___ $code.=<<___; ret .LSEH_end_rsaz_512_gather4: +.cfi_endproc .size rsaz_512_gather4,.-rsaz_512_gather4 .align 64 @@ -2401,4 +2428,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-gf2m.pl index 06181bf9b..a7e4b8a97 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-gf2m.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -225,4 +225,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-mont.pl index c2fc5adff..bc8c8951e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -145,7 +145,7 @@ $code.=<<___; lghi $NHI,0 alcgr $NHI,$nhi - la $j,8(%r0) # j=1 + la $j,8 # j=1 lr $count,$num .align 16 @@ -197,7 +197,7 @@ $code.=<<___; lghi $NHI,0 alcgr $NHI,$nhi - la $j,8(%r0) # j=1 + la $j,8 # j=1 lr $count,$num .align 16 @@ -241,7 +241,7 @@ $code.=<<___; la $ap,$stdframe($sp) ahi $num,1 # restore $num, incidentally clears "borrow" - la $j,0(%r0) + la $j,0 lr $count,$num .Lsub: lg $alo,0($j,$ap) lg $nlo,0($j,$np) @@ -255,7 +255,7 @@ $code.=<<___; lghi $NHI,-1 xgr $NHI,$AHI - la $j,0(%r0) + la $j,0 lgr $count,$num .Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy lg $alo,0($j,$rp) @@ -281,4 +281,4 @@ foreach (split("\n",$code)) { s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e; print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x.S b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x.S index 292a7a999..b666c41a8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x.S +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/s390x.S @@ -511,7 +511,7 @@ bn_mul_comba4: lghi zero,0 mul_add_c(0,0,c1,c2,c3); - stg c1,0*8(%r3) + stg c1,0*8(%r2) lghi c1,0 mul_add_c(0,1,c2,c3,c1); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparct4-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparct4-mont.pl index fcae9cfc5..62e297a01 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparct4-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparct4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1225,4 +1225,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-gf2m.pl index dcf11a87a..238a93dca 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-gf2m.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -197,4 +197,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-mont.pl index b41903af9..d1a3c2bc4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -617,4 +617,4 @@ $code.=<<___; ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9a-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9a-mont.pl index c8f759df9..7a1fca126 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9a-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/sparcv9a-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -884,4 +884,4 @@ $code =~ s/fzeros\s+%f([0-9]+)/ print $code; # flush -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/via-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/via-mont.pl index 9cf717e84..9dbc8d458 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/via-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/via-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -248,4 +248,4 @@ $sp=&DWP(28,"esp"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/vis3-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/vis3-mont.pl index 04833a0c8..d797af874 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/vis3-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/vis3-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -381,4 +381,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-gf2m.pl index d03efcc75..436d90b11 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-gf2m.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -322,4 +322,4 @@ if ($sse2) { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-mont.pl index 7ba2133ac..2103f806b 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -628,4 +628,4 @@ $sbit=$num; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gcc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gcc.c index 31839ba06..e6fdaadf0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gcc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gcc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "../bn_lcl.h" +#include "../bn_local.h" #if !(defined(__GNUC__) && __GNUC__>=2) # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ #else diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gf2m.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gf2m.pl index 0fd6e985d..655f13c89 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gf2m.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -421,4 +421,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont.pl index c051135e3..f14d4e63b 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -1589,4 +1589,4 @@ ___ } print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont5.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont5.pl index f43e13d11..8c37d132e 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont5.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -60,7 +60,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -580,6 +580,7 @@ $code.=<<___; .type mul4x_internal,\@abi-omnipotent .align 32 mul4x_internal: +.cfi_startproc shl \$5,$num # $num was in bytes movd `($win64?56:8)`(%rax),%xmm5 # load 7th argument, index lea .Linc(%rip),%rax @@ -1074,6 +1075,7 @@ $code.=<<___ ___ } $code.=<<___; +.cfi_endproc .size mul4x_internal,.-mul4x_internal ___ }}} @@ -1239,6 +1241,7 @@ $code.=<<___; .align 32 bn_sqr8x_internal: __bn_sqr8x_internal: +.cfi_startproc ############################################################## # Squaring part: # @@ -2030,6 +2033,7 @@ __bn_sqr8x_reduction: cmp %rdx,$tptr # end of t[]? jb .L8x_reduction_loop ret +.cfi_endproc .size bn_sqr8x_internal,.-bn_sqr8x_internal ___ } @@ -2042,6 +2046,7 @@ $code.=<<___; .type __bn_post4x_internal,\@abi-omnipotent .align 32 __bn_post4x_internal: +.cfi_startproc mov 8*0($nptr),%r12 lea (%rdi,$num),$tptr # %rdi was $tptr above mov $num,%rcx @@ -2092,6 +2097,7 @@ __bn_post4x_internal: mov $num,%r10 # prepare for back-to-back call neg $num # restore $num ret +.cfi_endproc .size __bn_post4x_internal,.-__bn_post4x_internal ___ } @@ -2101,10 +2107,12 @@ $code.=<<___; .type bn_from_montgomery,\@abi-omnipotent .align 32 bn_from_montgomery: +.cfi_startproc testl \$7,`($win64?"48(%rsp)":"%r9d")` jz bn_from_mont8x xor %eax,%eax ret +.cfi_endproc .size bn_from_montgomery,.-bn_from_montgomery .type bn_from_mont8x,\@function,6 @@ -2400,6 +2408,7 @@ bn_mulx4x_mont_gather5: .type mulx4x_internal,\@abi-omnipotent .align 32 mulx4x_internal: +.cfi_startproc mov $num,8(%rsp) # save -$num (it was in bytes) mov $num,%r10 neg $num # restore $num @@ -2750,6 +2759,7 @@ $code.=<<___; mov 8*2(%rbp),%r14 mov 8*3(%rbp),%r15 jmp .Lsqrx4x_sub_entry # common post-condition +.cfi_endproc .size mulx4x_internal,.-mulx4x_internal ___ } { @@ -3555,6 +3565,7 @@ my ($rptr,$nptr)=("%rdx","%rbp"); $code.=<<___; .align 32 __bn_postx4x_internal: +.cfi_startproc mov 8*0($nptr),%r12 mov %rcx,%r10 # -$num mov %rcx,%r9 # -$num @@ -3602,6 +3613,7 @@ __bn_postx4x_internal: neg %r9 # restore $num ret +.cfi_endproc .size __bn_postx4x_internal,.-__bn_postx4x_internal ___ } @@ -3618,6 +3630,7 @@ $code.=<<___; .type bn_get_bits5,\@abi-omnipotent .align 16 bn_get_bits5: +.cfi_startproc lea 0($inp),%r10 lea 1($inp),%r11 mov $num,%ecx @@ -3631,12 +3644,14 @@ bn_get_bits5: shrl %cl,%eax and \$31,%eax ret +.cfi_endproc .size bn_get_bits5,.-bn_get_bits5 .globl bn_scatter5 .type bn_scatter5,\@abi-omnipotent .align 16 bn_scatter5: +.cfi_startproc cmp \$0, $num jz .Lscatter_epilogue lea ($tbl,$idx,8),$tbl @@ -3649,6 +3664,7 @@ bn_scatter5: jnz .Lscatter .Lscatter_epilogue: ret +.cfi_endproc .size bn_scatter5,.-bn_scatter5 .globl bn_gather5 @@ -3656,6 +3672,7 @@ bn_scatter5: .align 32 bn_gather5: .LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases +.cfi_startproc # I can't trust assembler to use specific encoding:-( .byte 0x4c,0x8d,0x14,0x24 #lea (%rsp),%r10 .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 #sub $0x108,%rsp @@ -3740,6 +3757,7 @@ $code.=<<___; lea (%r10),%rsp ret .LSEH_end_bn_gather5: +.cfi_endproc .size bn_gather5,.-bn_gather5 ___ } @@ -3942,4 +3960,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_add.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_add.c index f2736b8f6..8ffe49618 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_add.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_add.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* signed add of b to a. */ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_asm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_asm.c index 729b2480a..4d83a8cf1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_asm.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_asm.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_blind.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_blind.c index 450cdfb34..76fc7ebcf 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_blind.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_blind.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define BN_BLINDING_COUNTER 32 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_ctx.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_ctx.c index 54b799961..042cb247d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_ctx.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_ctx.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /*- * TODO list @@ -194,6 +194,8 @@ void BN_CTX_start(BN_CTX *ctx) void BN_CTX_end(BN_CTX *ctx) { + if (ctx == NULL) + return; CTXDBG_ENTRY("BN_CTX_end", ctx); if (ctx->err_stack) ctx->err_stack--; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_depr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_depr.c index 58bcf197a..b60269cd5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_depr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_depr.c @@ -20,7 +20,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "internal/cryptlib.h" -# include "bn_lcl.h" +# include "bn_local.h" BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_dh.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_dh.c index 38acdee23..58c44f0b1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_dh.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_dh.c @@ -7,12 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/nelem.h" #ifndef OPENSSL_NO_DH #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" /* DH parameters from RFC5114 */ # if BN_BITS2 == 64 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_div.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_div.c index 3a6fa0a1b..0da9f39b3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_div.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_div.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* The old slow way */ #if 0 @@ -258,7 +258,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, * * - availability of constant-time bn_div_3_words; * - dividend is at least as "wide" as divisor, limb-wise, zero-padded - * if so requied, which shouldn't be a privacy problem, because + * if so required, which shouldn't be a privacy problem, because * divisor's length is considered public; */ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, @@ -268,7 +268,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, BIGNUM *tmp, *snum, *sdiv, *res; BN_ULONG *resp, *wnum, *wnumtop; BN_ULONG d0, d1; - int num_n, div_n; + int num_n, div_n, num_neg; assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0); @@ -326,7 +326,8 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, /* Setup quotient */ if (!bn_wexpand(res, loop)) goto err; - res->neg = (num->neg ^ divisor->neg); + num_neg = num->neg; + res->neg = (num_neg ^ divisor->neg); res->top = loop; res->flags |= BN_FLG_FIXED_TOP; resp = &(res->d[loop]); @@ -442,7 +443,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, *--resp = q; } /* snum holds remainder, it's as wide as divisor */ - snum->neg = num->neg; + snum->neg = num_neg; snum->top = div_n; snum->flags |= BN_FLG_FIXED_TOP; if (rm != NULL) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp.c index 88f2baf0e..9531acfc3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp.c @@ -8,8 +8,8 @@ */ #include "internal/cryptlib.h" -#include "internal/constant_time_locl.h" -#include "bn_lcl.h" +#include "internal/constant_time.h" +#include "bn_local.h" #include #ifdef _WIN32 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp2.c index 082c9286a..e542abe46 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp2.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_exp2.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define TABLE_SIZE 32 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c index 0091ea4e0..0941f7b97 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,130 +8,191 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); - -int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) +/* + * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does + * not contain branches that may leak sensitive information. + * + * This is a static function, we ensure all callers in this file pass valid + * arguments: all passed pointers here are non-NULL. + */ +static ossl_inline +BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx, int *pnoinv) { - BIGNUM *a, *b, *t; - int ret = 0; + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; + int sign; - bn_check_top(in_a); - bn_check_top(in_b); + bn_check_top(a); + bn_check_top(n); BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (b == NULL) + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + D = BN_CTX_get(ctx); + M = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + T = BN_CTX_get(ctx); + if (T == NULL) goto err; - if (BN_copy(a, in_a) == NULL) + if (in == NULL) + R = BN_new(); + else + R = in; + if (R == NULL) goto err; - if (BN_copy(b, in_b) == NULL) - goto err; - a->neg = 0; - b->neg = 0; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; + BN_one(X); + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) + goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) { + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_B; + bn_init(&local_B); + BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, &local_B, A, ctx)) + goto err; + /* Ensure local_B goes out of scope before any further use of B */ + } } - t = euclid(a, b); - if (t == NULL) - goto err; + sign = -1; + /*- + * From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ - if (BN_copy(r, t) == NULL) + while (!BN_is_zero(B)) { + BIGNUM *tmp; + + /*- + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_A; + bn_init(&local_A); + BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D, M, &local_A, B, ctx)) + goto err; + /* Ensure local_A goes out of scope before any further use of A */ + } + + /*- + * Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + + tmp = A; /* keep the BIGNUM object, the value does not + * matter */ + + /* (A, B) := (B, A mod B) ... */ + A = B; + B = M; + /* ... so we have 0 <= B < A again */ + + /*- + * Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp, D, X, ctx)) + goto err; + if (!BN_add(tmp, tmp, Y)) + goto err; + + M = Y; /* keep the BIGNUM object, the value does not + * matter */ + Y = X; + X = tmp; + sign = -sign; + } + + /*- + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ + + if (sign < 0) { + if (!BN_sub(Y, n, Y)) + goto err; + } + /* Now Y*a == A (mod |n|). */ + + if (BN_is_one(A)) { + /* Y*a == 1 (mod |n|) */ + if (!Y->neg && BN_ucmp(Y, n) < 0) { + if (!BN_copy(R, Y)) + goto err; + } else { + if (!BN_nnmod(R, Y, n, ctx)) + goto err; + } + } else { + *pnoinv = 1; + /* caller sets the BN_R_NO_INVERSE error */ goto err; - ret = 1; + } + + ret = R; + *pnoinv = 0; + err: + if ((ret == NULL) && (in == NULL)) + BN_free(R); BN_CTX_end(ctx); - bn_check_top(r); + bn_check_top(ret); return ret; } -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) -{ - BIGNUM *t; - int shifts = 0; - - bn_check_top(a); - bn_check_top(b); - - /* 0 <= b <= a */ - while (!BN_is_zero(b)) { - /* 0 < b <= a */ - - if (BN_is_odd(a)) { - if (BN_is_odd(b)) { - if (!BN_sub(a, a, b)) - goto err; - if (!BN_rshift1(a, a)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } else { /* a odd - b even */ - - if (!BN_rshift1(b, b)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } - } else { /* a is even */ - - if (BN_is_odd(b)) { - if (!BN_rshift1(a, a)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } else { /* a even - b even */ - - if (!BN_rshift1(a, a)) - goto err; - if (!BN_rshift1(b, b)) - goto err; - shifts++; - } - } - /* 0 <= b <= a */ - } - - if (shifts) { - if (!BN_lshift(a, a, shifts)) - goto err; - } - bn_check_top(a); - return a; - err: - return NULL; -} - -/* solves ax == 1 (mod n) */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx); - -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) -{ - BIGNUM *rv; - int noinv; - rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); - if (noinv) - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - return rv; -} - +/* + * This is an internal function, we assume all callers pass valid arguments: + * all pointers passed here are assumed non-NULL. + */ BIGNUM *int_bn_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, int *pnoinv) @@ -142,17 +203,15 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, /* This is invalid input so we don't worry about constant time here */ if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { - if (pnoinv != NULL) - *pnoinv = 1; + *pnoinv = 1; return NULL; } - if (pnoinv != NULL) - *pnoinv = 0; + *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { - return BN_mod_inverse_no_branch(in, a, n, ctx); + return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv); } bn_check_top(a); @@ -438,8 +497,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, goto err; } } else { - if (pnoinv) - *pnoinv = 1; + *pnoinv = 1; goto err; } ret = R; @@ -451,173 +509,137 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, return ret; } -/* - * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does - * not contain branches that may leak sensitive information. - */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx) +/* solves ax == 1 (mod n) */ +BIGNUM *BN_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; + BN_CTX *new_ctx = NULL; + BIGNUM *rv; + int noinv = 0; - bn_check_top(a); - bn_check_top(n); + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE); + return NULL; + } + } + + rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); + if (noinv) + BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); + BN_CTX_free(new_ctx); + return rv; +} + +/*- + * This function is based on the constant-time GCD work by Bernstein and Yang: + * https://eprint.iacr.org/2019/266 + * Generalized fast GCD function to allow even inputs. + * The algorithm first finds the shared powers of 2 between + * the inputs, and removes them, reducing at least one of the + * inputs to an odd value. Then it proceeds to calculate the GCD. + * Before returning the resulting GCD, we take care of adding + * back the powers of two removed at the beginning. + * Note 1: we assume the bit length of both inputs is public information, + * since access to top potentially leaks this information. + */ +int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) +{ + BIGNUM *g, *temp = NULL; + BN_ULONG mask = 0; + int i, j, top, rlen, glen, m, bit = 1, delta = 1, cond = 0, shifts = 0, ret = 0; + + /* Note 2: zero input corner cases are not constant-time since they are + * handled immediately. An attacker can run an attack under this + * assumption without the need of side-channel information. */ + if (BN_is_zero(in_b)) { + ret = BN_copy(r, in_a) != NULL; + r->neg = 0; + return ret; + } + if (BN_is_zero(in_a)) { + ret = BN_copy(r, in_b) != NULL; + r->neg = 0; + return ret; + } + + bn_check_top(in_a); + bn_check_top(in_b); BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) + temp = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + + /* make r != 0, g != 0 even, so BN_rshift is not a potential nop */ + if (g == NULL + || !BN_lshift1(g, in_b) + || !BN_lshift1(r, in_a)) goto err; - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - BN_one(X); - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - - if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_B; - bn_init(&local_B); - BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, &local_B, A, ctx)) - goto err; - /* Ensure local_B goes out of scope before any further use of B */ + /* find shared powers of two, i.e. "shifts" >= 1 */ + for (i = 0; i < r->dmax && i < g->dmax; i++) { + mask = ~(r->d[i] | g->d[i]); + for (j = 0; j < BN_BITS2; j++) { + bit &= mask; + shifts += bit; + mask >>= 1; } } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_A; - bn_init(&local_A); - BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); - - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, &local_A, B, ctx)) - goto err; - /* Ensure local_A goes out of scope before any further use of A */ - } - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - if (!BN_mul(tmp, D, X, ctx)) - goto err; - if (!BN_add(tmp, tmp, Y)) - goto err; - - M = Y; /* keep the BIGNUM object, the value does not - * matter */ - Y = X; - X = tmp; - sign = -sign; - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; - } - /* Now Y*a == A (mod |n|). */ - - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); + /* subtract shared powers of two; shifts >= 1 */ + if (!BN_rshift(r, r, shifts) + || !BN_rshift(g, g, shifts)) goto err; + + /* expand to biggest nword, with room for a possible extra word */ + top = 1 + ((r->top >= g->top) ? r->top : g->top); + if (bn_wexpand(r, top) == NULL + || bn_wexpand(g, top) == NULL + || bn_wexpand(temp, top) == NULL) + goto err; + + /* re arrange inputs s.t. r is odd */ + BN_consttime_swap((~r->d[0]) & 1, r, g, top); + + /* compute the number of iterations */ + rlen = BN_num_bits(r); + glen = BN_num_bits(g); + m = 4 + 3 * ((rlen >= glen) ? rlen : glen); + + for (i = 0; i < m; i++) { + /* conditionally flip signs if delta is positive and g is odd */ + cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ + & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + delta = (-cond & -delta) | ((cond - 1) & delta); + r->neg ^= cond; + /* swap */ + BN_consttime_swap(cond, r, g, top); + + /* elimination step */ + delta++; + if (!BN_add(temp, g, r)) + goto err; + BN_consttime_swap(g->d[0] & 1 /* g is odd */ + /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ + & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + g, temp, top); + if (!BN_rshift1(g, g)) + goto err; } - ret = R; + + /* remove possible negative sign */ + r->neg = 0; + /* add powers of 2 removed, then correct the artificial shift */ + if (!BN_lshift(r, r, shifts) + || !BN_rshift1(r, r)) + goto err; + + ret = 1; + err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); BN_CTX_end(ctx); - bn_check_top(ret); + bn_check_top(r); return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gf2m.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gf2m.c index 34d8b69c1..a2ea86755 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gf2m.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_gf2m.c @@ -12,7 +12,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #ifndef OPENSSL_NO_EC2M diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_intern.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_intern.c index 46bc97575..147b4fa02 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_intern.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_intern.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_kron.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_kron.c index b9bc6cca2..c1e09d272 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_kron.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_kron.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* least significant word */ #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c index 8286b3855..eb4a31849 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,9 +10,9 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #include -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" /* This stuff appears to be completely unused, so is deprecated */ #if OPENSSL_API_COMPAT < 0x00908000L @@ -87,6 +87,15 @@ const BIGNUM *BN_value_one(void) return &const_one; } +/* + * Old Visual Studio ARM compiler miscompiles BN_num_bits_word() + * https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html + */ +#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \ + && _MSC_VER>=1400 && _MSC_VER<1501 +# define MS_BROKEN_BN_num_bits_word +# pragma optimize("", off) +#endif int BN_num_bits_word(BN_ULONG l) { BN_ULONG x, mask; @@ -131,21 +140,70 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +#ifdef MS_BROKEN_BN_num_bits_word +# pragma optimize("", on) +#endif + +/* + * This function still leaks `a->dmax`: it's caller's responsibility to + * expand the input `a` in advance to a public length. + */ +static ossl_inline +int bn_num_bits_consttime(const BIGNUM *a) +{ + int j, ret; + unsigned int mask, past_i; + int i = a->top - 1; + bn_check_top(a); + + for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) { + mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */ + + ret += BN_BITS2 & (~mask & ~past_i); + ret += BN_num_bits_word(a->d[j]) & mask; + + past_i |= mask; /* past_i will become 0xff..ff after i==j */ + } + + /* + * if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the + * final result. + */ + mask = ~(constant_time_eq_int(i, ((int)-1))); + + return ret & mask; +} int BN_num_bits(const BIGNUM *a) { int i = a->top - 1; bn_check_top(a); + if (a->flags & BN_FLG_CONSTTIME) { + /* + * We assume that BIGNUMs flagged as CONSTTIME have also been expanded + * so that a->dmax is not leaking secret information. + * + * In other words, it's the caller's responsibility to ensure `a` has + * been preallocated in advance to a public length if we hit this + * branch. + * + */ + return bn_num_bits_consttime(a); + } + if (BN_is_zero(a)) return 0; + return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } -static void bn_free_d(BIGNUM *a) +static void bn_free_d(BIGNUM *a, int clear) { if (BN_get_flags(a, BN_FLG_SECURE)) - OPENSSL_secure_free(a->d); + OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0])); + else if (clear != 0) + OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0])); else OPENSSL_free(a->d); } @@ -155,10 +213,8 @@ void BN_clear_free(BIGNUM *a) { if (a == NULL) return; - if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { - OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - bn_free_d(a); - } + if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) + bn_free_d(a, 1); if (BN_get_flags(a, BN_FLG_MALLOCED)) { OPENSSL_cleanse(a, sizeof(*a)); OPENSSL_free(a); @@ -170,7 +226,7 @@ void BN_free(BIGNUM *a) if (a == NULL) return; if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a); + bn_free_d(a, 0); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); } @@ -248,10 +304,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) BN_ULONG *a = bn_expand_internal(b, words); if (!a) return NULL; - if (b->d) { - OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); - bn_free_d(b); - } + if (b->d != NULL) + bn_free_d(b, 1); b->d = a; b->dmax = words; } @@ -280,15 +334,19 @@ BIGNUM *BN_dup(const BIGNUM *a) BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) { + int bn_words; + bn_check_top(b); + bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top; + if (a == b) return a; - if (bn_wexpand(a, b->top) == NULL) + if (bn_wexpand(a, bn_words) == NULL) return NULL; if (b->top > 0) - memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); + memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words); a->neg = b->neg; a->top = b->top; @@ -338,6 +396,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) void BN_clear(BIGNUM *a) { + if (a == NULL) + return; bn_check_top(a); if (a->d != NULL) OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); @@ -414,8 +474,11 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) return ret; } +typedef enum {big, little} endianess_t; + /* ignore negative */ -static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +static +int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess) { int n; size_t i, lasti, j, atop, mask; @@ -447,10 +510,17 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) lasti = atop - 1; atop = a->top * BN_BYTES; - for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { + if (endianess == big) + to += tolen; /* start from the end of the buffer */ + for (i = 0, j = 0; j < (size_t)tolen; j++) { + unsigned char val; l = a->d[i / BN_BYTES]; mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); - *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + if (endianess == big) + *--to = val; + else + *to++ = val; i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ } @@ -461,12 +531,12 @@ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { if (tolen < 0) return -1; - return bn2binpad(a, to, tolen); + return bn2binpad(a, to, tolen, big); } int BN_bn2bin(const BIGNUM *a, unsigned char *to) { - return bn2binpad(a, to, -1); + return bn2binpad(a, to, -1, big); } BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) @@ -518,22 +588,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i; - BN_ULONG l; - bn_check_top(a); - i = BN_num_bytes(a); - if (tolen < i) + if (tolen < 0) return -1; - /* Add trailing zeroes if necessary */ - if (tolen > i) - memset(to + i, 0, tolen - i); - to += i; - while (i--) { - l = a->d[i / BN_BYTES]; - to--; - *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; - } - return tolen; + return bn2binpad(a, to, tolen, little); } int BN_ucmp(const BIGNUM *a, const BIGNUM *b) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_local.h similarity index 98% rename from trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_local.h index 8a36db2e8..8ad69ccd3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BN_LCL_H -# define HEADER_BN_LCL_H +#ifndef OSSL_CRYPTO_BN_LOCAL_H +# define OSSL_CRYPTO_BN_LOCAL_H /* * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or @@ -18,10 +18,10 @@ # include # if !defined(OPENSSL_SYS_UEFI) -# include "internal/bn_conf.h" +# include "crypto/bn_conf.h" # endif -# include "internal/bn_int.h" +# include "crypto/bn.h" /* * These preprocessor symbols control various aspects of the bignum headers @@ -295,7 +295,7 @@ struct bn_gencb_st { (b) > 23 ? 3 : 1) /* - * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache + * BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache * line width of the target processor is at least the following value. */ # define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) @@ -654,9 +654,6 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, int *noinv); -int bn_probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); - static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) { if (bits > (INT_MAX - BN_BITS2 + 1)) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mod.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mod.c index 712fc8ac1..f7d2e2650 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mod.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mod.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mont.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mont.c index 393d27c39..1e5045a01 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mont.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mont.c @@ -15,7 +15,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define MONT_WORD /* use the faster word-based algorithm */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mpi.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mpi.c index 043e21d26..0902da5d0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mpi.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mpi.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_bn2mpi(const BIGNUM *a, unsigned char *d) { @@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) int neg = 0; BIGNUM *a = NULL; - if (n < 4) { + if (n < 4 || (d[0] & 0x80) != 0) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); return NULL; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mul.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mul.c index 5eda65cfb..6743e7be8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mul.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_mul.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_nist.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_nist.c index dcdd321c6..325dc2284 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_nist.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_nist.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/cryptlib.h" #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c index b91b31b1f..d0cf3779f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* * The quick sieve algorithm approach to weeding out primes is Philip @@ -22,10 +22,12 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); -static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods); -static int probable_prime_dh_safe(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx); +static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods); +static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods, + const BIGNUM *add, const BIGNUM *rem, + BN_CTX *ctx); + +#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x)) int BN_GENCB_call(BN_GENCB *cb, int a, int b) { @@ -63,8 +65,12 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, /* There are no prime numbers this small. */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; - } else if (bits == 2 && safe) { - /* The smallest safe prime (7) is three bits. */ + } else if (add == NULL && safe && bits < 6 && bits != 3) { + /* + * The smallest safe prime (7) is three bits. + * But the following two safe primes with less than 6 bits (11, 23) + * are unreachable for BN_rand with BN_RAND_TOP_TWO. + */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; } @@ -83,16 +89,11 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { - if (!probable_prime(ret, bits, mods)) + if (!probable_prime(ret, bits, safe, mods)) goto err; } else { - if (safe) { - if (!probable_prime_dh_safe(ret, bits, add, rem, ctx)) - goto err; - } else { - if (!bn_probable_prime_dh(ret, bits, add, rem, ctx)) - goto err; - } + if (!probable_prime_dh(ret, bits, safe, mods, add, rem, ctx)) + goto err; } if (!BN_GENCB_call(cb, 0, c1++)) @@ -135,8 +136,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, found = 1; err: OPENSSL_free(mods); - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); bn_check_top(ret); return found; @@ -269,17 +269,18 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, return 1; } -static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) +static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods) { int i; BN_ULONG delta; BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; - char is_single_word = bits <= BN_BITS2; again: /* TODO: Not all primes are private */ if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) return 0; + if (safe && !BN_set_bit(rnd, 1)) + return 0; /* we now have a random number 'rnd' to test. */ for (i = 1; i < NUMPRIMES; i++) { BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); @@ -287,61 +288,25 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) return 0; mods[i] = (prime_t) mod; } - /* - * If bits is so small that it fits into a single word then we - * additionally don't want to exceed that many bits. - */ - if (is_single_word) { - BN_ULONG size_limit; - - if (bits == BN_BITS2) { - /* - * Shifting by this much has undefined behaviour so we do it a - * different way - */ - size_limit = ~((BN_ULONG)0) - BN_get_word(rnd); - } else { - size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; - } - if (size_limit < maxdelta) - maxdelta = size_limit; - } delta = 0; loop: - if (is_single_word) { - BN_ULONG rnd_word = BN_get_word(rnd); - - /*- - * In the case that the candidate prime is a single word then - * we check that: - * 1) It's greater than primes[i] because we shouldn't reject - * 3 as being a prime number because it's a multiple of - * three. - * 2) That it's not a multiple of a known prime. We don't - * check that rnd-1 is also coprime to all the known - * primes because there aren't many small primes where - * that's true. + for (i = 1; i < NUMPRIMES; i++) { + /* + * check that rnd is a prime and also that + * gcd(rnd-1,primes) == 1 (except for 2) + * do the second check only if we are interested in safe primes + * in the case that the candidate prime is a single word then + * we check only the primes up to sqrt(rnd) */ - for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) { - if ((mods[i] + delta) % primes[i] == 0) { - delta += 2; - if (delta > maxdelta) - goto again; - goto loop; - } - } - } else { - for (i = 1; i < NUMPRIMES; i++) { - /* - * check that rnd is not a prime and also that gcd(rnd-1,primes) - * == 1 (except for 2) - */ - if (((mods[i] + delta) % primes[i]) <= 1) { - delta += 2; - if (delta > maxdelta) - goto again; - goto loop; - } + if (bits <= 31 && delta <= 0x7fffffff + && square(primes[i]) > BN_get_word(rnd) + delta) + break; + if (safe ? (mods[i] + delta) % primes[i] <= 1 + : (mods[i] + delta) % primes[i] == 0) { + delta += safe ? 4 : 2; + if (delta > maxdelta) + goto again; + goto loop; } } if (!BN_add_word(rnd, delta)) @@ -352,16 +317,23 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) return 1; } -int bn_probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) +static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods, + const BIGNUM *add, const BIGNUM *rem, + BN_CTX *ctx) { int i, ret = 0; BIGNUM *t1; + BN_ULONG delta; + BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; BN_CTX_start(ctx); if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; + if (maxdelta > BN_MASK2 - BN_get_word(add)) + maxdelta = BN_MASK2 - BN_get_word(add); + + again: if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) goto err; @@ -372,27 +344,44 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, if (!BN_sub(rnd, rnd, t1)) goto err; if (rem == NULL) { - if (!BN_add_word(rnd, 1)) + if (!BN_add_word(rnd, safe ? 3u : 1u)) goto err; } else { if (!BN_add(rnd, rnd, rem)) goto err; } - /* we now have a random number 'rand' to test. */ + if (BN_num_bits(rnd) < bits + || BN_get_word(rnd) < (safe ? 5u : 3u)) { + if (!BN_add(rnd, rnd, add)) + goto err; + } - loop: + /* we now have a random number 'rnd' to test. */ for (i = 1; i < NUMPRIMES; i++) { - /* check that rnd is a prime */ BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); if (mod == (BN_ULONG)-1) goto err; - if (mod <= 1) { - if (!BN_add(rnd, rnd, add)) - goto err; + mods[i] = (prime_t) mod; + } + delta = 0; + loop: + for (i = 1; i < NUMPRIMES; i++) { + /* check that rnd is a prime */ + if (bits <= 31 && delta <= 0x7fffffff + && square(primes[i]) > BN_get_word(rnd) + delta) + break; + /* rnd mod p == 1 implies q = (rnd-1)/2 is divisible by p */ + if (safe ? (mods[i] + delta) % primes[i] <= 1 + : (mods[i] + delta) % primes[i] == 0) { + delta += BN_get_word(add); + if (delta > maxdelta) + goto again; goto loop; } } + if (!BN_add_word(rnd, delta)) + goto err; ret = 1; err: @@ -400,70 +389,3 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, bn_check_top(rnd); return ret; } - -static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, - const BIGNUM *rem, BN_CTX *ctx) -{ - int i, ret = 0; - BIGNUM *t1, *qadd, *q; - - bits--; - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - qadd = BN_CTX_get(ctx); - if (qadd == NULL) - goto err; - - if (!BN_rshift1(qadd, padd)) - goto err; - - if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) - goto err; - - /* we need ((rnd-rem) % add) == 0 */ - if (!BN_mod(t1, q, qadd, ctx)) - goto err; - if (!BN_sub(q, q, t1)) - goto err; - if (rem == NULL) { - if (!BN_add_word(q, 1)) - goto err; - } else { - if (!BN_rshift1(t1, rem)) - goto err; - if (!BN_add(q, q, t1)) - goto err; - } - - /* we now have a random number 'rand' to test. */ - if (!BN_lshift1(p, q)) - goto err; - if (!BN_add_word(p, 1)) - goto err; - - loop: - for (i = 1; i < NUMPRIMES; i++) { - /* check that p and q are prime */ - /* - * check that for p and q gcd(p-1,primes) == 1 (except for 2) - */ - BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]); - BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]); - if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1) - goto err; - if (pmod == 0 || qmod == 0) { - if (!BN_add(p, p, padd)) - goto err; - if (!BN_add(q, q, qadd)) - goto err; - goto loop; - } - } - ret = 1; - - err: - BN_CTX_end(ctx); - bn_check_top(p); - return ret; -} diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.h index 2eb7b52f7..1a25c2857 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_print.c index 1853269d9..69749a9fa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_print.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_print.c @@ -8,11 +8,11 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include -#include "bn_lcl.h" +#include "bn_local.h" static const char Hex[] = "0123456789ABCDEF"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_rand.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_rand.c index c0d1a3229..6b4b50a06 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_rand.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #include #include @@ -225,8 +225,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, goto err; /* We copy |priv| into a local buffer to avoid exposing its length. */ - todo = sizeof(priv->d[0]) * priv->top; - if (todo > sizeof(private_bytes)) { + if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) { /* * No reasonable DSA or ECDSA key should have a private key this * large and we don't handle this case in order to avoid leaking the @@ -235,8 +234,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); goto err; } - memcpy(private_bytes, priv->d, todo); - memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); for (done = 0; done < num_k_bytes;) { if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_recp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_recp.c index 9ab767f42..e82231334 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_recp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_recp.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" void BN_RECP_CTX_init(BN_RECP_CTX *recp) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_shift.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_shift.c index b7a1e0ff9..210a83f58 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_shift.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_shift.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_lshift1(BIGNUM *r, const BIGNUM *a) { @@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) for (i = 0; i < a->top; i++) { t = *(ap++); *(rp++) = ((t << 1) | c) & BN_MASK2; - c = (t & BN_TBIT) ? 1 : 0; - } - if (c) { - *rp = 1; - r->top++; + c = t >> (BN_BITS2 - 1); } + *rp = c; + r->top += c; bn_check_top(r); return 1; } @@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) int BN_rshift1(BIGNUM *r, const BIGNUM *a) { BN_ULONG *ap, *rp, t, c; - int i, j; + int i; bn_check_top(r); bn_check_top(a); @@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) } i = a->top; ap = a->d; - j = i - (ap[i - 1] == 1); if (a != r) { - if (bn_wexpand(r, j) == NULL) + if (bn_wexpand(r, i) == NULL) return 0; r->neg = a->neg; } rp = r->d; + r->top = i; t = ap[--i]; - c = (t & 1) ? BN_TBIT : 0; - if (t >>= 1) - rp[i] = t; + rp[i] = t >> 1; + c = t << (BN_BITS2 - 1); + r->top -= (t == 1); while (i > 0) { t = ap[--i]; rp[i] = ((t >> 1) & BN_MASK2) | c; - c = (t & 1) ? BN_TBIT : 0; + c = t << (BN_BITS2 - 1); } - r->top = j; if (!r->top) r->neg = 0; /* don't allow negative zero */ bn_check_top(r); @@ -152,57 +149,19 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) { - int i, j, nw, lb, rb; - BN_ULONG *t, *f; - BN_ULONG l, tmp; - - bn_check_top(r); - bn_check_top(a); + int ret = 0; if (n < 0) { BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); return 0; } - nw = n / BN_BITS2; - rb = n % BN_BITS2; - lb = BN_BITS2 - rb; - if (nw >= a->top || a->top == 0) { - BN_zero(r); - return 1; - } - i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; - if (r != a) { - if (bn_wexpand(r, i) == NULL) - return 0; - r->neg = a->neg; - } else { - if (n == 0) - return 1; /* or the copying loop will go berserk */ - } + ret = bn_rshift_fixed_top(r, a, n); - f = &(a->d[nw]); - t = r->d; - j = a->top - nw; - r->top = i; - - if (rb == 0) { - for (i = j; i != 0; i--) - *(t++) = *(f++); - } else { - l = *(f++); - for (i = j - 1; i != 0; i--) { - tmp = (l >> rb) & BN_MASK2; - l = *(f++); - *(t++) = (tmp | (l << lb)) & BN_MASK2; - } - if ((l = (l >> rb) & BN_MASK2)) - *(t) = l; - } - if (!r->top) - r->neg = 0; /* don't allow negative zero */ + bn_correct_top(r); bn_check_top(r); - return 1; + + return ret; } /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqr.c index 0c0a590f0..7f3a17917 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqr.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* r must not be a */ /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqrt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqrt.c index b97d8ca43..1723d5ded 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqrt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_sqrt.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* @@ -125,7 +125,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * = a. * * (This is due to A.O.L. Atkin, - * , + * Subject: Square Roots and Cognate Matters modulo p=8n+5. + * URL: https://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind9211&L=NMBRTHRY&P=4026 * November 1992.) */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_srp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_srp.c index 27b6ebe51..820757be6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_srp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_srp.c @@ -7,13 +7,13 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/nelem.h" #ifndef OPENSSL_NO_SRP #include -#include "internal/bn_srp.h" +#include "crypto/bn_srp.h" # if (BN_BYTES == 8) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_word.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_word.c index 262d7668f..18fb3030a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_word.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_word.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_x931p.c b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_x931p.c index 9eb8384fd..009950259 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_x931p.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/bn_x931p.c @@ -9,7 +9,7 @@ #include #include -#include "bn_lcl.h" +#include "bn_local.h" /* X9.31 routines for prime derivation */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/build.info index a463eddab..b9ed5322f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/build.info +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/build.info @@ -6,7 +6,6 @@ SOURCE[../../libcrypto]=\ {- $target{bn_asm_src} -} \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c -INCLUDE[../../libcrypto]=../../crypto/include INCLUDE[bn_exp.o]=.. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.h b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.h index c5864f8aa..88f65a4ba 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/bn/rsaz_exp.h @@ -12,8 +12,8 @@ * (2) University of Haifa, Israel */ -#ifndef RSAZ_EXP_H -# define RSAZ_EXP_H +#ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H +# define OSSL_CRYPTO_BN_RSAZ_EXP_H # undef RSAZ_ENABLED # if defined(OPENSSL_BN_ASM_MONT) && \ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/c64xpluscpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/c64xpluscpuid.pl index b7b11d503..9aeee574e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/c64xpluscpuid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/c64xpluscpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -284,4 +284,4 @@ bus_loop2_done?: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86.pl index 55af9b4e3..cd514acfa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1147,4 +1147,4 @@ my ($s0,$s1,$s2,$s3) = @T; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86_64.pl index 02c52c3ef..59e184016 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmll-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -125,11 +125,13 @@ $code=<<___; .type Camellia_EncryptBlock,\@abi-omnipotent .align 16 Camellia_EncryptBlock: +.cfi_startproc movl \$128,%eax subl $arg0d,%eax movl \$3,$arg0d adcl \$0,$arg0d # keyBitLength==128?3:4 jmp .Lenc_rounds +.cfi_endproc .size Camellia_EncryptBlock,.-Camellia_EncryptBlock # V2 .globl Camellia_EncryptBlock_Rounds @@ -198,6 +200,7 @@ Camellia_EncryptBlock_Rounds: .type _x86_64_Camellia_encrypt,\@abi-omnipotent .align 16 _x86_64_Camellia_encrypt: +.cfi_startproc xor 0($key),@S[1] xor 4($key),@S[0] # ^=key[0-3] xor 8($key),@S[3] @@ -241,6 +244,7 @@ $code.=<<___; mov $t3,@S[3] .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt # V1.x API @@ -248,11 +252,13 @@ $code.=<<___; .type Camellia_DecryptBlock,\@abi-omnipotent .align 16 Camellia_DecryptBlock: +.cfi_startproc movl \$128,%eax subl $arg0d,%eax movl \$3,$arg0d adcl \$0,$arg0d # keyBitLength==128?3:4 jmp .Ldec_rounds +.cfi_endproc .size Camellia_DecryptBlock,.-Camellia_DecryptBlock # V2 .globl Camellia_DecryptBlock_Rounds @@ -321,6 +327,7 @@ Camellia_DecryptBlock_Rounds: .type _x86_64_Camellia_decrypt,\@abi-omnipotent .align 16 _x86_64_Camellia_decrypt: +.cfi_startproc xor 0($key),@S[1] xor 4($key),@S[0] # ^=key[0-3] xor 8($key),@S[3] @@ -365,6 +372,7 @@ $code.=<<___; mov $t1,@S[3] .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt ___ @@ -1142,4 +1150,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmllt4-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmllt4-sparcv9.pl index 6396679a5..71a40f6af 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmllt4-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/asm/cmllt4-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -936,4 +936,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/camellia.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/camellia.c index c200b8230..f623864bc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/camellia.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/camellia.c @@ -40,7 +40,7 @@ */ #include -#include "cmll_locl.h" +#include "cmll_local.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ecb.c index d932f1b37..5760d1ed3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ecb.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "cmll_locl.h" +#include "cmll_local.h" void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key, const int enc) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_local.h similarity index 91% rename from trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_local.h index 6403b390d..d16baa55f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_local.h @@ -22,8 +22,8 @@ * to the OpenSSL project. */ -#ifndef HEADER_CAMELLIA_LOCL_H -# define HEADER_CAMELLIA_LOCL_H +#ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H +# define OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H typedef unsigned int u32; typedef unsigned char u8; @@ -40,4 +40,4 @@ void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], const KEY_TABLE_TYPE keyTable, u8 plaintext[]); -#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ +#endif /* #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_misc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_misc.c index e5f014b79..d8fc3738c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_misc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/camellia/cmll_misc.c @@ -9,7 +9,7 @@ #include #include -#include "cmll_locl.h" +#include "cmll_local.h" int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/asm/cast-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/asm/cast-586.pl index d5d38965c..047108193 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/asm/cast-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/asm/cast-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -46,7 +46,7 @@ $S4="CAST_S_table3"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub CAST_encrypt { local($name,$enc)=@_; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_cfb64.c index bd7cb2f46..722215953 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_cfb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ecb.c index da4179438..6fe093f75 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ecb.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" #include void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_enc.c index 700b6d162..d27d1fc0a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_enc.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ofb64.c index dffb07476..49c0cfade 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ofb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_skey.c index 962d2a60b..0311482d2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_skey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/c_skey.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" #include "cast_s.h" #define CAST_exp(l,A,a,n) \ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/cast/cast_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv4.pl index d3fadcc63..81c616add 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv4.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1157,4 +1157,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv8.pl index e90be6d0e..84c980148 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv8.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -125,6 +125,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .align 5 .Lsigma: @@ -1141,4 +1142,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # flush +close STDOUT or die "error closing STDOUT: $!"; # flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-c64xplus.pl index 266401eb1..4bd18a4f8 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-c64xplus.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -923,4 +923,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-ppc.pl index f4f8610bf..3073deac1 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1345,4 +1345,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-s390x.pl index c31526473..dd66a9c60 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-s390x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -323,4 +323,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86.pl index 13c217dcf..492fda5f1 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -62,7 +62,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && $1>=10); # first version supporting AVX $ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && + `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $a="eax"; @@ -1152,4 +1152,4 @@ sub XOPROUND { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86_64.pl index b54f3b152..c0e5d863d 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/asm/chacha-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -85,7 +85,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -471,7 +471,7 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round &por ($b,$t); } -my $xframe = $win64 ? 32+8 : 8; +my $xframe = $win64 ? 160+8 : 8; $code.=<<___; .type ChaCha20_ssse3,\@function,5 @@ -2499,7 +2499,7 @@ sub AVX512ROUND { # critical path is 14 "SIMD ticks" per round &vprold ($b,$b,7); } -my $xframe = $win64 ? 32+8 : 8; +my $xframe = $win64 ? 160+8 : 8; $code.=<<___; .type ChaCha20_avx512,\@function,5 @@ -2515,8 +2515,16 @@ ChaCha20_avx512: sub \$64+$xframe,%rsp ___ $code.=<<___ if ($win64); - movaps %xmm6,-0x28(%r9) - movaps %xmm7,-0x18(%r9) + movaps %xmm6,-0xa8(%r9) + movaps %xmm7,-0x98(%r9) + movaps %xmm8,-0x88(%r9) + movaps %xmm9,-0x78(%r9) + movaps %xmm10,-0x68(%r9) + movaps %xmm11,-0x58(%r9) + movaps %xmm12,-0x48(%r9) + movaps %xmm13,-0x38(%r9) + movaps %xmm14,-0x28(%r9) + movaps %xmm15,-0x18(%r9) .Lavx512_body: ___ $code.=<<___; @@ -2683,8 +2691,16 @@ $code.=<<___; vzeroall ___ $code.=<<___ if ($win64); - movaps -0x28(%r9),%xmm6 - movaps -0x18(%r9),%xmm7 + movaps -0xa8(%r9),%xmm6 + movaps -0x98(%r9),%xmm7 + movaps -0x88(%r9),%xmm8 + movaps -0x78(%r9),%xmm9 + movaps -0x68(%r9),%xmm10 + movaps -0x58(%r9),%xmm11 + movaps -0x48(%r9),%xmm12 + movaps -0x38(%r9),%xmm13 + movaps -0x28(%r9),%xmm14 + movaps -0x18(%r9),%xmm15 ___ $code.=<<___; lea (%r9),%rsp @@ -2711,8 +2727,16 @@ ChaCha20_avx512vl: sub \$64+$xframe,%rsp ___ $code.=<<___ if ($win64); - movaps %xmm6,-0x28(%r9) - movaps %xmm7,-0x18(%r9) + movaps %xmm6,-0xa8(%r9) + movaps %xmm7,-0x98(%r9) + movaps %xmm8,-0x88(%r9) + movaps %xmm9,-0x78(%r9) + movaps %xmm10,-0x68(%r9) + movaps %xmm11,-0x58(%r9) + movaps %xmm12,-0x48(%r9) + movaps %xmm13,-0x38(%r9) + movaps %xmm14,-0x28(%r9) + movaps %xmm15,-0x18(%r9) .Lavx512vl_body: ___ $code.=<<___; @@ -2836,8 +2860,16 @@ $code.=<<___; vzeroall ___ $code.=<<___ if ($win64); - movaps -0x28(%r9),%xmm6 - movaps -0x18(%r9),%xmm7 + movaps -0xa8(%r9),%xmm6 + movaps -0x98(%r9),%xmm7 + movaps -0x88(%r9),%xmm8 + movaps -0x78(%r9),%xmm9 + movaps -0x68(%r9),%xmm10 + movaps -0x58(%r9),%xmm11 + movaps -0x48(%r9),%xmm12 + movaps -0x38(%r9),%xmm13 + movaps -0x28(%r9),%xmm14 + movaps -0x18(%r9),%xmm15 ___ $code.=<<___; lea (%r9),%rsp @@ -4002,4 +4034,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/build.info index 02f8e518a..e75ca72b6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/build.info +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/build.info @@ -9,6 +9,8 @@ GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl $(PERLASM_SCHEME) INCLUDE[chacha-armv4.o]=.. GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME) INCLUDE[chacha-armv8.o]=.. +GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl $(PERLASM_SCHEME) +INCLUDE[chacha-s390x.o]=.. BEGINRAW[Makefile(unix)] ##### CHACHA assembler implementations diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/chacha_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/chacha_enc.c index 239f68ab8..18251eac0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/chacha_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/chacha/chacha_enc.c @@ -11,7 +11,8 @@ #include -#include "internal/chacha.h" +#include "crypto/chacha.h" +#include "crypto/ctype.h" typedef unsigned int u32; typedef unsigned char u8; @@ -78,10 +79,18 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t todo, i; /* sigma constant "expand 32-byte k" in little-endian encoding */ - input[0] = ((u32)'e') | ((u32)'x'<<8) | ((u32)'p'<<16) | ((u32)'a'<<24); - input[1] = ((u32)'n') | ((u32)'d'<<8) | ((u32)' '<<16) | ((u32)'3'<<24); - input[2] = ((u32)'2') | ((u32)'-'<<8) | ((u32)'b'<<16) | ((u32)'y'<<24); - input[3] = ((u32)'t') | ((u32)'e'<<8) | ((u32)' '<<16) | ((u32)'k'<<24); + input[0] = ((u32)ossl_toascii('e')) | ((u32)ossl_toascii('x') << 8) + | ((u32)ossl_toascii('p') << 16) + | ((u32)ossl_toascii('a') << 24); + input[1] = ((u32)ossl_toascii('n')) | ((u32)ossl_toascii('d') << 8) + | ((u32)ossl_toascii(' ') << 16) + | ((u32)ossl_toascii('3') << 24); + input[2] = ((u32)ossl_toascii('2')) | ((u32)ossl_toascii('-') << 8) + | ((u32)ossl_toascii('b') << 16) + | ((u32)ossl_toascii('y') << 24); + input[3] = ((u32)ossl_toascii('t')) | ((u32)ossl_toascii('e') << 8) + | ((u32)ossl_toascii(' ') << 16) + | ((u32)ossl_toascii('k') << 24); input[4] = key[0]; input[5] = key[1]; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_ameth.c index a58454a08..82adf18c8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_ameth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_ameth.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" /* * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_pmeth.c index 10748f148..5574f25be 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cm_pmeth.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* The context structure and "key" is simply a CMAC_CTX */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cmac.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cmac.c index 6989c32d0..1fac53101 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cmac.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cmac/cmac.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,11 +116,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 1; } /* Initialise context */ - if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) - return 0; + if (cipher != NULL) { + /* Ensure we can't use this ctx until we also have a key */ + ctx->nlast_block = -1; + if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) + return 0; + } /* Non-NULL key means initialisation complete */ - if (key) { + if (key != NULL) { int bl; + + /* If anything fails then ensure we can't use this ctx */ + ctx->nlast_block = -1; if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) @@ -128,7 +135,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) return 0; bl = EVP_CIPHER_CTX_block_size(ctx->cctx); - if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); @@ -166,12 +173,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ - if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0) return 0; } /* Encrypt all but one of the complete blocks left */ while (dlen > bl) { - if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0) return 0; dlen -= bl; data += bl; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_asn1.c index 993ea6b21..08069d72a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_asn1.c @@ -11,7 +11,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c index 664e64971..4f7166191 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,57 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" +#include "internal/nelem.h" + +/*- + * Attribute flags. + * CMS attribute restrictions are discussed in + * - RFC 5652 Section 11. + * ESS attribute restrictions are discussed in + * - RFC 2634 Section 1.3.4 AND + * - RFC 5035 Section 5.4 + */ +/* This is a signed attribute */ +#define CMS_ATTR_F_SIGNED 0x01 +/* This is an unsigned attribute */ +#define CMS_ATTR_F_UNSIGNED 0x02 +/* Must be present if there are any other attributes of the same type */ +#define CMS_ATTR_F_REQUIRED_COND 0x10 +/* There can only be one instance of this attribute */ +#define CMS_ATTR_F_ONLY_ONE 0x20 +/* The Attribute's value must have exactly one entry */ +#define CMS_ATTR_F_ONE_ATTR_VALUE 0x40 + +/* Attributes rules for different attributes */ +static const struct { + int nid; /* The attribute id */ + int flags; +} cms_attribute_properties[] = { + /* See RFC Section 11 */ + { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED + | CMS_ATTR_F_ONLY_ONE + | CMS_ATTR_F_ONE_ATTR_VALUE + | CMS_ATTR_F_REQUIRED_COND }, + { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED + | CMS_ATTR_F_ONLY_ONE + | CMS_ATTR_F_ONE_ATTR_VALUE + | CMS_ATTR_F_REQUIRED_COND }, + { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED + | CMS_ATTR_F_ONLY_ONE + | CMS_ATTR_F_ONE_ATTR_VALUE }, + { NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED }, + /* ESS */ + { NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED + | CMS_ATTR_F_ONLY_ONE + | CMS_ATTR_F_ONE_ATTR_VALUE }, + { NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED + | CMS_ATTR_F_ONLY_ONE + | CMS_ATTR_F_ONE_ATTR_VALUE }, + { NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED + | CMS_ATTR_F_ONLY_ONE + | CMS_ATTR_F_ONE_ATTR_VALUE } +}; /* CMS SignedData Attribute utilities */ @@ -149,4 +199,86 @@ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); } -/* Specific attribute cases */ +/* + * Retrieve an attribute by nid from a stack of attributes starting at index + * *lastpos + 1. + * Returns the attribute or NULL if there is no attribute. + * If an attribute was found *lastpos returns the index of the found attribute. + */ +static X509_ATTRIBUTE *cms_attrib_get(int nid, + const STACK_OF(X509_ATTRIBUTE) *attrs, + int *lastpos) +{ + X509_ATTRIBUTE *at; + int loc; + + loc = X509at_get_attr_by_NID(attrs, nid, *lastpos); + if (loc < 0) + return NULL; + + at = X509at_get_attr(attrs, loc); + *lastpos = loc; + return at; +} + +static int cms_check_attribute(int nid, int flags, int type, + const STACK_OF(X509_ATTRIBUTE) *attrs, + int have_attrs) +{ + int lastpos = -1; + X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos); + + if (at != NULL) { + int count = X509_ATTRIBUTE_count(at); + + /* Is this attribute allowed? */ + if (((flags & type) == 0) + /* check if multiple attributes of the same type are allowed */ + || (((flags & CMS_ATTR_F_ONLY_ONE) != 0) + && cms_attrib_get(nid, attrs, &lastpos) != NULL) + /* Check if attribute should have exactly one value in its set */ + || (((flags & CMS_ATTR_F_ONE_ATTR_VALUE) != 0) + && count != 1) + /* There should be at least one value */ + || count == 0) + return 0; + } else { + /* fail if a required attribute is missing */ + if (have_attrs + && ((flags & CMS_ATTR_F_REQUIRED_COND) != 0) + && (flags & type) != 0) + return 0; + } + return 1; +} + +/* + * Check that the signerinfo attributes obey the attribute rules which includes + * the following checks + * - If any signed attributes exist then there must be a Content Type + * and Message Digest attribute in the signed attributes. + * - The countersignature attribute is an optional unsigned attribute only. + * - Content Type, Message Digest, and Signing time attributes are signed + * attributes. Only one instance of each is allowed, with each of these + * attributes containing a single attribute value in its set. + */ +int CMS_si_check_attributes(const CMS_SignerInfo *si) +{ + int i; + int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0); + int have_unsigned_attrs = (CMS_unsigned_get_attr_count(si) > 0); + + for (i = 0; i < (int)OSSL_NELEM(cms_attribute_properties); ++i) { + int nid = cms_attribute_properties[i].nid; + int flags = cms_attribute_properties[i].flags; + + if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED, + si->signedAttrs, have_signed_attrs) + || !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED, + si->unsignedAttrs, have_unsigned_attrs)) { + CMSerr(CMS_F_CMS_SI_CHECK_ATTRIBUTES, CMS_R_ATTRIBUTE_ERROR); + return 0; + } + } + return 1; +} diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_cd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_cd.c index f05e30841..45365b8ba 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_cd.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_cd.c @@ -15,7 +15,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" #ifdef ZLIB diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_dd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_dd.c index 5da6802fc..0df2e698c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_dd.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_dd.c @@ -13,7 +13,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" /* CMS DigestedData Utilities */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_enc.c index a1719830e..fc490303d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_enc.c @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" /* CMS EncryptedData Utilities */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_env.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_env.c index bb95af75e..04940146f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_env.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,9 +14,9 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* CMS EnvelopedData Utilities */ @@ -363,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, unsigned char *ek = NULL; size_t eklen; int ret = 0; + size_t fixlen = 0; CMS_EncryptedContentInfo *ec; ec = cms->d.envelopedData->encryptedContentInfo; @@ -371,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, return 0; } + if (cms->d.envelopedData->encryptedContentInfo->havenocert + && !cms->d.envelopedData->encryptedContentInfo->debug) { + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm); + + if (ciph == NULL) { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER); + return 0; + } + + fixlen = EVP_CIPHER_key_length(ciph); + } + ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); if (ktri->pctx == NULL) return 0; @@ -401,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) { + ktri->encryptedKey->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); goto err; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_err.c index 4432b471e..a211f4954 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,6 +146,8 @@ static const ERR_STRING_DATA CMS_str_functs[] = { {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0), "CMS_SignerInfo_verify_content"}, {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SI_CHECK_ATTRIBUTES, 0), + "CMS_si_check_attributes"}, {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"}, {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"}, {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"}, @@ -155,6 +157,7 @@ static const ERR_STRING_DATA CMS_str_functs[] = { static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT), "certificate already present"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_ess.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_ess.c index 4780231c2..a21c443ae 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_ess.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_ess.c @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_io.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_io.c index d18f980a9..b37e485f5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_io.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_io.c @@ -12,7 +12,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_kari.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_kari.c index 5e83814d0..cafc3040a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_kari.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_kari.c @@ -14,8 +14,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" /* Key Agreement Recipient Info (KARI) routines */ @@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) if (!pk) return 1; pctx = EVP_PKEY_CTX_new(pk, NULL); - if (!pctx || !EVP_PKEY_derive_init(pctx)) + if (!pctx || EVP_PKEY_derive_init(pctx) <= 0) goto err; kari->pctx = pctx; return 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lib.c index c2cac2601..be4c2c703 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) @@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) default: CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); - return NULL; + goto err; } if (cmsbio) return BIO_push(cmsbio, cont); +err: if (!icont) BIO_free(cont); return NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_local.h similarity index 97% rename from trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_local.h index 916fcbfbe..a0ce4448f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CMS_LCL_H -# define HEADER_CMS_LCL_H +#ifndef OSSL_CRYPTO_CMS_LOCAL_H +# define OSSL_CRYPTO_CMS_LOCAL_H # include @@ -125,6 +125,8 @@ struct CMS_EncryptedContentInfo_st { size_t keylen; /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ int debug; + /* Set to 1 if we have no cert and need extra safety measures for MMA */ + int havenocert; }; struct CMS_RecipientInfo_st { @@ -317,8 +319,6 @@ struct CMS_OtherKeyAttribute_st { /* ESS structures */ -# ifdef HEADER_X509V3_H - struct CMS_ReceiptRequest_st { ASN1_OCTET_STRING *signedContentIdentifier; CMS_ReceiptsFrom *receiptsFrom; @@ -332,7 +332,6 @@ struct CMS_ReceiptsFrom_st { STACK_OF(GENERAL_NAMES) *receiptList; } d; }; -# endif struct CMS_Receipt_st { int32_t version; @@ -416,6 +415,8 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, /* PWRI routines */ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, int en_de); +/* SignerInfo routines */ +int CMS_si_check_attributes(const CMS_SignerInfo *si); DECLARE_ASN1_ITEM(CMS_CertificateChoices) DECLARE_ASN1_ITEM(CMS_DigestedData) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_pwri.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_pwri.c index 26e3bdcf9..d74148833 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_pwri.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_pwri.c @@ -15,8 +15,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, ossl_ssize_t passlen) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_sd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_sd.c index ff2d540b6..3f2a78256 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_sd.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_sd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,9 +14,9 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* CMS SignedData Utilities */ @@ -109,6 +109,27 @@ static void cms_sd_set_version(CMS_SignedData *sd) } +/* + * RFC 5652 Section 11.1 Content Type + * The content-type attribute within signed-data MUST + * 1) be present if there are signed attributes + * 2) match the content type in the signed-data, + * 3) be a signed attribute. + * 4) not have more than one copy of the attribute. + * + * Note that since the CMS_SignerInfo_sign() always adds the "signing time" + * attribute, the content type attribute MUST be added also. + * Assumptions: This assumes that the attribute does not already exist. + */ +static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si) +{ + ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType; + + /* Add the contentType attribute */ + return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, ctype, -1) > 0; +} + /* Copy an existing messageDigest value */ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) @@ -328,6 +349,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (flags & CMS_REUSE_DIGEST) { if (!cms_copy_messageDigest(cms, si)) goto err; + if (!cms_set_si_contentType_attr(cms, si)) + goto err; if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && !CMS_SignerInfo_sign(si)) goto err; @@ -558,8 +581,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, */ if (CMS_signed_get_attr_count(si) >= 0) { - ASN1_OBJECT *ctype = - cms->d.signedData->encapContentInfo->eContentType; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) @@ -568,9 +589,9 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, V_ASN1_OCTET_STRING, md, mdlen)) goto err; /* Copy content type across */ - if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, ctype, -1) <= 0) + if (!cms_set_si_contentType_attr(cms, si)) goto err; + if (!CMS_SignerInfo_sign(si)) goto err; } else if (si->pctx) { @@ -650,6 +671,9 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) goto err; } + if (!CMS_si_check_attributes(si)) + goto err; + if (si->pctx) pctx = si->pctx; else { @@ -696,7 +720,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) OPENSSL_free(abuf); EVP_MD_CTX_reset(mctx); return 0; - } int CMS_SignerInfo_verify(CMS_SignerInfo *si) @@ -711,6 +734,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) return -1; } + if (!CMS_si_check_attributes(si)) + return -1; + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return -1; @@ -871,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { + ASN1_INTEGER_free(key); return 0; + } } alg = X509_ALGOR_new(); if (alg == NULL) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_smime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_smime.c index 5dcf803f4..6e7dbc4da 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_smime.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,8 +13,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" static BIO *cms_get_text_bio(BIO *out, unsigned int flags) { @@ -341,7 +341,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, char *ptr; long len; len = BIO_get_mem_data(dcont, &ptr); - tmpin = BIO_new_mem_buf(ptr, len); + tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE); goto err2; @@ -743,6 +743,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, cms->d.envelopedData->encryptedContentInfo->debug = 1; else cms->d.envelopedData->encryptedContentInfo->debug = 0; + if (!cert) + cms->d.envelopedData->encryptedContentInfo->havenocert = 1; + else + cms->d.envelopedData->encryptedContentInfo->havenocert = 0; if (!pk && !cert && !dcont && !out) return 1; if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/c_zlib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/c_zlib.c index d688deee5..b81933791 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/c_zlib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/c_zlib.c @@ -13,9 +13,9 @@ #include #include "internal/comp.h" #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/bio.h" -#include "comp_lcl.h" +#include "comp_local.h" COMP_METHOD *COMP_zlib(void); @@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_copy_next_retry(b); break; + case BIO_CTRL_WPENDING: + if (ctx->obuf == NULL) + return 0; + + if (ctx->odone) { + ret = ctx->ocount; + } else { + ret = ctx->ocount; + if (ret == 0) + /* Unknown amount pending but we are not finished */ + ret = 1; + } + if (ret == 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + + case BIO_CTRL_PENDING: + ret = ctx->zin.avail_in; + if (ret == 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + default: ret = BIO_ctrl(next, cmd, num, ptr); break; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lib.c index 6ae211449..56920e1cc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lib.c @@ -13,7 +13,7 @@ #include #include #include -#include "comp_lcl.h" +#include "comp_local.h" COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/comp/comp_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.c index 8e3f42a0c..31c02cc49 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BUF_MEM *buff = NULL; char *s, *p, *end; int again; + int first_call = 1; long eline = 0; char btmp[DECIMAL_SIZE(eline) + 1]; CONF_VALUE *v = NULL, *tv; @@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); + if (first_call) { + /* Other BOMs imply unsupported multibyte encoding, + * so don't strip them and let the error raise */ + const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + + if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) { + memmove(p, p + 3, i - 3); + p[i - 3] = 0; + i -= 3; + ii -= 3; + } + first_call = 0; + } if (i == 0 && !again) { /* the currently processed BIO is at EOF */ BIO *parent; @@ -376,11 +390,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (biosk == NULL) { if ((biosk = sk_BIO_new_null()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } } if (!sk_BIO_push(biosk, in)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } /* continue with reading from the included BIO */ @@ -703,7 +719,9 @@ static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) { const char *filename; + size_t pathlen; + pathlen = strlen(path); while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) { size_t namelen; @@ -716,7 +734,7 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) char *newpath; BIO *bio; - newlen = strlen(path) + namelen + 2; + newlen = pathlen + namelen + 2; newpath = OPENSSL_zalloc(newlen); if (newpath == NULL) { CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE); @@ -727,14 +745,11 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) * If the given path isn't clear VMS syntax, * we treat it as on Unix. */ - { - size_t pathlen = strlen(path); - - if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>' - || path[pathlen - 1] == ':') { - /* Clear VMS directory syntax, just copy as is */ - OPENSSL_strlcpy(newpath, path, newlen); - } + if (path[pathlen - 1] == ']' + || path[pathlen - 1] == '>' + || path[pathlen - 1] == ':') { + /* Clear VMS directory syntax, just copy as is */ + OPENSSL_strlcpy(newpath, path, newlen); } #endif if (newpath[0] == '\0') { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.h b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.h index 2016d31b8..1e4a03e10 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lib.c index 2d40ac97e..add1dfa1c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include #include "internal/conf.h" -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include @@ -356,8 +356,10 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) { OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret)); - if (ret != NULL) - memset(ret, 0, sizeof(*ret)); + if (ret == NULL) + return NULL; + + memset(ret, 0, sizeof(*ret)); ret->flags = DEFAULT_CONF_MFLAGS; return ret; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mall.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mall.c index 7e86948e8..d7eaa8509 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mall.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_mall.c @@ -14,7 +14,7 @@ #include #include #include -#include "conf_lcl.h" +#include "conf_local.h" /* Load all OpenSSL builtin modules */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_sap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_sap.c index 2ce42f0c6..82105de74 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_sap.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_sap.c @@ -35,13 +35,14 @@ void OPENSSL_config(const char *appname) memset(&settings, 0, sizeof(settings)); if (appname != NULL) settings.appname = strdup(appname); + settings.flags = DEFAULT_CONF_MFLAGS; OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); } #endif int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings) { - int ret; + int ret = 0; const char *filename; const char *appname; unsigned long flags; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_ssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_ssl.c index 387f2cf46..4bd8117d3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_ssl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/conf/conf_ssl.c @@ -12,7 +12,7 @@ #include #include #include "internal/sslconf.h" -#include "conf_lcl.h" +#include "conf_local.h" /* * SSL library configuration module placeholder. We load it here but defer diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/cryptlib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/cryptlib.c index 7b761a3ad..1f36b20c8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/cryptlib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/cryptlib.c @@ -9,7 +9,7 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ @@ -49,7 +49,7 @@ typedef char variant_char; # define ossl_getenv getenv # endif -# include "internal/ctype.h" +# include "crypto/ctype.h" static int todigit(variant_char c) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_b64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_b64.c index 109ffcdcf..4abe11ca2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_b64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_b64.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" /* * Decodes the base64 string |in| into |out|. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_oct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_oct.c index 0dd691c0f..d4b6645af 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_oct.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_oct.c @@ -19,7 +19,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_policy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_policy.c index 0d7b34638..df66e8a49 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_policy.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_policy.c @@ -15,7 +15,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" /* * Number of seconds in the future that an SCT timestamp can be, by default, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_prn.c index 376e04523..e6584b57f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_prn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_prn.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" static void SCT_signature_algorithms_print(const SCT *sct, BIO *out) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct.c index 1dc16857b..4ff36e2fb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct.c @@ -17,7 +17,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" SCT *SCT_new(void) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct_ctx.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct_ctx.c index 75a5027df..841e76803 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct_ctx.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_sct_ctx.c @@ -18,7 +18,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" SCT_CTX *SCT_CTX_new(void) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_vfy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_vfy.c index cabcf5782..74fd34f41 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_vfy.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_vfy.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" typedef enum sct_signature_type_t { SIGNATURE_TYPE_NOT_SET = -1, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_x509v3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_x509v3.c index ec186d1f5..19c2a852d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_x509v3.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ct/ct_x509v3.c @@ -11,7 +11,7 @@ # error "CT is disabled" #endif -#include "ct_locl.h" +#include "ct_local.h" static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ctype.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ctype.c index 813be25a0..b7f1183f9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ctype.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ctype.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "openssl/ebcdic.h" /* @@ -272,3 +272,9 @@ int ossl_toupper(int c) { return ossl_islower(c) ? c ^ case_change : c; } + +int ascii_isdigit(const char inchar) { + if (inchar > 0x2F && inchar < 0x3A) + return 1; + return 0; +} diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/crypt586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/crypt586.pl index a02d18063..d14b9f89b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/crypt586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/crypt586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ $R="esi"; &fcrypt_body("fcrypt_body"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub fcrypt_body { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des-586.pl index 2bcc54ef2..07d9d87ac 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,7 @@ $small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV)); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub DES_encrypt_internal() { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des_enc.m4 b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des_enc.m4 index 4ada97b17..ebb5e7cd1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des_enc.m4 +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/des_enc.m4 @@ -106,15 +106,15 @@ changequote({,}) ! technique. ! ! The macro also loads address sbox 1 to 5 to global 1 to 5, address -! sbox 6 to local6, and addres sbox 8 to out3. +! sbox 6 to local6, and address sbox 8 to out3. ! -! Rotates the halfs 3 left to bring the sbox bits in convenient positions. +! Rotates the halves 3 left to bring the sbox bits in convenient positions. ! ! Loads key first round from address in parameter 5 to out0, out1. ! ! After the original LibDES initial permutation, the resulting left ! is in the variable initially used for right and vice versa. The macro -! implements the possibility to keep the halfs in the original registers. +! implements the possibility to keep the halves in the original registers. ! ! parameter 1 left ! parameter 2 right @@ -1184,7 +1184,7 @@ DES_encrypt2: add %o7,global1,global1 sub global1,.PIC.DES_SPtrans-.des_and,out2 - ! Set sbox address 1 to 6 and rotate halfs 3 left + ! Set sbox address 1 to 6 and rotate halves 3 left ! Errors caught by destest? Yes. Still? *NO* !sethi %hi(DES_SPtrans), global1 ! address sbox 1 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/dest4-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/dest4-sparcv9.pl index fe1fdc702..5c92a52b7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/dest4-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/asm/dest4-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -624,4 +624,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_cksm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_cksm.c index 5a1f72f82..c5e2e017b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_cksm.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cbc_cksm.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, long length, DES_key_schedule *schedule, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64ede.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64ede.c index 21943f614..490d925f4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64ede.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64ede.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64enc.c index 96de51b05..ca0e82164 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb64enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb_enc.c index 544392e40..17018420e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/cfb_enc.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "des_locl.h" +#include "des_local.h" #include /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_enc.c index ed134ace8..45eec615d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_enc.c @@ -8,7 +8,7 @@ */ #include -#include "des_locl.h" +#include "des_local.h" #include "spr.h" void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_local.h similarity index 99% rename from trunk/3rdparty/openssl-1.1-fit/crypto/des/des_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/des/des_local.h index f401e6f3e..0f58a1c9a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/des_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DES_LOCL_H -# define HEADER_DES_LOCL_H +#ifndef OSSL_CRYPTO_DES_LOCAL_H +# define OSSL_CRYPTO_DES_LOCAL_H # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb3_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb3_enc.c index 6ac89d4e7..7afa8eaad 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb3_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb3_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb_enc.c index 5ed079d15..513c65e11 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ecb_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt.c index aaee4bf23..e83cf76b6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt.c @@ -19,7 +19,7 @@ #endif #include -#include "des_locl.h" +#include "des_local.h" /* * Added more values to handle illegal salt values the way normal crypt() diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt_b.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt_b.c index fe2369a93..22f967b8c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt_b.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/fcrypt_b.c @@ -10,7 +10,7 @@ #include #define DES_FCRYPT -#include "des_locl.h" +#include "des_local.h" #undef DES_FCRYPT #undef PERM_OP diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ncbc_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ncbc_enc.c index 244f15ca2..cd4b071a3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ncbc_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ncbc_enc.c @@ -13,7 +13,7 @@ * des_enc.c (DES_ncbc_encrypt) */ -#include "des_locl.h" +#include "des_local.h" #ifdef CBC_ENC_C__DONT_UPDATE_IV void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64ede.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64ede.c index a551a07e0..68cf2dc55 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64ede.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64ede.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64enc.c index 30976c871..5796980c1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb64enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb_enc.c index 65a9b8604..2b0498994 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/ofb_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output are loaded in multiples of 8 bits. What this means is diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/pcbc_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/pcbc_enc.c index 0fa058f03..349059274 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/pcbc_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/pcbc_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/qud_cksm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/qud_cksm.c index 81e6be822..10b6abf69 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/qud_cksm.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/qud_cksm.c @@ -13,7 +13,7 @@ * only based on the code in this paper and is almost definitely not the same * as the MIT implementation. */ -#include "des_locl.h" +#include "des_local.h" #define Q_B0(a) (((DES_LONG)(a))) #define Q_B1(a) (((DES_LONG)(a))<<8) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/set_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/set_key.c index adbad7236..cbcb616cb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/set_key.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/set_key.c @@ -16,7 +16,7 @@ * 1.0 First working version */ #include -#include "des_locl.h" +#include "des_local.h" /* defaults to false */ OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/str2key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/str2key.c index e18d72652..61db60512 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/str2key.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/str2key.c @@ -8,7 +8,7 @@ */ #include -#include "des_locl.h" +#include "des_local.h" void DES_string_to_key(const char *str, DES_cblock *key) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/des/xcbc_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/des/xcbc_enc.c index c4e455d9b..fb3fd5292 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/des/xcbc_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/des/xcbc_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* RSA's DESX */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_ameth.c index 05a1d4227..d53004080 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_ameth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_ameth.c @@ -11,10 +11,10 @@ #include "internal/cryptlib.h" #include #include -#include "dh_locl.h" +#include "dh_local.h" #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include /* @@ -901,6 +901,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) err: OPENSSL_free(penc); X509_ALGOR_free(wrap_alg); + OPENSSL_free(dukm); return rv; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_asn1.c index 1a40633b4..e37f0904e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_asn1.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_check.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_check.c index fc4557710..4ac169e75 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_check.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,9 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" + +# define DH_NUMBER_ITERATIONS_FOR_PRIME 64 /*- * Check that p and g are suitable enough @@ -22,7 +24,8 @@ int DH_check_params_ex(const DH *dh) { int errflags = 0; - (void)DH_check_params(dh, &errflags); + if (!DH_check_params(dh, &errflags)) + return 0; if ((errflags & DH_CHECK_P_NOT_PRIME) != 0) DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME); @@ -58,27 +61,21 @@ int DH_check_params(const DH *dh, int *ret) ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } /*- * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. + * g is a suitable generator. */ int DH_check_ex(const DH *dh) { int errflags = 0; - (void)DH_check(dh, &errflags); + if (!DH_check(dh, &errflags)) + return 0; if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0) DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR); @@ -102,10 +99,11 @@ int DH_check(const DH *dh, int *ret) { int ok = 0, r; BN_CTX *ctx = NULL; - BN_ULONG l; BIGNUM *t1 = NULL, *t2 = NULL; - *ret = 0; + if (!DH_check_params(dh, ret)) + return 0; + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -127,7 +125,7 @@ int DH_check(const DH *dh, int *ret) if (!BN_is_one(t1)) *ret |= DH_NOT_SUITABLE_GENERATOR; } - r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); + r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); if (r < 0) goto err; if (!r) @@ -139,23 +137,9 @@ int DH_check(const DH *dh, int *ret) *ret |= DH_CHECK_INVALID_Q_VALUE; if (dh->j && BN_cmp(dh->j, t1)) *ret |= DH_CHECK_INVALID_J_VALUE; + } - } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); - if (l == (BN_ULONG)-1) - goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); - if (l == (BN_ULONG)-1) - goto err; - if ((l != 3) && (l != 7)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - - r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); + r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); if (r < 0) goto err; if (!r) @@ -163,7 +147,7 @@ int DH_check(const DH *dh, int *ret) else if (!dh->q) { if (!BN_rshift1(t1, dh->p)) goto err; - r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); + r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); if (r < 0) goto err; if (!r) @@ -171,10 +155,8 @@ int DH_check(const DH *dh, int *ret) } ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } @@ -182,7 +164,8 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key) { int errflags = 0; - (void)DH_check(dh, &errflags); + if (!DH_check_pub_key(dh, pub_key, &errflags)) + return 0; if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0) DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL); @@ -225,9 +208,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_gen.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_gen.c index 59137e0f0..ab82ab58b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_gen.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); @@ -30,30 +30,33 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, /*- * We generate DH parameters as follows - * find a prime q which is prime_len/2 bits long. - * p=(2*q)+1 or (p-1)/2 = q - * For this case, g is a generator if - * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1. - * Since the factors of p-1 are q and 2, we just need to check - * g^2 mod p != 1 and g^q mod p != 1. + * find a prime p which is prime_len bits long, + * where q=(p-1)/2 is also prime. + * In the following we assume that g is not 0, 1 or p-1, since it + * would generate only trivial subgroups. + * For this case, g is a generator of the order-q subgroup if + * g^q mod p == 1. + * Or in terms of the Legendre symbol: (g/p) == 1. * * Having said all that, * there is another special case method for the generators 2, 3 and 5. + * Using the quadratic reciprocity law it is possible to solve + * (g/p) == 1 for the special values 2, 3, 5: + * (2/p) == 1 if p mod 8 == 1 or 7. + * (3/p) == 1 if p mod 12 == 1 or 11. + * (5/p) == 1 if p mod 5 == 1 or 4. + * See for instance: https://en.wikipedia.org/wiki/Legendre_symbol + * + * Since all safe primes > 7 must satisfy p mod 12 == 11 + * and all safe primes > 11 must satisfy p mod 5 != 1 + * we can further improve the condition for g = 2, 3 and 5: + * for 2, p mod 24 == 23 + * for 3, p mod 12 == 11 + * for 5, p mod 60 == 59 + * + * However for compatibility with previous versions we use: * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 <<<<< does not work for safe primes. - * for 5, p mod 10 == 3 or 7 - * - * Thanks to Phil Karn for the pointers about the - * special generators and for answering some of my questions. - * - * I've implemented the second simple method :-). - * Since DH should be using a safe prime (both p and q are prime), - * this generator function can take a very very long time to run. - */ -/* - * Actually there is no reason to insist that 'generator' be a generator. - * It's just as OK (and in some sense better) to use a generator of the - * order-q subgroup. + * for 5, p mod 60 == 23 */ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -88,13 +91,10 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, goto err; g = 2; } else if (generator == DH_GENERATOR_5) { - if (!BN_set_word(t1, 10)) + if (!BN_set_word(t1, 60)) goto err; - if (!BN_set_word(t2, 3)) + if (!BN_set_word(t2, 23)) goto err; - /* - * BN_set_word(t3,7); just have to miss out on these ones :-( - */ g = 5; } else { /* @@ -102,9 +102,9 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, * not: since we are using safe primes, it will generate either an * order-q or an order-2q group, which both is OK */ - if (!BN_set_word(t1, 2)) + if (!BN_set_word(t1, 12)) goto err; - if (!BN_set_word(t2, 1)) + if (!BN_set_word(t2, 11)) goto err; g = generator; } @@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, ok = 0; } - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_key.c index 4f85be7e4..117f2fa88 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_key.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,8 +9,8 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" -#include "internal/bn_int.h" +#include "dh_local.h" +#include "crypto/bn.h" static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); @@ -25,18 +25,45 @@ int DH_generate_key(DH *dh) return dh->meth->generate_key(dh); } +/*- + * NB: This function is inherently not constant time due to the + * RFC 5246 (8.1.2) padding style that strips leading zero bytes. + */ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - return dh->meth->compute_key(key, pub_key, dh); + int ret = 0, i; + volatile size_t npad = 0, mask = 1; + + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; + + /* count leading zero bytes, yet still touch all bytes */ + for (i = 0; i < ret; i++) { + mask &= !key[i]; + npad += mask; + } + + /* unpad key */ + ret -= npad; + /* key-dependent memory access, potentially leaking npad / ret */ + memmove(key, key + npad, ret); + /* key-dependent memory access, potentially leaking npad / ret */ + memset(key + ret, 0, npad); + + return ret; } int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int rv, pad; + + /* rv is constant unless compute_key is external */ rv = dh->meth->compute_key(key, pub_key, dh); if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; + /* pad is constant (zero) unless compute_key is external */ if (pad > 0) { memmove(key + pad, key, rv); memset(key, 0, pad); @@ -125,6 +152,15 @@ static int generate_key(DH *dh) l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto err; + /* + * We handle just one known case where g is a quadratic non-residue: + * for g = 2: p % 8 == 3 + */ + if (BN_is_word(dh->g, DH_GENERATOR_2) && !BN_is_bit_set(dh->p, 2)) { + /* clear bit 0, since it won't be a secret anyway */ + if (!BN_clear_bit(priv_key, 0)) + goto err; + } } } @@ -136,11 +172,11 @@ static int generate_key(DH *dh) BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) { - BN_free(prk); + BN_clear_free(prk); goto err; } /* We MUST free prk before any further use of priv_key */ - BN_free(prk); + BN_clear_free(prk); } dh->pub_key = pub_key; @@ -203,12 +239,10 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } - ret = BN_bn2bin(tmp, key); + ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p)); err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_lib.c index 962f864de..04b79d355 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "dh_locl.h" +#include "dh_local.h" #include int DH_set_method(DH *dh, const DH_METHOD *meth) @@ -234,11 +234,11 @@ void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { if (pub_key != NULL) { - BN_free(dh->pub_key); + BN_clear_free(dh->pub_key); dh->pub_key = pub_key; } if (priv_key != NULL) { - BN_free(dh->priv_key); + BN_clear_free(dh->priv_key); dh->priv_key = priv_key; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_meth.c index 59c4d7e96..8a54a8108 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_meth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_meth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dh_locl.h" +#include "dh_local.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_pmeth.c index cce2d9e26..1fd94deb4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,11 +12,11 @@ #include #include #include -#include "dh_locl.h" +#include "dh_local.h" #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* DH pkey context structure */ @@ -54,7 +54,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx) DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE); return 0; } - dctx->prime_len = 1024; + dctx->prime_len = 2048; dctx->subprime_len = -1; dctx->generator = 2; dctx->kdf_type = EVP_PKEY_DH_KDF_NONE; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc5114.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc5114.c index c4a219590..e3603a05a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc5114.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc5114.c @@ -9,9 +9,9 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" +#include "dh_local.h" #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" /* * Macro to make a DH structure from BIGNUM data. NB: although just copying diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc7919.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc7919.c index a54b468e5..03d30a1f5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc7919.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dh/dh_rfc7919.c @@ -9,10 +9,10 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" +#include "dh_local.h" #include #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" static DH *dh_param_init(const BIGNUM *p, int32_t nbits) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dllmain.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dllmain.c index 0838c55e4..e8217893b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dllmain.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dllmain.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #if defined(_WIN32) || defined(__CYGWIN__) # ifdef __CYGWIN__ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c index 9c5b8aa02..2dcaa0815 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,11 +11,11 @@ #include "internal/cryptlib.h" #include #include -#include "dsa_locl.h" +#include "dsa_local.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { @@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha256; - return 2; + return 1; default: return -2; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c index 6499e87ef..9cafd5ca8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" #include #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c index 8f97f6f3f..8dcf0548a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -52,6 +52,8 @@ static const ERR_STRING_DATA DSA_str_reasons[] = { "invalid digest type"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), + "missing private key"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c index 383d853b6..5d066a06c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,7 +21,7 @@ #include #include #include -#include "dsa_locl.h" +#include "dsa_local.h" int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, @@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (seed_out) memcpy(seed_out, seed, qsize); } - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); return ok; @@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, OPENSSL_free(seed); if (seed_out != seed_tmp) OPENSSL_free(seed_tmp); - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); EVP_MD_CTX_free(mctx); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c index a48af5849..bdeddd4f6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "dsa_locl.h" +#include "dsa_local.h" static int dsa_builtin_keygen(DSA *dsa); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c index 1048601be..f98af5853 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "dsa_locl.h" +#include "dsa_local.h" #include #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c index ff4fae44a..1e6ee2f4e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c @@ -15,7 +15,7 @@ * or in the file LICENSE in the source distribution. */ -#include "dsa_locl.h" +#include "dsa_local.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c index 7a0b0874c..a983def64 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,10 +9,10 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include #include -#include "dsa_locl.h" +#include "dsa_local.h" #include static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); @@ -72,6 +72,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) reason = DSA_R_MISSING_PARAMETERS; goto err; } + if (dsa->priv_key == NULL) { + reason = DSA_R_MISSING_PRIVATE_KEY; + goto err; + } ret = DSA_SIG_new(); if (ret == NULL) @@ -190,6 +194,16 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, return 0; } + /* Reject obviously invalid parameters */ + if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS); + return 0; + } + if (dsa->priv_key == NULL) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PRIVATE_KEY); + return 0; + } + k = BN_new(); l = BN_new(); if (k == NULL || l == NULL) @@ -242,7 +256,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * one bit longer than the modulus. * * There are some concerns about the efficacy of doing this. More - * specificly refer to the discussion starting with: + * specifically refer to the discussion starting with: * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 * The fix is to rework BN so these gymnastics aren't required. */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c index b4ee5a757..4ca3747a4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,15 +13,15 @@ #include #include #include -#include "internal/evp_int.h" -#include "dsa_locl.h" +#include "crypto/evp.h" +#include "dsa_local.h" /* DSA pkey context structure */ typedef struct { /* Parameter gen parameters */ - int nbits; /* size of p in bits (default: 1024) */ - int qbits; /* size of q in bits (default: 160) */ + int nbits; /* size of p in bits (default: 2048) */ + int qbits; /* size of q in bits (default: 224) */ const EVP_MD *pmd; /* MD for parameter generation */ /* Keygen callback info */ int gentmp[2]; @@ -35,8 +35,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) if (dctx == NULL) return 0; - dctx->nbits = 1024; - dctx->qbits = 160; + dctx->nbits = 2048; + dctx->qbits = 224; dctx->pmd = NULL; dctx->md = NULL; @@ -138,7 +138,11 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { + EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) { DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); return 0; } @@ -174,9 +178,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, } if (strcmp(type, "dsa_paramgen_q_bits") == 0) { int qbits = atoi(value); - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, - NULL); + return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits); } if (strcmp(type, "dsa_paramgen_md") == 0) { const EVP_MD *md = EVP_get_digestbyname(value); @@ -185,9 +187,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); return 0; } - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, - (void *)md); + return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md); } return -2; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c index a4a1fd565..070b881e1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,9 +49,11 @@ int DSA_print(BIO *bp, const DSA *x, int off) EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); - if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + if (pk == NULL) return 0; - ret = EVP_PKEY_print_private(bp, pk, off, NULL); + ret = EVP_PKEY_set1_DSA(pk, (DSA *)x); + if (ret) + ret = EVP_PKEY_print_private(bp, pk, off, NULL); EVP_PKEY_free(pk); return ret; } @@ -61,9 +63,11 @@ int DSAparams_print(BIO *bp, const DSA *x) EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); - if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + if (pk == NULL) return 0; - ret = EVP_PKEY_print_params(bp, pk, 4, NULL); + ret = EVP_PKEY_set1_DSA(pk, (DSA *)x); + if (ret) + ret = EVP_PKEY_print_params(bp, pk, 4, NULL); EVP_PKEY_free(pk); return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c index e9466b29f..51c7754b9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" #include DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c index 21f98cd94..6f80a4aab 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dl.c index 290d73cf3..3bbb10e5c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dl.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #ifdef DSO_DL diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dlfcn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dlfcn.c index 4240f5f5e..4719e8f4f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dlfcn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_dlfcn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ # define _GNU_SOURCE /* make sure dladdr is declared */ #endif -#include "dso_locl.h" +#include "dso_local.h" #include "e_os.h" #ifdef DSO_DLFCN @@ -27,8 +27,7 @@ # endif # include # define HAVE_DLINFO 1 -# if defined(__CYGWIN__) || \ - defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ +# if defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ (defined(__osf__) && !defined(RTLD_NEXT)) || \ (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ defined(__ANDROID__) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_lib.c index 2e75021d3..50a39bb7d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_lib.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #include "internal/refcount.h" static DSO_METHOD *default_DSO_meth = NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_local.h similarity index 99% rename from trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_local.h index 14a0ccb7c..43b7df9d7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_local.h @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include "internal/dso.h" -#include "internal/dso_conf.h" +#include "crypto/dso_conf.h" #include "internal/refcount.h" /**********************************************************************/ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_openssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_openssl.c index 6626331e9..c76a04db2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_openssl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" -#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) && !defined(DSO_WIN32) && !defined(DSO_DLFCN) +#ifdef DSO_NONE static DSO_METHOD dso_meth_null = { "NULL shared library method" diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_vms.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_vms.c index 178e72579..9d1066f91 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_vms.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_vms.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #ifdef OPENSSL_SYS_VMS diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_win32.c b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_win32.c index 0bbf5b518..af1e559d7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_win32.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dso/dso_win32.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "dso_locl.h" +#include "dso_local.h" #if defined(DSO_WIN32) @@ -64,6 +64,7 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); static char *win32_name_converter(DSO *dso, const char *filename); static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int win32_pathbyaddr(void *addr, char *path, int sz); static void *win32_globallookup(const char *name); static const char *openssl_strnchr(const char *string, int c, size_t len); @@ -78,7 +79,7 @@ static DSO_METHOD dso_meth_win32 = { win32_merger, NULL, /* init */ NULL, /* finish */ - NULL, /* pathbyaddr */ + win32_pathbyaddr, /* pathbyaddr */ win32_globallookup }; @@ -500,6 +501,111 @@ typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *); +static int win32_pathbyaddr(void *addr, char *path, int sz) +{ + HMODULE dll; + HANDLE hModuleSnap = INVALID_HANDLE_VALUE; + MODULEENTRY32 me32; + CREATETOOLHELP32SNAPSHOT create_snap; + CLOSETOOLHELP32SNAPSHOT close_snap; + MODULE32 module_first, module_next; + + if (addr == NULL) { + union { + int (*f) (void *, char *, int); + void *p; + } t = { + win32_pathbyaddr + }; + addr = t.p; + } + + dll = LoadLibrary(TEXT(DLLNAME)); + if (dll == NULL) { + DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); + return -1; + } + + create_snap = (CREATETOOLHELP32SNAPSHOT) + GetProcAddress(dll, "CreateToolhelp32Snapshot"); + if (create_snap == NULL) { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); + return -1; + } + /* We take the rest for granted... */ +# ifdef _WIN32_WCE + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(dll, "CloseToolhelp32Snapshot"); +# else + close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; +# endif + module_first = (MODULE32) GetProcAddress(dll, "Module32First"); + module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); + + /* + * Take a snapshot of current process which includes + * list of all involved modules. + */ + hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); + if (hModuleSnap == INVALID_HANDLE_VALUE) { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); + return -1; + } + + me32.dwSize = sizeof(me32); + + if (!(*module_first) (hModuleSnap, &me32)) { + (*close_snap) (hModuleSnap); + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_FAILURE); + return -1; + } + + /* Enumerate the modules to find one which includes me. */ + do { + if ((size_t) addr >= (size_t) me32.modBaseAddr && + (size_t) addr < (size_t) (me32.modBaseAddr + me32.modBaseSize)) { + (*close_snap) (hModuleSnap); + FreeLibrary(dll); +# ifdef _WIN32_WCE +# if _WIN32_WCE >= 101 + return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1, + path, sz, NULL, NULL); +# else + { + int i, len = (int)wcslen(me32.szExePath); + if (sz <= 0) + return len + 1; + if (len >= sz) + len = sz - 1; + for (i = 0; i < len; i++) + path[i] = (char)me32.szExePath[i]; + path[len++] = '\0'; + return len; + } +# endif +# else + { + int len = (int)strlen(me32.szExePath); + if (sz <= 0) + return len + 1; + if (len >= sz) + len = sz - 1; + memcpy(path, me32.szExePath, len); + path[len++] = '\0'; + return len; + } +# endif + } + } while ((*module_next) (hModuleSnap, &me32)); + + (*close_snap) (hModuleSnap); + FreeLibrary(dll); + return 0; +} + static void *win32_globallookup(const char *name) { HMODULE dll; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv4.pl index 83abbdd89..fa833ce6a 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1394,7 +1394,7 @@ my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); # 256-bit vectors on top. Then note that we push # starting from r0, which means that we have copy of # input arguments just below these temporary vectors. -# We use three of them for !in1infty, !in2intfy and +# We use three of them for ~in1infty, ~in2infty and # result of check for zero. $code.=<<___; @@ -1424,7 +1424,7 @@ ecp_nistz256_point_add: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*18+8] @ !in2infty + str r12,[sp,#32*18+8] @ ~in2infty ldmia $a_ptr!,{r4-r11} @ copy in1_x add r3,sp,#$in1_x @@ -1445,7 +1445,7 @@ ecp_nistz256_point_add: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*18+4] @ !in1infty + str r12,[sp,#32*18+4] @ ~in1infty add $a_ptr,sp,#$in2_z add $b_ptr,sp,#$in2_z @@ -1510,33 +1510,20 @@ ecp_nistz256_point_add: orr $a0,$a0,$a2 orr $a4,$a4,$a6 orr $a0,$a0,$a7 - orrs $a0,$a0,$a4 + orr $a0,$a0,$a4 @ ~is_equal(U1,U2) - bne .Ladd_proceed @ is_equal(U1,U2)? + ldr $t0,[sp,#32*18+4] @ ~in1infty + ldr $t1,[sp,#32*18+8] @ ~in2infty + ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2) + mvn $t0,$t0 @ -1/0 -> 0/-1 + mvn $t1,$t1 @ -1/0 -> 0/-1 + orr $a0,$a0,$t0 + orr $a0,$a0,$t1 + orrs $a0,$a0,$t2 @ set flags - ldr $t0,[sp,#32*18+4] - ldr $t1,[sp,#32*18+8] - ldr $t2,[sp,#32*18+12] - tst $t0,$t1 - beq .Ladd_proceed @ (in1infty || in2infty)? - tst $t2,$t2 - beq .Ladd_double @ is_equal(S1,S2)? + @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) + bne .Ladd_proceed - ldr $r_ptr,[sp,#32*18+16] - eor r4,r4,r4 - eor r5,r5,r5 - eor r6,r6,r6 - eor r7,r7,r7 - eor r8,r8,r8 - eor r9,r9,r9 - eor r10,r10,r10 - eor r11,r11,r11 - stmia $r_ptr!,{r4-r11} - stmia $r_ptr!,{r4-r11} - stmia $r_ptr!,{r4-r11} - b .Ladd_done - -.align 4 .Ladd_double: ldr $a_ptr,[sp,#32*18+20] add sp,sp,#32*(18-5)+16 @ difference in frame sizes @@ -1601,15 +1588,15 @@ ecp_nistz256_point_add: add $b_ptr,sp,#$S2 bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); - ldr r11,[sp,#32*18+4] @ !in1intfy - ldr r12,[sp,#32*18+8] @ !in2intfy + ldr r11,[sp,#32*18+4] @ ~in1infty + ldr r12,[sp,#32*18+8] @ ~in2infty add r1,sp,#$res_x add r2,sp,#$in2_x - and r10,r11,r12 + and r10,r11,r12 @ ~in1infty & ~in2infty mvn r11,r11 add r3,sp,#$in1_x - and r11,r11,r12 - mvn r12,r12 + and r11,r11,r12 @ in1infty & ~in2infty + mvn r12,r12 @ in2infty ldr $r_ptr,[sp,#32*18+16] ___ for($i=0;$i<96;$i+=8) { # conditional moves @@ -1617,11 +1604,11 @@ $code.=<<___; ldmia r1!,{r4-r5} @ res_x ldmia r2!,{r6-r7} @ in2_x ldmia r3!,{r8-r9} @ in1_x - and r4,r4,r10 + and r4,r4,r10 @ ~in1infty & ~in2infty and r5,r5,r10 - and r6,r6,r11 + and r6,r6,r11 @ in1infty & ~in2infty and r7,r7,r11 - and r8,r8,r12 + and r8,r8,r12 @ in2infty and r9,r9,r12 orr r4,r4,r6 orr r5,r5,r7 @@ -1656,7 +1643,7 @@ my $Z1sqr = $S2; # 256-bit vectors on top. Then note that we push # starting from r0, which means that we have copy of # input arguments just below these temporary vectors. -# We use two of them for !in1infty, !in2intfy. +# We use two of them for ~in1infty, ~in2infty. my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); @@ -1687,7 +1674,7 @@ ecp_nistz256_point_add_affine: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*15+4] @ !in1infty + str r12,[sp,#32*15+4] @ ~in1infty ldmia $b_ptr!,{r4-r11} @ copy in2_x add r3,sp,#$in2_x @@ -1714,7 +1701,7 @@ ecp_nistz256_point_add_affine: it ne #endif movne r12,#-1 - str r12,[sp,#32*15+8] @ !in2infty + str r12,[sp,#32*15+8] @ ~in2infty add $a_ptr,sp,#$in1_z add $b_ptr,sp,#$in1_z @@ -1796,15 +1783,15 @@ ecp_nistz256_point_add_affine: add $b_ptr,sp,#$S2 bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); - ldr r11,[sp,#32*15+4] @ !in1intfy - ldr r12,[sp,#32*15+8] @ !in2intfy + ldr r11,[sp,#32*15+4] @ ~in1infty + ldr r12,[sp,#32*15+8] @ ~in2infty add r1,sp,#$res_x add r2,sp,#$in2_x - and r10,r11,r12 + and r10,r11,r12 @ ~in1infty & ~in2infty mvn r11,r11 add r3,sp,#$in1_x - and r11,r11,r12 - mvn r12,r12 + and r11,r11,r12 @ in1infty & ~in2infty + mvn r12,r12 @ in2infty ldr $r_ptr,[sp,#32*15] ___ for($i=0;$i<64;$i+=8) { # conditional moves @@ -1812,11 +1799,11 @@ $code.=<<___; ldmia r1!,{r4-r5} @ res_x ldmia r2!,{r6-r7} @ in2_x ldmia r3!,{r8-r9} @ in1_x - and r4,r4,r10 + and r4,r4,r10 @ ~in1infty & ~in2infty and r5,r5,r10 - and r6,r6,r11 + and r6,r6,r11 @ in1infty & ~in2infty and r7,r7,r11 - and r8,r8,r12 + and r8,r8,r12 @ in2infty and r9,r9,r12 orr r4,r4,r6 orr r5,r5,r7 @@ -1862,4 +1849,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv8.pl index 887ddfb1e..e93e18f29 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -722,7 +722,7 @@ $code.=<<___; .align 5 ecp_nistz256_point_double: .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! + stp x29,x30,[sp,#-96]! add x29,sp,#0 stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] @@ -855,7 +855,7 @@ ecp_nistz256_point_double: add sp,x29,#0 // destroy frame ldp x19,x20,[x29,#16] ldp x21,x22,[x29,#32] - ldp x29,x30,[sp],#80 + ldp x29,x30,[sp],#96 .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_double,.-ecp_nistz256_point_double @@ -872,7 +872,7 @@ my ($res_x,$res_y,$res_z, my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); # above map() describes stack layout with 12 temporary # 256-bit vectors on top. -my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26)); +my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp0,$temp1,$temp2)=map("x$_",(21..28)); $code.=<<___; .globl ecp_nistz256_point_add @@ -880,12 +880,13 @@ $code.=<<___; .align 5 ecp_nistz256_point_add: .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! + stp x29,x30,[sp,#-96]! add x29,sp,#0 stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] stp x23,x24,[sp,#48] stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] sub sp,sp,#32*12 ldp $a0,$a1,[$bp,#64] // in2_z @@ -899,7 +900,7 @@ ecp_nistz256_point_add: orr $t2,$a2,$a3 orr $in2infty,$t0,$t2 cmp $in2infty,#0 - csetm $in2infty,ne // !in2infty + csetm $in2infty,ne // ~in2infty add $rp,sp,#$Z2sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z2sqr, in2_z); @@ -909,7 +910,7 @@ ecp_nistz256_point_add: orr $t2,$a2,$a3 orr $in1infty,$t0,$t2 cmp $in1infty,#0 - csetm $in1infty,ne // !in1infty + csetm $in1infty,ne // ~in1infty add $rp,sp,#$Z1sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); @@ -950,7 +951,7 @@ ecp_nistz256_point_add: orr $acc0,$acc0,$acc1 // see if result is zero orr $acc2,$acc2,$acc3 - orr $temp,$acc0,$acc2 + orr $temp0,$acc0,$acc2 // ~is_equal(S1,S2) add $bp,sp,#$Z2sqr add $rp,sp,#$U1 @@ -971,32 +972,21 @@ ecp_nistz256_point_add: orr $acc0,$acc0,$acc1 // see if result is zero orr $acc2,$acc2,$acc3 - orr $acc0,$acc0,$acc2 - tst $acc0,$acc0 - b.ne .Ladd_proceed // is_equal(U1,U2)? + orr $acc0,$acc0,$acc2 // ~is_equal(U1,U2) - tst $in1infty,$in2infty - b.eq .Ladd_proceed // (in1infty || in2infty)? + mvn $temp1,$in1infty // -1/0 -> 0/-1 + mvn $temp2,$in2infty // -1/0 -> 0/-1 + orr $acc0,$acc0,$temp1 + orr $acc0,$acc0,$temp2 + orr $acc0,$acc0,$temp0 + cbnz $acc0,.Ladd_proceed // if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) - tst $temp,$temp - b.eq .Ladd_double // is_equal(S1,S2)? - - eor $a0,$a0,$a0 - eor $a1,$a1,$a1 - stp $a0,$a1,[$rp_real] - stp $a0,$a1,[$rp_real,#16] - stp $a0,$a1,[$rp_real,#32] - stp $a0,$a1,[$rp_real,#48] - stp $a0,$a1,[$rp_real,#64] - stp $a0,$a1,[$rp_real,#80] - b .Ladd_done - -.align 4 .Ladd_double: mov $ap,$ap_real mov $rp,$rp_real ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] add sp,sp,#32*(12-4) // difference in stack frames b .Ldouble_shortcut @@ -1081,14 +1071,14 @@ ___ for($i=0;$i<64;$i+=32) { # conditional moves $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne ldp $a0,$a1,[sp,#$res_x+$i+32] // res csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? ldp $a2,$a3,[sp,#$res_x+$i+48] csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne @@ -1102,13 +1092,13 @@ ___ } $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne csel $acc2,$t2,$acc2,ne @@ -1122,7 +1112,8 @@ $code.=<<___; ldp x21,x22,[x29,#32] ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] - ldp x29,x30,[sp],#80 + ldp x27,x28,[x29,#80] + ldp x29,x30,[sp],#96 .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_add,.-ecp_nistz256_point_add @@ -1166,7 +1157,7 @@ ecp_nistz256_point_add_affine: orr $t2,$a2,$a3 orr $in1infty,$t0,$t2 cmp $in1infty,#0 - csetm $in1infty,ne // !in1infty + csetm $in1infty,ne // ~in1infty ldp $acc0,$acc1,[$bp] // in2_x ldp $acc2,$acc3,[$bp,#16] @@ -1180,7 +1171,7 @@ ecp_nistz256_point_add_affine: orr $t0,$t0,$t2 orr $in2infty,$acc0,$t0 cmp $in2infty,#0 - csetm $in2infty,ne // !in2infty + csetm $in2infty,ne // ~in2infty add $rp,sp,#$Z1sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); @@ -1290,14 +1281,14 @@ ___ for($i=0;$i<64;$i+=32) { # conditional moves $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne ldp $a0,$a1,[sp,#$res_x+$i+32] // res csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? ldp $a2,$a3,[sp,#$res_x+$i+48] csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne @@ -1314,13 +1305,13 @@ ___ } $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne csel $acc2,$t2,$acc2,ne @@ -1880,4 +1871,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-avx2.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-avx2.pl deleted file mode 100755 index 794e56a08..000000000 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-avx2.pl +++ /dev/null @@ -1,2080 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2014, Intel Corporation. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) -# (1) Intel Corporation, Israel Development Center, Haifa, Israel -# (2) University of Haifa, Israel -# -# Reference: -# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with -# 256 Bit Primes" - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $avx = ($ver>=3.0) + ($ver>=3.01); - $addx = ($ver>=3.03); -} - -if ($avx>=2) {{ -$digit_size = "\$29"; -$n_digits = "\$9"; - -$code.=<<___; -.text - -.align 64 -.LAVX2_AND_MASK: -.LAVX2_POLY: -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x000001ff, 0x000001ff, 0x000001ff, 0x000001ff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00040000, 0x00040000, 0x00040000, 0x00040000 -.quad 0x1fe00000, 0x1fe00000, 0x1fe00000, 0x1fe00000 -.quad 0x00ffffff, 0x00ffffff, 0x00ffffff, 0x00ffffff - -.LAVX2_POLY_x2: -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x400007FC, 0x400007FC, 0x400007FC, 0x400007FC -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x400FFFFE, 0x400FFFFE, 0x400FFFFE, 0x400FFFFE -.quad 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE -.quad 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC - -.LAVX2_POLY_x8: -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0x80000FF8, 0x80000FF8, 0x80000FF8, 0x80000FF8 -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x801FFFFC, 0x801FFFFC, 0x801FFFFC, 0x801FFFFC -.quad 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC -.quad 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8 - -.LONE: -.quad 0x00000020, 0x00000020, 0x00000020, 0x00000020 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1fffc000, 0x1fffc000, 0x1fffc000, 0x1fffc000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1f7fffff, 0x1f7fffff, 0x1f7fffff, 0x1f7fffff -.quad 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -# RR = 2^266 mod p in AVX2 format, to transform from the native OpenSSL -# Montgomery form (*2^256) to our format (*2^261) - -.LTO_MONT_AVX2: -.quad 0x00000400, 0x00000400, 0x00000400, 0x00000400 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ff80000, 0x1ff80000, 0x1ff80000, 0x1ff80000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x00000003, 0x00000003, 0x00000003, 0x00000003 - -.LFROM_MONT_AVX2: -.quad 0x00000001, 0x00000001, 0x00000001, 0x00000001 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ffffe00, 0x1ffffe00, 0x1ffffe00, 0x1ffffe00 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1ffbffff, 0x1ffbffff, 0x1ffbffff, 0x1ffbffff -.quad 0x001fffff, 0x001fffff, 0x001fffff, 0x001fffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -.LIntOne: -.long 1,1,1,1,1,1,1,1 -___ - -{ -# This function receives a pointer to an array of four affine points -# (X, Y, <1>) and rearranges the data for AVX2 execution, while -# converting it to 2^29 radix redundant form - -my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3, - $T0,$T1,$T2,$T3, $T4,$T5,$T6,$T7)=map("%ymm$_",(0..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_transpose_convert -.type ecp_nistz256_avx2_transpose_convert,\@function,2 -.align 64 -ecp_nistz256_avx2_transpose_convert: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - # Load the data - vmovdqa 32*0(%rsi), $X0 - lea 112(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $Y0 - lea .LAVX2_AND_MASK(%rip), %rdx - vmovdqa 32*2(%rsi), $X1 - vmovdqa 32*3(%rsi), $Y1 - vmovdqa 32*4-112(%rax), $X2 - vmovdqa 32*5-112(%rax), $Y2 - vmovdqa 32*6-112(%rax), $X3 - vmovdqa 32*7-112(%rax), $Y3 - - # Transpose X and Y independently - vpunpcklqdq $X1, $X0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $X3, $X2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $X1, $X0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $X3, $X2, $T3 # T3 = [D3 C3 D1 C1] - - vpunpcklqdq $Y1, $Y0, $T4 - vpunpcklqdq $Y3, $Y2, $T5 - vpunpckhqdq $Y1, $Y0, $T6 - vpunpckhqdq $Y3, $Y2, $T7 - - vperm2i128 \$0x20, $T1, $T0, $X0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $X1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $X2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $X3 # X3 = [D3 C3 B3 A3] - - vperm2i128 \$0x20, $T5, $T4, $Y0 - vperm2i128 \$0x20, $T7, $T6, $Y1 - vperm2i128 \$0x31, $T5, $T4, $Y2 - vperm2i128 \$0x31, $T7, $T6, $Y3 - vmovdqa (%rdx), $T7 - - vpand (%rdx), $X0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $X0, $X0 - vpand $T7, $X0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $X0, $X0 - vpsllq \$6, $X1, $T2 - vpxor $X0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $X1, $X1 - vpand $T7, $X1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $X1, $X1 - vpsllq \$12, $X2, $T4 - vpxor $X1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $X2, $X2 - vpand $T7, $X2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $X2, $X2 - vpsllq \$18, $X3, $T6 - vpxor $X2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $X3, $X3 - vmovdqa $T0, 32*0(%rdi) - lea 112(%rdi), %rax # size optimization - vpand $T7, $X3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $X3, $X3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*1(%rdi) - vmovdqa $T2, 32*2(%rdi) - vmovdqa $T3, 32*3(%rdi) - vmovdqa $T4, 32*4-112(%rax) - vmovdqa $T5, 32*5-112(%rax) - vmovdqa $T6, 32*6-112(%rax) - vmovdqa $T0, 32*7-112(%rax) - vmovdqa $X3, 32*8-112(%rax) - lea 448(%rdi), %rax # size optimization - - vpand $T7, $Y0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $Y0, $Y0 - vpand $T7, $Y0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $Y0, $Y0 - vpsllq \$6, $Y1, $T2 - vpxor $Y0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $Y1, $Y1 - vpand $T7, $Y1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $Y1, $Y1 - vpsllq \$12, $Y2, $T4 - vpxor $Y1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $Y2, $Y2 - vpand $T7, $Y2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $Y2, $Y2 - vpsllq \$18, $Y3, $T6 - vpxor $Y2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $Y3, $Y3 - vmovdqa $T0, 32*9-448(%rax) - vpand $T7, $Y3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $Y3, $Y3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*10-448(%rax) - vmovdqa $T2, 32*11-448(%rax) - vmovdqa $T3, 32*12-448(%rax) - vmovdqa $T4, 32*13-448(%rax) - vmovdqa $T5, 32*14-448(%rax) - vmovdqa $T6, 32*15-448(%rax) - vmovdqa $T0, 32*16-448(%rax) - vmovdqa $Y3, 32*17-448(%rax) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_transpose_convert,.-ecp_nistz256_avx2_transpose_convert -___ -} -{ -################################################################################ -# This function receives a pointer to an array of four AVX2 formatted points -# (X, Y, Z) convert the data to normal representation, and rearranges the data - -my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8)); -my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15)); - -$code.=<<___; - -.globl ecp_nistz256_avx2_convert_transpose_back -.type ecp_nistz256_avx2_convert_transpose_back,\@function,2 -.align 32 -ecp_nistz256_avx2_convert_transpose_back: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - mov \$3, %ecx - -.Lconv_loop: - vmovdqa 32*0(%rsi), $D0 - lea 160(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $D1 - vmovdqa 32*2(%rsi), $D2 - vmovdqa 32*3(%rsi), $D3 - vmovdqa 32*4-160(%rax), $D4 - vmovdqa 32*5-160(%rax), $D5 - vmovdqa 32*6-160(%rax), $D6 - vmovdqa 32*7-160(%rax), $D7 - vmovdqa 32*8-160(%rax), $D8 - - vpsllq \$29, $D1, $D1 - vpsllq \$58, $D2, $T0 - vpaddq $D1, $D0, $D0 - vpaddq $T0, $D0, $D0 # out[0] = (in[0]) ^ (in[1] << shift*1) ^ (in[2] << shift*2); - - vpsrlq \$6, $D2, $D2 - vpsllq \$23, $D3, $D3 - vpsllq \$52, $D4, $T1 - vpaddq $D2, $D3, $D3 - vpaddq $D3, $T1, $D1 # out[1] = (in[2] >> (64*1-shift*2)) ^ (in[3] << shift*3%64) ^ (in[4] << shift*4%64); - - vpsrlq \$12, $D4, $D4 - vpsllq \$17, $D5, $D5 - vpsllq \$46, $D6, $T2 - vpaddq $D4, $D5, $D5 - vpaddq $D5, $T2, $D2 # out[2] = (in[4] >> (64*2-shift*4)) ^ (in[5] << shift*5%64) ^ (in[6] << shift*6%64); - - vpsrlq \$18, $D6, $D6 - vpsllq \$11, $D7, $D7 - vpsllq \$40, $D8, $T3 - vpaddq $D6, $D7, $D7 - vpaddq $D7, $T3, $D3 # out[3] = (in[6] >> (64*3-shift*6)) ^ (in[7] << shift*7%64) ^ (in[8] << shift*8%64); - - vpunpcklqdq $D1, $D0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $D3, $D2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $D1, $D0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $D3, $D2, $T3 # T3 = [D3 C3 D1 C1] - - vperm2i128 \$0x20, $T1, $T0, $D0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $D1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $D2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $D3 # X3 = [D3 C3 B3 A3] - - vmovdqa $D0, 32*0(%rdi) - vmovdqa $D1, 32*3(%rdi) - vmovdqa $D2, 32*6(%rdi) - vmovdqa $D3, 32*9(%rdi) - - lea 32*9(%rsi), %rsi - lea 32*1(%rdi), %rdi - - dec %ecx - jnz .Lconv_loop - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_convert_transpose_back,.-ecp_nistz256_avx2_convert_transpose_back -___ -} -{ -my ($r_ptr,$a_ptr,$b_ptr,$itr)=("%rdi","%rsi","%rdx","%ecx"); -my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4,$ACC5,$ACC6,$ACC7,$ACC8)=map("%ymm$_",(0..8)); -my ($B,$Y,$T0,$AND_MASK,$OVERFLOW)=map("%ymm$_",(9..13)); - -sub NORMALIZE { -my $ret=<<___; - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 -___ - $ret; -} - -sub STORE { -my $ret=<<___; - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vmovdqa $ACC1, 32*1(%rdi) - vmovdqa $ACC2, 32*2(%rdi) - vmovdqa $ACC3, 32*3(%rdi) - vmovdqa $ACC4, 32*4-160(%rax) - vmovdqa $ACC5, 32*5-160(%rax) - vmovdqa $ACC6, 32*6-160(%rax) - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) -___ - $ret; -} - -$code.=<<___; -.type avx2_normalize,\@abi-omnipotent -.align 32 -avx2_normalize: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - - ret -.size avx2_normalize,.-avx2_normalize - -.type avx2_normalize_n_store,\@abi-omnipotent -.align 32 -avx2_normalize_n_store: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vmovdqa $ACC1, 32*1(%rdi) - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vmovdqa $ACC2, 32*2(%rdi) - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vmovdqa $ACC3, 32*3(%rdi) - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vmovdqa $ACC4, 32*4-160(%rax) - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vmovdqa $ACC5, 32*5-160(%rax) - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vmovdqa $ACC6, 32*6-160(%rax) - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) - - ret -.size avx2_normalize_n_store,.-avx2_normalize_n_store - -################################################################################ -# void avx2_mul_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_mul_x4,\@abi-omnipotent -.align 32 -avx2_mul_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - mov $n_digits, $itr - lea -512($a_ptr), $a_ptr # strategic bias to control u-op density - jmp .Lavx2_mul_x4_loop - -.align 32 -.Lavx2_mul_x4_loop: - vmovdqa 32*0($b_ptr), $B - lea 32*1($b_ptr), $b_ptr - - vpmuludq 32*0+512($a_ptr), $B, $T0 - vpmuludq 32*1+512($a_ptr), $B, $OVERFLOW # borrow $OVERFLOW - vpaddq $T0, $ACC0, $ACC0 - vpmuludq 32*2+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*3+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*4+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*5+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*6+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*7+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - # Skip some multiplications, optimizing for the constant poly - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*8+512($a_ptr), $B, $ACC8 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - .byte 0x67 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - .byte 0x67 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $OVERFLOW - vpaddq $T0, $ACC7, $ACC6 - vpaddq $OVERFLOW, $ACC8, $ACC7 - - dec $itr - jnz .Lavx2_mul_x4_loop - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_x4,.-avx2_mul_x4 - -# Function optimized for the constant 1 -################################################################################ -# void avx2_mul_by1_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by1_x4,\@abi-omnipotent -.align 32 -avx2_mul_by1_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - vpxor $ACC8, $ACC8, $ACC8 - - vmovdqa 32*3+.LONE(%rip), %ymm14 - vmovdqa 32*7+.LONE(%rip), %ymm15 - - mov $n_digits, $itr - jmp .Lavx2_mul_by1_x4_loop - -.align 32 -.Lavx2_mul_by1_x4_loop: - vmovdqa 32*0($a_ptr), $B - .byte 0x48,0x8d,0xb6,0x20,0,0,0 # lea 32*1($a_ptr), $a_ptr - - vpsllq \$5, $B, $OVERFLOW - vpmuludq %ymm14, $B, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC3 - .byte 0x67 - vpmuludq $AND_MASK, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $T0, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - vpsllq \$23, $B, $T0 - - .byte 0x67,0x67 - vpmuludq %ymm15, $B, $OVERFLOW - vpsubq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - .byte 0x67,0x67 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - vmovdqa $ACC5, $ACC4 - vpmuludq 32*7(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpaddq $T0, $ACC7, $ACC6 - vpmuludq 32*8(%rax), $Y, $ACC7 - - dec $itr - jnz .Lavx2_mul_by1_x4_loop - - ret -.size avx2_mul_by1_x4,.-avx2_mul_by1_x4 - -################################################################################ -# void avx2_sqr_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sqr_x4,\@abi-omnipotent -.align 32 -avx2_sqr_x4: - lea .LAVX2_POLY(%rip), %rax - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - vmovdqa 32*0($a_ptr), $B - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4($a_ptr), $ACC4 - vmovdqa 32*5($a_ptr), $ACC5 - vmovdqa 32*6($a_ptr), $ACC6 - vmovdqa 32*7($a_ptr), $ACC7 - vpaddq $ACC1, $ACC1, $ACC1 # 2*$ACC0..7 - vmovdqa 32*8($a_ptr), $ACC8 - vpaddq $ACC2, $ACC2, $ACC2 - vmovdqa $ACC1, 32*0(%rcx) - vpaddq $ACC3, $ACC3, $ACC3 - vmovdqa $ACC2, 32*1(%rcx) - vpaddq $ACC4, $ACC4, $ACC4 - vmovdqa $ACC3, 32*2(%rcx) - vpaddq $ACC5, $ACC5, $ACC5 - vmovdqa $ACC4, 32*3(%rcx) - vpaddq $ACC6, $ACC6, $ACC6 - vmovdqa $ACC5, 32*4(%rcx) - vpaddq $ACC7, $ACC7, $ACC7 - vmovdqa $ACC6, 32*5(%rcx) - vpaddq $ACC8, $ACC8, $ACC8 - vmovdqa $ACC7, 32*6(%rcx) - vmovdqa $ACC8, 32*7(%rcx) - - #itr 1 - vpmuludq $B, $B, $ACC0 - vpmuludq $B, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq $B, $ACC2, $ACC2 - vpmuludq $B, $ACC3, $ACC3 - vpmuludq $B, $ACC4, $ACC4 - vpmuludq $B, $ACC5, $ACC5 - vpmuludq $B, $ACC6, $ACC6 - vpmuludq $AND_MASK, $Y, $T0 - vpmuludq $B, $ACC7, $ACC7 - vpmuludq $B, $ACC8, $ACC8 - vmovdqa 32*1($a_ptr), $B - - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 2 - vpmuludq $B, $B, $OVERFLOW - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*1(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*2($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 3 - vpmuludq $B, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*3($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 4 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*4($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 5 - vpmuludq $B, $B, $T0 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*5($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3+.LAVX2_POLY(%rip), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 6 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*6($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 7 - vpmuludq $B, $B, $T0 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*7($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 8 - vpmuludq $B, $B, $OVERFLOW - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*8($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 9 - vpmuludq $B, $B, $ACC8 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_sqr_x4,.-avx2_sqr_x4 - -################################################################################ -# void avx2_sub_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sub_x4,\@abi-omnipotent -.align 32 -avx2_sub_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), $a_ptr - lea .LAVX2_POLY_x8+128(%rip), %rax - lea 128($b_ptr), $b_ptr - vmovdqa 32*1-160($a_ptr), $ACC1 - vmovdqa 32*2-160($a_ptr), $ACC2 - vmovdqa 32*3-160($a_ptr), $ACC3 - vmovdqa 32*4-160($a_ptr), $ACC4 - vmovdqa 32*5-160($a_ptr), $ACC5 - vmovdqa 32*6-160($a_ptr), $ACC6 - vmovdqa 32*7-160($a_ptr), $ACC7 - vmovdqa 32*8-160($a_ptr), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128($b_ptr), $ACC0, $ACC0 - vpsubq 32*1-128($b_ptr), $ACC1, $ACC1 - vpsubq 32*2-128($b_ptr), $ACC2, $ACC2 - vpsubq 32*3-128($b_ptr), $ACC3, $ACC3 - vpsubq 32*4-128($b_ptr), $ACC4, $ACC4 - vpsubq 32*5-128($b_ptr), $ACC5, $ACC5 - vpsubq 32*6-128($b_ptr), $ACC6, $ACC6 - vpsubq 32*7-128($b_ptr), $ACC7, $ACC7 - vpsubq 32*8-128($b_ptr), $ACC8, $ACC8 - - ret -.size avx2_sub_x4,.-avx2_sub_x4 - -.type avx2_select_n_store,\@abi-omnipotent -.align 32 -avx2_select_n_store: - vmovdqa `8+32*9*8`(%rsp), $Y - vpor `8+32*9*8+32`(%rsp), $Y, $Y - - vpandn $ACC0, $Y, $ACC0 - vpandn $ACC1, $Y, $ACC1 - vpandn $ACC2, $Y, $ACC2 - vpandn $ACC3, $Y, $ACC3 - vpandn $ACC4, $Y, $ACC4 - vpandn $ACC5, $Y, $ACC5 - vpandn $ACC6, $Y, $ACC6 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpandn $ACC7, $Y, $ACC7 - vpandn `8+32*9*8`(%rsp), $B, $B - vpandn $ACC8, $Y, $ACC8 - - vpand 32*0(%rsi), $B, $T0 - lea 160(%rsi), %rax - vpand 32*1(%rsi), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2(%rsi), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3(%rsi), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $T0 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpxor $Y, $ACC7, $ACC7 - - vpand 32*0(%rdx), $B, $Y - lea 160(%rdx), %rax - vpxor $T0, $ACC8, $ACC8 - vpand 32*1(%rdx), $B, $T0 - vpxor $Y, $ACC0, $ACC0 - vpand 32*2(%rdx), $B, $Y - vpxor $T0, $ACC1, $ACC1 - vpand 32*3(%rdx), $B, $T0 - vpxor $Y, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $Y - vpxor $T0, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $T0 - vpxor $Y, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $Y - vpxor $T0, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $T0 - vpxor $Y, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $Y - vpxor $T0, $ACC7, $ACC7 - vpxor $Y, $ACC8, $ACC8 - `&STORE` - - ret -.size avx2_select_n_store,.-avx2_select_n_store -___ -$code.=<<___ if (0); # inlined -################################################################################ -# void avx2_mul_by2_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by2_x4,\@abi-omnipotent -.align 32 -avx2_mul_by2_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), %rax - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4-160(%rax), $ACC4 - vmovdqa 32*5-160(%rax), $ACC5 - vmovdqa 32*6-160(%rax), $ACC6 - vmovdqa 32*7-160(%rax), $ACC7 - vmovdqa 32*8-160(%rax), $ACC8 - - vpaddq $ACC0, $ACC0, $ACC0 - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_by2_x4,.-avx2_mul_by2_x4 -___ -my ($r_ptr_in,$a_ptr_in,$b_ptr_in)=("%rdi","%rsi","%rdx"); -my ($r_ptr,$a_ptr,$b_ptr)=("%r8","%r9","%r10"); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_avx2_point_add_affine_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affine_x4 -.type ecp_nistz256_avx2_point_add_affine_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affine_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y -# A + 32*18 = A.Z - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # Z1^2 = Z1*Z1 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # U2 = X2*Z1^2 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # S2 = Z1*Z1^2 = Z1^3 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S2*Y2 = Y2*Z1^3 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # H = U2 - U1 = U2 - X1 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = S2 - Y1 - lea `32*9*1`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($a_ptr), %rdx - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_x4 - call avx2_normalize - - lea .LONE(%rip), %rsi - lea `32*9*2`($a_ptr), %rdx - call avx2_select_n_store - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affine_x4,.-ecp_nistz256_avx2_point_add_affine_x4 - -################################################################################ -# void ecp_nistz256_avx2_point_add_affines_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affines_x4 -.type ecp_nistz256_avx2_point_add_affines_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affines_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # H = U2 - U1 = X2 - X1 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = Y2 - Y1 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 = H - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize - - vmovdqa `32*9*8`(%rsp), $B - vpor `32*9*8+32`(%rsp), $B, $B - - vpandn $ACC0, $B, $ACC0 - lea .LONE+128(%rip), %rax - vpandn $ACC1, $B, $ACC1 - vpandn $ACC2, $B, $ACC2 - vpandn $ACC3, $B, $ACC3 - vpandn $ACC4, $B, $ACC4 - vpandn $ACC5, $B, $ACC5 - vpandn $ACC6, $B, $ACC6 - vpandn $ACC7, $B, $ACC7 - - vpand 32*0-128(%rax), $B, $T0 - vpandn $ACC8, $B, $ACC8 - vpand 32*1-128(%rax), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2-128(%rax), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3-128(%rax), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-128(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-128(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-128(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-128(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-128(%rax), $B, $T0 - vpxor $Y, $ACC7, $ACC7 - vpxor $T0, $ACC8, $ACC8 - `&STORE` - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # H = H*R - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S1 * H^3 - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affines_x4,.-ecp_nistz256_avx2_point_add_affines_x4 - -################################################################################ -# void ecp_nistz256_avx2_to_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_to_mont -.type ecp_nistz256_avx2_to_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_to_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LTO_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_to_mont,.-ecp_nistz256_avx2_to_mont - -################################################################################ -# void ecp_nistz256_avx2_from_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_from_mont -.type ecp_nistz256_avx2_from_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_from_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LFROM_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_from_mont,.-ecp_nistz256_avx2_from_mont - -################################################################################ -# void ecp_nistz256_avx2_set1(void* RESULTx4); -.globl ecp_nistz256_avx2_set1 -.type ecp_nistz256_avx2_set1,\@function,1 -.align 32 -ecp_nistz256_avx2_set1: - lea .LONE+128(%rip), %rax - lea 128(%rdi), %rdi - vzeroupper - vmovdqa 32*0-128(%rax), %ymm0 - vmovdqa 32*1-128(%rax), %ymm1 - vmovdqa 32*2-128(%rax), %ymm2 - vmovdqa 32*3-128(%rax), %ymm3 - vmovdqa 32*4-128(%rax), %ymm4 - vmovdqa 32*5-128(%rax), %ymm5 - vmovdqa %ymm0, 32*0-128(%rdi) - vmovdqa 32*6-128(%rax), %ymm0 - vmovdqa %ymm1, 32*1-128(%rdi) - vmovdqa 32*7-128(%rax), %ymm1 - vmovdqa %ymm2, 32*2-128(%rdi) - vmovdqa 32*8-128(%rax), %ymm2 - vmovdqa %ymm3, 32*3-128(%rdi) - vmovdqa %ymm4, 32*4-128(%rdi) - vmovdqa %ymm5, 32*5-128(%rdi) - vmovdqa %ymm0, 32*6-128(%rdi) - vmovdqa %ymm1, 32*7-128(%rdi) - vmovdqa %ymm2, 32*8-128(%rdi) - - vzeroupper - ret -.size ecp_nistz256_avx2_set1,.-ecp_nistz256_avx2_set1 -___ -} -{ -################################################################################ -# void ecp_nistz256_avx2_multi_gather_w7(void* RESULT, void *in, -# int index0, int index1, int index2, int index3); -################################################################################ - -my ($val,$in_t,$index0,$index1,$index2,$index3)=("%rdi","%rsi","%edx","%ecx","%r8d","%r9d"); -my ($INDEX0,$INDEX1,$INDEX2,$INDEX3)=map("%ymm$_",(0..3)); -my ($R0a,$R0b,$R1a,$R1b,$R2a,$R2b,$R3a,$R3b)=map("%ymm$_",(4..11)); -my ($M0,$T0,$T1,$TMP0)=map("%ymm$_",(12..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@function,6 -.align 32 -ecp_nistz256_avx2_multi_gather_w7: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea .LIntOne(%rip), %rax - - vmovd $index0, %xmm0 - vmovd $index1, %xmm1 - vmovd $index2, %xmm2 - vmovd $index3, %xmm3 - - vpxor $R0a, $R0a, $R0a - vpxor $R0b, $R0b, $R0b - vpxor $R1a, $R1a, $R1a - vpxor $R1b, $R1b, $R1b - vpxor $R2a, $R2a, $R2a - vpxor $R2b, $R2b, $R2b - vpxor $R3a, $R3a, $R3a - vpxor $R3b, $R3b, $R3b - vmovdqa (%rax), $M0 - - vpermd $INDEX0, $R0a, $INDEX0 - vpermd $INDEX1, $R0a, $INDEX1 - vpermd $INDEX2, $R0a, $INDEX2 - vpermd $INDEX3, $R0a, $INDEX3 - - mov \$64, %ecx - lea 112($val), $val # size optimization - jmp .Lmulti_select_loop_avx2 - -# INDEX=0, corresponds to the point at infty (0,0) -.align 32 -.Lmulti_select_loop_avx2: - vpcmpeqd $INDEX0, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*0`($in_t), $T0 - vmovdqa `32*1+32*64*2*0`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R0a, $R0a - vpxor $T1, $R0b, $R0b - - vpcmpeqd $INDEX1, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*1`($in_t), $T0 - vmovdqa `32*1+32*64*2*1`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R1a, $R1a - vpxor $T1, $R1b, $R1b - - vpcmpeqd $INDEX2, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*2`($in_t), $T0 - vmovdqa `32*1+32*64*2*2`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R2a, $R2a - vpxor $T1, $R2b, $R2b - - vpcmpeqd $INDEX3, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*3`($in_t), $T0 - vmovdqa `32*1+32*64*2*3`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R3a, $R3a - vpxor $T1, $R3b, $R3b - - vpaddd (%rax), $M0, $M0 # increment - lea 32*2($in_t), $in_t - - dec %ecx - jnz .Lmulti_select_loop_avx2 - - vmovdqu $R0a, 32*0-112($val) - vmovdqu $R0b, 32*1-112($val) - vmovdqu $R1a, 32*2-112($val) - vmovdqu $R1b, 32*3-112($val) - vmovdqu $R2a, 32*4-112($val) - vmovdqu $R2b, 32*5-112($val) - vmovdqu $R3a, 32*6-112($val) - vmovdqu $R3b, 32*7-112($val) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.extern OPENSSL_ia32cap_P -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -.align 32 -ecp_nistz_avx2_eligible: - mov OPENSSL_ia32cap_P+8(%rip),%eax - shr \$5,%eax - and \$1,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -} -}} else {{ # assembler is too old -$code.=<<___; -.text - -.globl ecp_nistz256_avx2_transpose_convert -.globl ecp_nistz256_avx2_convert_transpose_back -.globl ecp_nistz256_avx2_point_add_affine_x4 -.globl ecp_nistz256_avx2_point_add_affines_x4 -.globl ecp_nistz256_avx2_to_mont -.globl ecp_nistz256_avx2_from_mont -.globl ecp_nistz256_avx2_set1 -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@abi-omnipotent -ecp_nistz256_avx2_transpose_convert: -ecp_nistz256_avx2_convert_transpose_back: -ecp_nistz256_avx2_point_add_affine_x4: -ecp_nistz256_avx2_point_add_affines_x4: -ecp_nistz256_avx2_to_mont: -ecp_nistz256_avx2_from_mont: -ecp_nistz256_avx2_set1: -ecp_nistz256_avx2_multi_gather_w7: - .byte 0x0f,0x0b # ud2 - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -ecp_nistz_avx2_eligible: - xor %eax,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/geo; - - print $_,"\n"; -} - -close STDOUT; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-ppc64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-ppc64.pl index 984c7f205..2bf54e2aa 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-ppc64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-ppc64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2379,4 +2379,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-sparcv9.pl index 0a4def6e2..042e12271 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2301,7 +2301,6 @@ my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); # !in1infty, !in2infty and result of check for zero. $code.=<<___; -.globl ecp_nistz256_point_add_vis3 .align 32 ecp_nistz256_point_add_vis3: save %sp,-STACK64_FRAME-32*18-32,%sp @@ -3058,4 +3057,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86.pl index 0c6fc665b..e926d69b0 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1388,7 +1388,7 @@ for ($i=0;$i<7;$i++) { # above map() describes stack layout with 18 temporary # 256-bit vectors on top, then we take extra words for - # !in1infty, !in2infty, result of check for zero and + # ~in1infty, ~in2infty, result of check for zero and # OPENSSL_ia32cap_P copy. [one unused word for padding] &stack_push(8*18+5); if ($sse2) { @@ -1419,7 +1419,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*18+4,"esp"),"ebp"); # !in2infty + &mov (&DWP(32*18+4,"esp"),"ebp"); # ~in2infty &lea ("edi",&DWP($in1_x,"esp")); for($i=0;$i<96;$i+=16) { @@ -1441,7 +1441,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*18+0,"esp"),"ebp"); # !in1infty + &mov (&DWP(32*18+0,"esp"),"ebp"); # ~in1infty &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy &lea ("esi",&DWP($in2_z,"esp")); @@ -1516,23 +1516,19 @@ for ($i=0;$i<7;$i++) { &or ("eax",&DWP(0,"edi")); &or ("eax",&DWP(4,"edi")); &or ("eax",&DWP(8,"edi")); - &or ("eax",&DWP(12,"edi")); + &or ("eax",&DWP(12,"edi")); # ~is_equal(U1,U2) + &mov ("ebx",&DWP(32*18+0,"esp")); # ~in1infty + ¬ ("ebx"); # -1/0 -> 0/-1 + &or ("eax","ebx"); + &mov ("ebx",&DWP(32*18+4,"esp")); # ~in2infty + ¬ ("ebx"); # -1/0 -> 0/-1 + &or ("eax","ebx"); + &or ("eax",&DWP(32*18+8,"esp")); # ~is_equal(S1,S2) + + # if (~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) &data_byte(0x3e); # predict taken - &jnz (&label("add_proceed")); # is_equal(U1,U2)? - - &mov ("eax",&DWP(32*18+0,"esp")); - &and ("eax",&DWP(32*18+4,"esp")); - &mov ("ebx",&DWP(32*18+8,"esp")); - &jz (&label("add_proceed")); # (in1infty || in2infty)? - &test ("ebx","ebx"); - &jz (&label("add_double")); # is_equal(S1,S2)? - - &mov ("edi",&wparam(0)); - &xor ("eax","eax"); - &mov ("ecx",96/4); - &data_byte(0xfc,0xf3,0xab); # cld; stosd - &jmp (&label("add_done")); + &jnz (&label("add_proceed")); &set_label("add_double",16); &mov ("esi",&wparam(1)); @@ -1614,34 +1610,34 @@ for ($i=0;$i<7;$i++) { &lea ("edi",&DWP($res_y,"esp")); &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - &mov ("ebp",&DWP(32*18+0,"esp")); # !in1infty - &mov ("esi",&DWP(32*18+4,"esp")); # !in2infty + &mov ("ebp",&DWP(32*18+0,"esp")); # ~in1infty + &mov ("esi",&DWP(32*18+4,"esp")); # ~in2infty &mov ("edi",&wparam(0)); &mov ("edx","ebp"); ¬ ("ebp"); - &and ("edx","esi"); - &and ("ebp","esi"); - ¬ ("esi"); + &and ("edx","esi"); # ~in1infty & ~in2infty + &and ("ebp","esi"); # in1infty & ~in2infty + ¬ ("esi"); # in2infty ######################################## # conditional moves for($i=64;$i<96;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); &mov (&DWP($i,"edi"),"eax"); } for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); @@ -1668,7 +1664,7 @@ for ($i=0;$i<7;$i++) { # above map() describes stack layout with 15 temporary # 256-bit vectors on top, then we take extra words for - # !in1infty, !in2infty, and OPENSSL_ia32cap_P copy. + # ~in1infty, ~in2infty, and OPENSSL_ia32cap_P copy. &stack_push(8*15+3); if ($sse2) { &call ("_picup_eax"); @@ -1698,7 +1694,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*15+0,"esp"),"ebp"); # !in1infty + &mov (&DWP(32*15+0,"esp"),"ebp"); # ~in1infty &lea ("edi",&DWP($in2_x,"esp")); for($i=0;$i<64;$i+=16) { @@ -1724,7 +1720,7 @@ for ($i=0;$i<7;$i++) { &lea ("ebp",&DWP($in1_z,"esp")); &sar ("ebx",31); &lea ("edi",&DWP($Z1sqr,"esp")); - &mov (&DWP(32*15+4,"esp"),"ebx"); # !in2infty + &mov (&DWP(32*15+4,"esp"),"ebx"); # ~in2infty &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); @@ -1823,14 +1819,14 @@ for ($i=0;$i<7;$i++) { &lea ("edi",&DWP($res_y,"esp")); &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - &mov ("ebp",&DWP(32*15+0,"esp")); # !in1infty - &mov ("esi",&DWP(32*15+4,"esp")); # !in2infty + &mov ("ebp",&DWP(32*15+0,"esp")); # ~in1infty + &mov ("esi",&DWP(32*15+4,"esp")); # ~in2infty &mov ("edi",&wparam(0)); &mov ("edx","ebp"); ¬ ("ebp"); - &and ("edx","esi"); - &and ("ebp","esi"); - ¬ ("esi"); + &and ("edx","esi"); # ~in1infty & ~in2infty + &and ("ebp","esi"); # in1infty & ~in2infty + ¬ ("esi"); # in2infty ######################################## # conditional moves @@ -1848,11 +1844,11 @@ for ($i=0;$i<7;$i++) { &mov (&DWP($i,"edi"),"eax"); } for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); @@ -1863,4 +1859,4 @@ for ($i=0;$i<7;$i++) { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86_64.pl index 87149e7f6..b50ee7019 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2014, Intel Corporation. All Rights Reserved. # Copyright (c) 2015 CloudFlare, Inc. # @@ -72,7 +72,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -1301,7 +1301,7 @@ ecp_nistz256_ord_mul_montx: ################################# reduction mulx 8*0+128(%r14), $t0, $t1 - adcx $t0, $acc3 # guranteed to be zero + adcx $t0, $acc3 # guaranteed to be zero adox $t1, $acc4 mulx 8*1+128(%r14), $t0, $t1 @@ -1579,6 +1579,7 @@ $code.=<<___; .type ecp_nistz256_to_mont,\@function,2 .align 32 ecp_nistz256_to_mont: +.cfi_startproc ___ $code.=<<___ if ($addx); mov \$0x80100, %ecx @@ -1587,6 +1588,7 @@ ___ $code.=<<___; lea .LRR(%rip), $b_org jmp .Lmul_mont +.cfi_endproc .size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont ################################################################################ @@ -2562,6 +2564,7 @@ $code.=<<___; .type ecp_nistz256_scatter_w5,\@abi-omnipotent .align 32 ecp_nistz256_scatter_w5: +.cfi_startproc lea -3($index,$index,2), $index movdqa 0x00($in_t), %xmm0 shl \$5, $index @@ -2578,6 +2581,7 @@ ecp_nistz256_scatter_w5: movdqa %xmm5, 0x50($val,$index) ret +.cfi_endproc .size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 ################################################################################ @@ -2685,6 +2689,7 @@ $code.=<<___; .type ecp_nistz256_scatter_w7,\@abi-omnipotent .align 32 ecp_nistz256_scatter_w7: +.cfi_startproc movdqu 0x00($in_t), %xmm0 shl \$6, $index movdqu 0x10($in_t), %xmm1 @@ -2696,6 +2701,7 @@ ecp_nistz256_scatter_w7: movdqa %xmm3, 0x30($val,$index) ret +.cfi_endproc .size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 ################################################################################ @@ -3020,8 +3026,10 @@ $code.=<<___; .type ecp_nistz256_avx2_gather_w7,\@function,3 .align 32 ecp_nistz256_avx2_gather_w7: +.cfi_startproc .byte 0x0f,0x0b # ud2 ret +.cfi_endproc .size ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7 ___ } @@ -3617,29 +3625,19 @@ $code.=<<___; call __ecp_nistz256_sub_from$x # p256_sub(H, U2, U1); or $acc5, $acc4 # see if result is zero + or $acc0, $acc4 + or $acc1, $acc4 # !is_equal(U1, U2) + + movq %xmm2, $acc0 # in1infty | in2infty + movq %xmm3, $acc1 # !is_equal(S1, S2) + or $acc0, $acc4 or $acc1, $acc4 + # if (!is_equal(U1, U2) | in1infty | in2infty | !is_equal(S1, S2)) .byte 0x3e # predict taken - jnz .Ladd_proceed$x # is_equal(U1,U2)? - movq %xmm2, $acc0 - movq %xmm3, $acc1 - test $acc0, $acc0 - jnz .Ladd_proceed$x # (in1infty || in2infty)? - test $acc1, $acc1 - jz .Ladd_double$x # is_equal(S1,S2)? + jnz .Ladd_proceed$x - movq %xmm0, $r_ptr # restore $r_ptr - pxor %xmm0, %xmm0 - movdqu %xmm0, 0x00($r_ptr) - movdqu %xmm0, 0x10($r_ptr) - movdqu %xmm0, 0x20($r_ptr) - movdqu %xmm0, 0x30($r_ptr) - movdqu %xmm0, 0x40($r_ptr) - movdqu %xmm0, 0x50($r_ptr) - jmp .Ladd_done$x - -.align 32 .Ladd_double$x: movq %xmm1, $a_ptr # restore $a_ptr movq %xmm0, $r_ptr # restore $r_ptr @@ -4738,4 +4736,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-ppc64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-ppc64.pl index 3773cb27c..f4b523bf8 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-ppc64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-ppc64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -451,7 +451,7 @@ x25519_fe64_tobytes: and $t0,$t0,$t1 sldi $a3,$a3,1 add $t0,$t0,$t1 # compare to modulus in the same go - srdi $a3,$a3,1 # most signifcant bit cleared + srdi $a3,$a3,1 # most significant bit cleared addc $a0,$a0,$t0 addze $a1,$a1 @@ -462,7 +462,7 @@ x25519_fe64_tobytes: sradi $t0,$a3,63 # most significant bit -> mask sldi $a3,$a3,1 andc $t0,$t1,$t0 - srdi $a3,$a3,1 # most signifcant bit cleared + srdi $a3,$a3,1 # most significant bit cleared subi $rp,$rp,1 subfc $a0,$t0,$a0 @@ -821,4 +821,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-x86_64.pl index 18dc6af9f..62599daca 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/asm/x25519-x86_64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -90,7 +90,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -488,12 +488,14 @@ $code.=<<___; .type x25519_fe64_eligible,\@abi-omnipotent .align 32 x25519_fe64_eligible: +.cfi_startproc mov OPENSSL_ia32cap_P+8(%rip),%ecx xor %eax,%eax and \$0x80100,%ecx cmp \$0x80100,%ecx cmove %ecx,%eax ret +.cfi_endproc .size x25519_fe64_eligible,.-x25519_fe64_eligible .globl x25519_fe64_mul @@ -722,6 +724,7 @@ x25519_fe64_sqr: .align 32 x25519_fe64_mul121666: .Lfe64_mul121666_body: +.cfi_startproc mov \$121666,%edx mulx 8*0(%rsi),$acc0,%rcx mulx 8*1(%rsi),$acc1,%rax @@ -750,6 +753,7 @@ x25519_fe64_mul121666: .Lfe64_mul121666_epilogue: ret +.cfi_endproc .size x25519_fe64_mul121666,.-x25519_fe64_mul121666 .globl x25519_fe64_add @@ -757,6 +761,7 @@ x25519_fe64_mul121666: .align 32 x25519_fe64_add: .Lfe64_add_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -785,6 +790,7 @@ x25519_fe64_add: .Lfe64_add_epilogue: ret +.cfi_endproc .size x25519_fe64_add,.-x25519_fe64_add .globl x25519_fe64_sub @@ -792,6 +798,7 @@ x25519_fe64_add: .align 32 x25519_fe64_sub: .Lfe64_sub_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -820,6 +827,7 @@ x25519_fe64_sub: .Lfe64_sub_epilogue: ret +.cfi_endproc .size x25519_fe64_sub,.-x25519_fe64_sub .globl x25519_fe64_tobytes @@ -827,6 +835,7 @@ x25519_fe64_sub: .align 32 x25519_fe64_tobytes: .Lfe64_to_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -862,6 +871,7 @@ x25519_fe64_tobytes: .Lfe64_to_epilogue: ret +.cfi_endproc .size x25519_fe64_tobytes,.-x25519_fe64_tobytes ___ } else { @@ -870,8 +880,10 @@ $code.=<<___; .type x25519_fe64_eligible,\@abi-omnipotent .align 32 x25519_fe64_eligible: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size x25519_fe64_eligible,.-x25519_fe64_eligible .globl x25519_fe64_mul @@ -887,8 +899,10 @@ x25519_fe64_mul121666: x25519_fe64_add: x25519_fe64_sub: x25519_fe64_tobytes: +.cfi_startproc .byte 0x0f,0x0b # ud2 ret +.cfi_endproc .size x25519_fe64_mul,.-x25519_fe64_mul ___ } @@ -1114,4 +1128,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve25519.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve25519.c index aa999cc59..952da0e65 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve25519.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve25519.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ @@ -254,6 +254,7 @@ static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32], #if defined(X25519_ASM) \ || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \ && !defined(__sparc__) \ + && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \ && !(defined(__ANDROID__) && !defined(__clang__)) ) /* * Base 2^51 implementation. It's virtually no different from reference diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/arch_intrinsics.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/arch_intrinsics.h index 48081c771..5f6389863 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/arch_intrinsics.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/arch_intrinsics.h @@ -10,10 +10,10 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ARCH_32_ARCH_INTRINSICS_H -# define HEADER_ARCH_32_ARCH_INTRINSICS_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H +# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" # define ARCH_WORD_BITS 32 @@ -24,4 +24,4 @@ static ossl_inline uint64_t widemul(uint32_t a, uint32_t b) return ((uint64_t)a) * b; } -#endif /* HEADER_ARCH_32_ARCH_INTRINSICS_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.h index bbde84a03..e1ddddaee 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/arch_32/f_impl.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ARCH_32_F_IMPL_H -# define HEADER_ARCH_32_F_IMPL_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H +# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H # define GF_HEADROOM 2 # define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28) @@ -57,4 +57,4 @@ void gf_weak_reduce(gf a) a->limb[0] = (a->limb[0] & mask) + tmp; } -#endif /* HEADER_ARCH_32_F_IMPL_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448.c index 7dc68c885..12d97f067 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -15,7 +15,7 @@ #include "point_448.h" #include "ed448.h" -#include "curve448_lcl.h" +#include "curve448_local.h" #define COFACTOR 4 @@ -27,8 +27,8 @@ static const curve448_scalar_t precomputed_scalarmul_adjustment = { { { - SC_LIMB(0xc873d6d54a7bb0cf), SC_LIMB(0xe933d8d723a70aad), - SC_LIMB(0xbb124b65129c96fd), SC_LIMB(0x00000008335dc163) + SC_LIMB(0xc873d6d54a7bb0cfULL), SC_LIMB(0xe933d8d723a70aadULL), + SC_LIMB(0xbb124b65129c96fdULL), SC_LIMB(0x00000008335dc163ULL) } } }; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_local.h similarity index 91% rename from trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_local.h index 2bc3bd84c..b27770661 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_local.h @@ -6,8 +6,8 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CURVE448_LCL_H -# define HEADER_CURVE448_LCL_H +#ifndef OSSL_CRYPTO_EC_CURVE448_LOCAL_H +# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H # include "curve448utils.h" int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], @@ -35,4 +35,4 @@ int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], int ED448_public_from_private(uint8_t out_public_key[57], const uint8_t private_key[57]); -#endif /* HEADER_CURVE448_LCL_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_tables.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_tables.c index a1185b1ee..9ef29769e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_tables.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448_tables.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -16,325 +16,1045 @@ static const curve448_precomputed_s curve448_precomputed_base_table = { { {{ - {FIELD_LITERAL(0x00cc3b062366f4cc,0x003d6e34e314aa3c,0x00d51c0a7521774d,0x0094e060eec6ab8b,0x00d21291b4d80082,0x00befed12b55ef1e,0x00c3dd2df5c94518,0x00e0a7b112b8d4e6)}, - {FIELD_LITERAL(0x0019eb5608d8723a,0x00d1bab52fb3aedb,0x00270a7311ebc90c,0x0037c12b91be7f13,0x005be16cd8b5c704,0x003e181acda888e1,0x00bc1f00fc3fc6d0,0x00d3839bfa319e20)}, - {FIELD_LITERAL(0x003caeb88611909f,0x00ea8b378c4df3d4,0x00b3295b95a5a19a,0x00a65f97514bdfb5,0x00b39efba743cab1,0x0016ba98b862fd2d,0x0001508812ee71d7,0x000a75740eea114a)}, - }}, {{ - {FIELD_LITERAL(0x00ebcf0eb649f823,0x00166d332e98ea03,0x0059ddf64f5cd5f6,0x0047763123d9471b,0x00a64065c53ef62f,0x00978e44c480153d,0x000b5b2a0265f194,0x0046a24b9f32965a)}, - {FIELD_LITERAL(0x00b9eef787034df0,0x0020bc24de3390cd,0x000022160bae99bb,0x00ae66e886e97946,0x0048d4bbe02cbb8b,0x0072ba97b34e38d4,0x00eae7ec8f03e85a,0x005ba92ecf808b2c)}, - {FIELD_LITERAL(0x00c9cfbbe74258fd,0x00843a979ea9eaa7,0x000cbb4371cfbe90,0x0059bac8f7f0a628,0x004b3dff882ff530,0x0011869df4d90733,0x00595aa71f4abfc2,0x0070e2d38990c2e6)}, - }}, {{ - {FIELD_LITERAL(0x00de2010c0a01733,0x00c739a612e24297,0x00a7212643141d7c,0x00f88444f6b67c11,0x00484b7b16ec28f2,0x009c1b8856af9c68,0x00ff4669591fe9d6,0x0054974be08a32c8)}, - {FIELD_LITERAL(0x0010de3fd682ceed,0x008c07642d83ca4e,0x0013bb064e00a1cc,0x009411ae27870e11,0x00ea8e5b4d531223,0x0032fe7d2aaece2e,0x00d989e243e7bb41,0x000fe79a508e9b8b)}, - {FIELD_LITERAL(0x005e0426b9bfc5b1,0x0041a5b1d29ee4fa,0x0015b0def7774391,0x00bc164f1f51af01,0x00d543b0942797b9,0x003c129b6398099c,0x002b114c6e5adf18,0x00b4e630e4018a7b)}, - }}, {{ - {FIELD_LITERAL(0x00d490afc95f8420,0x00b096bf50c1d9b9,0x00799fd707679866,0x007c74d9334afbea,0x00efaa8be80ff4ed,0x0075c4943bb81694,0x00c21c2fca161f36,0x00e77035d492bfee)}, - {FIELD_LITERAL(0x006658a190dd6661,0x00e0e9bab38609a6,0x0028895c802237ed,0x006a0229c494f587,0x002dcde96c9916b7,0x00d158822de16218,0x00173b917a06856f,0x00ca78a79ae07326)}, - {FIELD_LITERAL(0x00e35bfc79caced4,0x0087238a3e1fe3bb,0x00bcbf0ff4ceff5b,0x00a19c1c94099b91,0x0071e102b49db976,0x0059e3d004eada1e,0x008da78afa58a47e,0x00579c8ebf269187)}, - }}, {{ - {FIELD_LITERAL(0x00a16c2905eee75f,0x009d4bcaea2c7e1d,0x00d3bd79bfad19df,0x0050da745193342c,0x006abdb8f6b29ab1,0x00a24fe0a4fef7ef,0x0063730da1057dfb,0x00a08c312c8eb108)}, - {FIELD_LITERAL(0x00b583be005375be,0x00a40c8f8a4e3df4,0x003fac4a8f5bdbf7,0x00d4481d872cd718,0x004dc8749cdbaefe,0x00cce740d5e5c975,0x000b1c1f4241fd21,0x00a76de1b4e1cd07)}, - {FIELD_LITERAL(0x007a076500d30b62,0x000a6e117b7f090f,0x00c8712ae7eebd9a,0x000fbd6c1d5f6ff7,0x003a7977246ebf11,0x00166ed969c6600e,0x00aa42e469c98bec,0x00dc58f307cf0666)}, - }}, {{ - {FIELD_LITERAL(0x004b491f65a9a28b,0x006a10309e8a55b7,0x00b67210185187ef,0x00cf6497b12d9b8f,0x0085778c56e2b1ba,0x0015b4c07a814d85,0x00686479e62da561,0x008de5d88f114916)}, - {FIELD_LITERAL(0x00e37c88d6bba7b1,0x003e4577e1b8d433,0x0050d8ea5f510ec0,0x0042fc9f2da9ef59,0x003bd074c1141420,0x00561b8b7b68774e,0x00232e5e5d1013a3,0x006b7f2cb3d7e73f)}, - {FIELD_LITERAL(0x004bdd0f0b41e6a0,0x001773057c405d24,0x006029f99915bd97,0x006a5ba70a17fe2f,0x0046111977df7e08,0x004d8124c89fb6b7,0x00580983b2bb2724,0x00207bf330d6f3fe)}, - }}, {{ - {FIELD_LITERAL(0x007efdc93972a48b,0x002f5e50e78d5fee,0x0080dc11d61c7fe5,0x0065aa598707245b,0x009abba2300641be,0x000c68787656543a,0x00ffe0fef2dc0a17,0x00007ffbd6cb4f3a)}, - {FIELD_LITERAL(0x0036012f2b836efc,0x00458c126d6b5fbc,0x00a34436d719ad1e,0x0097be6167117dea,0x0009c219c879cff3,0x0065564493e60755,0x00993ac94a8cdec0,0x002d4885a4d0dbaf)}, - {FIELD_LITERAL(0x00598b60b4c068ba,0x00c547a0be7f1afd,0x009582164acf12af,0x00af4acac4fbbe40,0x005f6ca7c539121a,0x003b6e752ebf9d66,0x00f08a30d5cac5d4,0x00e399bb5f97c5a9)}, - }}, {{ - {FIELD_LITERAL(0x007445a0409c0a66,0x00a65c369f3829c0,0x0031d248a4f74826,0x006817f34defbe8e,0x00649741d95ebf2e,0x00d46466ab16b397,0x00fdc35703bee414,0x00343b43334525f8)}, - {FIELD_LITERAL(0x001796bea93f6401,0x00090c5a42e85269,0x00672412ba1252ed,0x001201d47b6de7de,0x006877bccfe66497,0x00b554fd97a4c161,0x009753f42dbac3cf,0x00e983e3e378270a)}, - {FIELD_LITERAL(0x00ac3eff18849872,0x00f0eea3bff05690,0x00a6d72c21dd505d,0x001b832642424169,0x00a6813017b540e5,0x00a744bd71b385cd,0x0022a7d089130a7b,0x004edeec9a133486)}, - }}, {{ - {FIELD_LITERAL(0x00b2d6729196e8a9,0x0088a9bb2031cef4,0x00579e7787dc1567,0x0030f49feb059190,0x00a0b1d69c7f7d8f,0x0040bdcc6d9d806f,0x00d76c4037edd095,0x00bbf24376415dd7)}, - {FIELD_LITERAL(0x00240465ff5a7197,0x00bb97e76caf27d0,0x004b4edbf8116d39,0x001d8586f708cbaa,0x000f8ee8ff8e4a50,0x00dde5a1945dd622,0x00e6fc1c0957e07c,0x0041c9cdabfd88a0)}, - {FIELD_LITERAL(0x005344b0bf5b548c,0x002957d0b705cc99,0x00f586a70390553d,0x0075b3229f583cc3,0x00a1aa78227490e4,0x001bf09cf7957717,0x00cf6bf344325f52,0x0065bd1c23ca3ecf)}, - }}, {{ - {FIELD_LITERAL(0x009bff3b3239363c,0x00e17368796ef7c0,0x00528b0fe0971f3a,0x0008014fc8d4a095,0x00d09f2e8a521ec4,0x006713ab5dde5987,0x0003015758e0dbb1,0x00215999f1ba212d)}, - {FIELD_LITERAL(0x002c88e93527da0e,0x0077c78f3456aad5,0x0071087a0a389d1c,0x00934dac1fb96dbd,0x008470e801162697,0x005bc2196cd4ad49,0x00e535601d5087c3,0x00769888700f497f)}, - {FIELD_LITERAL(0x00da7a4b557298ad,0x0019d2589ea5df76,0x00ef3e38be0c6497,0x00a9644e1312609a,0x004592f61b2558da,0x0082c1df510d7e46,0x0042809a535c0023,0x00215bcb5afd7757)}, - }}, {{ - {FIELD_LITERAL(0x002b9df55a1a4213,0x00dcfc3b464a26be,0x00c4f9e07a8144d5,0x00c8e0617a92b602,0x008e3c93accafae0,0x00bf1bcb95b2ca60,0x004ce2426a613bf3,0x00266cac58e40921)}, - {FIELD_LITERAL(0x008456d5db76e8f0,0x0032ca9cab2ce163,0x0059f2b8bf91abcf,0x0063c2a021712788,0x00f86155af22f72d,0x00db98b2a6c005a0,0x00ac6e416a693ac4,0x007a93572af53226)}, - {FIELD_LITERAL(0x0087767520f0de22,0x0091f64012279fb5,0x001050f1f0644999,0x004f097a2477ad3c,0x006b37913a9947bd,0x001a3d78645af241,0x0057832bbb3008a7,0x002c1d902b80dc20)}, - }}, {{ - {FIELD_LITERAL(0x001a6002bf178877,0x009bce168aa5af50,0x005fc318ff04a7f5,0x0052818f55c36461,0x008768f5d4b24afb,0x0037ffbae7b69c85,0x0018195a4b61edc0,0x001e12ea088434b2)}, - {FIELD_LITERAL(0x0047d3f804e7ab07,0x00a809ab5f905260,0x00b3ffc7cdaf306d,0x00746e8ec2d6e509,0x00d0dade8887a645,0x00acceeebde0dd37,0x009bc2579054686b,0x0023804f97f1c2bf)}, - {FIELD_LITERAL(0x0043e2e2e50b80d7,0x00143aafe4427e0f,0x005594aaecab855b,0x008b12ccaaecbc01,0x002deeb091082bc3,0x009cca4be2ae7514,0x00142b96e696d047,0x00ad2a2b1c05256a)}, - }}, {{ - {FIELD_LITERAL(0x003914f2f144b78b,0x007a95dd8bee6f68,0x00c7f4384d61c8e6,0x004e51eb60f1bdb2,0x00f64be7aa4621d8,0x006797bfec2f0ac0,0x007d17aab3c75900,0x001893e73cac8bc5)}, - {FIELD_LITERAL(0x00140360b768665b,0x00b68aca4967f977,0x0001089b66195ae4,0x00fe71122185e725,0x000bca2618d49637,0x00a54f0557d7e98a,0x00cdcd2f91d6f417,0x00ab8c13741fd793)}, - {FIELD_LITERAL(0x00725ee6b1e549e0,0x007124a0769777fa,0x000b68fdad07ae42,0x0085b909cd4952df,0x0092d2e3c81606f4,0x009f22f6cac099a0,0x00f59da57f2799a8,0x00f06c090122f777)}, - }}, {{ - {FIELD_LITERAL(0x00ce0bed0a3532bc,0x001a5048a22df16b,0x00e31db4cbad8bf1,0x00e89292120cf00e,0x007d1dd1a9b00034,0x00e2a9041ff8f680,0x006a4c837ae596e7,0x00713af1068070b3)}, - {FIELD_LITERAL(0x00c4fe64ce66d04b,0x00b095d52e09b3d7,0x00758bbecb1a3a8e,0x00f35cce8d0650c0,0x002b878aa5984473,0x0062e0a3b7544ddc,0x00b25b290ed116fe,0x007b0f6abe0bebf2)}, - {FIELD_LITERAL(0x0081d4e3addae0a8,0x003410c836c7ffcc,0x00c8129ad89e4314,0x000e3d5a23922dcd,0x00d91e46f29c31f3,0x006c728cde8c5947,0x002bc655ba2566c0,0x002ca94721533108)}, - }}, {{ - {FIELD_LITERAL(0x0051e4b3f764d8a9,0x0019792d46e904a0,0x00853bc13dbc8227,0x000840208179f12d,0x0068243474879235,0x0013856fbfe374d0,0x00bda12fe8676424,0x00bbb43635926eb2)}, - {FIELD_LITERAL(0x0012cdc880a93982,0x003c495b21cd1b58,0x00b7e5c93f22a26e,0x0044aa82dfb99458,0x009ba092cdffe9c0,0x00a14b3ab2083b73,0x000271c2f70e1c4b,0x00eea9cac0f66eb8)}, - {FIELD_LITERAL(0x001a1847c4ac5480,0x00b1b412935bb03a,0x00f74285983bf2b2,0x00624138b5b5d0f1,0x008820c0b03d38bf,0x00b94e50a18c1572,0x0060f6934841798f,0x00c52f5d66d6ebe2)}, - }}, {{ - {FIELD_LITERAL(0x00da23d59f9bcea6,0x00e0f27007a06a4b,0x00128b5b43a6758c,0x000cf50190fa8b56,0x00fc877aba2b2d72,0x00623bef52edf53f,0x00e6af6b819669e2,0x00e314dc34fcaa4f)}, - {FIELD_LITERAL(0x0066e5eddd164d1e,0x00418a7c6fe28238,0x0002e2f37e962c25,0x00f01f56b5975306,0x0048842fa503875c,0x0057b0e968078143,0x00ff683024f3d134,0x0082ae28fcad12e4)}, - {FIELD_LITERAL(0x0011ddfd21260e42,0x00d05b0319a76892,0x00183ea4368e9b8f,0x00b0815662affc96,0x00b466a5e7ce7c88,0x00db93b07506e6ee,0x0033885f82f62401,0x0086f9090ec9b419)}, - }}, {{ - {FIELD_LITERAL(0x00d95d1c5fcb435a,0x0016d1ed6b5086f9,0x00792aa0b7e54d71,0x0067b65715f1925d,0x00a219755ec6176b,0x00bc3f026b12c28f,0x00700c897ffeb93e,0x0089b83f6ec50b46)}, - {FIELD_LITERAL(0x003c97e6384da36e,0x00423d53eac81a09,0x00b70d68f3cdce35,0x00ee7959b354b92c,0x00f4e9718819c8ca,0x009349f12acbffe9,0x005aee7b62cb7da6,0x00d97764154ffc86)}, - {FIELD_LITERAL(0x00526324babb46dc,0x002ee99b38d7bf9e,0x007ea51794706ef4,0x00abeb04da6e3c39,0x006b457c1d281060,0x00fe243e9a66c793,0x00378de0fb6c6ee4,0x003e4194b9c3cb93)}, - }}, {{ - {FIELD_LITERAL(0x00fed3cd80ca2292,0x0015b043a73ca613,0x000a9fd7bf9be227,0x003b5e03de2db983,0x005af72d46904ef7,0x00c0f1b5c49faa99,0x00dc86fc3bd305e1,0x00c92f08c1cb1797)}, - {FIELD_LITERAL(0x0079680ce111ed3b,0x001a1ed82806122c,0x000c2e7466d15df3,0x002c407f6f7150fd,0x00c5e7c96b1b0ce3,0x009aa44626863ff9,0x00887b8b5b80be42,0x00b6023cec964825)}, - {FIELD_LITERAL(0x00e4a8e1048970c8,0x0062887b7830a302,0x00bcf1c8cd81402b,0x0056dbb81a68f5be,0x0014eced83f12452,0x00139e1a510150df,0x00bb81140a82d1a3,0x000febcc1aaf1aa7)}, - }}, {{ - {FIELD_LITERAL(0x00a7527958238159,0x0013ec9537a84cd6,0x001d7fee7d562525,0x00b9eefa6191d5e5,0x00dbc97db70bcb8a,0x00481affc7a4d395,0x006f73d3e70c31bb,0x00183f324ed96a61)}, - {FIELD_LITERAL(0x0039dd7ce7fc6860,0x00d64f6425653da1,0x003e037c7f57d0af,0x0063477a06e2bcf2,0x001727dbb7ac67e6,0x0049589f5efafe2e,0x00fc0fef2e813d54,0x008baa5d087fb50d)}, - {FIELD_LITERAL(0x0024fb59d9b457c7,0x00a7d4e060223e4c,0x00c118d1b555fd80,0x0082e216c732f22a,0x00cd2a2993089504,0x003638e836a3e13d,0x000d855ee89b4729,0x008ec5b7d4810c91)}, - }}, {{ - {FIELD_LITERAL(0x001bf51f7d65cdfd,0x00d14cdafa16a97d,0x002c38e60fcd10e7,0x00a27446e393efbd,0x000b5d8946a71fdd,0x0063df2cde128f2f,0x006c8679569b1888,0x0059ffc4925d732d)}, - {FIELD_LITERAL(0x00ece96f95f2b66f,0x00ece7952813a27b,0x0026fc36592e489e,0x007157d1a2de0f66,0x00759dc111d86ddf,0x0012881e5780bb0f,0x00c8ccc83ad29496,0x0012b9bd1929eb71)}, - {FIELD_LITERAL(0x000fa15a20da5df0,0x00349ddb1a46cd31,0x002c512ad1d8e726,0x00047611f669318d,0x009e68fba591e17e,0x004320dffa803906,0x00a640874951a3d3,0x00b6353478baa24f)}, - }}, {{ - {FIELD_LITERAL(0x009696510000d333,0x00ec2f788bc04826,0x000e4d02b1f67ba5,0x00659aa8dace08b6,0x00d7a38a3a3ae533,0x008856defa8c746b,0x004d7a4402d3da1a,0x00ea82e06229260f)}, - {FIELD_LITERAL(0x006a15bb20f75c0c,0x0079a144027a5d0c,0x00d19116ce0b4d70,0x0059b83bcb0b268e,0x005f58f63f16c127,0x0079958318ee2c37,0x00defbb063d07f82,0x00f1f0b931d2d446)}, - {FIELD_LITERAL(0x00cb5e4c3c35d422,0x008df885ca43577f,0x00fa50b16ca3e471,0x005a0e58e17488c8,0x00b2ceccd6d34d19,0x00f01d5d235e36e9,0x00db2e7e4be6ca44,0x00260ab77f35fccd)}, - }}, {{ - {FIELD_LITERAL(0x006f6fd9baac61d5,0x002a7710a020a895,0x009de0db7fc03d4d,0x00cdedcb1875f40b,0x00050caf9b6b1e22,0x005e3a6654456ab0,0x00775fdf8c4423d4,0x0028701ea5738b5d)}, - {FIELD_LITERAL(0x009ffd90abfeae96,0x00cba3c2b624a516,0x005ef08bcee46c91,0x00e6fde30afb6185,0x00f0b4db4f818ce4,0x006c54f45d2127f5,0x00040125035854c7,0x00372658a3287e13)}, - {FIELD_LITERAL(0x00d7070fb1beb2ab,0x0078fc845a93896b,0x006894a4b2f224a6,0x005bdd8192b9dbde,0x00b38839874b3a9e,0x00f93618b04b7a57,0x003e3ec75fd2c67e,0x00bf5e6bfc29494a)}, - }}, {{ - {FIELD_LITERAL(0x00f19224ebba2aa5,0x0074f89d358e694d,0x00eea486597135ad,0x0081579a4555c7e1,0x0010b9b872930a9d,0x00f002e87a30ecc0,0x009b9d66b6de56e2,0x00a3c4f45e8004eb)}, - {FIELD_LITERAL(0x0045e8dda9400888,0x002ff12e5fc05db7,0x00a7098d54afe69c,0x00cdbe846a500585,0x00879c1593ca1882,0x003f7a7fea76c8b0,0x002cd73dd0c8e0a1,0x00645d6ce96f51fe)}, - {FIELD_LITERAL(0x002b7e83e123d6d6,0x00398346f7419c80,0x0042922e55940163,0x005e7fc5601886a3,0x00e88f2cee1d3103,0x00e7fab135f2e377,0x00b059984dbf0ded,0x0009ce080faa5bb8)}, - }}, {{ - {FIELD_LITERAL(0x0085e78af7758979,0x00275a4ee1631a3a,0x00d26bc0ed78b683,0x004f8355ea21064f,0x00d618e1a32696e5,0x008d8d7b150e5680,0x00a74cd854b278d2,0x001dd62702203ea0)}, - {FIELD_LITERAL(0x00f89335c2a59286,0x00a0f5c905d55141,0x00b41fb836ee9382,0x00e235d51730ca43,0x00a5cb37b5c0a69a,0x009b966ffe136c45,0x00cb2ea10bf80ed1,0x00fb2b370b40dc35)}, - {FIELD_LITERAL(0x00d687d16d4ee8ba,0x0071520bdd069dff,0x00de85c60d32355d,0x0087d2e3565102f4,0x00cde391b8dfc9aa,0x00e18d69efdfefe5,0x004a9d0591954e91,0x00fa36dd8b50eee5)}, - }}, {{ - {FIELD_LITERAL(0x002e788749a865f7,0x006e4dc3116861ea,0x009f1428c37276e6,0x00e7d2e0fc1e1226,0x003aeebc6b6c45f6,0x0071a8073bf500c9,0x004b22ad986b530c,0x00f439e63c0d79d4)}, - {FIELD_LITERAL(0x006bc3d53011f470,0x00032d6e692b83e8,0x00059722f497cd0b,0x0009b4e6f0c497cc,0x0058a804b7cce6c0,0x002b71d3302bbd5d,0x00e2f82a36765fce,0x008dded99524c703)}, - {FIELD_LITERAL(0x004d058953747d64,0x00701940fe79aa6f,0x00a620ac71c760bf,0x009532b611158b75,0x00547ed7f466f300,0x003cb5ab53a8401a,0x00c7763168ce3120,0x007e48e33e4b9ab2)}, - }}, {{ - {FIELD_LITERAL(0x001b2fc57bf3c738,0x006a3f918993fb80,0x0026f7a14fdec288,0x0075a2cdccef08db,0x00d3ecbc9eecdbf1,0x0048c40f06e5bf7f,0x00d63e423009896b,0x000598bc99c056a8)}, - {FIELD_LITERAL(0x002f194eaafa46dc,0x008e38f57fe87613,0x00dc8e5ae25f4ab2,0x000a17809575e6bd,0x00d3ec7923ba366a,0x003a7e72e0ad75e3,0x0010024b88436e0a,0x00ed3c5444b64051)}, - {FIELD_LITERAL(0x00831fc1340af342,0x00c9645669466d35,0x007692b4cc5a080f,0x009fd4a47ac9259f,0x001eeddf7d45928b,0x003c0446fc45f28b,0x002c0713aa3e2507,0x0095706935f0f41e)}, - }}, {{ - {FIELD_LITERAL(0x00766ae4190ec6d8,0x0065768cabc71380,0x00b902598416cdc2,0x00380021ad38df52,0x008f0b89d6551134,0x004254d4cc62c5a5,0x000d79f4484b9b94,0x00b516732ae3c50e)}, - {FIELD_LITERAL(0x001fb73475c45509,0x00d2b2e5ea43345a,0x00cb3c3842077bd1,0x0029f90ad820946e,0x007c11b2380778aa,0x009e54ece62c1704,0x004bc60c41ca01c3,0x004525679a5a0b03)}, - {FIELD_LITERAL(0x00c64fbddbed87b3,0x0040601d11731faa,0x009c22475b6f9d67,0x0024b79dae875f15,0x00616fed3f02c3b0,0x0000cf39f6af2d3b,0x00c46bac0aa9a688,0x00ab23e2800da204)}, - }}, {{ - {FIELD_LITERAL(0x000b3a37617632b0,0x00597199fe1cfb6c,0x0042a7ccdfeafdd6,0x004cc9f15ebcea17,0x00f436e596a6b4a4,0x00168861142df0d8,0x000753edfec26af5,0x000c495d7e388116)}, - {FIELD_LITERAL(0x0017085f4a346148,0x00c7cf7a37f62272,0x001776e129bc5c30,0x009955134c9eef2a,0x001ba5bdf1df07be,0x00ec39497103a55c,0x006578354fda6cfb,0x005f02719d4f15ee)}, - {FIELD_LITERAL(0x0052b9d9b5d9655d,0x00d4ec7ba1b461c3,0x00f95df4974f280b,0x003d8e5ca11aeb51,0x00d4981eb5a70b26,0x000af9a4f6659f29,0x004598c846faeb43,0x0049d9a183a47670)}, - }}, {{ - {FIELD_LITERAL(0x000a72d23dcb3f1f,0x00a3737f84011727,0x00f870c0fbbf4a47,0x00a7aadd04b5c9ca,0x000c7715c67bd072,0x00015a136afcd74e,0x0080d5caea499634,0x0026b448ec7514b7)}, - {FIELD_LITERAL(0x00b60167d9e7d065,0x00e60ba0d07381e8,0x003a4f17b725c2d4,0x006c19fe176b64fa,0x003b57b31af86ccb,0x0021047c286180fd,0x00bdc8fb00c6dbb6,0x00fe4a9f4bab4f3f)}, - {FIELD_LITERAL(0x0088ffc3a16111f7,0x009155e4245d0bc8,0x00851d68220572d5,0x00557ace1e514d29,0x0031d7c339d91022,0x00101d0ae2eaceea,0x00246ab3f837b66a,0x00d5216d381ff530)}, - }}, {{ - {FIELD_LITERAL(0x0057e7ea35f36dae,0x00f47d7ad15de22e,0x00d757ea4b105115,0x008311457d579d7e,0x00b49b75b1edd4eb,0x0081c7ff742fd63a,0x00ddda3187433df6,0x00475727d55f9c66)}, - {FIELD_LITERAL(0x00a6295218dc136a,0x00563b3af0e9c012,0x00d3753b0145db1b,0x004550389c043dc1,0x00ea94ae27401bdf,0x002b0b949f2b7956,0x00c63f780ad8e23c,0x00e591c47d6bab15)}, - {FIELD_LITERAL(0x00416c582b058eb6,0x004107da5b2cc695,0x00b3cd2556aeec64,0x00c0b418267e57a1,0x001799293579bd2e,0x0046ed44590e4d07,0x001d7459b3630a1e,0x00c6afba8b6696aa)}, - }}, {{ - {FIELD_LITERAL(0x008d6009b26da3f8,0x00898e88ca06b1ca,0x00edb22b2ed7fe62,0x00fbc93516aabe80,0x008b4b470c42ce0d,0x00e0032ba7d0dcbb,0x00d76da3a956ecc8,0x007f20fe74e3852a)}, - {FIELD_LITERAL(0x002419222c607674,0x00a7f23af89188b3,0x00ad127284e73d1c,0x008bba582fae1c51,0x00fc6aa7ca9ecab1,0x003df5319eb6c2ba,0x002a05af8a8b199a,0x004bf8354558407c)}, - {FIELD_LITERAL(0x00ce7d4a30f0fcbf,0x00d02c272629f03d,0x0048c001f7400bc2,0x002c21368011958d,0x0098a550391e96b5,0x002d80b66390f379,0x001fa878760cc785,0x001adfce54b613d5)}, - }}, {{ - {FIELD_LITERAL(0x001ed4dc71fa2523,0x005d0bff19bf9b5c,0x00c3801cee065a64,0x001ed0b504323fbf,0x0003ab9fdcbbc593,0x00df82070178b8d2,0x00a2bcaa9c251f85,0x00c628a3674bd02e)}, - {FIELD_LITERAL(0x006b7a0674f9f8de,0x00a742414e5c7cff,0x0041cbf3c6e13221,0x00e3a64fd207af24,0x0087c05f15fbe8d1,0x004c50936d9e8a33,0x001306ec21042b6d,0x00a4f4137d1141c2)}, - {FIELD_LITERAL(0x0009e6fb921568b0,0x00b3c60120219118,0x002a6c3460dd503a,0x009db1ef11654b54,0x0063e4bf0be79601,0x00670d34bb2592b9,0x00dcee2f6c4130ce,0x00b2682e88e77f54)}, - }}, {{ - {FIELD_LITERAL(0x000d5b4b3da135ab,0x00838f3e5064d81d,0x00d44eb50f6d94ed,0x0008931ab502ac6d,0x00debe01ca3d3586,0x0025c206775f0641,0x005ad4b6ae912763,0x007e2c318ad8f247)}, - {FIELD_LITERAL(0x00ddbe0750dd1add,0x004b3c7b885844b8,0x00363e7ecf12f1ae,0x0062e953e6438f9d,0x0023cc73b076afe9,0x00b09fa083b4da32,0x00c7c3d2456c541d,0x005b591ec6b694d4)}, - {FIELD_LITERAL(0x0028656e19d62fcf,0x0052a4af03df148d,0x00122765ddd14e42,0x00f2252904f67157,0x004741965b636f3a,0x006441d296132cb9,0x005e2106f956a5b7,0x00247029592d335c)}, - }}, {{ - {FIELD_LITERAL(0x003fe038eb92f894,0x000e6da1b72e8e32,0x003a1411bfcbe0fa,0x00b55d473164a9e4,0x00b9a775ac2df48d,0x0002ddf350659e21,0x00a279a69eb19cb3,0x00f844eab25cba44)}, - {FIELD_LITERAL(0x00c41d1f9c1f1ac1,0x007b2df4e9f19146,0x00b469355fd5ba7a,0x00b5e1965afc852a,0x00388d5f1e2d8217,0x0022079e4c09ae93,0x0014268acd4ef518,0x00c1dd8d9640464c)}, - {FIELD_LITERAL(0x0038526adeed0c55,0x00dd68c607e3fe85,0x00f746ddd48a5d57,0x0042f2952b963b7c,0x001cbbd6876d5ec2,0x005e341470bca5c2,0x00871d41e085f413,0x00e53ab098f45732)}, - }}, {{ - {FIELD_LITERAL(0x004d51124797c831,0x008f5ae3750347ad,0x0070ced94c1a0c8e,0x00f6db2043898e64,0x000d00c9a5750cd0,0x000741ec59bad712,0x003c9d11aab37b7f,0x00a67ba169807714)}, - {FIELD_LITERAL(0x00adb2c1566e8b8f,0x0096c68a35771a9a,0x00869933356f334a,0x00ba9c93459f5962,0x009ec73fb6e8ca4b,0x003c3802c27202e1,0x0031f5b733e0c008,0x00f9058c19611fa9)}, - {FIELD_LITERAL(0x00238f01814a3421,0x00c325a44b6cce28,0x002136f97aeb0e73,0x000cac8268a4afe2,0x0022fd218da471b3,0x009dcd8dfff8def9,0x00cb9f8181d999bb,0x00143ae56edea349)}, - }}, {{ - {FIELD_LITERAL(0x0000623bf87622c5,0x00a1966fdd069496,0x00c315b7b812f9fc,0x00bdf5efcd128b97,0x001d464f532e3e16,0x003cd94f081bfd7e,0x00ed9dae12ce4009,0x002756f5736eee70)}, - {FIELD_LITERAL(0x00a5187e6ee7341b,0x00e6d52e82d83b6e,0x00df3c41323094a7,0x00b3324f444e9de9,0x00689eb21a35bfe5,0x00f16363becd548d,0x00e187cc98e7f60f,0x00127d9062f0ccab)}, - {FIELD_LITERAL(0x004ad71b31c29e40,0x00a5fcace12fae29,0x004425b5597280ed,0x00e7ef5d716c3346,0x0010b53ada410ac8,0x0092310226060c9b,0x0091c26128729c7e,0x0088b42900f8ec3b)}, - }}, {{ - {FIELD_LITERAL(0x00f1e26e9762d4a8,0x00d9d74082183414,0x00ffec9bd57a0282,0x000919e128fd497a,0x00ab7ae7d00fe5f8,0x0054dc442851ff68,0x00c9ebeb3b861687,0x00507f7cab8b698f)}, - {FIELD_LITERAL(0x00c13c5aae3ae341,0x009c6c9ed98373e7,0x00098f26864577a8,0x0015b886e9488b45,0x0037692c42aadba5,0x00b83170b8e7791c,0x001670952ece1b44,0x00fd932a39276da2)}, - {FIELD_LITERAL(0x0081a3259bef3398,0x005480fff416107b,0x00ce4f607d21be98,0x003ffc084b41df9b,0x0043d0bb100502d1,0x00ec35f575ba3261,0x00ca18f677300ef3,0x00e8bb0a827d8548)}, - }}, {{ - {FIELD_LITERAL(0x00df76b3328ada72,0x002e20621604a7c2,0x00f910638a105b09,0x00ef4724d96ef2cd,0x00377d83d6b8a2f7,0x00b4f48805ade324,0x001cd5da8b152018,0x0045af671a20ca7f)}, - {FIELD_LITERAL(0x009ae3b93a56c404,0x004a410b7a456699,0x00023a619355e6b2,0x009cdc7297387257,0x0055b94d4ae70d04,0x002cbd607f65b005,0x003208b489697166,0x00ea2aa058867370)}, - {FIELD_LITERAL(0x00f29d2598ee3f32,0x00b4ac5385d82adc,0x007633eaf04df19b,0x00aa2d3d77ceab01,0x004a2302fcbb778a,0x00927f225d5afa34,0x004a8e9d5047f237,0x008224ae9dbce530)}, - }}, {{ - {FIELD_LITERAL(0x001cf640859b02f8,0x00758d1d5d5ce427,0x00763c784ef4604c,0x005fa81aee205270,0x00ac537bfdfc44cb,0x004b919bd342d670,0x00238508d9bf4b7a,0x00154888795644f3)}, - {FIELD_LITERAL(0x00c845923c084294,0x00072419a201bc25,0x0045f408b5f8e669,0x00e9d6a186b74dfe,0x00e19108c68fa075,0x0017b91d874177b7,0x002f0ca2c7912c5a,0x009400aa385a90a2)}, - {FIELD_LITERAL(0x0071110b01482184,0x00cfed0044f2bef8,0x0034f2901cf4662e,0x003b4ae2a67f9834,0x00cca9b96fe94810,0x00522507ae77abd0,0x00bac7422721e73e,0x0066622b0f3a62b0)}, - }}, {{ - {FIELD_LITERAL(0x00f8ac5cf4705b6a,0x00867d82dcb457e3,0x007e13ab2ccc2ce9,0x009ee9a018d3930e,0x008370f8ecb42df8,0x002d9f019add263e,0x003302385b92d196,0x00a15654536e2c0c)}, - {FIELD_LITERAL(0x0026ef1614e160af,0x00c023f9edfc9c76,0x00cff090da5f57ba,0x0076db7a66643ae9,0x0019462f8c646999,0x008fec00b3854b22,0x00d55041692a0a1c,0x0065db894215ca00)}, - {FIELD_LITERAL(0x00a925036e0a451c,0x002a0390c36b6cc1,0x00f27020d90894f4,0x008d90d52cbd3d7f,0x00e1d0137392f3b8,0x00f017c158b51a8f,0x00cac313d3ed7dbc,0x00b99a81e3eb42d3)}, - }}, {{ - {FIELD_LITERAL(0x00b54850275fe626,0x0053a3fd1ec71140,0x00e3d2d7dbe096fa,0x00e4ac7b595cce4c,0x0077bad449c0a494,0x00b7c98814afd5b3,0x0057226f58486cf9,0x00b1557154f0cc57)}, - {FIELD_LITERAL(0x008cc9cd236315c0,0x0031d9c5b39fda54,0x00a5713ef37e1171,0x00293d5ae2886325,0x00c4aba3e05015e1,0x0003f35ef78e4fc6,0x0039d6bd3ac1527b,0x0019d7c3afb77106)}, - {FIELD_LITERAL(0x007b162931a985af,0x00ad40a2e0daa713,0x006df27c4009f118,0x00503e9f4e2e8bec,0x00751a77c82c182d,0x000298937769245b,0x00ffb1e8fabf9ee5,0x0008334706e09abe)}, - }}, {{ - {FIELD_LITERAL(0x00dbca4e98a7dcd9,0x00ee29cfc78bde99,0x00e4a3b6995f52e9,0x0045d70189ae8096,0x00fd2a8a3b9b0d1b,0x00af1793b107d8e1,0x00dbf92cbe4afa20,0x00da60f798e3681d)}, - {FIELD_LITERAL(0x004246bfcecc627a,0x004ba431246c03a4,0x00bd1d101872d497,0x003b73d3f185ee16,0x001feb2e2678c0e3,0x00ff13c5a89dec76,0x00ed06042e771d8f,0x00a4fd2a897a83dd)}, - {FIELD_LITERAL(0x009a4a3be50d6597,0x00de3165fc5a1096,0x004f3f56e345b0c7,0x00f7bf721d5ab8bc,0x004313e47b098c50,0x00e4c7d5c0e1adbb,0x002e3e3db365051e,0x00a480c2cd6a96fb)}, - }}, {{ - {FIELD_LITERAL(0x00417fa30a7119ed,0x00af257758419751,0x00d358a487b463d4,0x0089703cc720b00d,0x00ce56314ff7f271,0x0064db171ade62c1,0x00640b36d4a22fed,0x00424eb88696d23f)}, - {FIELD_LITERAL(0x004ede34af2813f3,0x00d4a8e11c9e8216,0x004796d5041de8a5,0x00c4c6b4d21cc987,0x00e8a433ee07fa1e,0x0055720b5abcc5a1,0x008873ea9c74b080,0x005b3fec1ab65d48)}, - {FIELD_LITERAL(0x0047e5277db70ec5,0x000a096c66db7d6b,0x00b4164cc1730159,0x004a9f783fe720fe,0x00a8177b94449dbc,0x0095a24ff49a599f,0x0069c1c578250cbc,0x00452019213debf4)}, - }}, {{ - {FIELD_LITERAL(0x0021ce99e09ebda3,0x00fcbd9f91875ad0,0x009bbf6b7b7a0b5f,0x00388886a69b1940,0x00926a56d0f81f12,0x00e12903c3358d46,0x005dfce4e8e1ce9d,0x0044cfa94e2f7e23)}, - {FIELD_LITERAL(0x001bd59c09e982ea,0x00f72daeb937b289,0x0018b76dca908e0e,0x00edb498512384ad,0x00ce0243b6cc9538,0x00f96ff690cb4e70,0x007c77bf9f673c8d,0x005bf704c088a528)}, - {FIELD_LITERAL(0x0093d4628dcb33be,0x0095263d51d42582,0x0049b3222458fe06,0x00e7fce73b653a7f,0x003ca2ebce60b369,0x00c5de239a32bea4,0x0063b8b3d71fb6bf,0x0039aeeb78a1a839)}, - }}, {{ - {FIELD_LITERAL(0x007dc52da400336c,0x001fded1e15b9457,0x00902e00f5568e3a,0x00219bef40456d2d,0x005684161fb3dbc9,0x004a4e9be49a76ea,0x006e685ae88b78ff,0x0021c42f13042d3c)}, - {FIELD_LITERAL(0x00fb22bb5fd3ce50,0x0017b48aada7ae54,0x00fd5c44ad19a536,0x000ccc4e4e55e45c,0x00fd637d45b4c3f5,0x0038914e023c37cf,0x00ac1881d6a8d898,0x00611ed8d3d943a8)}, - {FIELD_LITERAL(0x0056e2259d113d2b,0x00594819b284ec16,0x00c7bf794bb36696,0x00721ee75097cdc6,0x00f71be9047a2892,0x00df6ba142564edf,0x0069580b7a184e8d,0x00f056e38fca0fee)}, - }}, {{ - {FIELD_LITERAL(0x009df98566a18c6d,0x00cf3a200968f219,0x0044ba60da6d9086,0x00dbc9c0e344da03,0x000f9401c4466855,0x00d46a57c5b0a8d1,0x00875a635d7ac7c6,0x00ef4a933b7e0ae6)}, - {FIELD_LITERAL(0x005e8694077a1535,0x008bef75f71c8f1d,0x000a7c1316423511,0x00906e1d70604320,0x003fc46c1a2ffbd6,0x00d1d5022e68f360,0x002515fba37bbf46,0x00ca16234e023b44)}, - {FIELD_LITERAL(0x00787c99561f4690,0x00a857a8c1561f27,0x00a10df9223c09fe,0x00b98a9562e3b154,0x004330b8744c3ed2,0x00e06812807ec5c4,0x00e4cf6a7db9f1e3,0x00d95b089f132a34)}, - }}, {{ - {FIELD_LITERAL(0x002922b39ca33eec,0x0090d12a5f3ab194,0x00ab60c02fb5f8ed,0x00188d292abba1cf,0x00e10edec9698f6e,0x0069a4d9934133c8,0x0024aac40e6d3d06,0x001702c2177661b0)}, - {FIELD_LITERAL(0x00139078397030bd,0x000e3c447e859a00,0x0064a5b334c82393,0x00b8aabeb7358093,0x00020778bb9ae73b,0x0032ee94c7892a18,0x008215253cb41bda,0x005e2797593517ae)}, - {FIELD_LITERAL(0x0083765a5f855d4a,0x0051b6d1351b8ee2,0x00116de548b0f7bb,0x0087bd88703affa0,0x0095b2cc34d7fdd2,0x0084cd81b53f0bc8,0x008562fc995350ed,0x00a39abb193651e3)}, - }}, {{ - {FIELD_LITERAL(0x0019e23f0474b114,0x00eb94c2ad3b437e,0x006ddb34683b75ac,0x00391f9209b564c6,0x00083b3bb3bff7aa,0x00eedcd0f6dceefc,0x00b50817f794fe01,0x0036474deaaa75c9)}, - {FIELD_LITERAL(0x0091868594265aa2,0x00797accae98ca6d,0x0008d8c5f0f8a184,0x00d1f4f1c2b2fe6e,0x0036783dfb48a006,0x008c165120503527,0x0025fd780058ce9b,0x0068beb007be7d27)}, - {FIELD_LITERAL(0x00d0ff88aa7c90c2,0x00b2c60dacf53394,0x0094a7284d9666d6,0x00bed9022ce7a19d,0x00c51553f0cd7682,0x00c3fb870b124992,0x008d0bc539956c9b,0x00fc8cf258bb8885)}, - }}, {{ - {FIELD_LITERAL(0x003667bf998406f8,0x0000115c43a12975,0x001e662f3b20e8fd,0x0019ffa534cb24eb,0x00016be0dc8efb45,0x00ff76a8b26243f5,0x00ae20d241a541e3,0x0069bd6af13cd430)}, - {FIELD_LITERAL(0x0045fdc16487cda3,0x00b2d8e844cf2ed7,0x00612c50e88c1607,0x00a08aabc66c1672,0x006031fdcbb24d97,0x001b639525744b93,0x004409d62639ab17,0x00a1853d0347ab1d)}, - {FIELD_LITERAL(0x0075a1a56ebf5c21,0x00a3e72be9ac53ed,0x00efcde1629170c2,0x0004225fe91ef535,0x0088049fc73dfda7,0x004abc74857e1288,0x0024e2434657317c,0x00d98cb3d3e5543c)}, - }}, {{ - {FIELD_LITERAL(0x00b4b53eab6bdb19,0x009b22d8b43711d0,0x00d948b9d961785d,0x00cb167b6f279ead,0x00191de3a678e1c9,0x00d9dd9511095c2e,0x00f284324cd43067,0x00ed74fa535151dd)}, - {FIELD_LITERAL(0x007e32c049b5c477,0x009d2bfdbd9bcfd8,0x00636e93045938c6,0x007fde4af7687298,0x0046a5184fafa5d3,0x0079b1e7f13a359b,0x00875adf1fb927d6,0x00333e21c61bcad2)}, - {FIELD_LITERAL(0x00048014f73d8b8d,0x0075684aa0966388,0x0092be7df06dc47c,0x0097cebcd0f5568a,0x005a7004d9c4c6a9,0x00b0ecbb659924c7,0x00d90332dd492a7c,0x0057fc14df11493d)}, - }}, {{ - {FIELD_LITERAL(0x0008ed8ea0ad95be,0x0041d324b9709645,0x00e25412257a19b4,0x0058df9f3423d8d2,0x00a9ab20def71304,0x009ae0dbf8ac4a81,0x00c9565977e4392a,0x003c9269444baf55)}, - {FIELD_LITERAL(0x007df6cbb926830b,0x00d336058ae37865,0x007af47dac696423,0x0048d3011ec64ac8,0x006b87666e40049f,0x0036a2e0e51303d7,0x00ba319bd79dbc55,0x003e2737ecc94f53)}, - {FIELD_LITERAL(0x00d296ff726272d9,0x00f6d097928fcf57,0x00e0e616a55d7013,0x00deaf454ed9eac7,0x0073a56bedef4d92,0x006ccfdf6fc92e19,0x009d1ee1371a7218,0x00ee3c2ee4462d80)}, - }}, {{ - {FIELD_LITERAL(0x00437bce9bccdf9d,0x00e0c8e2f85dc0a3,0x00c91a7073995a19,0x00856ec9fe294559,0x009e4b33394b156e,0x00e245b0dc497e5c,0x006a54e687eeaeff,0x00f1cd1cd00fdb7c)}, - {FIELD_LITERAL(0x008132ae5c5d8cd1,0x00121d68324a1d9f,0x00d6be9dafcb8c76,0x00684d9070edf745,0x00519fbc96d7448e,0x00388182fdc1f27e,0x000235baed41f158,0x00bf6cf6f1a1796a)}, - {FIELD_LITERAL(0x002adc4b4d148219,0x003084ada0d3a90a,0x0046de8aab0f2e4e,0x00452d342a67b5fd,0x00d4b50f01d4de21,0x00db6d9fc0cefb79,0x008c184c86a462cd,0x00e17c83764d42da)}, - }}, {{ - {FIELD_LITERAL(0x007b2743b9a1e01a,0x007847ffd42688c4,0x006c7844d610a316,0x00f0cb8b250aa4b0,0x00a19060143b3ae6,0x0014eb10b77cfd80,0x000170905729dd06,0x00063b5b9cd72477)}, - {FIELD_LITERAL(0x00ce382dc7993d92,0x00021153e938b4c8,0x00096f7567f48f51,0x0058f81ddfe4b0d5,0x00cc379a56b355c7,0x002c760770d3e819,0x00ee22d1d26e5a40,0x00de6d93d5b082d7)}, - {FIELD_LITERAL(0x000a91a42c52e056,0x00185f6b77fce7ea,0x000803c51962f6b5,0x0022528582ba563d,0x0043f8040e9856d6,0x0085a29ec81fb860,0x005f9a611549f5ff,0x00c1f974ecbd4b06)}, - }}, {{ - {FIELD_LITERAL(0x005b64c6fd65ec97,0x00c1fdd7f877bc7f,0x000d9cc6c89f841c,0x005c97b7f1aff9ad,0x0075e3c61475d47e,0x001ecb1ba8153011,0x00fe7f1c8d71d40d,0x003fa9757a229832)}, - {FIELD_LITERAL(0x00ffc5c89d2b0cba,0x00d363d42e3e6fc3,0x0019a1a0118e2e8a,0x00f7baeff48882e1,0x001bd5af28c6b514,0x0055476ca2253cb2,0x00d8eb1977e2ddf3,0x00b173b1adb228a1)}, - {FIELD_LITERAL(0x00f2cb99dd0ad707,0x00e1e08b6859ddd8,0x000008f2d0650bcc,0x00d7ed392f8615c3,0x00976750a94da27f,0x003e83bb0ecb69ba,0x00df8e8d15c14ac6,0x00f9f7174295d9c2)}, - }}, {{ - {FIELD_LITERAL(0x00f11cc8e0e70bcb,0x00e5dc689974e7dd,0x0014e409f9ee5870,0x00826e6689acbd63,0x008a6f4e3d895d88,0x00b26a8da41fd4ad,0x000fb7723f83efd7,0x009c749db0a5f6c3)}, - {FIELD_LITERAL(0x002389319450f9ba,0x003677f31aa1250a,0x0092c3db642f38cb,0x00f8b64c0dfc9773,0x00cd49fe3505b795,0x0068105a4090a510,0x00df0ba2072a8bb6,0x00eb396143afd8be)}, - {FIELD_LITERAL(0x00a0d4ecfb24cdff,0x00ddaf8008ba6479,0x00f0b3e36d4b0f44,0x003734bd3af1f146,0x00b87e2efc75527e,0x00d230df55ddab50,0x002613257ae56c1d,0x00bc0946d135934d)}, - }}, {{ - {FIELD_LITERAL(0x00468711bd994651,0x0033108fa67561bf,0x0089d760192a54b4,0x00adc433de9f1871,0x000467d05f36e050,0x007847e0f0579f7f,0x00a2314ad320052d,0x00b3a93649f0b243)}, - {FIELD_LITERAL(0x0067f8f0c4fe26c9,0x0079c4a3cc8f67b9,0x0082b1e62f23550d,0x00f2d409caefd7f5,0x0080e67dcdb26e81,0x0087ae993ea1f98a,0x00aa108becf61d03,0x001acf11efb608a3)}, - {FIELD_LITERAL(0x008225febbab50d9,0x00f3b605e4dd2083,0x00a32b28189e23d2,0x00d507e5e5eb4c97,0x005a1a84e302821f,0x0006f54c1c5f08c7,0x00a347c8cb2843f0,0x0009f73e9544bfa5)}, - }}, {{ - {FIELD_LITERAL(0x006c59c9ae744185,0x009fc32f1b4282cd,0x004d6348ca59b1ac,0x00105376881be067,0x00af4096013147dc,0x004abfb5a5cb3124,0x000d2a7f8626c354,0x009c6ed568e07431)}, - {FIELD_LITERAL(0x00e828333c297f8b,0x009ef3cf8c3f7e1f,0x00ab45f8fff31cb9,0x00c8b4178cb0b013,0x00d0c50dd3260a3f,0x0097126ac257f5bc,0x0042376cc90c705a,0x001d96fdb4a1071e)}, - {FIELD_LITERAL(0x00542d44d89ee1a8,0x00306642e0442d98,0x0090853872b87338,0x002362cbf22dc044,0x002c222adff663b8,0x0067c924495fcb79,0x000e621d983c977c,0x00df77a9eccb66fb)}, - }}, {{ - {FIELD_LITERAL(0x002809e4bbf1814a,0x00b9e854f9fafb32,0x00d35e67c10f7a67,0x008f1bcb76e748cf,0x004224d9515687d2,0x005ba0b774e620c4,0x00b5e57db5d54119,0x00e15babe5683282)}, - {FIELD_LITERAL(0x00832d02369b482c,0x00cba52ff0d93450,0x003fa9c908d554db,0x008d1e357b54122f,0x00abd91c2dc950c6,0x007eff1df4c0ec69,0x003f6aeb13fb2d31,0x00002d6179fc5b2c)}, - {FIELD_LITERAL(0x0046c9eda81c9c89,0x00b60cb71c8f62fc,0x0022f5a683baa558,0x00f87319fccdf997,0x009ca09b51ce6a22,0x005b12baf4af7d77,0x008a46524a1e33e2,0x00035a77e988be0d)}, - }}, {{ - {FIELD_LITERAL(0x00a7efe46a7dbe2f,0x002f66fd55014fe7,0x006a428afa1ff026,0x0056caaa9604ab72,0x0033f3bcd7fac8ae,0x00ccb1aa01c86764,0x00158d1edf13bf40,0x009848ee76fcf3b4)}, - {FIELD_LITERAL(0x00a9e7730a819691,0x00d9cc73c4992b70,0x00e299bde067de5a,0x008c314eb705192a,0x00e7226f17e8a3cc,0x0029dfd956e65a47,0x0053a8e839073b12,0x006f942b2ab1597e)}, - {FIELD_LITERAL(0x001c3d780ecd5e39,0x0094f247fbdcc5fe,0x00d5c786fd527764,0x00b6f4da74f0db2a,0x0080f1f8badcd5fc,0x00f36a373ad2e23b,0x00f804f9f4343bf2,0x00d1af40ec623982)}, - }}, {{ - {FIELD_LITERAL(0x0082aeace5f1b144,0x00f68b3108cf4dd3,0x00634af01dde3020,0x000beab5df5c2355,0x00e8b790d1b49b0b,0x00e48d15854e36f4,0x0040ab2d95f3db9f,0x002711c4ed9e899a)}, - {FIELD_LITERAL(0x0039343746531ebe,0x00c8509d835d429d,0x00e79eceff6b0018,0x004abfd31e8efce5,0x007bbfaaa1e20210,0x00e3be89c193e179,0x001c420f4c31d585,0x00f414a315bef5ae)}, - {FIELD_LITERAL(0x007c296a24990df8,0x00d5d07525a75588,0x00dd8e113e94b7e7,0x007bbc58febe0cc8,0x0029f51af9bfcad3,0x007e9311ec7ab6f3,0x009a884de1676343,0x0050d5f2dce84be9)}, - }}, {{ - {FIELD_LITERAL(0x005fa020cca2450a,0x00491c29db6416d8,0x0037cefe3f9f9a85,0x003d405230647066,0x0049e835f0fdbe89,0x00feb78ac1a0815c,0x00828e4b32dc9724,0x00db84f2dc8d6fd4)}, - {FIELD_LITERAL(0x0098cddc8b39549a,0x006da37e3b05d22c,0x00ce633cfd4eb3cb,0x00fda288ef526acd,0x0025338878c5d30a,0x00f34438c4e5a1b4,0x00584efea7c310f1,0x0041a551f1b660ad)}, - {FIELD_LITERAL(0x00d7f7a8fbd6437a,0x0062872413bf3753,0x00ad4bbcb43c584b,0x007fe49be601d7e3,0x0077c659789babf4,0x00eb45fcb06a741b,0x005ce244913f9708,0x0088426401736326)}, - }}, {{ - {FIELD_LITERAL(0x007bf562ca768d7c,0x006c1f3a174e387c,0x00f024b447fee939,0x007e7af75f01143f,0x003adb70b4eed89d,0x00e43544021ad79a,0x0091f7f7042011f6,0x0093c1a1ee3a0ddc)}, - {FIELD_LITERAL(0x00a0b68ec1eb72d2,0x002c03235c0d45a0,0x00553627323fe8c5,0x006186e94b17af94,0x00a9906196e29f14,0x0025b3aee6567733,0x007e0dd840080517,0x0018eb5801a4ba93)}, - {FIELD_LITERAL(0x00d7fe7017bf6a40,0x006e3f0624be0c42,0x00ffbba205358245,0x00f9fc2cf8194239,0x008d93b37bf15b4e,0x006ddf2e38be8e95,0x002b6e79bf5fcff9,0x00ab355da425e2de)}, - }}, {{ - {FIELD_LITERAL(0x00938f97e20be973,0x0099141a36aaf306,0x0057b0ca29e545a1,0x0085db571f9fbc13,0x008b333c554b4693,0x0043ab6ef3e241cb,0x0054fb20aa1e5c70,0x00be0ff852760adf)}, - {FIELD_LITERAL(0x003973d8938971d6,0x002aca26fa80c1f5,0x00108af1faa6b513,0x00daae275d7924e6,0x0053634ced721308,0x00d2355fe0bbd443,0x00357612b2d22095,0x00f9bb9dd4136cf3)}, - {FIELD_LITERAL(0x002bff12cf5e03a5,0x001bdb1fa8a19cf8,0x00c91c6793f84d39,0x00f869f1b2eba9af,0x0059bc547dc3236b,0x00d91611d6d38689,0x00e062daaa2c0214,0x00ed3c047cc2bc82)}, - }}, {{ - {FIELD_LITERAL(0x000050d70c32b31a,0x001939d576d437b3,0x00d709e598bf9fe6,0x00a885b34bd2ee9e,0x00dd4b5c08ab1a50,0x0091bebd50b55639,0x00cf79ff64acdbc6,0x006067a39d826336)}, - {FIELD_LITERAL(0x0062dd0fb31be374,0x00fcc96b84c8e727,0x003f64f1375e6ae3,0x0057d9b6dd1af004,0x00d6a167b1103c7b,0x00dd28f3180fb537,0x004ff27ad7167128,0x008934c33461f2ac)}, - {FIELD_LITERAL(0x0065b472b7900043,0x00ba7efd2ff1064b,0x000b67d6c4c3020f,0x0012d28469f4e46d,0x0031c32939703ec7,0x00b49f0bce133066,0x00f7e10416181d47,0x005c90f51867eecc)}, - }}, {{ - {FIELD_LITERAL(0x0051207abd179101,0x00fc2a5c20d9c5da,0x00fb9d5f2701b6df,0x002dd040fdea82b8,0x00f163b0738442ff,0x00d9736bd68855b8,0x00e0d8e93005e61c,0x00df5a40b3988570)}, - {FIELD_LITERAL(0x0006918f5dfce6dc,0x00d4bf1c793c57fb,0x0069a3f649435364,0x00e89a50e5b0cd6e,0x00b9f6a237e973af,0x006d4ed8b104e41d,0x00498946a3924cd2,0x00c136ec5ac9d4f7)}, - {FIELD_LITERAL(0x0011a9c290ac5336,0x002b9a2d4a6a6533,0x009a8a68c445d937,0x00361b27b07e5e5c,0x003c043b1755b974,0x00b7eb66cf1155ee,0x0077af5909eefff2,0x0098f609877cc806)}, - }}, {{ - {FIELD_LITERAL(0x00ab13af436bf8f4,0x000bcf0a0dac8574,0x00d50c864f705045,0x00c40e611debc842,0x0085010489bd5caa,0x007c5050acec026f,0x00f67d943c8da6d1,0x00de1da0278074c6)}, - {FIELD_LITERAL(0x00b373076597455f,0x00e83f1af53ac0f5,0x0041f63c01dc6840,0x0097dea19b0c6f4b,0x007f9d63b4c1572c,0x00e692d492d0f5f0,0x00cbcb392e83b4ad,0x0069c0f39ed9b1a8)}, - {FIELD_LITERAL(0x00861030012707c9,0x009fbbdc7fd4aafb,0x008f591d6b554822,0x00df08a41ea18ade,0x009d7d83e642abea,0x0098c71bda3b78ff,0x0022c89e7021f005,0x0044d29a3fe1e3c4)}, - }}, {{ - {FIELD_LITERAL(0x00e748cd7b5c52f2,0x00ea9df883f89cc3,0x0018970df156b6c7,0x00c5a46c2a33a847,0x00cbde395e32aa09,0x0072474ebb423140,0x00fb00053086a23d,0x001dafcfe22d4e1f)}, - {FIELD_LITERAL(0x00c903ee6d825540,0x00add6c4cf98473e,0x007636efed4227f1,0x00905124ae55e772,0x00e6b38fab12ed53,0x0045e132b863fe55,0x003974662edb366a,0x00b1787052be8208)}, - {FIELD_LITERAL(0x00a614b00d775c7c,0x00d7c78941cc7754,0x00422dd68b5dabc4,0x00a6110f0167d28b,0x00685a309c252886,0x00b439ffd5143660,0x003656e29ee7396f,0x00c7c9b9ed5ad854)}, - }}, {{ - {FIELD_LITERAL(0x0040f7e7c5b37bf2,0x0064e4dc81181bba,0x00a8767ae2a366b6,0x001496b4f90546f2,0x002a28493f860441,0x0021f59513049a3a,0x00852d369a8b7ee3,0x00dd2e7d8b7d30a9)}, - {FIELD_LITERAL(0x00006e34a35d9fbc,0x00eee4e48b2f019a,0x006b344743003a5f,0x00541d514f04a7e3,0x00e81f9ee7647455,0x005e2b916c438f81,0x00116f8137b7eff0,0x009bd3decc7039d1)}, - {FIELD_LITERAL(0x0005d226f434110d,0x00af8288b8ef21d5,0x004a7a52ef181c8c,0x00be0b781b4b06de,0x00e6e3627ded07e1,0x00e43aa342272b8b,0x00e86ab424577d84,0x00fb292c566e35bb)}, - }}, {{ - {FIELD_LITERAL(0x00334f5303ea1222,0x00dfb3dbeb0a5d3e,0x002940d9592335c1,0x00706a7a63e8938a,0x005a533558bc4caf,0x00558e33192022a9,0x00970d9faf74c133,0x002979fcb63493ca)}, - {FIELD_LITERAL(0x00e38abece3c82ab,0x005a51f18a2c7a86,0x009dafa2e86d592e,0x00495a62eb688678,0x00b79df74c0eb212,0x0023e8cc78b75982,0x005998cb91075e13,0x00735aa9ba61bc76)}, - {FIELD_LITERAL(0x00d9f7a82ddbe628,0x00a1fc782889ae0f,0x0071ffda12d14b66,0x0037cf4eca7fb3d5,0x00c80bc242c58808,0x0075bf8c2d08c863,0x008d41f31afc52a7,0x00197962ecf38741)}, - }}, {{ - {FIELD_LITERAL(0x006e9f475cccf2ee,0x00454b9cd506430c,0x00224a4fb79ee479,0x0062e3347ef0b5e2,0x0034fd2a3512232a,0x00b8b3cb0f457046,0x00eb20165daa38ec,0x00128eebc2d9c0f7)}, - {FIELD_LITERAL(0x00bfc5fa1e4ea21f,0x00c21d7b6bb892e6,0x00cf043f3acf0291,0x00c13f2f849b3c90,0x00d1a97ebef10891,0x0061e130a445e7fe,0x0019513fdedbf22b,0x001d60c813bff841)}, - {FIELD_LITERAL(0x0019561c7fcf0213,0x00e3dca6843ebd77,0x0068ea95b9ca920e,0x009bdfb70f253595,0x00c68f59186aa02a,0x005aee1cca1c3039,0x00ab79a8a937a1ce,0x00b9a0e549959e6f)}, - }}, {{ - {FIELD_LITERAL(0x00c79e0b6d97dfbd,0x00917c71fd2bc6e8,0x00db7529ccfb63d8,0x00be5be957f17866,0x00a9e11fdc2cdac1,0x007b91a8e1f44443,0x00a3065e4057d80f,0x004825f5b8d5f6d4)}, - {FIELD_LITERAL(0x003e4964fa8a8fc8,0x00f6a1cdbcf41689,0x00943cb18fe7fda7,0x00606dafbf34440a,0x005d37a86399c789,0x00e79a2a69417403,0x00fe34f7e68b8866,0x0011f448ed2df10e)}, - {FIELD_LITERAL(0x00f1f57efcc1fcc4,0x00513679117de154,0x002e5b5b7c86d8c3,0x009f6486561f9cfb,0x00169e74b0170cf7,0x00900205af4af696,0x006acfddb77853f3,0x00df184c90f31068)}, - }}, {{ - {FIELD_LITERAL(0x00b37396c3320791,0x00fc7b67175c5783,0x00c36d2cd73ecc38,0x0080ebcc0b328fc5,0x0043a5b22b35d35d,0x00466c9f1713c9da,0x0026ad346dcaa8da,0x007c684e701183a6)}, - {FIELD_LITERAL(0x00fd579ffb691713,0x00b76af4f81c412d,0x00f239de96110f82,0x00e965fb437f0306,0x00ca7e9436900921,0x00e487f1325fa24a,0x00633907de476380,0x00721c62ac5b8ea0)}, - {FIELD_LITERAL(0x00c0d54e542eb4f9,0x004ed657171c8dcf,0x00b743a4f7c2a39b,0x00fd9f93ed6cc567,0x00307fae3113e58b,0x0058aa577c93c319,0x00d254556f35b346,0x00491aada2203f0d)}, - }}, {{ - {FIELD_LITERAL(0x00dff3103786ff34,0x000144553b1f20c3,0x0095613baeb930e4,0x00098058275ea5d4,0x007cd1402b046756,0x0074d74e4d58aee3,0x005f93fc343ff69b,0x00873df17296b3b0)}, - {FIELD_LITERAL(0x00c4a1fb48635413,0x00b5dd54423ad59f,0x009ff5d53fd24a88,0x003c98d267fc06a7,0x002db7cb20013641,0x00bd1d6716e191f2,0x006dbc8b29094241,0x0044bbf233dafa2c)}, - {FIELD_LITERAL(0x0055838d41f531e6,0x00bf6a2dd03c81b2,0x005827a061c4839e,0x0000de2cbb36aac3,0x002efa29d9717478,0x00f9e928cc8a77ba,0x00c134b458def9ef,0x00958a182223fc48)}, - }}, {{ - {FIELD_LITERAL(0x000a9ee23c06881f,0x002c727d3d871945,0x00f47d971512d24a,0x00671e816f9ef31a,0x00883af2cfaad673,0x00601f98583d6c9a,0x00b435f5adc79655,0x00ad87b71c04bff2)}, - {FIELD_LITERAL(0x007860d99db787cf,0x00fda8983018f4a8,0x008c8866bac4743c,0x00ef471f84c82a3f,0x00abea5976d3b8e7,0x00714882896cd015,0x00b49fae584ddac5,0x008e33a1a0b69c81)}, - {FIELD_LITERAL(0x007b6ee2c9e8a9ec,0x002455dbbd89d622,0x006490cf4eaab038,0x00d925f6c3081561,0x00153b3047de7382,0x003b421f8bdceb6f,0x00761a4a5049da78,0x00980348c5202433)}, - }}, {{ - {FIELD_LITERAL(0x007f8a43da97dd5c,0x00058539c800fc7b,0x0040f3cf5a28414a,0x00d68dd0d95283d6,0x004adce9da90146e,0x00befa41c7d4f908,0x007603bc2e3c3060,0x00bdf360ab3545db)}, - {FIELD_LITERAL(0x00eebfd4e2312cc3,0x00474b2564e4fc8c,0x003303ef14b1da9b,0x003c93e0e66beb1d,0x0013619b0566925a,0x008817c24d901bf3,0x00b62bd8898d218b,0x0075a7716f1e88a2)}, - {FIELD_LITERAL(0x0009218da1e6890f,0x0026907f5fd02575,0x004dabed5f19d605,0x003abf181870249d,0x00b52fd048cc92c4,0x00b6dd51e415a5c5,0x00d9eb82bd2b4014,0x002c865a43b46b43)}, - }}, {{ - {FIELD_LITERAL(0x0070047189452f4c,0x00f7ad12e1ce78d5,0x00af1ba51ec44a8b,0x005f39f63e667cd6,0x00058eac4648425e,0x00d7fdab42bea03b,0x0028576a5688de15,0x00af973209e77c10)}, - {FIELD_LITERAL(0x00c338b915d8fef0,0x00a893292045c39a,0x0028ab4f2eba6887,0x0060743cb519fd61,0x0006213964093ac0,0x007c0b7a43f6266d,0x008e3557c4fa5bda,0x002da976de7b8d9d)}, - {FIELD_LITERAL(0x0048729f8a8b6dcd,0x00fe23b85cc4d323,0x00e7384d16e4db0e,0x004a423970678942,0x00ec0b763345d4ba,0x00c477b9f99ed721,0x00c29dad3777b230,0x001c517b466f7df6)}, - }}, {{ - {FIELD_LITERAL(0x006366c380f7b574,0x001c7d1f09ff0438,0x003e20a7301f5b22,0x00d3efb1916d28f6,0x0049f4f81060ce83,0x00c69d91ea43ced1,0x002b6f3e5cd269ed,0x005b0fb22ce9ec65)}, - {FIELD_LITERAL(0x00aa2261022d883f,0x00ebcca4548010ac,0x002528512e28a437,0x0070ca7676b66082,0x0084bda170f7c6d3,0x00581b4747c9b8bb,0x005c96a01061c7e2,0x00fb7c4a362b5273)}, - {FIELD_LITERAL(0x00c30020eb512d02,0x0060f288283a4d26,0x00b7ed13becde260,0x0075ebb74220f6e9,0x00701079fcfe8a1f,0x001c28fcdff58938,0x002e4544b8f4df6b,0x0060c5bc4f1a7d73)}, - }}, {{ - {FIELD_LITERAL(0x00ae307cf069f701,0x005859f222dd618b,0x00212d6c46ec0b0d,0x00a0fe4642afb62d,0x00420d8e4a0a8903,0x00a80ff639bdf7b0,0x0019bee1490b5d8e,0x007439e4b9c27a86)}, - {FIELD_LITERAL(0x00a94700032a093f,0x0076e96c225216e7,0x00a63a4316e45f91,0x007d8bbb4645d3b2,0x00340a6ff22793eb,0x006f935d4572aeb7,0x00b1fb69f00afa28,0x009e8f3423161ed3)}, - {FIELD_LITERAL(0x009ef49c6b5ced17,0x00a555e6269e9f0a,0x007e6f1d79ec73b5,0x009ac78695a32ac4,0x0001d77fbbcd5682,0x008cea1fee0aaeed,0x00f42bea82a53462,0x002e46ab96cafcc9)}, - }}, {{ - {FIELD_LITERAL(0x0051cfcc5885377a,0x00dce566cb1803ca,0x00430c7643f2c7d4,0x00dce1a1337bdcc0,0x0010d5bd7283c128,0x003b1b547f9b46fe,0x000f245e37e770ab,0x007b72511f022b37)}, - {FIELD_LITERAL(0x0060db815bc4786c,0x006fab25beedc434,0x00c610d06084797c,0x000c48f08537bec0,0x0031aba51c5b93da,0x007968fa6e01f347,0x0030070da52840c6,0x00c043c225a4837f)}, - {FIELD_LITERAL(0x001bcfd00649ee93,0x006dceb47e2a0fd5,0x00f2cebda0cf8fd0,0x00b6b9d9d1fbdec3,0x00815262e6490611,0x00ef7f5ce3176760,0x00e49cd0c998d58b,0x005fc6cc269ba57c)}, - }}, {{ - {FIELD_LITERAL(0x008940211aa0d633,0x00addae28136571d,0x00d68fdbba20d673,0x003bc6129bc9e21a,0x000346cf184ebe9a,0x0068774d741ebc7f,0x0019d5e9e6966557,0x0003cbd7f981b651)}, - {FIELD_LITERAL(0x004a2902926f8d3f,0x00ad79b42637ab75,0x0088f60b90f2d4e8,0x0030f54ef0e398c4,0x00021dc9bf99681e,0x007ebf66fde74ee3,0x004ade654386e9a4,0x00e7485066be4c27)}, - {FIELD_LITERAL(0x00445f1263983be0,0x004cf371dda45e6a,0x00744a89d5a310e7,0x001f20ce4f904833,0x00e746edebe66e29,0x000912ab1f6c153d,0x00f61d77d9b2444c,0x0001499cd6647610)}, + {FIELD_LITERAL(0x00cc3b062366f4ccULL, 0x003d6e34e314aa3cULL, + 0x00d51c0a7521774dULL, 0x0094e060eec6ab8bULL, + 0x00d21291b4d80082ULL, 0x00befed12b55ef1eULL, + 0x00c3dd2df5c94518ULL, 0x00e0a7b112b8d4e6ULL)}, + {FIELD_LITERAL(0x0019eb5608d8723aULL, 0x00d1bab52fb3aedbULL, + 0x00270a7311ebc90cULL, 0x0037c12b91be7f13ULL, + 0x005be16cd8b5c704ULL, 0x003e181acda888e1ULL, + 0x00bc1f00fc3fc6d0ULL, 0x00d3839bfa319e20ULL)}, + {FIELD_LITERAL(0x003caeb88611909fULL, 0x00ea8b378c4df3d4ULL, + 0x00b3295b95a5a19aULL, 0x00a65f97514bdfb5ULL, + 0x00b39efba743cab1ULL, 0x0016ba98b862fd2dULL, + 0x0001508812ee71d7ULL, 0x000a75740eea114aULL)}, + }}, {{ + {FIELD_LITERAL(0x00ebcf0eb649f823ULL, 0x00166d332e98ea03ULL, + 0x0059ddf64f5cd5f6ULL, 0x0047763123d9471bULL, + 0x00a64065c53ef62fULL, 0x00978e44c480153dULL, + 0x000b5b2a0265f194ULL, 0x0046a24b9f32965aULL)}, + {FIELD_LITERAL(0x00b9eef787034df0ULL, 0x0020bc24de3390cdULL, + 0x000022160bae99bbULL, 0x00ae66e886e97946ULL, + 0x0048d4bbe02cbb8bULL, 0x0072ba97b34e38d4ULL, + 0x00eae7ec8f03e85aULL, 0x005ba92ecf808b2cULL)}, + {FIELD_LITERAL(0x00c9cfbbe74258fdULL, 0x00843a979ea9eaa7ULL, + 0x000cbb4371cfbe90ULL, 0x0059bac8f7f0a628ULL, + 0x004b3dff882ff530ULL, 0x0011869df4d90733ULL, + 0x00595aa71f4abfc2ULL, 0x0070e2d38990c2e6ULL)}, + }}, {{ + {FIELD_LITERAL(0x00de2010c0a01733ULL, 0x00c739a612e24297ULL, + 0x00a7212643141d7cULL, 0x00f88444f6b67c11ULL, + 0x00484b7b16ec28f2ULL, 0x009c1b8856af9c68ULL, + 0x00ff4669591fe9d6ULL, 0x0054974be08a32c8ULL)}, + {FIELD_LITERAL(0x0010de3fd682ceedULL, 0x008c07642d83ca4eULL, + 0x0013bb064e00a1ccULL, 0x009411ae27870e11ULL, + 0x00ea8e5b4d531223ULL, 0x0032fe7d2aaece2eULL, + 0x00d989e243e7bb41ULL, 0x000fe79a508e9b8bULL)}, + {FIELD_LITERAL(0x005e0426b9bfc5b1ULL, 0x0041a5b1d29ee4faULL, + 0x0015b0def7774391ULL, 0x00bc164f1f51af01ULL, + 0x00d543b0942797b9ULL, 0x003c129b6398099cULL, + 0x002b114c6e5adf18ULL, 0x00b4e630e4018a7bULL)}, + }}, {{ + {FIELD_LITERAL(0x00d490afc95f8420ULL, 0x00b096bf50c1d9b9ULL, + 0x00799fd707679866ULL, 0x007c74d9334afbeaULL, + 0x00efaa8be80ff4edULL, 0x0075c4943bb81694ULL, + 0x00c21c2fca161f36ULL, 0x00e77035d492bfeeULL)}, + {FIELD_LITERAL(0x006658a190dd6661ULL, 0x00e0e9bab38609a6ULL, + 0x0028895c802237edULL, 0x006a0229c494f587ULL, + 0x002dcde96c9916b7ULL, 0x00d158822de16218ULL, + 0x00173b917a06856fULL, 0x00ca78a79ae07326ULL)}, + {FIELD_LITERAL(0x00e35bfc79caced4ULL, 0x0087238a3e1fe3bbULL, + 0x00bcbf0ff4ceff5bULL, 0x00a19c1c94099b91ULL, + 0x0071e102b49db976ULL, 0x0059e3d004eada1eULL, + 0x008da78afa58a47eULL, 0x00579c8ebf269187ULL)}, + }}, {{ + {FIELD_LITERAL(0x00a16c2905eee75fULL, 0x009d4bcaea2c7e1dULL, + 0x00d3bd79bfad19dfULL, 0x0050da745193342cULL, + 0x006abdb8f6b29ab1ULL, 0x00a24fe0a4fef7efULL, + 0x0063730da1057dfbULL, 0x00a08c312c8eb108ULL)}, + {FIELD_LITERAL(0x00b583be005375beULL, 0x00a40c8f8a4e3df4ULL, + 0x003fac4a8f5bdbf7ULL, 0x00d4481d872cd718ULL, + 0x004dc8749cdbaefeULL, 0x00cce740d5e5c975ULL, + 0x000b1c1f4241fd21ULL, 0x00a76de1b4e1cd07ULL)}, + {FIELD_LITERAL(0x007a076500d30b62ULL, 0x000a6e117b7f090fULL, + 0x00c8712ae7eebd9aULL, 0x000fbd6c1d5f6ff7ULL, + 0x003a7977246ebf11ULL, 0x00166ed969c6600eULL, + 0x00aa42e469c98becULL, 0x00dc58f307cf0666ULL)}, + }}, {{ + {FIELD_LITERAL(0x004b491f65a9a28bULL, 0x006a10309e8a55b7ULL, + 0x00b67210185187efULL, 0x00cf6497b12d9b8fULL, + 0x0085778c56e2b1baULL, 0x0015b4c07a814d85ULL, + 0x00686479e62da561ULL, 0x008de5d88f114916ULL)}, + {FIELD_LITERAL(0x00e37c88d6bba7b1ULL, 0x003e4577e1b8d433ULL, + 0x0050d8ea5f510ec0ULL, 0x0042fc9f2da9ef59ULL, + 0x003bd074c1141420ULL, 0x00561b8b7b68774eULL, + 0x00232e5e5d1013a3ULL, 0x006b7f2cb3d7e73fULL)}, + {FIELD_LITERAL(0x004bdd0f0b41e6a0ULL, 0x001773057c405d24ULL, + 0x006029f99915bd97ULL, 0x006a5ba70a17fe2fULL, + 0x0046111977df7e08ULL, 0x004d8124c89fb6b7ULL, + 0x00580983b2bb2724ULL, 0x00207bf330d6f3feULL)}, + }}, {{ + {FIELD_LITERAL(0x007efdc93972a48bULL, 0x002f5e50e78d5feeULL, + 0x0080dc11d61c7fe5ULL, 0x0065aa598707245bULL, + 0x009abba2300641beULL, 0x000c68787656543aULL, + 0x00ffe0fef2dc0a17ULL, 0x00007ffbd6cb4f3aULL)}, + {FIELD_LITERAL(0x0036012f2b836efcULL, 0x00458c126d6b5fbcULL, + 0x00a34436d719ad1eULL, 0x0097be6167117deaULL, + 0x0009c219c879cff3ULL, 0x0065564493e60755ULL, + 0x00993ac94a8cdec0ULL, 0x002d4885a4d0dbafULL)}, + {FIELD_LITERAL(0x00598b60b4c068baULL, 0x00c547a0be7f1afdULL, + 0x009582164acf12afULL, 0x00af4acac4fbbe40ULL, + 0x005f6ca7c539121aULL, 0x003b6e752ebf9d66ULL, + 0x00f08a30d5cac5d4ULL, 0x00e399bb5f97c5a9ULL)}, + }}, {{ + {FIELD_LITERAL(0x007445a0409c0a66ULL, 0x00a65c369f3829c0ULL, + 0x0031d248a4f74826ULL, 0x006817f34defbe8eULL, + 0x00649741d95ebf2eULL, 0x00d46466ab16b397ULL, + 0x00fdc35703bee414ULL, 0x00343b43334525f8ULL)}, + {FIELD_LITERAL(0x001796bea93f6401ULL, 0x00090c5a42e85269ULL, + 0x00672412ba1252edULL, 0x001201d47b6de7deULL, + 0x006877bccfe66497ULL, 0x00b554fd97a4c161ULL, + 0x009753f42dbac3cfULL, 0x00e983e3e378270aULL)}, + {FIELD_LITERAL(0x00ac3eff18849872ULL, 0x00f0eea3bff05690ULL, + 0x00a6d72c21dd505dULL, 0x001b832642424169ULL, + 0x00a6813017b540e5ULL, 0x00a744bd71b385cdULL, + 0x0022a7d089130a7bULL, 0x004edeec9a133486ULL)}, + }}, {{ + {FIELD_LITERAL(0x00b2d6729196e8a9ULL, 0x0088a9bb2031cef4ULL, + 0x00579e7787dc1567ULL, 0x0030f49feb059190ULL, + 0x00a0b1d69c7f7d8fULL, 0x0040bdcc6d9d806fULL, + 0x00d76c4037edd095ULL, 0x00bbf24376415dd7ULL)}, + {FIELD_LITERAL(0x00240465ff5a7197ULL, 0x00bb97e76caf27d0ULL, + 0x004b4edbf8116d39ULL, 0x001d8586f708cbaaULL, + 0x000f8ee8ff8e4a50ULL, 0x00dde5a1945dd622ULL, + 0x00e6fc1c0957e07cULL, 0x0041c9cdabfd88a0ULL)}, + {FIELD_LITERAL(0x005344b0bf5b548cULL, 0x002957d0b705cc99ULL, + 0x00f586a70390553dULL, 0x0075b3229f583cc3ULL, + 0x00a1aa78227490e4ULL, 0x001bf09cf7957717ULL, + 0x00cf6bf344325f52ULL, 0x0065bd1c23ca3ecfULL)}, + }}, {{ + {FIELD_LITERAL(0x009bff3b3239363cULL, 0x00e17368796ef7c0ULL, + 0x00528b0fe0971f3aULL, 0x0008014fc8d4a095ULL, + 0x00d09f2e8a521ec4ULL, 0x006713ab5dde5987ULL, + 0x0003015758e0dbb1ULL, 0x00215999f1ba212dULL)}, + {FIELD_LITERAL(0x002c88e93527da0eULL, 0x0077c78f3456aad5ULL, + 0x0071087a0a389d1cULL, 0x00934dac1fb96dbdULL, + 0x008470e801162697ULL, 0x005bc2196cd4ad49ULL, + 0x00e535601d5087c3ULL, 0x00769888700f497fULL)}, + {FIELD_LITERAL(0x00da7a4b557298adULL, 0x0019d2589ea5df76ULL, + 0x00ef3e38be0c6497ULL, 0x00a9644e1312609aULL, + 0x004592f61b2558daULL, 0x0082c1df510d7e46ULL, + 0x0042809a535c0023ULL, 0x00215bcb5afd7757ULL)}, + }}, {{ + {FIELD_LITERAL(0x002b9df55a1a4213ULL, 0x00dcfc3b464a26beULL, + 0x00c4f9e07a8144d5ULL, 0x00c8e0617a92b602ULL, + 0x008e3c93accafae0ULL, 0x00bf1bcb95b2ca60ULL, + 0x004ce2426a613bf3ULL, 0x00266cac58e40921ULL)}, + {FIELD_LITERAL(0x008456d5db76e8f0ULL, 0x0032ca9cab2ce163ULL, + 0x0059f2b8bf91abcfULL, 0x0063c2a021712788ULL, + 0x00f86155af22f72dULL, 0x00db98b2a6c005a0ULL, + 0x00ac6e416a693ac4ULL, 0x007a93572af53226ULL)}, + {FIELD_LITERAL(0x0087767520f0de22ULL, 0x0091f64012279fb5ULL, + 0x001050f1f0644999ULL, 0x004f097a2477ad3cULL, + 0x006b37913a9947bdULL, 0x001a3d78645af241ULL, + 0x0057832bbb3008a7ULL, 0x002c1d902b80dc20ULL)}, + }}, {{ + {FIELD_LITERAL(0x001a6002bf178877ULL, 0x009bce168aa5af50ULL, + 0x005fc318ff04a7f5ULL, 0x0052818f55c36461ULL, + 0x008768f5d4b24afbULL, 0x0037ffbae7b69c85ULL, + 0x0018195a4b61edc0ULL, 0x001e12ea088434b2ULL)}, + {FIELD_LITERAL(0x0047d3f804e7ab07ULL, 0x00a809ab5f905260ULL, + 0x00b3ffc7cdaf306dULL, 0x00746e8ec2d6e509ULL, + 0x00d0dade8887a645ULL, 0x00acceeebde0dd37ULL, + 0x009bc2579054686bULL, 0x0023804f97f1c2bfULL)}, + {FIELD_LITERAL(0x0043e2e2e50b80d7ULL, 0x00143aafe4427e0fULL, + 0x005594aaecab855bULL, 0x008b12ccaaecbc01ULL, + 0x002deeb091082bc3ULL, 0x009cca4be2ae7514ULL, + 0x00142b96e696d047ULL, 0x00ad2a2b1c05256aULL)}, + }}, {{ + {FIELD_LITERAL(0x003914f2f144b78bULL, 0x007a95dd8bee6f68ULL, + 0x00c7f4384d61c8e6ULL, 0x004e51eb60f1bdb2ULL, + 0x00f64be7aa4621d8ULL, 0x006797bfec2f0ac0ULL, + 0x007d17aab3c75900ULL, 0x001893e73cac8bc5ULL)}, + {FIELD_LITERAL(0x00140360b768665bULL, 0x00b68aca4967f977ULL, + 0x0001089b66195ae4ULL, 0x00fe71122185e725ULL, + 0x000bca2618d49637ULL, 0x00a54f0557d7e98aULL, + 0x00cdcd2f91d6f417ULL, 0x00ab8c13741fd793ULL)}, + {FIELD_LITERAL(0x00725ee6b1e549e0ULL, 0x007124a0769777faULL, + 0x000b68fdad07ae42ULL, 0x0085b909cd4952dfULL, + 0x0092d2e3c81606f4ULL, 0x009f22f6cac099a0ULL, + 0x00f59da57f2799a8ULL, 0x00f06c090122f777ULL)}, + }}, {{ + {FIELD_LITERAL(0x00ce0bed0a3532bcULL, 0x001a5048a22df16bULL, + 0x00e31db4cbad8bf1ULL, 0x00e89292120cf00eULL, + 0x007d1dd1a9b00034ULL, 0x00e2a9041ff8f680ULL, + 0x006a4c837ae596e7ULL, 0x00713af1068070b3ULL)}, + {FIELD_LITERAL(0x00c4fe64ce66d04bULL, 0x00b095d52e09b3d7ULL, + 0x00758bbecb1a3a8eULL, 0x00f35cce8d0650c0ULL, + 0x002b878aa5984473ULL, 0x0062e0a3b7544ddcULL, + 0x00b25b290ed116feULL, 0x007b0f6abe0bebf2ULL)}, + {FIELD_LITERAL(0x0081d4e3addae0a8ULL, 0x003410c836c7ffccULL, + 0x00c8129ad89e4314ULL, 0x000e3d5a23922dcdULL, + 0x00d91e46f29c31f3ULL, 0x006c728cde8c5947ULL, + 0x002bc655ba2566c0ULL, 0x002ca94721533108ULL)}, + }}, {{ + {FIELD_LITERAL(0x0051e4b3f764d8a9ULL, 0x0019792d46e904a0ULL, + 0x00853bc13dbc8227ULL, 0x000840208179f12dULL, + 0x0068243474879235ULL, 0x0013856fbfe374d0ULL, + 0x00bda12fe8676424ULL, 0x00bbb43635926eb2ULL)}, + {FIELD_LITERAL(0x0012cdc880a93982ULL, 0x003c495b21cd1b58ULL, + 0x00b7e5c93f22a26eULL, 0x0044aa82dfb99458ULL, + 0x009ba092cdffe9c0ULL, 0x00a14b3ab2083b73ULL, + 0x000271c2f70e1c4bULL, 0x00eea9cac0f66eb8ULL)}, + {FIELD_LITERAL(0x001a1847c4ac5480ULL, 0x00b1b412935bb03aULL, + 0x00f74285983bf2b2ULL, 0x00624138b5b5d0f1ULL, + 0x008820c0b03d38bfULL, 0x00b94e50a18c1572ULL, + 0x0060f6934841798fULL, 0x00c52f5d66d6ebe2ULL)}, + }}, {{ + {FIELD_LITERAL(0x00da23d59f9bcea6ULL, 0x00e0f27007a06a4bULL, + 0x00128b5b43a6758cULL, 0x000cf50190fa8b56ULL, + 0x00fc877aba2b2d72ULL, 0x00623bef52edf53fULL, + 0x00e6af6b819669e2ULL, 0x00e314dc34fcaa4fULL)}, + {FIELD_LITERAL(0x0066e5eddd164d1eULL, 0x00418a7c6fe28238ULL, + 0x0002e2f37e962c25ULL, 0x00f01f56b5975306ULL, + 0x0048842fa503875cULL, 0x0057b0e968078143ULL, + 0x00ff683024f3d134ULL, 0x0082ae28fcad12e4ULL)}, + {FIELD_LITERAL(0x0011ddfd21260e42ULL, 0x00d05b0319a76892ULL, + 0x00183ea4368e9b8fULL, 0x00b0815662affc96ULL, + 0x00b466a5e7ce7c88ULL, 0x00db93b07506e6eeULL, + 0x0033885f82f62401ULL, 0x0086f9090ec9b419ULL)}, + }}, {{ + {FIELD_LITERAL(0x00d95d1c5fcb435aULL, 0x0016d1ed6b5086f9ULL, + 0x00792aa0b7e54d71ULL, 0x0067b65715f1925dULL, + 0x00a219755ec6176bULL, 0x00bc3f026b12c28fULL, + 0x00700c897ffeb93eULL, 0x0089b83f6ec50b46ULL)}, + {FIELD_LITERAL(0x003c97e6384da36eULL, 0x00423d53eac81a09ULL, + 0x00b70d68f3cdce35ULL, 0x00ee7959b354b92cULL, + 0x00f4e9718819c8caULL, 0x009349f12acbffe9ULL, + 0x005aee7b62cb7da6ULL, 0x00d97764154ffc86ULL)}, + {FIELD_LITERAL(0x00526324babb46dcULL, 0x002ee99b38d7bf9eULL, + 0x007ea51794706ef4ULL, 0x00abeb04da6e3c39ULL, + 0x006b457c1d281060ULL, 0x00fe243e9a66c793ULL, + 0x00378de0fb6c6ee4ULL, 0x003e4194b9c3cb93ULL)}, + }}, {{ + {FIELD_LITERAL(0x00fed3cd80ca2292ULL, 0x0015b043a73ca613ULL, + 0x000a9fd7bf9be227ULL, 0x003b5e03de2db983ULL, + 0x005af72d46904ef7ULL, 0x00c0f1b5c49faa99ULL, + 0x00dc86fc3bd305e1ULL, 0x00c92f08c1cb1797ULL)}, + {FIELD_LITERAL(0x0079680ce111ed3bULL, 0x001a1ed82806122cULL, + 0x000c2e7466d15df3ULL, 0x002c407f6f7150fdULL, + 0x00c5e7c96b1b0ce3ULL, 0x009aa44626863ff9ULL, + 0x00887b8b5b80be42ULL, 0x00b6023cec964825ULL)}, + {FIELD_LITERAL(0x00e4a8e1048970c8ULL, 0x0062887b7830a302ULL, + 0x00bcf1c8cd81402bULL, 0x0056dbb81a68f5beULL, + 0x0014eced83f12452ULL, 0x00139e1a510150dfULL, + 0x00bb81140a82d1a3ULL, 0x000febcc1aaf1aa7ULL)}, + }}, {{ + {FIELD_LITERAL(0x00a7527958238159ULL, 0x0013ec9537a84cd6ULL, + 0x001d7fee7d562525ULL, 0x00b9eefa6191d5e5ULL, + 0x00dbc97db70bcb8aULL, 0x00481affc7a4d395ULL, + 0x006f73d3e70c31bbULL, 0x00183f324ed96a61ULL)}, + {FIELD_LITERAL(0x0039dd7ce7fc6860ULL, 0x00d64f6425653da1ULL, + 0x003e037c7f57d0afULL, 0x0063477a06e2bcf2ULL, + 0x001727dbb7ac67e6ULL, 0x0049589f5efafe2eULL, + 0x00fc0fef2e813d54ULL, 0x008baa5d087fb50dULL)}, + {FIELD_LITERAL(0x0024fb59d9b457c7ULL, 0x00a7d4e060223e4cULL, + 0x00c118d1b555fd80ULL, 0x0082e216c732f22aULL, + 0x00cd2a2993089504ULL, 0x003638e836a3e13dULL, + 0x000d855ee89b4729ULL, 0x008ec5b7d4810c91ULL)}, + }}, {{ + {FIELD_LITERAL(0x001bf51f7d65cdfdULL, 0x00d14cdafa16a97dULL, + 0x002c38e60fcd10e7ULL, 0x00a27446e393efbdULL, + 0x000b5d8946a71fddULL, 0x0063df2cde128f2fULL, + 0x006c8679569b1888ULL, 0x0059ffc4925d732dULL)}, + {FIELD_LITERAL(0x00ece96f95f2b66fULL, 0x00ece7952813a27bULL, + 0x0026fc36592e489eULL, 0x007157d1a2de0f66ULL, + 0x00759dc111d86ddfULL, 0x0012881e5780bb0fULL, + 0x00c8ccc83ad29496ULL, 0x0012b9bd1929eb71ULL)}, + {FIELD_LITERAL(0x000fa15a20da5df0ULL, 0x00349ddb1a46cd31ULL, + 0x002c512ad1d8e726ULL, 0x00047611f669318dULL, + 0x009e68fba591e17eULL, 0x004320dffa803906ULL, + 0x00a640874951a3d3ULL, 0x00b6353478baa24fULL)}, + }}, {{ + {FIELD_LITERAL(0x009696510000d333ULL, 0x00ec2f788bc04826ULL, + 0x000e4d02b1f67ba5ULL, 0x00659aa8dace08b6ULL, + 0x00d7a38a3a3ae533ULL, 0x008856defa8c746bULL, + 0x004d7a4402d3da1aULL, 0x00ea82e06229260fULL)}, + {FIELD_LITERAL(0x006a15bb20f75c0cULL, 0x0079a144027a5d0cULL, + 0x00d19116ce0b4d70ULL, 0x0059b83bcb0b268eULL, + 0x005f58f63f16c127ULL, 0x0079958318ee2c37ULL, + 0x00defbb063d07f82ULL, 0x00f1f0b931d2d446ULL)}, + {FIELD_LITERAL(0x00cb5e4c3c35d422ULL, 0x008df885ca43577fULL, + 0x00fa50b16ca3e471ULL, 0x005a0e58e17488c8ULL, + 0x00b2ceccd6d34d19ULL, 0x00f01d5d235e36e9ULL, + 0x00db2e7e4be6ca44ULL, 0x00260ab77f35fccdULL)}, + }}, {{ + {FIELD_LITERAL(0x006f6fd9baac61d5ULL, 0x002a7710a020a895ULL, + 0x009de0db7fc03d4dULL, 0x00cdedcb1875f40bULL, + 0x00050caf9b6b1e22ULL, 0x005e3a6654456ab0ULL, + 0x00775fdf8c4423d4ULL, 0x0028701ea5738b5dULL)}, + {FIELD_LITERAL(0x009ffd90abfeae96ULL, 0x00cba3c2b624a516ULL, + 0x005ef08bcee46c91ULL, 0x00e6fde30afb6185ULL, + 0x00f0b4db4f818ce4ULL, 0x006c54f45d2127f5ULL, + 0x00040125035854c7ULL, 0x00372658a3287e13ULL)}, + {FIELD_LITERAL(0x00d7070fb1beb2abULL, 0x0078fc845a93896bULL, + 0x006894a4b2f224a6ULL, 0x005bdd8192b9dbdeULL, + 0x00b38839874b3a9eULL, 0x00f93618b04b7a57ULL, + 0x003e3ec75fd2c67eULL, 0x00bf5e6bfc29494aULL)}, + }}, {{ + {FIELD_LITERAL(0x00f19224ebba2aa5ULL, 0x0074f89d358e694dULL, + 0x00eea486597135adULL, 0x0081579a4555c7e1ULL, + 0x0010b9b872930a9dULL, 0x00f002e87a30ecc0ULL, + 0x009b9d66b6de56e2ULL, 0x00a3c4f45e8004ebULL)}, + {FIELD_LITERAL(0x0045e8dda9400888ULL, 0x002ff12e5fc05db7ULL, + 0x00a7098d54afe69cULL, 0x00cdbe846a500585ULL, + 0x00879c1593ca1882ULL, 0x003f7a7fea76c8b0ULL, + 0x002cd73dd0c8e0a1ULL, 0x00645d6ce96f51feULL)}, + {FIELD_LITERAL(0x002b7e83e123d6d6ULL, 0x00398346f7419c80ULL, + 0x0042922e55940163ULL, 0x005e7fc5601886a3ULL, + 0x00e88f2cee1d3103ULL, 0x00e7fab135f2e377ULL, + 0x00b059984dbf0dedULL, 0x0009ce080faa5bb8ULL)}, + }}, {{ + {FIELD_LITERAL(0x0085e78af7758979ULL, 0x00275a4ee1631a3aULL, + 0x00d26bc0ed78b683ULL, 0x004f8355ea21064fULL, + 0x00d618e1a32696e5ULL, 0x008d8d7b150e5680ULL, + 0x00a74cd854b278d2ULL, 0x001dd62702203ea0ULL)}, + {FIELD_LITERAL(0x00f89335c2a59286ULL, 0x00a0f5c905d55141ULL, + 0x00b41fb836ee9382ULL, 0x00e235d51730ca43ULL, + 0x00a5cb37b5c0a69aULL, 0x009b966ffe136c45ULL, + 0x00cb2ea10bf80ed1ULL, 0x00fb2b370b40dc35ULL)}, + {FIELD_LITERAL(0x00d687d16d4ee8baULL, 0x0071520bdd069dffULL, + 0x00de85c60d32355dULL, 0x0087d2e3565102f4ULL, + 0x00cde391b8dfc9aaULL, 0x00e18d69efdfefe5ULL, + 0x004a9d0591954e91ULL, 0x00fa36dd8b50eee5ULL)}, + }}, {{ + {FIELD_LITERAL(0x002e788749a865f7ULL, 0x006e4dc3116861eaULL, + 0x009f1428c37276e6ULL, 0x00e7d2e0fc1e1226ULL, + 0x003aeebc6b6c45f6ULL, 0x0071a8073bf500c9ULL, + 0x004b22ad986b530cULL, 0x00f439e63c0d79d4ULL)}, + {FIELD_LITERAL(0x006bc3d53011f470ULL, 0x00032d6e692b83e8ULL, + 0x00059722f497cd0bULL, 0x0009b4e6f0c497ccULL, + 0x0058a804b7cce6c0ULL, 0x002b71d3302bbd5dULL, + 0x00e2f82a36765fceULL, 0x008dded99524c703ULL)}, + {FIELD_LITERAL(0x004d058953747d64ULL, 0x00701940fe79aa6fULL, + 0x00a620ac71c760bfULL, 0x009532b611158b75ULL, + 0x00547ed7f466f300ULL, 0x003cb5ab53a8401aULL, + 0x00c7763168ce3120ULL, 0x007e48e33e4b9ab2ULL)}, + }}, {{ + {FIELD_LITERAL(0x001b2fc57bf3c738ULL, 0x006a3f918993fb80ULL, + 0x0026f7a14fdec288ULL, 0x0075a2cdccef08dbULL, + 0x00d3ecbc9eecdbf1ULL, 0x0048c40f06e5bf7fULL, + 0x00d63e423009896bULL, 0x000598bc99c056a8ULL)}, + {FIELD_LITERAL(0x002f194eaafa46dcULL, 0x008e38f57fe87613ULL, + 0x00dc8e5ae25f4ab2ULL, 0x000a17809575e6bdULL, + 0x00d3ec7923ba366aULL, 0x003a7e72e0ad75e3ULL, + 0x0010024b88436e0aULL, 0x00ed3c5444b64051ULL)}, + {FIELD_LITERAL(0x00831fc1340af342ULL, 0x00c9645669466d35ULL, + 0x007692b4cc5a080fULL, 0x009fd4a47ac9259fULL, + 0x001eeddf7d45928bULL, 0x003c0446fc45f28bULL, + 0x002c0713aa3e2507ULL, 0x0095706935f0f41eULL)}, + }}, {{ + {FIELD_LITERAL(0x00766ae4190ec6d8ULL, 0x0065768cabc71380ULL, + 0x00b902598416cdc2ULL, 0x00380021ad38df52ULL, + 0x008f0b89d6551134ULL, 0x004254d4cc62c5a5ULL, + 0x000d79f4484b9b94ULL, 0x00b516732ae3c50eULL)}, + {FIELD_LITERAL(0x001fb73475c45509ULL, 0x00d2b2e5ea43345aULL, + 0x00cb3c3842077bd1ULL, 0x0029f90ad820946eULL, + 0x007c11b2380778aaULL, 0x009e54ece62c1704ULL, + 0x004bc60c41ca01c3ULL, 0x004525679a5a0b03ULL)}, + {FIELD_LITERAL(0x00c64fbddbed87b3ULL, 0x0040601d11731faaULL, + 0x009c22475b6f9d67ULL, 0x0024b79dae875f15ULL, + 0x00616fed3f02c3b0ULL, 0x0000cf39f6af2d3bULL, + 0x00c46bac0aa9a688ULL, 0x00ab23e2800da204ULL)}, + }}, {{ + {FIELD_LITERAL(0x000b3a37617632b0ULL, 0x00597199fe1cfb6cULL, + 0x0042a7ccdfeafdd6ULL, 0x004cc9f15ebcea17ULL, + 0x00f436e596a6b4a4ULL, 0x00168861142df0d8ULL, + 0x000753edfec26af5ULL, 0x000c495d7e388116ULL)}, + {FIELD_LITERAL(0x0017085f4a346148ULL, 0x00c7cf7a37f62272ULL, + 0x001776e129bc5c30ULL, 0x009955134c9eef2aULL, + 0x001ba5bdf1df07beULL, 0x00ec39497103a55cULL, + 0x006578354fda6cfbULL, 0x005f02719d4f15eeULL)}, + {FIELD_LITERAL(0x0052b9d9b5d9655dULL, 0x00d4ec7ba1b461c3ULL, + 0x00f95df4974f280bULL, 0x003d8e5ca11aeb51ULL, + 0x00d4981eb5a70b26ULL, 0x000af9a4f6659f29ULL, + 0x004598c846faeb43ULL, 0x0049d9a183a47670ULL)}, + }}, {{ + {FIELD_LITERAL(0x000a72d23dcb3f1fULL, 0x00a3737f84011727ULL, + 0x00f870c0fbbf4a47ULL, 0x00a7aadd04b5c9caULL, + 0x000c7715c67bd072ULL, 0x00015a136afcd74eULL, + 0x0080d5caea499634ULL, 0x0026b448ec7514b7ULL)}, + {FIELD_LITERAL(0x00b60167d9e7d065ULL, 0x00e60ba0d07381e8ULL, + 0x003a4f17b725c2d4ULL, 0x006c19fe176b64faULL, + 0x003b57b31af86ccbULL, 0x0021047c286180fdULL, + 0x00bdc8fb00c6dbb6ULL, 0x00fe4a9f4bab4f3fULL)}, + {FIELD_LITERAL(0x0088ffc3a16111f7ULL, 0x009155e4245d0bc8ULL, + 0x00851d68220572d5ULL, 0x00557ace1e514d29ULL, + 0x0031d7c339d91022ULL, 0x00101d0ae2eaceeaULL, + 0x00246ab3f837b66aULL, 0x00d5216d381ff530ULL)}, + }}, {{ + {FIELD_LITERAL(0x0057e7ea35f36daeULL, 0x00f47d7ad15de22eULL, + 0x00d757ea4b105115ULL, 0x008311457d579d7eULL, + 0x00b49b75b1edd4ebULL, 0x0081c7ff742fd63aULL, + 0x00ddda3187433df6ULL, 0x00475727d55f9c66ULL)}, + {FIELD_LITERAL(0x00a6295218dc136aULL, 0x00563b3af0e9c012ULL, + 0x00d3753b0145db1bULL, 0x004550389c043dc1ULL, + 0x00ea94ae27401bdfULL, 0x002b0b949f2b7956ULL, + 0x00c63f780ad8e23cULL, 0x00e591c47d6bab15ULL)}, + {FIELD_LITERAL(0x00416c582b058eb6ULL, 0x004107da5b2cc695ULL, + 0x00b3cd2556aeec64ULL, 0x00c0b418267e57a1ULL, + 0x001799293579bd2eULL, 0x0046ed44590e4d07ULL, + 0x001d7459b3630a1eULL, 0x00c6afba8b6696aaULL)}, + }}, {{ + {FIELD_LITERAL(0x008d6009b26da3f8ULL, 0x00898e88ca06b1caULL, + 0x00edb22b2ed7fe62ULL, 0x00fbc93516aabe80ULL, + 0x008b4b470c42ce0dULL, 0x00e0032ba7d0dcbbULL, + 0x00d76da3a956ecc8ULL, 0x007f20fe74e3852aULL)}, + {FIELD_LITERAL(0x002419222c607674ULL, 0x00a7f23af89188b3ULL, + 0x00ad127284e73d1cULL, 0x008bba582fae1c51ULL, + 0x00fc6aa7ca9ecab1ULL, 0x003df5319eb6c2baULL, + 0x002a05af8a8b199aULL, 0x004bf8354558407cULL)}, + {FIELD_LITERAL(0x00ce7d4a30f0fcbfULL, 0x00d02c272629f03dULL, + 0x0048c001f7400bc2ULL, 0x002c21368011958dULL, + 0x0098a550391e96b5ULL, 0x002d80b66390f379ULL, + 0x001fa878760cc785ULL, 0x001adfce54b613d5ULL)}, + }}, {{ + {FIELD_LITERAL(0x001ed4dc71fa2523ULL, 0x005d0bff19bf9b5cULL, + 0x00c3801cee065a64ULL, 0x001ed0b504323fbfULL, + 0x0003ab9fdcbbc593ULL, 0x00df82070178b8d2ULL, + 0x00a2bcaa9c251f85ULL, 0x00c628a3674bd02eULL)}, + {FIELD_LITERAL(0x006b7a0674f9f8deULL, 0x00a742414e5c7cffULL, + 0x0041cbf3c6e13221ULL, 0x00e3a64fd207af24ULL, + 0x0087c05f15fbe8d1ULL, 0x004c50936d9e8a33ULL, + 0x001306ec21042b6dULL, 0x00a4f4137d1141c2ULL)}, + {FIELD_LITERAL(0x0009e6fb921568b0ULL, 0x00b3c60120219118ULL, + 0x002a6c3460dd503aULL, 0x009db1ef11654b54ULL, + 0x0063e4bf0be79601ULL, 0x00670d34bb2592b9ULL, + 0x00dcee2f6c4130ceULL, 0x00b2682e88e77f54ULL)}, + }}, {{ + {FIELD_LITERAL(0x000d5b4b3da135abULL, 0x00838f3e5064d81dULL, + 0x00d44eb50f6d94edULL, 0x0008931ab502ac6dULL, + 0x00debe01ca3d3586ULL, 0x0025c206775f0641ULL, + 0x005ad4b6ae912763ULL, 0x007e2c318ad8f247ULL)}, + {FIELD_LITERAL(0x00ddbe0750dd1addULL, 0x004b3c7b885844b8ULL, + 0x00363e7ecf12f1aeULL, 0x0062e953e6438f9dULL, + 0x0023cc73b076afe9ULL, 0x00b09fa083b4da32ULL, + 0x00c7c3d2456c541dULL, 0x005b591ec6b694d4ULL)}, + {FIELD_LITERAL(0x0028656e19d62fcfULL, 0x0052a4af03df148dULL, + 0x00122765ddd14e42ULL, 0x00f2252904f67157ULL, + 0x004741965b636f3aULL, 0x006441d296132cb9ULL, + 0x005e2106f956a5b7ULL, 0x00247029592d335cULL)}, + }}, {{ + {FIELD_LITERAL(0x003fe038eb92f894ULL, 0x000e6da1b72e8e32ULL, + 0x003a1411bfcbe0faULL, 0x00b55d473164a9e4ULL, + 0x00b9a775ac2df48dULL, 0x0002ddf350659e21ULL, + 0x00a279a69eb19cb3ULL, 0x00f844eab25cba44ULL)}, + {FIELD_LITERAL(0x00c41d1f9c1f1ac1ULL, 0x007b2df4e9f19146ULL, + 0x00b469355fd5ba7aULL, 0x00b5e1965afc852aULL, + 0x00388d5f1e2d8217ULL, 0x0022079e4c09ae93ULL, + 0x0014268acd4ef518ULL, 0x00c1dd8d9640464cULL)}, + {FIELD_LITERAL(0x0038526adeed0c55ULL, 0x00dd68c607e3fe85ULL, + 0x00f746ddd48a5d57ULL, 0x0042f2952b963b7cULL, + 0x001cbbd6876d5ec2ULL, 0x005e341470bca5c2ULL, + 0x00871d41e085f413ULL, 0x00e53ab098f45732ULL)}, + }}, {{ + {FIELD_LITERAL(0x004d51124797c831ULL, 0x008f5ae3750347adULL, + 0x0070ced94c1a0c8eULL, 0x00f6db2043898e64ULL, + 0x000d00c9a5750cd0ULL, 0x000741ec59bad712ULL, + 0x003c9d11aab37b7fULL, 0x00a67ba169807714ULL)}, + {FIELD_LITERAL(0x00adb2c1566e8b8fULL, 0x0096c68a35771a9aULL, + 0x00869933356f334aULL, 0x00ba9c93459f5962ULL, + 0x009ec73fb6e8ca4bULL, 0x003c3802c27202e1ULL, + 0x0031f5b733e0c008ULL, 0x00f9058c19611fa9ULL)}, + {FIELD_LITERAL(0x00238f01814a3421ULL, 0x00c325a44b6cce28ULL, + 0x002136f97aeb0e73ULL, 0x000cac8268a4afe2ULL, + 0x0022fd218da471b3ULL, 0x009dcd8dfff8def9ULL, + 0x00cb9f8181d999bbULL, 0x00143ae56edea349ULL)}, + }}, {{ + {FIELD_LITERAL(0x0000623bf87622c5ULL, 0x00a1966fdd069496ULL, + 0x00c315b7b812f9fcULL, 0x00bdf5efcd128b97ULL, + 0x001d464f532e3e16ULL, 0x003cd94f081bfd7eULL, + 0x00ed9dae12ce4009ULL, 0x002756f5736eee70ULL)}, + {FIELD_LITERAL(0x00a5187e6ee7341bULL, 0x00e6d52e82d83b6eULL, + 0x00df3c41323094a7ULL, 0x00b3324f444e9de9ULL, + 0x00689eb21a35bfe5ULL, 0x00f16363becd548dULL, + 0x00e187cc98e7f60fULL, 0x00127d9062f0ccabULL)}, + {FIELD_LITERAL(0x004ad71b31c29e40ULL, 0x00a5fcace12fae29ULL, + 0x004425b5597280edULL, 0x00e7ef5d716c3346ULL, + 0x0010b53ada410ac8ULL, 0x0092310226060c9bULL, + 0x0091c26128729c7eULL, 0x0088b42900f8ec3bULL)}, + }}, {{ + {FIELD_LITERAL(0x00f1e26e9762d4a8ULL, 0x00d9d74082183414ULL, + 0x00ffec9bd57a0282ULL, 0x000919e128fd497aULL, + 0x00ab7ae7d00fe5f8ULL, 0x0054dc442851ff68ULL, + 0x00c9ebeb3b861687ULL, 0x00507f7cab8b698fULL)}, + {FIELD_LITERAL(0x00c13c5aae3ae341ULL, 0x009c6c9ed98373e7ULL, + 0x00098f26864577a8ULL, 0x0015b886e9488b45ULL, + 0x0037692c42aadba5ULL, 0x00b83170b8e7791cULL, + 0x001670952ece1b44ULL, 0x00fd932a39276da2ULL)}, + {FIELD_LITERAL(0x0081a3259bef3398ULL, 0x005480fff416107bULL, + 0x00ce4f607d21be98ULL, 0x003ffc084b41df9bULL, + 0x0043d0bb100502d1ULL, 0x00ec35f575ba3261ULL, + 0x00ca18f677300ef3ULL, 0x00e8bb0a827d8548ULL)}, + }}, {{ + {FIELD_LITERAL(0x00df76b3328ada72ULL, 0x002e20621604a7c2ULL, + 0x00f910638a105b09ULL, 0x00ef4724d96ef2cdULL, + 0x00377d83d6b8a2f7ULL, 0x00b4f48805ade324ULL, + 0x001cd5da8b152018ULL, 0x0045af671a20ca7fULL)}, + {FIELD_LITERAL(0x009ae3b93a56c404ULL, 0x004a410b7a456699ULL, + 0x00023a619355e6b2ULL, 0x009cdc7297387257ULL, + 0x0055b94d4ae70d04ULL, 0x002cbd607f65b005ULL, + 0x003208b489697166ULL, 0x00ea2aa058867370ULL)}, + {FIELD_LITERAL(0x00f29d2598ee3f32ULL, 0x00b4ac5385d82adcULL, + 0x007633eaf04df19bULL, 0x00aa2d3d77ceab01ULL, + 0x004a2302fcbb778aULL, 0x00927f225d5afa34ULL, + 0x004a8e9d5047f237ULL, 0x008224ae9dbce530ULL)}, + }}, {{ + {FIELD_LITERAL(0x001cf640859b02f8ULL, 0x00758d1d5d5ce427ULL, + 0x00763c784ef4604cULL, 0x005fa81aee205270ULL, + 0x00ac537bfdfc44cbULL, 0x004b919bd342d670ULL, + 0x00238508d9bf4b7aULL, 0x00154888795644f3ULL)}, + {FIELD_LITERAL(0x00c845923c084294ULL, 0x00072419a201bc25ULL, + 0x0045f408b5f8e669ULL, 0x00e9d6a186b74dfeULL, + 0x00e19108c68fa075ULL, 0x0017b91d874177b7ULL, + 0x002f0ca2c7912c5aULL, 0x009400aa385a90a2ULL)}, + {FIELD_LITERAL(0x0071110b01482184ULL, 0x00cfed0044f2bef8ULL, + 0x0034f2901cf4662eULL, 0x003b4ae2a67f9834ULL, + 0x00cca9b96fe94810ULL, 0x00522507ae77abd0ULL, + 0x00bac7422721e73eULL, 0x0066622b0f3a62b0ULL)}, + }}, {{ + {FIELD_LITERAL(0x00f8ac5cf4705b6aULL, 0x00867d82dcb457e3ULL, + 0x007e13ab2ccc2ce9ULL, 0x009ee9a018d3930eULL, + 0x008370f8ecb42df8ULL, 0x002d9f019add263eULL, + 0x003302385b92d196ULL, 0x00a15654536e2c0cULL)}, + {FIELD_LITERAL(0x0026ef1614e160afULL, 0x00c023f9edfc9c76ULL, + 0x00cff090da5f57baULL, 0x0076db7a66643ae9ULL, + 0x0019462f8c646999ULL, 0x008fec00b3854b22ULL, + 0x00d55041692a0a1cULL, 0x0065db894215ca00ULL)}, + {FIELD_LITERAL(0x00a925036e0a451cULL, 0x002a0390c36b6cc1ULL, + 0x00f27020d90894f4ULL, 0x008d90d52cbd3d7fULL, + 0x00e1d0137392f3b8ULL, 0x00f017c158b51a8fULL, + 0x00cac313d3ed7dbcULL, 0x00b99a81e3eb42d3ULL)}, + }}, {{ + {FIELD_LITERAL(0x00b54850275fe626ULL, 0x0053a3fd1ec71140ULL, + 0x00e3d2d7dbe096faULL, 0x00e4ac7b595cce4cULL, + 0x0077bad449c0a494ULL, 0x00b7c98814afd5b3ULL, + 0x0057226f58486cf9ULL, 0x00b1557154f0cc57ULL)}, + {FIELD_LITERAL(0x008cc9cd236315c0ULL, 0x0031d9c5b39fda54ULL, + 0x00a5713ef37e1171ULL, 0x00293d5ae2886325ULL, + 0x00c4aba3e05015e1ULL, 0x0003f35ef78e4fc6ULL, + 0x0039d6bd3ac1527bULL, 0x0019d7c3afb77106ULL)}, + {FIELD_LITERAL(0x007b162931a985afULL, 0x00ad40a2e0daa713ULL, + 0x006df27c4009f118ULL, 0x00503e9f4e2e8becULL, + 0x00751a77c82c182dULL, 0x000298937769245bULL, + 0x00ffb1e8fabf9ee5ULL, 0x0008334706e09abeULL)}, + }}, {{ + {FIELD_LITERAL(0x00dbca4e98a7dcd9ULL, 0x00ee29cfc78bde99ULL, + 0x00e4a3b6995f52e9ULL, 0x0045d70189ae8096ULL, + 0x00fd2a8a3b9b0d1bULL, 0x00af1793b107d8e1ULL, + 0x00dbf92cbe4afa20ULL, 0x00da60f798e3681dULL)}, + {FIELD_LITERAL(0x004246bfcecc627aULL, 0x004ba431246c03a4ULL, + 0x00bd1d101872d497ULL, 0x003b73d3f185ee16ULL, + 0x001feb2e2678c0e3ULL, 0x00ff13c5a89dec76ULL, + 0x00ed06042e771d8fULL, 0x00a4fd2a897a83ddULL)}, + {FIELD_LITERAL(0x009a4a3be50d6597ULL, 0x00de3165fc5a1096ULL, + 0x004f3f56e345b0c7ULL, 0x00f7bf721d5ab8bcULL, + 0x004313e47b098c50ULL, 0x00e4c7d5c0e1adbbULL, + 0x002e3e3db365051eULL, 0x00a480c2cd6a96fbULL)}, + }}, {{ + {FIELD_LITERAL(0x00417fa30a7119edULL, 0x00af257758419751ULL, + 0x00d358a487b463d4ULL, 0x0089703cc720b00dULL, + 0x00ce56314ff7f271ULL, 0x0064db171ade62c1ULL, + 0x00640b36d4a22fedULL, 0x00424eb88696d23fULL)}, + {FIELD_LITERAL(0x004ede34af2813f3ULL, 0x00d4a8e11c9e8216ULL, + 0x004796d5041de8a5ULL, 0x00c4c6b4d21cc987ULL, + 0x00e8a433ee07fa1eULL, 0x0055720b5abcc5a1ULL, + 0x008873ea9c74b080ULL, 0x005b3fec1ab65d48ULL)}, + {FIELD_LITERAL(0x0047e5277db70ec5ULL, 0x000a096c66db7d6bULL, + 0x00b4164cc1730159ULL, 0x004a9f783fe720feULL, + 0x00a8177b94449dbcULL, 0x0095a24ff49a599fULL, + 0x0069c1c578250cbcULL, 0x00452019213debf4ULL)}, + }}, {{ + {FIELD_LITERAL(0x0021ce99e09ebda3ULL, 0x00fcbd9f91875ad0ULL, + 0x009bbf6b7b7a0b5fULL, 0x00388886a69b1940ULL, + 0x00926a56d0f81f12ULL, 0x00e12903c3358d46ULL, + 0x005dfce4e8e1ce9dULL, 0x0044cfa94e2f7e23ULL)}, + {FIELD_LITERAL(0x001bd59c09e982eaULL, 0x00f72daeb937b289ULL, + 0x0018b76dca908e0eULL, 0x00edb498512384adULL, + 0x00ce0243b6cc9538ULL, 0x00f96ff690cb4e70ULL, + 0x007c77bf9f673c8dULL, 0x005bf704c088a528ULL)}, + {FIELD_LITERAL(0x0093d4628dcb33beULL, 0x0095263d51d42582ULL, + 0x0049b3222458fe06ULL, 0x00e7fce73b653a7fULL, + 0x003ca2ebce60b369ULL, 0x00c5de239a32bea4ULL, + 0x0063b8b3d71fb6bfULL, 0x0039aeeb78a1a839ULL)}, + }}, {{ + {FIELD_LITERAL(0x007dc52da400336cULL, 0x001fded1e15b9457ULL, + 0x00902e00f5568e3aULL, 0x00219bef40456d2dULL, + 0x005684161fb3dbc9ULL, 0x004a4e9be49a76eaULL, + 0x006e685ae88b78ffULL, 0x0021c42f13042d3cULL)}, + {FIELD_LITERAL(0x00fb22bb5fd3ce50ULL, 0x0017b48aada7ae54ULL, + 0x00fd5c44ad19a536ULL, 0x000ccc4e4e55e45cULL, + 0x00fd637d45b4c3f5ULL, 0x0038914e023c37cfULL, + 0x00ac1881d6a8d898ULL, 0x00611ed8d3d943a8ULL)}, + {FIELD_LITERAL(0x0056e2259d113d2bULL, 0x00594819b284ec16ULL, + 0x00c7bf794bb36696ULL, 0x00721ee75097cdc6ULL, + 0x00f71be9047a2892ULL, 0x00df6ba142564edfULL, + 0x0069580b7a184e8dULL, 0x00f056e38fca0feeULL)}, + }}, {{ + {FIELD_LITERAL(0x009df98566a18c6dULL, 0x00cf3a200968f219ULL, + 0x0044ba60da6d9086ULL, 0x00dbc9c0e344da03ULL, + 0x000f9401c4466855ULL, 0x00d46a57c5b0a8d1ULL, + 0x00875a635d7ac7c6ULL, 0x00ef4a933b7e0ae6ULL)}, + {FIELD_LITERAL(0x005e8694077a1535ULL, 0x008bef75f71c8f1dULL, + 0x000a7c1316423511ULL, 0x00906e1d70604320ULL, + 0x003fc46c1a2ffbd6ULL, 0x00d1d5022e68f360ULL, + 0x002515fba37bbf46ULL, 0x00ca16234e023b44ULL)}, + {FIELD_LITERAL(0x00787c99561f4690ULL, 0x00a857a8c1561f27ULL, + 0x00a10df9223c09feULL, 0x00b98a9562e3b154ULL, + 0x004330b8744c3ed2ULL, 0x00e06812807ec5c4ULL, + 0x00e4cf6a7db9f1e3ULL, 0x00d95b089f132a34ULL)}, + }}, {{ + {FIELD_LITERAL(0x002922b39ca33eecULL, 0x0090d12a5f3ab194ULL, + 0x00ab60c02fb5f8edULL, 0x00188d292abba1cfULL, + 0x00e10edec9698f6eULL, 0x0069a4d9934133c8ULL, + 0x0024aac40e6d3d06ULL, 0x001702c2177661b0ULL)}, + {FIELD_LITERAL(0x00139078397030bdULL, 0x000e3c447e859a00ULL, + 0x0064a5b334c82393ULL, 0x00b8aabeb7358093ULL, + 0x00020778bb9ae73bULL, 0x0032ee94c7892a18ULL, + 0x008215253cb41bdaULL, 0x005e2797593517aeULL)}, + {FIELD_LITERAL(0x0083765a5f855d4aULL, 0x0051b6d1351b8ee2ULL, + 0x00116de548b0f7bbULL, 0x0087bd88703affa0ULL, + 0x0095b2cc34d7fdd2ULL, 0x0084cd81b53f0bc8ULL, + 0x008562fc995350edULL, 0x00a39abb193651e3ULL)}, + }}, {{ + {FIELD_LITERAL(0x0019e23f0474b114ULL, 0x00eb94c2ad3b437eULL, + 0x006ddb34683b75acULL, 0x00391f9209b564c6ULL, + 0x00083b3bb3bff7aaULL, 0x00eedcd0f6dceefcULL, + 0x00b50817f794fe01ULL, 0x0036474deaaa75c9ULL)}, + {FIELD_LITERAL(0x0091868594265aa2ULL, 0x00797accae98ca6dULL, + 0x0008d8c5f0f8a184ULL, 0x00d1f4f1c2b2fe6eULL, + 0x0036783dfb48a006ULL, 0x008c165120503527ULL, + 0x0025fd780058ce9bULL, 0x0068beb007be7d27ULL)}, + {FIELD_LITERAL(0x00d0ff88aa7c90c2ULL, 0x00b2c60dacf53394ULL, + 0x0094a7284d9666d6ULL, 0x00bed9022ce7a19dULL, + 0x00c51553f0cd7682ULL, 0x00c3fb870b124992ULL, + 0x008d0bc539956c9bULL, 0x00fc8cf258bb8885ULL)}, + }}, {{ + {FIELD_LITERAL(0x003667bf998406f8ULL, 0x0000115c43a12975ULL, + 0x001e662f3b20e8fdULL, 0x0019ffa534cb24ebULL, + 0x00016be0dc8efb45ULL, 0x00ff76a8b26243f5ULL, + 0x00ae20d241a541e3ULL, 0x0069bd6af13cd430ULL)}, + {FIELD_LITERAL(0x0045fdc16487cda3ULL, 0x00b2d8e844cf2ed7ULL, + 0x00612c50e88c1607ULL, 0x00a08aabc66c1672ULL, + 0x006031fdcbb24d97ULL, 0x001b639525744b93ULL, + 0x004409d62639ab17ULL, 0x00a1853d0347ab1dULL)}, + {FIELD_LITERAL(0x0075a1a56ebf5c21ULL, 0x00a3e72be9ac53edULL, + 0x00efcde1629170c2ULL, 0x0004225fe91ef535ULL, + 0x0088049fc73dfda7ULL, 0x004abc74857e1288ULL, + 0x0024e2434657317cULL, 0x00d98cb3d3e5543cULL)}, + }}, {{ + {FIELD_LITERAL(0x00b4b53eab6bdb19ULL, 0x009b22d8b43711d0ULL, + 0x00d948b9d961785dULL, 0x00cb167b6f279eadULL, + 0x00191de3a678e1c9ULL, 0x00d9dd9511095c2eULL, + 0x00f284324cd43067ULL, 0x00ed74fa535151ddULL)}, + {FIELD_LITERAL(0x007e32c049b5c477ULL, 0x009d2bfdbd9bcfd8ULL, + 0x00636e93045938c6ULL, 0x007fde4af7687298ULL, + 0x0046a5184fafa5d3ULL, 0x0079b1e7f13a359bULL, + 0x00875adf1fb927d6ULL, 0x00333e21c61bcad2ULL)}, + {FIELD_LITERAL(0x00048014f73d8b8dULL, 0x0075684aa0966388ULL, + 0x0092be7df06dc47cULL, 0x0097cebcd0f5568aULL, + 0x005a7004d9c4c6a9ULL, 0x00b0ecbb659924c7ULL, + 0x00d90332dd492a7cULL, 0x0057fc14df11493dULL)}, + }}, {{ + {FIELD_LITERAL(0x0008ed8ea0ad95beULL, 0x0041d324b9709645ULL, + 0x00e25412257a19b4ULL, 0x0058df9f3423d8d2ULL, + 0x00a9ab20def71304ULL, 0x009ae0dbf8ac4a81ULL, + 0x00c9565977e4392aULL, 0x003c9269444baf55ULL)}, + {FIELD_LITERAL(0x007df6cbb926830bULL, 0x00d336058ae37865ULL, + 0x007af47dac696423ULL, 0x0048d3011ec64ac8ULL, + 0x006b87666e40049fULL, 0x0036a2e0e51303d7ULL, + 0x00ba319bd79dbc55ULL, 0x003e2737ecc94f53ULL)}, + {FIELD_LITERAL(0x00d296ff726272d9ULL, 0x00f6d097928fcf57ULL, + 0x00e0e616a55d7013ULL, 0x00deaf454ed9eac7ULL, + 0x0073a56bedef4d92ULL, 0x006ccfdf6fc92e19ULL, + 0x009d1ee1371a7218ULL, 0x00ee3c2ee4462d80ULL)}, + }}, {{ + {FIELD_LITERAL(0x00437bce9bccdf9dULL, 0x00e0c8e2f85dc0a3ULL, + 0x00c91a7073995a19ULL, 0x00856ec9fe294559ULL, + 0x009e4b33394b156eULL, 0x00e245b0dc497e5cULL, + 0x006a54e687eeaeffULL, 0x00f1cd1cd00fdb7cULL)}, + {FIELD_LITERAL(0x008132ae5c5d8cd1ULL, 0x00121d68324a1d9fULL, + 0x00d6be9dafcb8c76ULL, 0x00684d9070edf745ULL, + 0x00519fbc96d7448eULL, 0x00388182fdc1f27eULL, + 0x000235baed41f158ULL, 0x00bf6cf6f1a1796aULL)}, + {FIELD_LITERAL(0x002adc4b4d148219ULL, 0x003084ada0d3a90aULL, + 0x0046de8aab0f2e4eULL, 0x00452d342a67b5fdULL, + 0x00d4b50f01d4de21ULL, 0x00db6d9fc0cefb79ULL, + 0x008c184c86a462cdULL, 0x00e17c83764d42daULL)}, + }}, {{ + {FIELD_LITERAL(0x007b2743b9a1e01aULL, 0x007847ffd42688c4ULL, + 0x006c7844d610a316ULL, 0x00f0cb8b250aa4b0ULL, + 0x00a19060143b3ae6ULL, 0x0014eb10b77cfd80ULL, + 0x000170905729dd06ULL, 0x00063b5b9cd72477ULL)}, + {FIELD_LITERAL(0x00ce382dc7993d92ULL, 0x00021153e938b4c8ULL, + 0x00096f7567f48f51ULL, 0x0058f81ddfe4b0d5ULL, + 0x00cc379a56b355c7ULL, 0x002c760770d3e819ULL, + 0x00ee22d1d26e5a40ULL, 0x00de6d93d5b082d7ULL)}, + {FIELD_LITERAL(0x000a91a42c52e056ULL, 0x00185f6b77fce7eaULL, + 0x000803c51962f6b5ULL, 0x0022528582ba563dULL, + 0x0043f8040e9856d6ULL, 0x0085a29ec81fb860ULL, + 0x005f9a611549f5ffULL, 0x00c1f974ecbd4b06ULL)}, + }}, {{ + {FIELD_LITERAL(0x005b64c6fd65ec97ULL, 0x00c1fdd7f877bc7fULL, + 0x000d9cc6c89f841cULL, 0x005c97b7f1aff9adULL, + 0x0075e3c61475d47eULL, 0x001ecb1ba8153011ULL, + 0x00fe7f1c8d71d40dULL, 0x003fa9757a229832ULL)}, + {FIELD_LITERAL(0x00ffc5c89d2b0cbaULL, 0x00d363d42e3e6fc3ULL, + 0x0019a1a0118e2e8aULL, 0x00f7baeff48882e1ULL, + 0x001bd5af28c6b514ULL, 0x0055476ca2253cb2ULL, + 0x00d8eb1977e2ddf3ULL, 0x00b173b1adb228a1ULL)}, + {FIELD_LITERAL(0x00f2cb99dd0ad707ULL, 0x00e1e08b6859ddd8ULL, + 0x000008f2d0650bccULL, 0x00d7ed392f8615c3ULL, + 0x00976750a94da27fULL, 0x003e83bb0ecb69baULL, + 0x00df8e8d15c14ac6ULL, 0x00f9f7174295d9c2ULL)}, + }}, {{ + {FIELD_LITERAL(0x00f11cc8e0e70bcbULL, 0x00e5dc689974e7ddULL, + 0x0014e409f9ee5870ULL, 0x00826e6689acbd63ULL, + 0x008a6f4e3d895d88ULL, 0x00b26a8da41fd4adULL, + 0x000fb7723f83efd7ULL, 0x009c749db0a5f6c3ULL)}, + {FIELD_LITERAL(0x002389319450f9baULL, 0x003677f31aa1250aULL, + 0x0092c3db642f38cbULL, 0x00f8b64c0dfc9773ULL, + 0x00cd49fe3505b795ULL, 0x0068105a4090a510ULL, + 0x00df0ba2072a8bb6ULL, 0x00eb396143afd8beULL)}, + {FIELD_LITERAL(0x00a0d4ecfb24cdffULL, 0x00ddaf8008ba6479ULL, + 0x00f0b3e36d4b0f44ULL, 0x003734bd3af1f146ULL, + 0x00b87e2efc75527eULL, 0x00d230df55ddab50ULL, + 0x002613257ae56c1dULL, 0x00bc0946d135934dULL)}, + }}, {{ + {FIELD_LITERAL(0x00468711bd994651ULL, 0x0033108fa67561bfULL, + 0x0089d760192a54b4ULL, 0x00adc433de9f1871ULL, + 0x000467d05f36e050ULL, 0x007847e0f0579f7fULL, + 0x00a2314ad320052dULL, 0x00b3a93649f0b243ULL)}, + {FIELD_LITERAL(0x0067f8f0c4fe26c9ULL, 0x0079c4a3cc8f67b9ULL, + 0x0082b1e62f23550dULL, 0x00f2d409caefd7f5ULL, + 0x0080e67dcdb26e81ULL, 0x0087ae993ea1f98aULL, + 0x00aa108becf61d03ULL, 0x001acf11efb608a3ULL)}, + {FIELD_LITERAL(0x008225febbab50d9ULL, 0x00f3b605e4dd2083ULL, + 0x00a32b28189e23d2ULL, 0x00d507e5e5eb4c97ULL, + 0x005a1a84e302821fULL, 0x0006f54c1c5f08c7ULL, + 0x00a347c8cb2843f0ULL, 0x0009f73e9544bfa5ULL)}, + }}, {{ + {FIELD_LITERAL(0x006c59c9ae744185ULL, 0x009fc32f1b4282cdULL, + 0x004d6348ca59b1acULL, 0x00105376881be067ULL, + 0x00af4096013147dcULL, 0x004abfb5a5cb3124ULL, + 0x000d2a7f8626c354ULL, 0x009c6ed568e07431ULL)}, + {FIELD_LITERAL(0x00e828333c297f8bULL, 0x009ef3cf8c3f7e1fULL, + 0x00ab45f8fff31cb9ULL, 0x00c8b4178cb0b013ULL, + 0x00d0c50dd3260a3fULL, 0x0097126ac257f5bcULL, + 0x0042376cc90c705aULL, 0x001d96fdb4a1071eULL)}, + {FIELD_LITERAL(0x00542d44d89ee1a8ULL, 0x00306642e0442d98ULL, + 0x0090853872b87338ULL, 0x002362cbf22dc044ULL, + 0x002c222adff663b8ULL, 0x0067c924495fcb79ULL, + 0x000e621d983c977cULL, 0x00df77a9eccb66fbULL)}, + }}, {{ + {FIELD_LITERAL(0x002809e4bbf1814aULL, 0x00b9e854f9fafb32ULL, + 0x00d35e67c10f7a67ULL, 0x008f1bcb76e748cfULL, + 0x004224d9515687d2ULL, 0x005ba0b774e620c4ULL, + 0x00b5e57db5d54119ULL, 0x00e15babe5683282ULL)}, + {FIELD_LITERAL(0x00832d02369b482cULL, 0x00cba52ff0d93450ULL, + 0x003fa9c908d554dbULL, 0x008d1e357b54122fULL, + 0x00abd91c2dc950c6ULL, 0x007eff1df4c0ec69ULL, + 0x003f6aeb13fb2d31ULL, 0x00002d6179fc5b2cULL)}, + {FIELD_LITERAL(0x0046c9eda81c9c89ULL, 0x00b60cb71c8f62fcULL, + 0x0022f5a683baa558ULL, 0x00f87319fccdf997ULL, + 0x009ca09b51ce6a22ULL, 0x005b12baf4af7d77ULL, + 0x008a46524a1e33e2ULL, 0x00035a77e988be0dULL)}, + }}, {{ + {FIELD_LITERAL(0x00a7efe46a7dbe2fULL, 0x002f66fd55014fe7ULL, + 0x006a428afa1ff026ULL, 0x0056caaa9604ab72ULL, + 0x0033f3bcd7fac8aeULL, 0x00ccb1aa01c86764ULL, + 0x00158d1edf13bf40ULL, 0x009848ee76fcf3b4ULL)}, + {FIELD_LITERAL(0x00a9e7730a819691ULL, 0x00d9cc73c4992b70ULL, + 0x00e299bde067de5aULL, 0x008c314eb705192aULL, + 0x00e7226f17e8a3ccULL, 0x0029dfd956e65a47ULL, + 0x0053a8e839073b12ULL, 0x006f942b2ab1597eULL)}, + {FIELD_LITERAL(0x001c3d780ecd5e39ULL, 0x0094f247fbdcc5feULL, + 0x00d5c786fd527764ULL, 0x00b6f4da74f0db2aULL, + 0x0080f1f8badcd5fcULL, 0x00f36a373ad2e23bULL, + 0x00f804f9f4343bf2ULL, 0x00d1af40ec623982ULL)}, + }}, {{ + {FIELD_LITERAL(0x0082aeace5f1b144ULL, 0x00f68b3108cf4dd3ULL, + 0x00634af01dde3020ULL, 0x000beab5df5c2355ULL, + 0x00e8b790d1b49b0bULL, 0x00e48d15854e36f4ULL, + 0x0040ab2d95f3db9fULL, 0x002711c4ed9e899aULL)}, + {FIELD_LITERAL(0x0039343746531ebeULL, 0x00c8509d835d429dULL, + 0x00e79eceff6b0018ULL, 0x004abfd31e8efce5ULL, + 0x007bbfaaa1e20210ULL, 0x00e3be89c193e179ULL, + 0x001c420f4c31d585ULL, 0x00f414a315bef5aeULL)}, + {FIELD_LITERAL(0x007c296a24990df8ULL, 0x00d5d07525a75588ULL, + 0x00dd8e113e94b7e7ULL, 0x007bbc58febe0cc8ULL, + 0x0029f51af9bfcad3ULL, 0x007e9311ec7ab6f3ULL, + 0x009a884de1676343ULL, 0x0050d5f2dce84be9ULL)}, + }}, {{ + {FIELD_LITERAL(0x005fa020cca2450aULL, 0x00491c29db6416d8ULL, + 0x0037cefe3f9f9a85ULL, 0x003d405230647066ULL, + 0x0049e835f0fdbe89ULL, 0x00feb78ac1a0815cULL, + 0x00828e4b32dc9724ULL, 0x00db84f2dc8d6fd4ULL)}, + {FIELD_LITERAL(0x0098cddc8b39549aULL, 0x006da37e3b05d22cULL, + 0x00ce633cfd4eb3cbULL, 0x00fda288ef526acdULL, + 0x0025338878c5d30aULL, 0x00f34438c4e5a1b4ULL, + 0x00584efea7c310f1ULL, 0x0041a551f1b660adULL)}, + {FIELD_LITERAL(0x00d7f7a8fbd6437aULL, 0x0062872413bf3753ULL, + 0x00ad4bbcb43c584bULL, 0x007fe49be601d7e3ULL, + 0x0077c659789babf4ULL, 0x00eb45fcb06a741bULL, + 0x005ce244913f9708ULL, 0x0088426401736326ULL)}, + }}, {{ + {FIELD_LITERAL(0x007bf562ca768d7cULL, 0x006c1f3a174e387cULL, + 0x00f024b447fee939ULL, 0x007e7af75f01143fULL, + 0x003adb70b4eed89dULL, 0x00e43544021ad79aULL, + 0x0091f7f7042011f6ULL, 0x0093c1a1ee3a0ddcULL)}, + {FIELD_LITERAL(0x00a0b68ec1eb72d2ULL, 0x002c03235c0d45a0ULL, + 0x00553627323fe8c5ULL, 0x006186e94b17af94ULL, + 0x00a9906196e29f14ULL, 0x0025b3aee6567733ULL, + 0x007e0dd840080517ULL, 0x0018eb5801a4ba93ULL)}, + {FIELD_LITERAL(0x00d7fe7017bf6a40ULL, 0x006e3f0624be0c42ULL, + 0x00ffbba205358245ULL, 0x00f9fc2cf8194239ULL, + 0x008d93b37bf15b4eULL, 0x006ddf2e38be8e95ULL, + 0x002b6e79bf5fcff9ULL, 0x00ab355da425e2deULL)}, + }}, {{ + {FIELD_LITERAL(0x00938f97e20be973ULL, 0x0099141a36aaf306ULL, + 0x0057b0ca29e545a1ULL, 0x0085db571f9fbc13ULL, + 0x008b333c554b4693ULL, 0x0043ab6ef3e241cbULL, + 0x0054fb20aa1e5c70ULL, 0x00be0ff852760adfULL)}, + {FIELD_LITERAL(0x003973d8938971d6ULL, 0x002aca26fa80c1f5ULL, + 0x00108af1faa6b513ULL, 0x00daae275d7924e6ULL, + 0x0053634ced721308ULL, 0x00d2355fe0bbd443ULL, + 0x00357612b2d22095ULL, 0x00f9bb9dd4136cf3ULL)}, + {FIELD_LITERAL(0x002bff12cf5e03a5ULL, 0x001bdb1fa8a19cf8ULL, + 0x00c91c6793f84d39ULL, 0x00f869f1b2eba9afULL, + 0x0059bc547dc3236bULL, 0x00d91611d6d38689ULL, + 0x00e062daaa2c0214ULL, 0x00ed3c047cc2bc82ULL)}, + }}, {{ + {FIELD_LITERAL(0x000050d70c32b31aULL, 0x001939d576d437b3ULL, + 0x00d709e598bf9fe6ULL, 0x00a885b34bd2ee9eULL, + 0x00dd4b5c08ab1a50ULL, 0x0091bebd50b55639ULL, + 0x00cf79ff64acdbc6ULL, 0x006067a39d826336ULL)}, + {FIELD_LITERAL(0x0062dd0fb31be374ULL, 0x00fcc96b84c8e727ULL, + 0x003f64f1375e6ae3ULL, 0x0057d9b6dd1af004ULL, + 0x00d6a167b1103c7bULL, 0x00dd28f3180fb537ULL, + 0x004ff27ad7167128ULL, 0x008934c33461f2acULL)}, + {FIELD_LITERAL(0x0065b472b7900043ULL, 0x00ba7efd2ff1064bULL, + 0x000b67d6c4c3020fULL, 0x0012d28469f4e46dULL, + 0x0031c32939703ec7ULL, 0x00b49f0bce133066ULL, + 0x00f7e10416181d47ULL, 0x005c90f51867eeccULL)}, + }}, {{ + {FIELD_LITERAL(0x0051207abd179101ULL, 0x00fc2a5c20d9c5daULL, + 0x00fb9d5f2701b6dfULL, 0x002dd040fdea82b8ULL, + 0x00f163b0738442ffULL, 0x00d9736bd68855b8ULL, + 0x00e0d8e93005e61cULL, 0x00df5a40b3988570ULL)}, + {FIELD_LITERAL(0x0006918f5dfce6dcULL, 0x00d4bf1c793c57fbULL, + 0x0069a3f649435364ULL, 0x00e89a50e5b0cd6eULL, + 0x00b9f6a237e973afULL, 0x006d4ed8b104e41dULL, + 0x00498946a3924cd2ULL, 0x00c136ec5ac9d4f7ULL)}, + {FIELD_LITERAL(0x0011a9c290ac5336ULL, 0x002b9a2d4a6a6533ULL, + 0x009a8a68c445d937ULL, 0x00361b27b07e5e5cULL, + 0x003c043b1755b974ULL, 0x00b7eb66cf1155eeULL, + 0x0077af5909eefff2ULL, 0x0098f609877cc806ULL)}, + }}, {{ + {FIELD_LITERAL(0x00ab13af436bf8f4ULL, 0x000bcf0a0dac8574ULL, + 0x00d50c864f705045ULL, 0x00c40e611debc842ULL, + 0x0085010489bd5caaULL, 0x007c5050acec026fULL, + 0x00f67d943c8da6d1ULL, 0x00de1da0278074c6ULL)}, + {FIELD_LITERAL(0x00b373076597455fULL, 0x00e83f1af53ac0f5ULL, + 0x0041f63c01dc6840ULL, 0x0097dea19b0c6f4bULL, + 0x007f9d63b4c1572cULL, 0x00e692d492d0f5f0ULL, + 0x00cbcb392e83b4adULL, 0x0069c0f39ed9b1a8ULL)}, + {FIELD_LITERAL(0x00861030012707c9ULL, 0x009fbbdc7fd4aafbULL, + 0x008f591d6b554822ULL, 0x00df08a41ea18adeULL, + 0x009d7d83e642abeaULL, 0x0098c71bda3b78ffULL, + 0x0022c89e7021f005ULL, 0x0044d29a3fe1e3c4ULL)}, + }}, {{ + {FIELD_LITERAL(0x00e748cd7b5c52f2ULL, 0x00ea9df883f89cc3ULL, + 0x0018970df156b6c7ULL, 0x00c5a46c2a33a847ULL, + 0x00cbde395e32aa09ULL, 0x0072474ebb423140ULL, + 0x00fb00053086a23dULL, 0x001dafcfe22d4e1fULL)}, + {FIELD_LITERAL(0x00c903ee6d825540ULL, 0x00add6c4cf98473eULL, + 0x007636efed4227f1ULL, 0x00905124ae55e772ULL, + 0x00e6b38fab12ed53ULL, 0x0045e132b863fe55ULL, + 0x003974662edb366aULL, 0x00b1787052be8208ULL)}, + {FIELD_LITERAL(0x00a614b00d775c7cULL, 0x00d7c78941cc7754ULL, + 0x00422dd68b5dabc4ULL, 0x00a6110f0167d28bULL, + 0x00685a309c252886ULL, 0x00b439ffd5143660ULL, + 0x003656e29ee7396fULL, 0x00c7c9b9ed5ad854ULL)}, + }}, {{ + {FIELD_LITERAL(0x0040f7e7c5b37bf2ULL, 0x0064e4dc81181bbaULL, + 0x00a8767ae2a366b6ULL, 0x001496b4f90546f2ULL, + 0x002a28493f860441ULL, 0x0021f59513049a3aULL, + 0x00852d369a8b7ee3ULL, 0x00dd2e7d8b7d30a9ULL)}, + {FIELD_LITERAL(0x00006e34a35d9fbcULL, 0x00eee4e48b2f019aULL, + 0x006b344743003a5fULL, 0x00541d514f04a7e3ULL, + 0x00e81f9ee7647455ULL, 0x005e2b916c438f81ULL, + 0x00116f8137b7eff0ULL, 0x009bd3decc7039d1ULL)}, + {FIELD_LITERAL(0x0005d226f434110dULL, 0x00af8288b8ef21d5ULL, + 0x004a7a52ef181c8cULL, 0x00be0b781b4b06deULL, + 0x00e6e3627ded07e1ULL, 0x00e43aa342272b8bULL, + 0x00e86ab424577d84ULL, 0x00fb292c566e35bbULL)}, + }}, {{ + {FIELD_LITERAL(0x00334f5303ea1222ULL, 0x00dfb3dbeb0a5d3eULL, + 0x002940d9592335c1ULL, 0x00706a7a63e8938aULL, + 0x005a533558bc4cafULL, 0x00558e33192022a9ULL, + 0x00970d9faf74c133ULL, 0x002979fcb63493caULL)}, + {FIELD_LITERAL(0x00e38abece3c82abULL, 0x005a51f18a2c7a86ULL, + 0x009dafa2e86d592eULL, 0x00495a62eb688678ULL, + 0x00b79df74c0eb212ULL, 0x0023e8cc78b75982ULL, + 0x005998cb91075e13ULL, 0x00735aa9ba61bc76ULL)}, + {FIELD_LITERAL(0x00d9f7a82ddbe628ULL, 0x00a1fc782889ae0fULL, + 0x0071ffda12d14b66ULL, 0x0037cf4eca7fb3d5ULL, + 0x00c80bc242c58808ULL, 0x0075bf8c2d08c863ULL, + 0x008d41f31afc52a7ULL, 0x00197962ecf38741ULL)}, + }}, {{ + {FIELD_LITERAL(0x006e9f475cccf2eeULL, 0x00454b9cd506430cULL, + 0x00224a4fb79ee479ULL, 0x0062e3347ef0b5e2ULL, + 0x0034fd2a3512232aULL, 0x00b8b3cb0f457046ULL, + 0x00eb20165daa38ecULL, 0x00128eebc2d9c0f7ULL)}, + {FIELD_LITERAL(0x00bfc5fa1e4ea21fULL, 0x00c21d7b6bb892e6ULL, + 0x00cf043f3acf0291ULL, 0x00c13f2f849b3c90ULL, + 0x00d1a97ebef10891ULL, 0x0061e130a445e7feULL, + 0x0019513fdedbf22bULL, 0x001d60c813bff841ULL)}, + {FIELD_LITERAL(0x0019561c7fcf0213ULL, 0x00e3dca6843ebd77ULL, + 0x0068ea95b9ca920eULL, 0x009bdfb70f253595ULL, + 0x00c68f59186aa02aULL, 0x005aee1cca1c3039ULL, + 0x00ab79a8a937a1ceULL, 0x00b9a0e549959e6fULL)}, + }}, {{ + {FIELD_LITERAL(0x00c79e0b6d97dfbdULL, 0x00917c71fd2bc6e8ULL, + 0x00db7529ccfb63d8ULL, 0x00be5be957f17866ULL, + 0x00a9e11fdc2cdac1ULL, 0x007b91a8e1f44443ULL, + 0x00a3065e4057d80fULL, 0x004825f5b8d5f6d4ULL)}, + {FIELD_LITERAL(0x003e4964fa8a8fc8ULL, 0x00f6a1cdbcf41689ULL, + 0x00943cb18fe7fda7ULL, 0x00606dafbf34440aULL, + 0x005d37a86399c789ULL, 0x00e79a2a69417403ULL, + 0x00fe34f7e68b8866ULL, 0x0011f448ed2df10eULL)}, + {FIELD_LITERAL(0x00f1f57efcc1fcc4ULL, 0x00513679117de154ULL, + 0x002e5b5b7c86d8c3ULL, 0x009f6486561f9cfbULL, + 0x00169e74b0170cf7ULL, 0x00900205af4af696ULL, + 0x006acfddb77853f3ULL, 0x00df184c90f31068ULL)}, + }}, {{ + {FIELD_LITERAL(0x00b37396c3320791ULL, 0x00fc7b67175c5783ULL, + 0x00c36d2cd73ecc38ULL, 0x0080ebcc0b328fc5ULL, + 0x0043a5b22b35d35dULL, 0x00466c9f1713c9daULL, + 0x0026ad346dcaa8daULL, 0x007c684e701183a6ULL)}, + {FIELD_LITERAL(0x00fd579ffb691713ULL, 0x00b76af4f81c412dULL, + 0x00f239de96110f82ULL, 0x00e965fb437f0306ULL, + 0x00ca7e9436900921ULL, 0x00e487f1325fa24aULL, + 0x00633907de476380ULL, 0x00721c62ac5b8ea0ULL)}, + {FIELD_LITERAL(0x00c0d54e542eb4f9ULL, 0x004ed657171c8dcfULL, + 0x00b743a4f7c2a39bULL, 0x00fd9f93ed6cc567ULL, + 0x00307fae3113e58bULL, 0x0058aa577c93c319ULL, + 0x00d254556f35b346ULL, 0x00491aada2203f0dULL)}, + }}, {{ + {FIELD_LITERAL(0x00dff3103786ff34ULL, 0x000144553b1f20c3ULL, + 0x0095613baeb930e4ULL, 0x00098058275ea5d4ULL, + 0x007cd1402b046756ULL, 0x0074d74e4d58aee3ULL, + 0x005f93fc343ff69bULL, 0x00873df17296b3b0ULL)}, + {FIELD_LITERAL(0x00c4a1fb48635413ULL, 0x00b5dd54423ad59fULL, + 0x009ff5d53fd24a88ULL, 0x003c98d267fc06a7ULL, + 0x002db7cb20013641ULL, 0x00bd1d6716e191f2ULL, + 0x006dbc8b29094241ULL, 0x0044bbf233dafa2cULL)}, + {FIELD_LITERAL(0x0055838d41f531e6ULL, 0x00bf6a2dd03c81b2ULL, + 0x005827a061c4839eULL, 0x0000de2cbb36aac3ULL, + 0x002efa29d9717478ULL, 0x00f9e928cc8a77baULL, + 0x00c134b458def9efULL, 0x00958a182223fc48ULL)}, + }}, {{ + {FIELD_LITERAL(0x000a9ee23c06881fULL, 0x002c727d3d871945ULL, + 0x00f47d971512d24aULL, 0x00671e816f9ef31aULL, + 0x00883af2cfaad673ULL, 0x00601f98583d6c9aULL, + 0x00b435f5adc79655ULL, 0x00ad87b71c04bff2ULL)}, + {FIELD_LITERAL(0x007860d99db787cfULL, 0x00fda8983018f4a8ULL, + 0x008c8866bac4743cULL, 0x00ef471f84c82a3fULL, + 0x00abea5976d3b8e7ULL, 0x00714882896cd015ULL, + 0x00b49fae584ddac5ULL, 0x008e33a1a0b69c81ULL)}, + {FIELD_LITERAL(0x007b6ee2c9e8a9ecULL, 0x002455dbbd89d622ULL, + 0x006490cf4eaab038ULL, 0x00d925f6c3081561ULL, + 0x00153b3047de7382ULL, 0x003b421f8bdceb6fULL, + 0x00761a4a5049da78ULL, 0x00980348c5202433ULL)}, + }}, {{ + {FIELD_LITERAL(0x007f8a43da97dd5cULL, 0x00058539c800fc7bULL, + 0x0040f3cf5a28414aULL, 0x00d68dd0d95283d6ULL, + 0x004adce9da90146eULL, 0x00befa41c7d4f908ULL, + 0x007603bc2e3c3060ULL, 0x00bdf360ab3545dbULL)}, + {FIELD_LITERAL(0x00eebfd4e2312cc3ULL, 0x00474b2564e4fc8cULL, + 0x003303ef14b1da9bULL, 0x003c93e0e66beb1dULL, + 0x0013619b0566925aULL, 0x008817c24d901bf3ULL, + 0x00b62bd8898d218bULL, 0x0075a7716f1e88a2ULL)}, + {FIELD_LITERAL(0x0009218da1e6890fULL, 0x0026907f5fd02575ULL, + 0x004dabed5f19d605ULL, 0x003abf181870249dULL, + 0x00b52fd048cc92c4ULL, 0x00b6dd51e415a5c5ULL, + 0x00d9eb82bd2b4014ULL, 0x002c865a43b46b43ULL)}, + }}, {{ + {FIELD_LITERAL(0x0070047189452f4cULL, 0x00f7ad12e1ce78d5ULL, + 0x00af1ba51ec44a8bULL, 0x005f39f63e667cd6ULL, + 0x00058eac4648425eULL, 0x00d7fdab42bea03bULL, + 0x0028576a5688de15ULL, 0x00af973209e77c10ULL)}, + {FIELD_LITERAL(0x00c338b915d8fef0ULL, 0x00a893292045c39aULL, + 0x0028ab4f2eba6887ULL, 0x0060743cb519fd61ULL, + 0x0006213964093ac0ULL, 0x007c0b7a43f6266dULL, + 0x008e3557c4fa5bdaULL, 0x002da976de7b8d9dULL)}, + {FIELD_LITERAL(0x0048729f8a8b6dcdULL, 0x00fe23b85cc4d323ULL, + 0x00e7384d16e4db0eULL, 0x004a423970678942ULL, + 0x00ec0b763345d4baULL, 0x00c477b9f99ed721ULL, + 0x00c29dad3777b230ULL, 0x001c517b466f7df6ULL)}, + }}, {{ + {FIELD_LITERAL(0x006366c380f7b574ULL, 0x001c7d1f09ff0438ULL, + 0x003e20a7301f5b22ULL, 0x00d3efb1916d28f6ULL, + 0x0049f4f81060ce83ULL, 0x00c69d91ea43ced1ULL, + 0x002b6f3e5cd269edULL, 0x005b0fb22ce9ec65ULL)}, + {FIELD_LITERAL(0x00aa2261022d883fULL, 0x00ebcca4548010acULL, + 0x002528512e28a437ULL, 0x0070ca7676b66082ULL, + 0x0084bda170f7c6d3ULL, 0x00581b4747c9b8bbULL, + 0x005c96a01061c7e2ULL, 0x00fb7c4a362b5273ULL)}, + {FIELD_LITERAL(0x00c30020eb512d02ULL, 0x0060f288283a4d26ULL, + 0x00b7ed13becde260ULL, 0x0075ebb74220f6e9ULL, + 0x00701079fcfe8a1fULL, 0x001c28fcdff58938ULL, + 0x002e4544b8f4df6bULL, 0x0060c5bc4f1a7d73ULL)}, + }}, {{ + {FIELD_LITERAL(0x00ae307cf069f701ULL, 0x005859f222dd618bULL, + 0x00212d6c46ec0b0dULL, 0x00a0fe4642afb62dULL, + 0x00420d8e4a0a8903ULL, 0x00a80ff639bdf7b0ULL, + 0x0019bee1490b5d8eULL, 0x007439e4b9c27a86ULL)}, + {FIELD_LITERAL(0x00a94700032a093fULL, 0x0076e96c225216e7ULL, + 0x00a63a4316e45f91ULL, 0x007d8bbb4645d3b2ULL, + 0x00340a6ff22793ebULL, 0x006f935d4572aeb7ULL, + 0x00b1fb69f00afa28ULL, 0x009e8f3423161ed3ULL)}, + {FIELD_LITERAL(0x009ef49c6b5ced17ULL, 0x00a555e6269e9f0aULL, + 0x007e6f1d79ec73b5ULL, 0x009ac78695a32ac4ULL, + 0x0001d77fbbcd5682ULL, 0x008cea1fee0aaeedULL, + 0x00f42bea82a53462ULL, 0x002e46ab96cafcc9ULL)}, + }}, {{ + {FIELD_LITERAL(0x0051cfcc5885377aULL, 0x00dce566cb1803caULL, + 0x00430c7643f2c7d4ULL, 0x00dce1a1337bdcc0ULL, + 0x0010d5bd7283c128ULL, 0x003b1b547f9b46feULL, + 0x000f245e37e770abULL, 0x007b72511f022b37ULL)}, + {FIELD_LITERAL(0x0060db815bc4786cULL, 0x006fab25beedc434ULL, + 0x00c610d06084797cULL, 0x000c48f08537bec0ULL, + 0x0031aba51c5b93daULL, 0x007968fa6e01f347ULL, + 0x0030070da52840c6ULL, 0x00c043c225a4837fULL)}, + {FIELD_LITERAL(0x001bcfd00649ee93ULL, 0x006dceb47e2a0fd5ULL, + 0x00f2cebda0cf8fd0ULL, 0x00b6b9d9d1fbdec3ULL, + 0x00815262e6490611ULL, 0x00ef7f5ce3176760ULL, + 0x00e49cd0c998d58bULL, 0x005fc6cc269ba57cULL)}, + }}, {{ + {FIELD_LITERAL(0x008940211aa0d633ULL, 0x00addae28136571dULL, + 0x00d68fdbba20d673ULL, 0x003bc6129bc9e21aULL, + 0x000346cf184ebe9aULL, 0x0068774d741ebc7fULL, + 0x0019d5e9e6966557ULL, 0x0003cbd7f981b651ULL)}, + {FIELD_LITERAL(0x004a2902926f8d3fULL, 0x00ad79b42637ab75ULL, + 0x0088f60b90f2d4e8ULL, 0x0030f54ef0e398c4ULL, + 0x00021dc9bf99681eULL, 0x007ebf66fde74ee3ULL, + 0x004ade654386e9a4ULL, 0x00e7485066be4c27ULL)}, + {FIELD_LITERAL(0x00445f1263983be0ULL, 0x004cf371dda45e6aULL, + 0x00744a89d5a310e7ULL, 0x001f20ce4f904833ULL, + 0x00e746edebe66e29ULL, 0x000912ab1f6c153dULL, + 0x00f61d77d9b2444cULL, 0x0001499cd6647610ULL)}, }} } }; @@ -343,133 +1063,421 @@ const struct curve448_precomputed_s *curve448_precomputed_base static const niels_t curve448_wnaf_base_table[32] = { {{ - {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x00e822938a0a0c0c,0x00263a61c9ea9216,0x001204029321b828,0x006a468360983c65,0x0002846f0a782143)}, - {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x006822938a0a0c0c,0x00263a61c9ea9215,0x001204029321b828,0x006a468360983c65,0x0082846f0a782143)}, - {FIELD_LITERAL(0x00ef8e22b275198d,0x00b0eb141a0b0e8b,0x001f6789da3cb38c,0x006d2ff8ed39073e,0x00610bdb69a167f3,0x00571f306c9689b4,0x00f557e6f84b2df8,0x002affd38b2c86db)}, + {FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL, + 0x00226b9fa4728ccdULL, 0x00e822938a0a0c0cULL, + 0x00263a61c9ea9216ULL, 0x001204029321b828ULL, + 0x006a468360983c65ULL, 0x0002846f0a782143ULL)}, + {FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL, + 0x00226b9fa4728ccdULL, 0x006822938a0a0c0cULL, + 0x00263a61c9ea9215ULL, 0x001204029321b828ULL, + 0x006a468360983c65ULL, 0x0082846f0a782143ULL)}, + {FIELD_LITERAL(0x00ef8e22b275198dULL, 0x00b0eb141a0b0e8bULL, + 0x001f6789da3cb38cULL, 0x006d2ff8ed39073eULL, + 0x00610bdb69a167f3ULL, 0x00571f306c9689b4ULL, + 0x00f557e6f84b2df8ULL, 0x002affd38b2c86dbULL)}, }}, {{ - {FIELD_LITERAL(0x00cea0fc8d2e88b5,0x00821612d69f1862,0x0074c283b3e67522,0x005a195ba05a876d,0x000cddfe557feea4,0x008046c795bcc5e5,0x00540969f4d6e119,0x00d27f96d6b143d5)}, - {FIELD_LITERAL(0x000c3b1019d474e8,0x00e19533e4952284,0x00cc9810ba7c920a,0x00f103d2785945ac,0x00bfa5696cc69b34,0x00a8d3d51e9ca839,0x005623cb459586b9,0x00eae7ce1cd52e9e)}, - {FIELD_LITERAL(0x0005a178751dd7d8,0x002cc3844c69c42f,0x00acbfe5efe10539,0x009c20f43431a65a,0x008435d96374a7b3,0x009ee57566877bd3,0x0044691725ed4757,0x001e87bb2fe2c6b2)}, + {FIELD_LITERAL(0x00cea0fc8d2e88b5ULL, 0x00821612d69f1862ULL, + 0x0074c283b3e67522ULL, 0x005a195ba05a876dULL, + 0x000cddfe557feea4ULL, 0x008046c795bcc5e5ULL, + 0x00540969f4d6e119ULL, 0x00d27f96d6b143d5ULL)}, + {FIELD_LITERAL(0x000c3b1019d474e8ULL, 0x00e19533e4952284ULL, + 0x00cc9810ba7c920aULL, 0x00f103d2785945acULL, + 0x00bfa5696cc69b34ULL, 0x00a8d3d51e9ca839ULL, + 0x005623cb459586b9ULL, 0x00eae7ce1cd52e9eULL)}, + {FIELD_LITERAL(0x0005a178751dd7d8ULL, 0x002cc3844c69c42fULL, + 0x00acbfe5efe10539ULL, 0x009c20f43431a65aULL, + 0x008435d96374a7b3ULL, 0x009ee57566877bd3ULL, + 0x0044691725ed4757ULL, 0x001e87bb2fe2c6b2ULL)}, }}, {{ - {FIELD_LITERAL(0x000cedc4debf7a04,0x002ffa45000470ac,0x002e9f9678201915,0x0017da1208c4fe72,0x007d558cc7d656cb,0x0037a827287cf289,0x00142472d3441819,0x009c21f166cf8dd1)}, - {FIELD_LITERAL(0x003ef83af164b2f2,0x000949a5a0525d0d,0x00f4498186cac051,0x00e77ac09ef126d2,0x0073ae0b2c9296e9,0x001c163f6922e3ed,0x0062946159321bea,0x00cfb79b22990b39)}, - {FIELD_LITERAL(0x00b001431ca9e654,0x002d7e5eabcc9a3a,0x0052e8114c2f6747,0x0079ac4f94487f92,0x00bffd919b5d749c,0x00261f92ad15e620,0x00718397b7a97895,0x00c1443e6ebbc0c4)}, + {FIELD_LITERAL(0x000cedc4debf7a04ULL, 0x002ffa45000470acULL, + 0x002e9f9678201915ULL, 0x0017da1208c4fe72ULL, + 0x007d558cc7d656cbULL, 0x0037a827287cf289ULL, + 0x00142472d3441819ULL, 0x009c21f166cf8dd1ULL)}, + {FIELD_LITERAL(0x003ef83af164b2f2ULL, 0x000949a5a0525d0dULL, + 0x00f4498186cac051ULL, 0x00e77ac09ef126d2ULL, + 0x0073ae0b2c9296e9ULL, 0x001c163f6922e3edULL, + 0x0062946159321beaULL, 0x00cfb79b22990b39ULL)}, + {FIELD_LITERAL(0x00b001431ca9e654ULL, 0x002d7e5eabcc9a3aULL, + 0x0052e8114c2f6747ULL, 0x0079ac4f94487f92ULL, + 0x00bffd919b5d749cULL, 0x00261f92ad15e620ULL, + 0x00718397b7a97895ULL, 0x00c1443e6ebbc0c4ULL)}, }}, {{ - {FIELD_LITERAL(0x00eacd90c1e0a049,0x008977935b149fbe,0x0004cb9ba11c93dc,0x009fbd5b3470844d,0x004bc18c9bfc22cf,0x0057679a991839f3,0x00ef15b76fb4092e,0x0074a5173a225041)}, - {FIELD_LITERAL(0x003f5f9d7ec4777b,0x00ab2e733c919c94,0x001bb6c035245ae5,0x00a325a49a883630,0x0033e9a9ea3cea2f,0x00e442a1eaa0e844,0x00b2116d5b0e71b8,0x00c16abed6d64047)}, - {FIELD_LITERAL(0x00c560b5ed051165,0x001945adc5d65094,0x00e221865710f910,0x00cc12bc9e9b8ceb,0x004faa9518914e35,0x0017476d89d42f6d,0x00b8f637c8fa1c8b,0x0088c7d2790864b8)}, + {FIELD_LITERAL(0x00eacd90c1e0a049ULL, 0x008977935b149fbeULL, + 0x0004cb9ba11c93dcULL, 0x009fbd5b3470844dULL, + 0x004bc18c9bfc22cfULL, 0x0057679a991839f3ULL, + 0x00ef15b76fb4092eULL, 0x0074a5173a225041ULL)}, + {FIELD_LITERAL(0x003f5f9d7ec4777bULL, 0x00ab2e733c919c94ULL, + 0x001bb6c035245ae5ULL, 0x00a325a49a883630ULL, + 0x0033e9a9ea3cea2fULL, 0x00e442a1eaa0e844ULL, + 0x00b2116d5b0e71b8ULL, 0x00c16abed6d64047ULL)}, + {FIELD_LITERAL(0x00c560b5ed051165ULL, 0x001945adc5d65094ULL, + 0x00e221865710f910ULL, 0x00cc12bc9e9b8cebULL, + 0x004faa9518914e35ULL, 0x0017476d89d42f6dULL, + 0x00b8f637c8fa1c8bULL, 0x0088c7d2790864b8ULL)}, }}, {{ - {FIELD_LITERAL(0x00ef7eafc1c69be6,0x0085d3855778fbea,0x002c8d5b450cb6f5,0x004e77de5e1e7fec,0x0047c057893abded,0x001b430b85d51e16,0x00965c7b45640c3c,0x00487b2bb1162b97)}, - {FIELD_LITERAL(0x0099c73a311beec2,0x00a3eff38d8912ad,0x002efa9d1d7e8972,0x00f717ae1e14d126,0x002833f795850c8b,0x0066c12ad71486bd,0x00ae9889da4820eb,0x00d6044309555c08)}, - {FIELD_LITERAL(0x004b1c5283d15e41,0x00669d8ea308ff75,0x0004390233f762a1,0x00e1d67b83cb6cec,0x003eebaa964c78b1,0x006b0aff965eb664,0x00b313d4470bdc37,0x008814ffcb3cb9d8)}, + {FIELD_LITERAL(0x00ef7eafc1c69be6ULL, 0x0085d3855778fbeaULL, + 0x002c8d5b450cb6f5ULL, 0x004e77de5e1e7fecULL, + 0x0047c057893abdedULL, 0x001b430b85d51e16ULL, + 0x00965c7b45640c3cULL, 0x00487b2bb1162b97ULL)}, + {FIELD_LITERAL(0x0099c73a311beec2ULL, 0x00a3eff38d8912adULL, + 0x002efa9d1d7e8972ULL, 0x00f717ae1e14d126ULL, + 0x002833f795850c8bULL, 0x0066c12ad71486bdULL, + 0x00ae9889da4820ebULL, 0x00d6044309555c08ULL)}, + {FIELD_LITERAL(0x004b1c5283d15e41ULL, 0x00669d8ea308ff75ULL, + 0x0004390233f762a1ULL, 0x00e1d67b83cb6cecULL, + 0x003eebaa964c78b1ULL, 0x006b0aff965eb664ULL, + 0x00b313d4470bdc37ULL, 0x008814ffcb3cb9d8ULL)}, }}, {{ - {FIELD_LITERAL(0x009724b8ce68db70,0x007678b5ed006f3d,0x00bdf4b89c0abd73,0x00299748e04c7c6d,0x00ddd86492c3c977,0x00c5a7febfa30a99,0x00ed84715b4b02bb,0x00319568adf70486)}, - {FIELD_LITERAL(0x0070ff2d864de5bb,0x005a37eeb637ee95,0x0033741c258de160,0x00e6ca5cb1988f46,0x001ceabd92a24661,0x0030957bd500fe40,0x001c3362afe912c5,0x005187889f678bd2)}, - {FIELD_LITERAL(0x0086835fc62bbdc7,0x009c3516ca4910a1,0x00956c71f8d00783,0x0095c78fcf63235f,0x00fc7ff6ba05c222,0x00cdd8b3f8d74a52,0x00ac5ae16de8256e,0x00e9d4be8ed48624)}, + {FIELD_LITERAL(0x009724b8ce68db70ULL, 0x007678b5ed006f3dULL, + 0x00bdf4b89c0abd73ULL, 0x00299748e04c7c6dULL, + 0x00ddd86492c3c977ULL, 0x00c5a7febfa30a99ULL, + 0x00ed84715b4b02bbULL, 0x00319568adf70486ULL)}, + {FIELD_LITERAL(0x0070ff2d864de5bbULL, 0x005a37eeb637ee95ULL, + 0x0033741c258de160ULL, 0x00e6ca5cb1988f46ULL, + 0x001ceabd92a24661ULL, 0x0030957bd500fe40ULL, + 0x001c3362afe912c5ULL, 0x005187889f678bd2ULL)}, + {FIELD_LITERAL(0x0086835fc62bbdc7ULL, 0x009c3516ca4910a1ULL, + 0x00956c71f8d00783ULL, 0x0095c78fcf63235fULL, + 0x00fc7ff6ba05c222ULL, 0x00cdd8b3f8d74a52ULL, + 0x00ac5ae16de8256eULL, 0x00e9d4be8ed48624ULL)}, }}, {{ - {FIELD_LITERAL(0x00c0ce11405df2d8,0x004e3f37b293d7b6,0x002410172e1ac6db,0x00b8dbff4bf8143d,0x003a7b409d56eb66,0x003e0f6a0dfef9af,0x0081c4e4d3645be1,0x00ce76076b127623)}, - {FIELD_LITERAL(0x00f6ee0f98974239,0x0042d89af07d3a4f,0x00846b7fe84346b5,0x006a21fc6a8d39a1,0x00ac8bc2541ff2d9,0x006d4e2a77732732,0x009a39b694cc3f2f,0x0085c0aa2a404c8f)}, - {FIELD_LITERAL(0x00b261101a218548,0x00c1cae96424277b,0x00869da0a77dd268,0x00bc0b09f8ec83ea,0x00d61027f8e82ba9,0x00aa4c85999dce67,0x00eac3132b9f3fe1,0x00fb9b0cf1c695d2)}, + {FIELD_LITERAL(0x00c0ce11405df2d8ULL, 0x004e3f37b293d7b6ULL, + 0x002410172e1ac6dbULL, 0x00b8dbff4bf8143dULL, + 0x003a7b409d56eb66ULL, 0x003e0f6a0dfef9afULL, + 0x0081c4e4d3645be1ULL, 0x00ce76076b127623ULL)}, + {FIELD_LITERAL(0x00f6ee0f98974239ULL, 0x0042d89af07d3a4fULL, + 0x00846b7fe84346b5ULL, 0x006a21fc6a8d39a1ULL, + 0x00ac8bc2541ff2d9ULL, 0x006d4e2a77732732ULL, + 0x009a39b694cc3f2fULL, 0x0085c0aa2a404c8fULL)}, + {FIELD_LITERAL(0x00b261101a218548ULL, 0x00c1cae96424277bULL, + 0x00869da0a77dd268ULL, 0x00bc0b09f8ec83eaULL, + 0x00d61027f8e82ba9ULL, 0x00aa4c85999dce67ULL, + 0x00eac3132b9f3fe1ULL, 0x00fb9b0cf1c695d2ULL)}, }}, {{ - {FIELD_LITERAL(0x0043079295512f0d,0x0046a009861758e0,0x003ee2842a807378,0x0034cc9d1298e4fa,0x009744eb4d31b3ee,0x00afacec96650cd0,0x00ac891b313761ae,0x00e864d6d26e708a)}, - {FIELD_LITERAL(0x00a84d7c8a23b491,0x0088e19aa868b27f,0x0005986d43e78ce9,0x00f28012f0606d28,0x0017ded7e10249b3,0x005ed4084b23af9b,0x00b9b0a940564472,0x00ad9056cceeb1f4)}, - {FIELD_LITERAL(0x00db91b357fe755e,0x00a1aa544b15359c,0x00af4931a0195574,0x007686124fe11aef,0x00d1ead3c7b9ef7e,0x00aaf5fc580f8c15,0x00e727be147ee1ec,0x003c61c1e1577b86)}, + {FIELD_LITERAL(0x0043079295512f0dULL, 0x0046a009861758e0ULL, + 0x003ee2842a807378ULL, 0x0034cc9d1298e4faULL, + 0x009744eb4d31b3eeULL, 0x00afacec96650cd0ULL, + 0x00ac891b313761aeULL, 0x00e864d6d26e708aULL)}, + {FIELD_LITERAL(0x00a84d7c8a23b491ULL, 0x0088e19aa868b27fULL, + 0x0005986d43e78ce9ULL, 0x00f28012f0606d28ULL, + 0x0017ded7e10249b3ULL, 0x005ed4084b23af9bULL, + 0x00b9b0a940564472ULL, 0x00ad9056cceeb1f4ULL)}, + {FIELD_LITERAL(0x00db91b357fe755eULL, 0x00a1aa544b15359cULL, + 0x00af4931a0195574ULL, 0x007686124fe11aefULL, + 0x00d1ead3c7b9ef7eULL, 0x00aaf5fc580f8c15ULL, + 0x00e727be147ee1ecULL, 0x003c61c1e1577b86ULL)}, }}, {{ - {FIELD_LITERAL(0x009d3fca983220cf,0x00cd11acbc853dc4,0x0017590409d27f1d,0x00d2176698082802,0x00fa01251b2838c8,0x00dd297a0d9b51c6,0x00d76c92c045820a,0x00534bc7c46c9033)}, - {FIELD_LITERAL(0x0080ed9bc9b07338,0x00fceac7745d2652,0x008a9d55f5f2cc69,0x0096ce72df301ac5,0x00f53232e7974d87,0x0071728c7ae73947,0x0090507602570778,0x00cb81cfd883b1b2)}, - {FIELD_LITERAL(0x005011aadea373da,0x003a8578ec896034,0x00f20a6535fa6d71,0x005152d31e5a87cf,0x002bac1c8e68ca31,0x00b0e323db4c1381,0x00f1d596b7d5ae25,0x00eae458097cb4e0)}, + {FIELD_LITERAL(0x009d3fca983220cfULL, 0x00cd11acbc853dc4ULL, + 0x0017590409d27f1dULL, 0x00d2176698082802ULL, + 0x00fa01251b2838c8ULL, 0x00dd297a0d9b51c6ULL, + 0x00d76c92c045820aULL, 0x00534bc7c46c9033ULL)}, + {FIELD_LITERAL(0x0080ed9bc9b07338ULL, 0x00fceac7745d2652ULL, + 0x008a9d55f5f2cc69ULL, 0x0096ce72df301ac5ULL, + 0x00f53232e7974d87ULL, 0x0071728c7ae73947ULL, + 0x0090507602570778ULL, 0x00cb81cfd883b1b2ULL)}, + {FIELD_LITERAL(0x005011aadea373daULL, 0x003a8578ec896034ULL, + 0x00f20a6535fa6d71ULL, 0x005152d31e5a87cfULL, + 0x002bac1c8e68ca31ULL, 0x00b0e323db4c1381ULL, + 0x00f1d596b7d5ae25ULL, 0x00eae458097cb4e0ULL)}, }}, {{ - {FIELD_LITERAL(0x00920ac80f9b0d21,0x00f80f7f73401246,0x0086d37849b557d6,0x0002bd4b317b752e,0x00b26463993a42bb,0x002070422a73b129,0x00341acaa0380cb3,0x00541914dd66a1b2)}, - {FIELD_LITERAL(0x00c1513cd66abe8c,0x000139e01118944d,0x0064abbcb8080bbb,0x00b3b08202473142,0x00c629ef25da2403,0x00f0aec3310d9b7f,0x0050b2227472d8cd,0x00f6c8a922d41fb4)}, - {FIELD_LITERAL(0x001075ccf26b7b1f,0x00bb6bb213170433,0x00e9491ad262da79,0x009ef4f48d2d384c,0x008992770766f09d,0x001584396b6b1101,0x00af3f8676c9feef,0x0024603c40269118)}, + {FIELD_LITERAL(0x00920ac80f9b0d21ULL, 0x00f80f7f73401246ULL, + 0x0086d37849b557d6ULL, 0x0002bd4b317b752eULL, + 0x00b26463993a42bbULL, 0x002070422a73b129ULL, + 0x00341acaa0380cb3ULL, 0x00541914dd66a1b2ULL)}, + {FIELD_LITERAL(0x00c1513cd66abe8cULL, 0x000139e01118944dULL, + 0x0064abbcb8080bbbULL, 0x00b3b08202473142ULL, + 0x00c629ef25da2403ULL, 0x00f0aec3310d9b7fULL, + 0x0050b2227472d8cdULL, 0x00f6c8a922d41fb4ULL)}, + {FIELD_LITERAL(0x001075ccf26b7b1fULL, 0x00bb6bb213170433ULL, + 0x00e9491ad262da79ULL, 0x009ef4f48d2d384cULL, + 0x008992770766f09dULL, 0x001584396b6b1101ULL, + 0x00af3f8676c9feefULL, 0x0024603c40269118ULL)}, }}, {{ - {FIELD_LITERAL(0x009dd7b31319527c,0x001e7ac948d873a9,0x00fa54b46ef9673a,0x0066efb8d5b02fe6,0x00754b1d3928aeae,0x0004262ac72a6f6b,0x0079b7d49a6eb026,0x003126a753540102)}, - {FIELD_LITERAL(0x009666e24f693947,0x00f714311269d45f,0x0010ffac1d0c851c,0x0066e80c37363497,0x00f1f4ad010c60b0,0x0015c87408470ff7,0x00651d5e9c7766a4,0x008138819d7116de)}, - {FIELD_LITERAL(0x003934b11c57253b,0x00ef308edf21f46e,0x00e54e99c7a16198,0x0080d57135764e63,0x00751c27b946bc24,0x00dd389ce4e9e129,0x00a1a2bfd1cd84dc,0x002fae73e5149b32)}, + {FIELD_LITERAL(0x009dd7b31319527cULL, 0x001e7ac948d873a9ULL, + 0x00fa54b46ef9673aULL, 0x0066efb8d5b02fe6ULL, + 0x00754b1d3928aeaeULL, 0x0004262ac72a6f6bULL, + 0x0079b7d49a6eb026ULL, 0x003126a753540102ULL)}, + {FIELD_LITERAL(0x009666e24f693947ULL, 0x00f714311269d45fULL, + 0x0010ffac1d0c851cULL, 0x0066e80c37363497ULL, + 0x00f1f4ad010c60b0ULL, 0x0015c87408470ff7ULL, + 0x00651d5e9c7766a4ULL, 0x008138819d7116deULL)}, + {FIELD_LITERAL(0x003934b11c57253bULL, 0x00ef308edf21f46eULL, + 0x00e54e99c7a16198ULL, 0x0080d57135764e63ULL, + 0x00751c27b946bc24ULL, 0x00dd389ce4e9e129ULL, + 0x00a1a2bfd1cd84dcULL, 0x002fae73e5149b32ULL)}, }}, {{ - {FIELD_LITERAL(0x00911657dffb4cdd,0x00c100b7cc553d06,0x00449d075ec467cc,0x007062100bc64e70,0x0043cf86f7bd21e7,0x00f401dc4b797dea,0x005224afb2f62e65,0x00d1ede3fb5a42be)}, - {FIELD_LITERAL(0x00f2ba36a41aa144,0x00a0c22d946ee18f,0x008aae8ef9a14f99,0x00eef4d79b19bb36,0x008e75ce3d27b1fc,0x00a65daa03b29a27,0x00d9cc83684eb145,0x009e1ed80cc2ed74)}, - {FIELD_LITERAL(0x00bed953d1997988,0x00b93ed175a24128,0x00871c5963fb6365,0x00ca2df20014a787,0x00f5d9c1d0b34322,0x00f6f5942818db0a,0x004cc091f49c9906,0x00e8a188a60bff9f)}, + {FIELD_LITERAL(0x00911657dffb4cddULL, 0x00c100b7cc553d06ULL, + 0x00449d075ec467ccULL, 0x007062100bc64e70ULL, + 0x0043cf86f7bd21e7ULL, 0x00f401dc4b797deaULL, + 0x005224afb2f62e65ULL, 0x00d1ede3fb5a42beULL)}, + {FIELD_LITERAL(0x00f2ba36a41aa144ULL, 0x00a0c22d946ee18fULL, + 0x008aae8ef9a14f99ULL, 0x00eef4d79b19bb36ULL, + 0x008e75ce3d27b1fcULL, 0x00a65daa03b29a27ULL, + 0x00d9cc83684eb145ULL, 0x009e1ed80cc2ed74ULL)}, + {FIELD_LITERAL(0x00bed953d1997988ULL, 0x00b93ed175a24128ULL, + 0x00871c5963fb6365ULL, 0x00ca2df20014a787ULL, + 0x00f5d9c1d0b34322ULL, 0x00f6f5942818db0aULL, + 0x004cc091f49c9906ULL, 0x00e8a188a60bff9fULL)}, }}, {{ - {FIELD_LITERAL(0x0032c7762032fae8,0x00e4087232e0bc21,0x00f767344b6e8d85,0x00bbf369b76c2aa2,0x008a1f46c6e1570c,0x001368cd9780369f,0x007359a39d079430,0x0003646512921434)}, - {FIELD_LITERAL(0x007c4b47ca7c73e7,0x005396221039734b,0x008b64ddf0e45d7e,0x00bfad5af285e6c2,0x008ec711c5b1a1a8,0x00cf663301237f98,0x00917ee3f1655126,0x004152f337efedd8)}, - {FIELD_LITERAL(0x0007c7edc9305daa,0x000a6664f273701c,0x00f6e78795e200b1,0x005d05b9ecd2473e,0x0014f5f17c865786,0x00c7fd2d166fa995,0x004939a2d8eb80e0,0x002244ba0942c199)}, + {FIELD_LITERAL(0x0032c7762032fae8ULL, 0x00e4087232e0bc21ULL, + 0x00f767344b6e8d85ULL, 0x00bbf369b76c2aa2ULL, + 0x008a1f46c6e1570cULL, 0x001368cd9780369fULL, + 0x007359a39d079430ULL, 0x0003646512921434ULL)}, + {FIELD_LITERAL(0x007c4b47ca7c73e7ULL, 0x005396221039734bULL, + 0x008b64ddf0e45d7eULL, 0x00bfad5af285e6c2ULL, + 0x008ec711c5b1a1a8ULL, 0x00cf663301237f98ULL, + 0x00917ee3f1655126ULL, 0x004152f337efedd8ULL)}, + {FIELD_LITERAL(0x0007c7edc9305daaULL, 0x000a6664f273701cULL, + 0x00f6e78795e200b1ULL, 0x005d05b9ecd2473eULL, + 0x0014f5f17c865786ULL, 0x00c7fd2d166fa995ULL, + 0x004939a2d8eb80e0ULL, 0x002244ba0942c199ULL)}, }}, {{ - {FIELD_LITERAL(0x00321e767f0262cf,0x002e57d776caf68e,0x00bf2c94814f0437,0x00c339196acd622f,0x001db4cce71e2770,0x001ded5ddba6eee2,0x0078608ab1554c8d,0x00067fe0ab76365b)}, - {FIELD_LITERAL(0x00f09758e11e3985,0x00169efdbd64fad3,0x00e8889b7d6dacd6,0x0035cdd58ea88209,0x00bcda47586d7f49,0x003cdddcb2879088,0x0016da70187e954b,0x009556ea2e92aacd)}, - {FIELD_LITERAL(0x008cab16bd1ff897,0x00b389972cdf753f,0x00ea8ed1e46dfdc0,0x004fe7ef94c589f4,0x002b8ae9b805ecf3,0x0025c08d892874a5,0x0023938e98d44c4c,0x00f759134cabf69c)}, + {FIELD_LITERAL(0x00321e767f0262cfULL, 0x002e57d776caf68eULL, + 0x00bf2c94814f0437ULL, 0x00c339196acd622fULL, + 0x001db4cce71e2770ULL, 0x001ded5ddba6eee2ULL, + 0x0078608ab1554c8dULL, 0x00067fe0ab76365bULL)}, + {FIELD_LITERAL(0x00f09758e11e3985ULL, 0x00169efdbd64fad3ULL, + 0x00e8889b7d6dacd6ULL, 0x0035cdd58ea88209ULL, + 0x00bcda47586d7f49ULL, 0x003cdddcb2879088ULL, + 0x0016da70187e954bULL, 0x009556ea2e92aacdULL)}, + {FIELD_LITERAL(0x008cab16bd1ff897ULL, 0x00b389972cdf753fULL, + 0x00ea8ed1e46dfdc0ULL, 0x004fe7ef94c589f4ULL, + 0x002b8ae9b805ecf3ULL, 0x0025c08d892874a5ULL, + 0x0023938e98d44c4cULL, 0x00f759134cabf69cULL)}, }}, {{ - {FIELD_LITERAL(0x006c2a84678e4b3b,0x007a194aacd1868f,0x00ed0225af424761,0x00da0a6f293c64b8,0x001062ac5c6a7a18,0x0030f5775a8aeef4,0x0002acaad76b7af0,0x00410b8fd63a579f)}, - {FIELD_LITERAL(0x001ec59db3d9590e,0x001e9e3f1c3f182d,0x0045a9c3ec2cab14,0x0008198572aeb673,0x00773b74068bd167,0x0012535eaa395434,0x0044dba9e3bbb74a,0x002fba4d3c74bd0e)}, - {FIELD_LITERAL(0x0042bf08fe66922c,0x003318b8fbb49e8c,0x00d75946004aa14c,0x00f601586b42bf1c,0x00c74cf1d912fe66,0x00abcb36974b30ad,0x007eb78720c9d2b8,0x009f54ab7bd4df85)}, + {FIELD_LITERAL(0x006c2a84678e4b3bULL, 0x007a194aacd1868fULL, + 0x00ed0225af424761ULL, 0x00da0a6f293c64b8ULL, + 0x001062ac5c6a7a18ULL, 0x0030f5775a8aeef4ULL, + 0x0002acaad76b7af0ULL, 0x00410b8fd63a579fULL)}, + {FIELD_LITERAL(0x001ec59db3d9590eULL, 0x001e9e3f1c3f182dULL, + 0x0045a9c3ec2cab14ULL, 0x0008198572aeb673ULL, + 0x00773b74068bd167ULL, 0x0012535eaa395434ULL, + 0x0044dba9e3bbb74aULL, 0x002fba4d3c74bd0eULL)}, + {FIELD_LITERAL(0x0042bf08fe66922cULL, 0x003318b8fbb49e8cULL, + 0x00d75946004aa14cULL, 0x00f601586b42bf1cULL, + 0x00c74cf1d912fe66ULL, 0x00abcb36974b30adULL, + 0x007eb78720c9d2b8ULL, 0x009f54ab7bd4df85ULL)}, }}, {{ - {FIELD_LITERAL(0x00db9fc948f73826,0x00fa8b3746ed8ee9,0x00132cb65aafbeb2,0x00c36ff3fe7925b8,0x00837daed353d2fe,0x00ec661be0667cf4,0x005beb8ed2e90204,0x00d77dd69e564967)}, - {FIELD_LITERAL(0x0042e6268b861751,0x0008dd0469500c16,0x00b51b57c338a3fd,0x00cc4497d85cff6b,0x002f13d6b57c34a4,0x0083652eaf301105,0x00cc344294cc93a8,0x0060f4d02810e270)}, - {FIELD_LITERAL(0x00a8954363cd518b,0x00ad171124bccb7b,0x0065f46a4adaae00,0x001b1a5b2a96e500,0x0043fe24f8233285,0x0066996d8ae1f2c3,0x00c530f3264169f9,0x00c0f92d07cf6a57)}, + {FIELD_LITERAL(0x00db9fc948f73826ULL, 0x00fa8b3746ed8ee9ULL, + 0x00132cb65aafbeb2ULL, 0x00c36ff3fe7925b8ULL, + 0x00837daed353d2feULL, 0x00ec661be0667cf4ULL, + 0x005beb8ed2e90204ULL, 0x00d77dd69e564967ULL)}, + {FIELD_LITERAL(0x0042e6268b861751ULL, 0x0008dd0469500c16ULL, + 0x00b51b57c338a3fdULL, 0x00cc4497d85cff6bULL, + 0x002f13d6b57c34a4ULL, 0x0083652eaf301105ULL, + 0x00cc344294cc93a8ULL, 0x0060f4d02810e270ULL)}, + {FIELD_LITERAL(0x00a8954363cd518bULL, 0x00ad171124bccb7bULL, + 0x0065f46a4adaae00ULL, 0x001b1a5b2a96e500ULL, + 0x0043fe24f8233285ULL, 0x0066996d8ae1f2c3ULL, + 0x00c530f3264169f9ULL, 0x00c0f92d07cf6a57ULL)}, }}, {{ - {FIELD_LITERAL(0x0036a55c6815d943,0x008c8d1def993db3,0x002e0e1e8ff7318f,0x00d883a4b92db00a,0x002f5e781ae33906,0x001a72adb235c06d,0x00f2e59e736e9caa,0x001a4b58e3031914)}, - {FIELD_LITERAL(0x00d73bfae5e00844,0x00bf459766fb5f52,0x0061b4f5a5313cde,0x004392d4c3b95514,0x000d3551b1077523,0x0000998840ee5d71,0x006de6e340448b7b,0x00251aa504875d6e)}, - {FIELD_LITERAL(0x003bf343427ac342,0x00adc0a78642b8c5,0x0003b893175a8314,0x0061a34ade5703bc,0x00ea3ea8bb71d632,0x00be0df9a1f198c2,0x0046dd8e7c1635fb,0x00f1523fdd25d5e5)}, + {FIELD_LITERAL(0x0036a55c6815d943ULL, 0x008c8d1def993db3ULL, + 0x002e0e1e8ff7318fULL, 0x00d883a4b92db00aULL, + 0x002f5e781ae33906ULL, 0x001a72adb235c06dULL, + 0x00f2e59e736e9caaULL, 0x001a4b58e3031914ULL)}, + {FIELD_LITERAL(0x00d73bfae5e00844ULL, 0x00bf459766fb5f52ULL, + 0x0061b4f5a5313cdeULL, 0x004392d4c3b95514ULL, + 0x000d3551b1077523ULL, 0x0000998840ee5d71ULL, + 0x006de6e340448b7bULL, 0x00251aa504875d6eULL)}, + {FIELD_LITERAL(0x003bf343427ac342ULL, 0x00adc0a78642b8c5ULL, + 0x0003b893175a8314ULL, 0x0061a34ade5703bcULL, + 0x00ea3ea8bb71d632ULL, 0x00be0df9a1f198c2ULL, + 0x0046dd8e7c1635fbULL, 0x00f1523fdd25d5e5ULL)}, }}, {{ - {FIELD_LITERAL(0x00633f63fc9dd406,0x00e713ff80e04a43,0x0060c6e970f2d621,0x00a57cd7f0df1891,0x00f2406a550650bb,0x00b064290efdc684,0x001eab0144d17916,0x00cd15f863c293ab)}, - {FIELD_LITERAL(0x0029cec55273f70d,0x007044ee275c6340,0x0040f637a93015e2,0x00338bb78db5aae9,0x001491b2a6132147,0x00a125d6cfe6bde3,0x005f7ac561ba8669,0x001d5eaea3fbaacf)}, - {FIELD_LITERAL(0x00054e9635e3be31,0x000e43f31e2872be,0x00d05b1c9e339841,0x006fac50bd81fd98,0x00cdc7852eaebb09,0x004ff519b061991b,0x009099e8107d4c85,0x00273e24c36a4a61)}, + {FIELD_LITERAL(0x00633f63fc9dd406ULL, 0x00e713ff80e04a43ULL, + 0x0060c6e970f2d621ULL, 0x00a57cd7f0df1891ULL, + 0x00f2406a550650bbULL, 0x00b064290efdc684ULL, + 0x001eab0144d17916ULL, 0x00cd15f863c293abULL)}, + {FIELD_LITERAL(0x0029cec55273f70dULL, 0x007044ee275c6340ULL, + 0x0040f637a93015e2ULL, 0x00338bb78db5aae9ULL, + 0x001491b2a6132147ULL, 0x00a125d6cfe6bde3ULL, + 0x005f7ac561ba8669ULL, 0x001d5eaea3fbaacfULL)}, + {FIELD_LITERAL(0x00054e9635e3be31ULL, 0x000e43f31e2872beULL, + 0x00d05b1c9e339841ULL, 0x006fac50bd81fd98ULL, + 0x00cdc7852eaebb09ULL, 0x004ff519b061991bULL, + 0x009099e8107d4c85ULL, 0x00273e24c36a4a61ULL)}, }}, {{ - {FIELD_LITERAL(0x00070b4441ef2c46,0x00efa5b02801a109,0x00bf0b8c3ee64adf,0x008a67e0b3452e98,0x001916b1f2fa7a74,0x00d781a78ff6cdc3,0x008682ce57e5c919,0x00cc1109dd210da3)}, - {FIELD_LITERAL(0x00cae8aaff388663,0x005e983a35dda1c7,0x007ab1030d8e37f4,0x00e48940f5d032fe,0x006a36f9ef30b331,0x009be6f03958c757,0x0086231ceba91400,0x008bd0f7b823e7aa)}, - {FIELD_LITERAL(0x00cf881ebef5a45a,0x004ebea78e7c6f2c,0x0090da9209cf26a0,0x00de2b2e4c775b84,0x0071d6031c3c15ae,0x00d9e927ef177d70,0x00894ee8c23896fd,0x00e3b3b401e41aad)}, + {FIELD_LITERAL(0x00070b4441ef2c46ULL, 0x00efa5b02801a109ULL, + 0x00bf0b8c3ee64adfULL, 0x008a67e0b3452e98ULL, + 0x001916b1f2fa7a74ULL, 0x00d781a78ff6cdc3ULL, + 0x008682ce57e5c919ULL, 0x00cc1109dd210da3ULL)}, + {FIELD_LITERAL(0x00cae8aaff388663ULL, 0x005e983a35dda1c7ULL, + 0x007ab1030d8e37f4ULL, 0x00e48940f5d032feULL, + 0x006a36f9ef30b331ULL, 0x009be6f03958c757ULL, + 0x0086231ceba91400ULL, 0x008bd0f7b823e7aaULL)}, + {FIELD_LITERAL(0x00cf881ebef5a45aULL, 0x004ebea78e7c6f2cULL, + 0x0090da9209cf26a0ULL, 0x00de2b2e4c775b84ULL, + 0x0071d6031c3c15aeULL, 0x00d9e927ef177d70ULL, + 0x00894ee8c23896fdULL, 0x00e3b3b401e41aadULL)}, }}, {{ - {FIELD_LITERAL(0x00204fef26864170,0x00819269c5dee0f8,0x00bfb4713ec97966,0x0026339a6f34df78,0x001f26e64c761dc2,0x00effe3af313cb60,0x00e17b70138f601b,0x00f16e1ccd9ede5e)}, - {FIELD_LITERAL(0x005d9a8353fdb2db,0x0055cc2048c698f0,0x00f6c4ac89657218,0x00525034d73faeb2,0x00435776fbda3c7d,0x0070ea5312323cbc,0x007a105d44d069fb,0x006dbc8d6dc786aa)}, - {FIELD_LITERAL(0x0017cff19cd394ec,0x00fef7b810922587,0x00e6483970dff548,0x00ddf36ad6874264,0x00e61778523fcce2,0x0093a66c0c93b24a,0x00fd367114db7f86,0x007652d7ddce26dd)}, + {FIELD_LITERAL(0x00204fef26864170ULL, 0x00819269c5dee0f8ULL, + 0x00bfb4713ec97966ULL, 0x0026339a6f34df78ULL, + 0x001f26e64c761dc2ULL, 0x00effe3af313cb60ULL, + 0x00e17b70138f601bULL, 0x00f16e1ccd9ede5eULL)}, + {FIELD_LITERAL(0x005d9a8353fdb2dbULL, 0x0055cc2048c698f0ULL, + 0x00f6c4ac89657218ULL, 0x00525034d73faeb2ULL, + 0x00435776fbda3c7dULL, 0x0070ea5312323cbcULL, + 0x007a105d44d069fbULL, 0x006dbc8d6dc786aaULL)}, + {FIELD_LITERAL(0x0017cff19cd394ecULL, 0x00fef7b810922587ULL, + 0x00e6483970dff548ULL, 0x00ddf36ad6874264ULL, + 0x00e61778523fcce2ULL, 0x0093a66c0c93b24aULL, + 0x00fd367114db7f86ULL, 0x007652d7ddce26ddULL)}, }}, {{ - {FIELD_LITERAL(0x00d92ced7ba12843,0x00aea9c7771e86e7,0x0046639693354f7b,0x00a628dbb6a80c47,0x003a0b0507372953,0x00421113ab45c0d9,0x00e545f08362ab7a,0x0028ce087b4d6d96)}, - {FIELD_LITERAL(0x00a67ee7cf9f99eb,0x005713b275f2ff68,0x00f1d536a841513d,0x00823b59b024712e,0x009c46b9d0d38cec,0x00cdb1595aa2d7d4,0x008375b3423d9af8,0x000ab0b516d978f7)}, - {FIELD_LITERAL(0x00428dcb3c510b0f,0x00585607ea24bb4e,0x003736bf1603687a,0x00c47e568c4fe3c7,0x003cd00282848605,0x0043a487c3b91939,0x004ffc04e1095a06,0x00a4c989a3d4b918)}, + {FIELD_LITERAL(0x00d92ced7ba12843ULL, 0x00aea9c7771e86e7ULL, + 0x0046639693354f7bULL, 0x00a628dbb6a80c47ULL, + 0x003a0b0507372953ULL, 0x00421113ab45c0d9ULL, + 0x00e545f08362ab7aULL, 0x0028ce087b4d6d96ULL)}, + {FIELD_LITERAL(0x00a67ee7cf9f99ebULL, 0x005713b275f2ff68ULL, + 0x00f1d536a841513dULL, 0x00823b59b024712eULL, + 0x009c46b9d0d38cecULL, 0x00cdb1595aa2d7d4ULL, + 0x008375b3423d9af8ULL, 0x000ab0b516d978f7ULL)}, + {FIELD_LITERAL(0x00428dcb3c510b0fULL, 0x00585607ea24bb4eULL, + 0x003736bf1603687aULL, 0x00c47e568c4fe3c7ULL, + 0x003cd00282848605ULL, 0x0043a487c3b91939ULL, + 0x004ffc04e1095a06ULL, 0x00a4c989a3d4b918ULL)}, }}, {{ - {FIELD_LITERAL(0x00a8778d0e429f7a,0x004c02b059105a68,0x0016653b609da3ff,0x00d5107bd1a12d27,0x00b4708f9a771cab,0x00bb63b662033f69,0x0072f322240e7215,0x0019445b59c69222)}, - {FIELD_LITERAL(0x00cf4f6069a658e6,0x0053ca52859436a6,0x0064b994d7e3e117,0x00cb469b9a07f534,0x00cfb68f399e9d47,0x00f0dcb8dac1c6e7,0x00f2ab67f538b3a5,0x0055544f178ab975)}, - {FIELD_LITERAL(0x0099b7a2685d538c,0x00e2f1897b7c0018,0x003adac8ce48dae3,0x00089276d5c50c0c,0x00172fca07ad6717,0x00cb1a72f54069e5,0x004ee42f133545b3,0x00785f8651362f16)}, + {FIELD_LITERAL(0x00a8778d0e429f7aULL, 0x004c02b059105a68ULL, + 0x0016653b609da3ffULL, 0x00d5107bd1a12d27ULL, + 0x00b4708f9a771cabULL, 0x00bb63b662033f69ULL, + 0x0072f322240e7215ULL, 0x0019445b59c69222ULL)}, + {FIELD_LITERAL(0x00cf4f6069a658e6ULL, 0x0053ca52859436a6ULL, + 0x0064b994d7e3e117ULL, 0x00cb469b9a07f534ULL, + 0x00cfb68f399e9d47ULL, 0x00f0dcb8dac1c6e7ULL, + 0x00f2ab67f538b3a5ULL, 0x0055544f178ab975ULL)}, + {FIELD_LITERAL(0x0099b7a2685d538cULL, 0x00e2f1897b7c0018ULL, + 0x003adac8ce48dae3ULL, 0x00089276d5c50c0cULL, + 0x00172fca07ad6717ULL, 0x00cb1a72f54069e5ULL, + 0x004ee42f133545b3ULL, 0x00785f8651362f16ULL)}, }}, {{ - {FIELD_LITERAL(0x0049cbac38509e11,0x0015234505d42cdf,0x00794fb0b5840f1c,0x00496437344045a5,0x0031b6d944e4f9b0,0x00b207318ac1f5d8,0x0000c840da7f5c5d,0x00526f373a5c8814)}, - {FIELD_LITERAL(0x002c7b7742d1dfd9,0x002cabeb18623c01,0x00055f5e3e044446,0x006c20f3b4ef54ba,0x00c600141ec6b35f,0x00354f437f1a32a3,0x00bac4624a3520f9,0x00c483f734a90691)}, - {FIELD_LITERAL(0x0053a737d422918d,0x00f7fca1d8758625,0x00c360336dadb04c,0x00f38e3d9158a1b8,0x0069ce3b418e84c6,0x005d1697eca16ead,0x00f8bd6a35ece13d,0x007885dfc2b5afea)}, + {FIELD_LITERAL(0x0049cbac38509e11ULL, 0x0015234505d42cdfULL, + 0x00794fb0b5840f1cULL, 0x00496437344045a5ULL, + 0x0031b6d944e4f9b0ULL, 0x00b207318ac1f5d8ULL, + 0x0000c840da7f5c5dULL, 0x00526f373a5c8814ULL)}, + {FIELD_LITERAL(0x002c7b7742d1dfd9ULL, 0x002cabeb18623c01ULL, + 0x00055f5e3e044446ULL, 0x006c20f3b4ef54baULL, + 0x00c600141ec6b35fULL, 0x00354f437f1a32a3ULL, + 0x00bac4624a3520f9ULL, 0x00c483f734a90691ULL)}, + {FIELD_LITERAL(0x0053a737d422918dULL, 0x00f7fca1d8758625ULL, + 0x00c360336dadb04cULL, 0x00f38e3d9158a1b8ULL, + 0x0069ce3b418e84c6ULL, 0x005d1697eca16eadULL, + 0x00f8bd6a35ece13dULL, 0x007885dfc2b5afeaULL)}, }}, {{ - {FIELD_LITERAL(0x00c3617ae260776c,0x00b20dc3e96922d7,0x00a1a7802246706a,0x00ca6505a5240244,0x002246b62d919782,0x001439102d7aa9b3,0x00e8af1139e6422c,0x00c888d1b52f2b05)}, - {FIELD_LITERAL(0x005b67690ffd41d9,0x005294f28df516f9,0x00a879272412fcb9,0x00098b629a6d1c8d,0x00fabd3c8050865a,0x00cd7e5b0a3879c5,0x00153238210f3423,0x00357cac101e9f42)}, - {FIELD_LITERAL(0x008917b454444fb7,0x00f59247c97e441b,0x00a6200a6815152d,0x0009a4228601d254,0x001c0360559bd374,0x007563362039cb36,0x00bd75b48d74e32b,0x0017f515ac3499e8)}, + {FIELD_LITERAL(0x00c3617ae260776cULL, 0x00b20dc3e96922d7ULL, + 0x00a1a7802246706aULL, 0x00ca6505a5240244ULL, + 0x002246b62d919782ULL, 0x001439102d7aa9b3ULL, + 0x00e8af1139e6422cULL, 0x00c888d1b52f2b05ULL)}, + {FIELD_LITERAL(0x005b67690ffd41d9ULL, 0x005294f28df516f9ULL, + 0x00a879272412fcb9ULL, 0x00098b629a6d1c8dULL, + 0x00fabd3c8050865aULL, 0x00cd7e5b0a3879c5ULL, + 0x00153238210f3423ULL, 0x00357cac101e9f42ULL)}, + {FIELD_LITERAL(0x008917b454444fb7ULL, 0x00f59247c97e441bULL, + 0x00a6200a6815152dULL, 0x0009a4228601d254ULL, + 0x001c0360559bd374ULL, 0x007563362039cb36ULL, + 0x00bd75b48d74e32bULL, 0x0017f515ac3499e8ULL)}, }}, {{ - {FIELD_LITERAL(0x001532a7ffe41c5a,0x00eb1edce358d6bf,0x00ddbacc7b678a7b,0x008a7b70f3c841a3,0x00f1923bf27d3f4c,0x000b2713ed8f7873,0x00aaf67e29047902,0x0044994a70b3976d)}, - {FIELD_LITERAL(0x00d54e802082d42c,0x00a55aa0dce7cc6c,0x006477b96073f146,0x0082efe4ceb43594,0x00a922bcba026845,0x0077f19d1ab75182,0x00c2bb2737846e59,0x0004d7eec791dd33)}, - {FIELD_LITERAL(0x0044588d1a81d680,0x00b0a9097208e4f8,0x00212605350dc57e,0x0028717cd2871123,0x00fb083c100fd979,0x0045a056ce063fdf,0x00a5d604b4dd6a41,0x001dabc08ba4e236)}, + {FIELD_LITERAL(0x001532a7ffe41c5aULL, 0x00eb1edce358d6bfULL, + 0x00ddbacc7b678a7bULL, 0x008a7b70f3c841a3ULL, + 0x00f1923bf27d3f4cULL, 0x000b2713ed8f7873ULL, + 0x00aaf67e29047902ULL, 0x0044994a70b3976dULL)}, + {FIELD_LITERAL(0x00d54e802082d42cULL, 0x00a55aa0dce7cc6cULL, + 0x006477b96073f146ULL, 0x0082efe4ceb43594ULL, + 0x00a922bcba026845ULL, 0x0077f19d1ab75182ULL, + 0x00c2bb2737846e59ULL, 0x0004d7eec791dd33ULL)}, + {FIELD_LITERAL(0x0044588d1a81d680ULL, 0x00b0a9097208e4f8ULL, + 0x00212605350dc57eULL, 0x0028717cd2871123ULL, + 0x00fb083c100fd979ULL, 0x0045a056ce063fdfULL, + 0x00a5d604b4dd6a41ULL, 0x001dabc08ba4e236ULL)}, }}, {{ - {FIELD_LITERAL(0x00c4887198d7a7fa,0x00244f98fb45784a,0x0045911e15a15d01,0x001d323d374c0966,0x00967c3915196562,0x0039373abd2f3c67,0x000d2c5614312423,0x0041cf2215442ce3)}, - {FIELD_LITERAL(0x008ede889ada7f06,0x001611e91de2e135,0x00fdb9a458a471b9,0x00563484e03710d1,0x0031cc81925e3070,0x0062c97b3af80005,0x00fa733eea28edeb,0x00e82457e1ebbc88)}, - {FIELD_LITERAL(0x006a0df5fe9b6f59,0x00a0d4ff46040d92,0x004a7cedb6f93250,0x00d1df8855b8c357,0x00e73a46086fd058,0x0048fb0add6dfe59,0x001e03a28f1b4e3d,0x00a871c993308d76)}, + {FIELD_LITERAL(0x00c4887198d7a7faULL, 0x00244f98fb45784aULL, + 0x0045911e15a15d01ULL, 0x001d323d374c0966ULL, + 0x00967c3915196562ULL, 0x0039373abd2f3c67ULL, + 0x000d2c5614312423ULL, 0x0041cf2215442ce3ULL)}, + {FIELD_LITERAL(0x008ede889ada7f06ULL, 0x001611e91de2e135ULL, + 0x00fdb9a458a471b9ULL, 0x00563484e03710d1ULL, + 0x0031cc81925e3070ULL, 0x0062c97b3af80005ULL, + 0x00fa733eea28edebULL, 0x00e82457e1ebbc88ULL)}, + {FIELD_LITERAL(0x006a0df5fe9b6f59ULL, 0x00a0d4ff46040d92ULL, + 0x004a7cedb6f93250ULL, 0x00d1df8855b8c357ULL, + 0x00e73a46086fd058ULL, 0x0048fb0add6dfe59ULL, + 0x001e03a28f1b4e3dULL, 0x00a871c993308d76ULL)}, }}, {{ - {FIELD_LITERAL(0x0030dbb2d1766ec8,0x00586c0ad138555e,0x00d1a34f9e91c77c,0x0063408ad0e89014,0x00d61231b05f6f5b,0x0009abf569f5fd8a,0x00aec67a110f1c43,0x0031d1a790938dd7)}, - {FIELD_LITERAL(0x006cded841e2a862,0x00198d60af0ab6fb,0x0018f09db809e750,0x004e6ac676016263,0x00eafcd1620969cb,0x002c9784ca34917d,0x0054f00079796de7,0x00d9fab5c5972204)}, - {FIELD_LITERAL(0x004bd0fee2438a83,0x00b571e62b0f83bd,0x0059287d7ce74800,0x00fb3631b645c3f0,0x00a018e977f78494,0x0091e27065c27b12,0x007696c1817165e0,0x008c40be7c45ba3a)}, + {FIELD_LITERAL(0x0030dbb2d1766ec8ULL, 0x00586c0ad138555eULL, + 0x00d1a34f9e91c77cULL, 0x0063408ad0e89014ULL, + 0x00d61231b05f6f5bULL, 0x0009abf569f5fd8aULL, + 0x00aec67a110f1c43ULL, 0x0031d1a790938dd7ULL)}, + {FIELD_LITERAL(0x006cded841e2a862ULL, 0x00198d60af0ab6fbULL, + 0x0018f09db809e750ULL, 0x004e6ac676016263ULL, + 0x00eafcd1620969cbULL, 0x002c9784ca34917dULL, + 0x0054f00079796de7ULL, 0x00d9fab5c5972204ULL)}, + {FIELD_LITERAL(0x004bd0fee2438a83ULL, 0x00b571e62b0f83bdULL, + 0x0059287d7ce74800ULL, 0x00fb3631b645c3f0ULL, + 0x00a018e977f78494ULL, 0x0091e27065c27b12ULL, + 0x007696c1817165e0ULL, 0x008c40be7c45ba3aULL)}, }}, {{ - {FIELD_LITERAL(0x00a0f326327cb684,0x001c7d0f672680ff,0x008c1c81ffb112d1,0x00f8f801674eddc8,0x00e926d5d48c2a9d,0x005bd6d954c6fe9a,0x004c6b24b4e33703,0x00d05eb5c09105cc)}, - {FIELD_LITERAL(0x00d61731caacf2cf,0x002df0c7609e01c5,0x00306172208b1e2b,0x00b413fe4fb2b686,0x00826d360902a221,0x003f8d056e67e7f7,0x0065025b0175e989,0x00369add117865eb)}, - {FIELD_LITERAL(0x00aaf895aec2fa11,0x000f892bc313eb52,0x005b1c794dad050b,0x003f8ec4864cec14,0x00af81058d0b90e5,0x00ebe43e183997bb,0x00a9d610f9f3e615,0x007acd8eec2e88d3)}, + {FIELD_LITERAL(0x00a0f326327cb684ULL, 0x001c7d0f672680ffULL, + 0x008c1c81ffb112d1ULL, 0x00f8f801674eddc8ULL, + 0x00e926d5d48c2a9dULL, 0x005bd6d954c6fe9aULL, + 0x004c6b24b4e33703ULL, 0x00d05eb5c09105ccULL)}, + {FIELD_LITERAL(0x00d61731caacf2cfULL, 0x002df0c7609e01c5ULL, + 0x00306172208b1e2bULL, 0x00b413fe4fb2b686ULL, + 0x00826d360902a221ULL, 0x003f8d056e67e7f7ULL, + 0x0065025b0175e989ULL, 0x00369add117865ebULL)}, + {FIELD_LITERAL(0x00aaf895aec2fa11ULL, 0x000f892bc313eb52ULL, + 0x005b1c794dad050bULL, 0x003f8ec4864cec14ULL, + 0x00af81058d0b90e5ULL, 0x00ebe43e183997bbULL, + 0x00a9d610f9f3e615ULL, 0x007acd8eec2e88d3ULL)}, }}, {{ - {FIELD_LITERAL(0x0049b2fab13812a3,0x00846db32cd60431,0x000177fa578c8d6c,0x00047d0e2ad4bc51,0x00b158ba38d1e588,0x006a45daad79e3f3,0x000997b93cab887b,0x00c47ea42fa23dc3)}, - {FIELD_LITERAL(0x0012b6fef7aeb1ca,0x009412768194b6a7,0x00ff0d351f23ab93,0x007e8a14c1aff71b,0x006c1c0170c512bc,0x0016243ea02ab2e5,0x007bb6865b303f3e,0x0015ce6b29b159f4)}, - {FIELD_LITERAL(0x009961cd02e68108,0x00e2035d3a1d0836,0x005d51f69b5e1a1d,0x004bccb4ea36edcd,0x0069be6a7aeef268,0x0063f4dd9de8d5a7,0x006283783092ca35,0x0075a31af2c35409)}, + {FIELD_LITERAL(0x0049b2fab13812a3ULL, 0x00846db32cd60431ULL, + 0x000177fa578c8d6cULL, 0x00047d0e2ad4bc51ULL, + 0x00b158ba38d1e588ULL, 0x006a45daad79e3f3ULL, + 0x000997b93cab887bULL, 0x00c47ea42fa23dc3ULL)}, + {FIELD_LITERAL(0x0012b6fef7aeb1caULL, 0x009412768194b6a7ULL, + 0x00ff0d351f23ab93ULL, 0x007e8a14c1aff71bULL, + 0x006c1c0170c512bcULL, 0x0016243ea02ab2e5ULL, + 0x007bb6865b303f3eULL, 0x0015ce6b29b159f4ULL)}, + {FIELD_LITERAL(0x009961cd02e68108ULL, 0x00e2035d3a1d0836ULL, + 0x005d51f69b5e1a1dULL, 0x004bccb4ea36edcdULL, + 0x0069be6a7aeef268ULL, 0x0063f4dd9de8d5a7ULL, + 0x006283783092ca35ULL, 0x0075a31af2c35409ULL)}, }}, {{ - {FIELD_LITERAL(0x00c412365162e8cf,0x00012283fb34388a,0x003e6543babf39e2,0x00eead6b3a804978,0x0099c0314e8b326f,0x00e98e0a8d477a4f,0x00d2eb96b127a687,0x00ed8d7df87571bb)}, - {FIELD_LITERAL(0x00777463e308cacf,0x00c8acb93950132d,0x00ebddbf4ca48b2c,0x0026ad7ca0795a0a,0x00f99a3d9a715064,0x000d60bcf9d4dfcc,0x005e65a73a437a06,0x0019d536a8db56c8)}, - {FIELD_LITERAL(0x00192d7dd558d135,0x0027cd6a8323ffa7,0x00239f1a412dc1e7,0x0046b4b3be74fc5c,0x0020c47a2bef5bce,0x00aa17e48f43862b,0x00f7e26c96342e5f,0x0008011c530f39a9)}, + {FIELD_LITERAL(0x00c412365162e8cfULL, 0x00012283fb34388aULL, + 0x003e6543babf39e2ULL, 0x00eead6b3a804978ULL, + 0x0099c0314e8b326fULL, 0x00e98e0a8d477a4fULL, + 0x00d2eb96b127a687ULL, 0x00ed8d7df87571bbULL)}, + {FIELD_LITERAL(0x00777463e308cacfULL, 0x00c8acb93950132dULL, + 0x00ebddbf4ca48b2cULL, 0x0026ad7ca0795a0aULL, + 0x00f99a3d9a715064ULL, 0x000d60bcf9d4dfccULL, + 0x005e65a73a437a06ULL, 0x0019d536a8db56c8ULL)}, + {FIELD_LITERAL(0x00192d7dd558d135ULL, 0x0027cd6a8323ffa7ULL, + 0x00239f1a412dc1e7ULL, 0x0046b4b3be74fc5cULL, + 0x0020c47a2bef5bceULL, 0x00aa17e48f43862bULL, + 0x00f7e26c96342e5fULL, 0x0008011c530f39a9ULL)}, }}, {{ - {FIELD_LITERAL(0x00aad4ac569bf0f1,0x00a67adc90b27740,0x0048551369a5751a,0x0031252584a3306a,0x0084e15df770e6fc,0x00d7bba1c74b5805,0x00a80ef223af1012,0x0089c85ceb843a34)}, - {FIELD_LITERAL(0x00c4545be4a54004,0x0099e11f60357e6c,0x001f3936d19515a6,0x007793df84341a6e,0x0051061886717ffa,0x00e9b0a660b28f85,0x0044ea685892de0d,0x000257d2a1fda9d9)}, - {FIELD_LITERAL(0x007e8b01b24ac8a8,0x006cf3b0b5ca1337,0x00f1607d3e36a570,0x0039b7fab82991a1,0x00231777065840c5,0x00998e5afdd346f9,0x00b7dc3e64acc85f,0x00baacc748013ad6)}, + {FIELD_LITERAL(0x00aad4ac569bf0f1ULL, 0x00a67adc90b27740ULL, + 0x0048551369a5751aULL, 0x0031252584a3306aULL, + 0x0084e15df770e6fcULL, 0x00d7bba1c74b5805ULL, + 0x00a80ef223af1012ULL, 0x0089c85ceb843a34ULL)}, + {FIELD_LITERAL(0x00c4545be4a54004ULL, 0x0099e11f60357e6cULL, + 0x001f3936d19515a6ULL, 0x007793df84341a6eULL, + 0x0051061886717ffaULL, 0x00e9b0a660b28f85ULL, + 0x0044ea685892de0dULL, 0x000257d2a1fda9d9ULL)}, + {FIELD_LITERAL(0x007e8b01b24ac8a8ULL, 0x006cf3b0b5ca1337ULL, + 0x00f1607d3e36a570ULL, 0x0039b7fab82991a1ULL, + 0x00231777065840c5ULL, 0x00998e5afdd346f9ULL, + 0x00b7dc3e64acc85fULL, 0x00baacc748013ad6ULL)}, }}, {{ - {FIELD_LITERAL(0x008ea6a4177580bf,0x005fa1953e3f0378,0x005fe409ac74d614,0x00452327f477e047,0x00a4018507fb6073,0x007b6e71951caac8,0x0012b42ab8a6ce91,0x0080eca677294ab7)}, - {FIELD_LITERAL(0x00a53edc023ba69b,0x00c6afa83ddde2e8,0x00c3f638b307b14e,0x004a357a64414062,0x00e4d94d8b582dc9,0x001739caf71695b7,0x0012431b2ae28de1,0x003b6bc98682907c)}, - {FIELD_LITERAL(0x008a9a93be1f99d6,0x0079fa627cc699c8,0x00b0cfb134ba84c8,0x001c4b778249419a,0x00df4ab3d9c44f40,0x009f596e6c1a9e3c,0x001979c0df237316,0x00501e953a919b87)}, + {FIELD_LITERAL(0x008ea6a4177580bfULL, 0x005fa1953e3f0378ULL, + 0x005fe409ac74d614ULL, 0x00452327f477e047ULL, + 0x00a4018507fb6073ULL, 0x007b6e71951caac8ULL, + 0x0012b42ab8a6ce91ULL, 0x0080eca677294ab7ULL)}, + {FIELD_LITERAL(0x00a53edc023ba69bULL, 0x00c6afa83ddde2e8ULL, + 0x00c3f638b307b14eULL, 0x004a357a64414062ULL, + 0x00e4d94d8b582dc9ULL, 0x001739caf71695b7ULL, + 0x0012431b2ae28de1ULL, 0x003b6bc98682907cULL)}, + {FIELD_LITERAL(0x008a9a93be1f99d6ULL, 0x0079fa627cc699c8ULL, + 0x00b0cfb134ba84c8ULL, 0x001c4b778249419aULL, + 0x00df4ab3d9c44f40ULL, 0x009f596e6c1a9e3cULL, + 0x001979c0df237316ULL, 0x00501e953a919b87ULL)}, }} }; const niels_t *curve448_wnaf_base = curve448_wnaf_base_table; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448utils.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448utils.h index 9bf837993..86c258e74 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448utils.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/curve448utils.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_CURVE448UTILS_H -# define HEADER_CURVE448UTILS_H +#ifndef OSSL_CRYPTO_EC_CURVE448UTILS_H +# define OSSL_CRYPTO_EC_CURVE448UTILS_H # include @@ -24,7 +24,9 @@ */ # ifndef C448_WORD_BITS # if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \ - && !defined(__sparc__) + && !defined(__sparc__) \ + && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) + # define C448_WORD_BITS 64 /* The number of bits in a word */ # else # define C448_WORD_BITS 32 /* The number of bits in a word */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/ed448.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/ed448.h index 5fe939e8e..c1e5c2832 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/ed448.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/ed448.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ED448_H -# define HEADER_ED448_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ED448_H +# define OSSL_CRYPTO_EC_CURVE448_ED448_H # include "point_448.h" @@ -192,4 +192,4 @@ c448_error_t c448_ed448_convert_private_key_to_x448( uint8_t x[X448_PRIVATE_BYTES], const uint8_t ed[EDDSA_448_PRIVATE_BYTES]); -#endif /* HEADER_ED448_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/eddsa.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/eddsa.c index b28f7dff9..82741f543 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/eddsa.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/eddsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,7 +12,7 @@ #include #include #include -#include "curve448_lcl.h" +#include "curve448_local.h" #include "word.h" #include "ed448.h" #include "internal/numbers.h" @@ -50,7 +50,12 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, const uint8_t *context, size_t context_len) { - const char *dom_s = "SigEd448"; +#ifdef CHARSET_EBCDIC + const char dom_s[] = {0x53, 0x69, 0x67, 0x45, + 0x64, 0x34, 0x34, 0x38, 0x00}; +#else + const char dom_s[] = "SigEd448"; +#endif uint8_t dom[2]; if (context_len > UINT8_MAX) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/f_generic.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/f_generic.c index ed8f36d86..09d08165e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/f_generic.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/f_generic.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,9 +12,9 @@ #include "field.h" static const gf MODULUS = { - FIELD_LITERAL(0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, - 0xffffffffffffff, 0xfffffffffffffe, 0xffffffffffffff, - 0xffffffffffffff, 0xffffffffffffff) + FIELD_LITERAL(0xffffffffffffffULL, 0xffffffffffffffULL, 0xffffffffffffffULL, + 0xffffffffffffffULL, 0xfffffffffffffeULL, 0xffffffffffffffULL, + 0xffffffffffffffULL, 0xffffffffffffffULL) }; /* Serialize to wire format. */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/field.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/field.h index d96d4c023..ccd04482d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/field.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/field.h @@ -10,10 +10,10 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_FIELD_H -# define HEADER_FIELD_H +#ifndef OSSL_CRYPTO_EC_CURVE448_FIELD_H +# define OSSL_CRYPTO_EC_CURVE448_FIELD_H -# include "internal/constant_time_locl.h" +# include "internal/constant_time.h" # include # include # include "word.h" @@ -165,4 +165,4 @@ static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap) } } -#endif /* HEADER_FIELD_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_FIELD_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/point_448.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/point_448.h index 399f91b9a..93e715fd9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/point_448.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/point_448.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_POINT_448_H -# define HEADER_POINT_448_H +#ifndef OSSL_CRYPTO_EC_CURVE448_POINT_448_H +# define OSSL_CRYPTO_EC_CURVE448_POINT_448_H # include "curve448utils.h" # include "field.h" @@ -298,4 +298,4 @@ void curve448_scalar_destroy(curve448_scalar_t scalar); /* Overwrite point with zeros. */ void curve448_point_destroy(curve448_point_t point); -#endif /* HEADER_POINT_448_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/scalar.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/scalar.c index b5702c025..347794bba 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/scalar.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/scalar.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -14,24 +14,24 @@ #include "word.h" #include "point_448.h" -static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5; +static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5ULL; static const curve448_scalar_t sc_p = { { { - SC_LIMB(0x2378c292ab5844f3), SC_LIMB(0x216cc2728dc58f55), - SC_LIMB(0xc44edb49aed63690), SC_LIMB(0xffffffff7cca23e9), - SC_LIMB(0xffffffffffffffff), SC_LIMB(0xffffffffffffffff), - SC_LIMB(0x3fffffffffffffff) + SC_LIMB(0x2378c292ab5844f3ULL), SC_LIMB(0x216cc2728dc58f55ULL), + SC_LIMB(0xc44edb49aed63690ULL), SC_LIMB(0xffffffff7cca23e9ULL), + SC_LIMB(0xffffffffffffffffULL), SC_LIMB(0xffffffffffffffffULL), + SC_LIMB(0x3fffffffffffffffULL) } } }, sc_r2 = { { { - SC_LIMB(0xe3539257049b9b60), SC_LIMB(0x7af32c4bc1b195d9), - SC_LIMB(0x0d66de2388ea1859), SC_LIMB(0xae17cf725ee4d838), - SC_LIMB(0x1a9cc14ba3c47c44), SC_LIMB(0x2052bcb7e4d070af), - SC_LIMB(0x3402a939f823b729) + SC_LIMB(0xe3539257049b9b60ULL), SC_LIMB(0x7af32c4bc1b195d9ULL), + SC_LIMB(0x0d66de2388ea1859ULL), SC_LIMB(0xae17cf725ee4d838ULL), + SC_LIMB(0x1a9cc14ba3c47c44ULL), SC_LIMB(0x2052bcb7e4d070afULL), + SC_LIMB(0x3402a939f823b729ULL) } } }; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/word.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/word.h index a48b9e053..237cc9b63 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/word.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/curve448/word.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_WORD_H -# define HEADER_WORD_H +#ifndef OSSL_CRYPTO_EC_CURVE448_WORD_H +# define OSSL_CRYPTO_EC_CURVE448_WORD_H # include # include @@ -78,4 +78,4 @@ static ossl_inline mask_t bool_to_mask(c448_bool_t m) return ret; } -#endif /* HEADER_WORD_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_WORD_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_oct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_oct.c index 0867f994e..788e6501f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_oct.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -10,7 +10,7 @@ #include -#include "ec_lcl.h" +#include "ec_local.h" #ifndef OPENSSL_NO_EC2M @@ -237,7 +237,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { point_conversion_form_t form; - int y_bit; + int y_bit, m; BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *yxi; size_t field_len, enc_len; @@ -247,9 +247,21 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); return 0; } - form = buf[0]; - y_bit = form & 1; - form = form & ~1U; + + /* + * The first octet is the point converison octet PC, see X9.62, page 4 + * and section 4.4.2. It must be: + * 0x00 for the point at infinity + * 0x02 or 0x03 for compressed form + * 0x04 for uncompressed form + * 0x06 or 0x07 for hybrid form. + * For compressed or hybrid forms, we store the last bit of buf[0] as + * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*. + * We error if buf[0] contains any but the above values. + */ + y_bit = buf[0] & 1; + form = buf[0] & ~1U; + if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) && (form != POINT_CONVERSION_UNCOMPRESSED) && (form != POINT_CONVERSION_HYBRID)) { @@ -261,6 +273,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, return 0; } + /* The point at infinity is represented by a single zero octet. */ if (form == 0) { if (len != 1) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); @@ -270,7 +283,8 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, return EC_POINT_set_to_infinity(group, point); } - field_len = (EC_GROUP_get_degree(group) + 7) / 8; + m = EC_GROUP_get_degree(group); + field_len = (m + 7) / 8; enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; @@ -295,7 +309,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, if (!BN_bin2bn(buf + 1, field_len, x)) goto err; - if (BN_ucmp(x, group->field) >= 0) { + if (BN_num_bits(x) > m) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); goto err; } @@ -306,16 +320,28 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } else { if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err; - if (BN_ucmp(y, group->field) >= 0) { + if (BN_num_bits(y) > m) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); goto err; } if (form == POINT_CONVERSION_HYBRID) { - if (!group->meth->field_div(group, yxi, y, x, ctx)) - goto err; - if (y_bit != BN_is_odd(yxi)) { - ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); - goto err; + /* + * Check that the form in the encoding was set correctly + * according to X9.62 4.4.2.a, 4(c), see also first paragraph + * of X9.62, 4.4.1.b. + */ + if (BN_is_zero(x)) { + if (y_bit != 0) { + ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING); + goto err; + } + } else { + if (!group->meth->field_div(group, yxi, y, x, ctx)) + goto err; + if (y_bit != BN_is_odd(yxi)) { + ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING); + goto err; + } } } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_smpl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_smpl.c index 0a05a7aee..84e5537a0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_smpl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec2_smpl.c @@ -10,8 +10,8 @@ #include -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #ifndef OPENSSL_NO_EC2M @@ -204,8 +204,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_ameth.c index 8b363e096..5098bd7a6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_ameth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,16 +14,16 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "ec_lcl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "ec_local.h" #ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); #endif -static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) +static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) { const EC_GROUP *group; int nid; @@ -35,7 +35,14 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) && (nid = EC_GROUP_get_curve_name(group))) /* we have a 'named curve' => just set the OID */ { - *ppval = OBJ_nid2obj(nid); + ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID); + return 0; + } + *ppval = asn1obj; *pptype = V_ASN1_OBJECT; } else { /* explicit parameters */ @@ -43,7 +50,17 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) pstr = ASN1_STRING_new(); if (pstr == NULL) return 0; - pstr->length = i2d_ECParameters(ec_key, &pstr->data); + + /* + * The cast in the following line is intentional as the + * `i2d_ECParameters` signature can't be constified (see discussion at + * https://github.com/openssl/openssl/pull/9347 where related and + * required constification backports were rejected). + * + * This cast should be safe anyway, because we can expect + * `i2d_ECParameters()` to treat the first argument as if it was const. + */ + pstr->length = i2d_ECParameters((EC_KEY *)ec_key, &pstr->data); if (pstr->length <= 0) { ASN1_STRING_free(pstr); ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); @@ -57,7 +74,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { - EC_KEY *ec_key = pkey->pkey.ec; + const EC_KEY *ec_key = pkey->pkey.ec; void *pval = NULL; int ptype; unsigned char *penc = NULL, *p; @@ -504,7 +521,12 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha256; + if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) { + /* For SM2, the only valid digest-alg is SM3 */ + *(int *)arg2 = NID_sm3; + } else { + *(int *)arg2 = NID_sha256; + } return 1; case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_asn1.c index 13c56a621..c8ee1e6f1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #include #include @@ -137,6 +137,12 @@ struct ec_parameters_st { ASN1_INTEGER *cofactor; } /* ECPARAMETERS */ ; +typedef enum { + ECPKPARAMETERS_TYPE_NAMED = 0, + ECPKPARAMETERS_TYPE_EXPLICIT, + ECPKPARAMETERS_TYPE_IMPLICIT +} ecpk_parameters_type_t; + struct ecpk_parameters_st { int type; union { @@ -446,6 +452,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, unsigned char *buffer = NULL; const EC_POINT *point = NULL; point_conversion_form_t form; + ASN1_INTEGER *orig; if (params == NULL) { if ((ret = ECPARAMETERS_new()) == NULL) { @@ -496,8 +503,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB); goto err; } - ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); + ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); if (ret->order == NULL) { + ret->order = orig; ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } @@ -505,8 +513,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, /* set the cofactor (optional) */ tmp = EC_GROUP_get0_cofactor(group); if (tmp != NULL) { - ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); + ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); if (ret->cofactor == NULL) { + ret->cofactor = orig; ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } @@ -532,9 +541,10 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, return NULL; } } else { - if (ret->type == 0) + if (ret->type == ECPKPARAMETERS_TYPE_NAMED) ASN1_OBJECT_free(ret->value.named_curve); - else if (ret->type == 1 && ret->value.parameters) + else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT + && ret->value.parameters != NULL) ECPARAMETERS_free(ret->value.parameters); } @@ -544,15 +554,22 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, */ tmp = EC_GROUP_get_curve_name(group); if (tmp) { - ret->type = 0; - if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) + ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID); ok = 0; + } else { + ret->type = ECPKPARAMETERS_TYPE_NAMED; + ret->value.named_curve = asn1obj; + } } else /* we don't know the nid => ERROR */ ok = 0; } else { /* use the ECPARAMETERS structure */ - ret->type = 1; + ret->type = ECPKPARAMETERS_TYPE_EXPLICIT; if ((ret->value.parameters = EC_GROUP_get_ecparameters(group, NULL)) == NULL) ok = 0; @@ -568,10 +585,12 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) { int ok = 0, tmp; - EC_GROUP *ret = NULL; + EC_GROUP *ret = NULL, *dup = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; EC_POINT *point = NULL; long field_bits; + int curve_name = NID_undef; + BN_CTX *ctx = NULL; if (!params->fieldID || !params->fieldID->fieldType || !params->fieldID->p.ptr) { @@ -742,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) ret->seed_len = params->curve->seed->length; } - if (!params->order || !params->base || !params->base->data) { + if (params->order == NULL + || params->base == NULL + || params->base->data == NULL + || params->base->length == 0) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); goto err; } @@ -789,18 +811,93 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) goto err; } + /* + * Check if the explicit parameters group just created matches one of the + * built-in curves. + * + * We create a copy of the group just built, so that we can remove optional + * fields for the lookup: we do this to avoid the possibility that one of + * the optional parameters is used to force the library into using a less + * performant and less secure EC_METHOD instead of the specialized one. + * In any case, `seed` is not really used in any computation, while a + * cofactor different from the one in the built-in table is just + * mathematically wrong anyway and should not be used. + */ + if ((ctx = BN_CTX_new()) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB); + goto err; + } + if ((dup = EC_GROUP_dup(ret)) == NULL + || EC_GROUP_set_seed(dup, NULL, 0) != 1 + || !EC_GROUP_set_generator(dup, point, a, NULL)) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } + if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) { + /* + * The input explicit parameters successfully matched one of the + * built-in curves: often for built-in curves we have specialized + * methods with better performance and hardening. + * + * In this case we replace the `EC_GROUP` created through explicit + * parameters with one created from a named group. + */ + EC_GROUP *named_group = NULL; + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + /* + * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for + * the same curve, we prefer the SECP nid when matching explicit + * parameters as that is associated with a specialized EC_METHOD. + */ + if (curve_name == NID_wap_wsg_idm_ecid_wtls12) + curve_name = NID_secp224r1; +#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } + EC_GROUP_free(ret); + ret = named_group; + + /* + * Set the flag so that EC_GROUPs created from explicit parameters are + * serialized using explicit parameters by default. + */ + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); + + /* + * If the input params do not contain the optional seed field we make + * sure it is not added to the returned group. + * + * The seed field is not really used inside libcrypto anyway, and + * adding it to parsed explicit parameter keys would alter their DER + * encoding output (because of the extra field) which could impact + * applications fingerprinting keys by their DER encoding. + */ + if (params->curve->seed == NULL) { + if (EC_GROUP_set_seed(ret, NULL, 0) != 1) + goto err; + } + } + ok = 1; err: if (!ok) { - EC_GROUP_clear_free(ret); + EC_GROUP_free(ret); ret = NULL; } + EC_GROUP_free(dup); BN_free(p); BN_free(a); BN_free(b); EC_POINT_free(point); + + BN_CTX_free(ctx); + return ret; } @@ -814,7 +911,8 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) return NULL; } - if (params->type == 0) { /* the curve is given by an OID */ + if (params->type == ECPKPARAMETERS_TYPE_NAMED) { + /* the curve is given by an OID */ tmp = OBJ_obj2nid(params->value.named_curve); if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, @@ -822,15 +920,16 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) return NULL; } EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); - } else if (params->type == 1) { /* the parameters are given by a - * ECPARAMETERS structure */ + } else if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) { + /* the parameters are given by an ECPARAMETERS structure */ ret = EC_GROUP_new_from_ecparameters(params->value.parameters); if (!ret) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB); return NULL; } EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); - } else if (params->type == 2) { /* implicitlyCA */ + } else if (params->type == ECPKPARAMETERS_TYPE_IMPLICIT) { + /* implicit parameters inherited from CA - unsupported */ return NULL; } else { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR); @@ -860,8 +959,11 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) return NULL; } + if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) + group->decoded_from_explicit_params = 1; + if (a) { - EC_GROUP_clear_free(*a); + EC_GROUP_free(*a); *a = group; } @@ -909,8 +1011,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret = *a; if (priv_key->parameters) { - EC_GROUP_clear_free(ret->group); + EC_GROUP_free(ret->group); ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); + if (ret->group != NULL + && priv_key->parameters->type == ECPKPARAMETERS_TYPE_EXPLICIT) + ret->group->decoded_from_explicit_params = 1; } if (ret->group == NULL) { @@ -1217,5 +1322,7 @@ int ECDSA_size(const EC_KEY *r) i = i2d_ASN1_INTEGER(&bs, NULL); i += i; /* r and s */ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + if (ret < 0) + return 0; return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_check.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_check.c index eeb06ec1c..d0706d285 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_check.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_check.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ec_lcl.h" +#include "ec_local.h" #include int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_curve.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_curve.c index bb1ce196d..8de486cbd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_curve.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -9,7 +9,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #include #include @@ -3197,3 +3197,115 @@ int EC_curve_nist2nid(const char *name) } return NID_undef; } + +#define NUM_BN_FIELDS 6 +/* + * Validates EC domain parameter data for known named curves. + * This can be used when a curve is loaded explicitly (without a curve + * name) or to validate that domain parameters have not been modified. + * + * Returns: The nid associated with the found named curve, or NID_undef + * if not found. If there was an error it returns -1. + */ +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) +{ + int ret = -1, nid, len, field_type, param_len; + size_t i, seed_len; + const unsigned char *seed, *params_seed, *params; + unsigned char *param_bytes = NULL; + const EC_CURVE_DATA *data; + const EC_POINT *generator = NULL; + const EC_METHOD *meth; + const BIGNUM *cofactor = NULL; + /* An array of BIGNUMs for (p, a, b, x, y, order) */ + BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + + meth = EC_GROUP_method_of(group); + if (meth == NULL) + return -1; + /* Use the optional named curve nid as a search field */ + nid = EC_GROUP_get_curve_name(group); + field_type = EC_METHOD_get_field_type(meth); + seed_len = EC_GROUP_get_seed_len(group); + seed = EC_GROUP_get0_seed(group); + cofactor = EC_GROUP_get0_cofactor(group); + + BN_CTX_start(ctx); + + /* + * The built-in curves contains data fields (p, a, b, x, y, order) that are + * all zero-padded to be the same size. The size of the padding is + * determined by either the number of bytes in the field modulus (p) or the + * EC group order, whichever is larger. + */ + param_len = BN_num_bytes(group->order); + len = BN_num_bytes(group->field); + if (len > param_len) + param_len = len; + + /* Allocate space to store the padded data for (p, a, b, x, y, order) */ + param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); + if (param_bytes == NULL) + goto end; + + /* Create the bignums */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if ((bn[i] = BN_CTX_get(ctx)) == NULL) + goto end; + } + /* + * Fill in the bn array with the same values as the internal curves + * i.e. the values are p, a, b, x, y, order. + */ + /* Get p, a & b */ + if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) + goto end; + + /* + * Convert the bignum array to bytes that are joined together to form + * a single buffer that contains data for all fields. + * (p, a, b, x, y, order) are all zero padded to be the same size. + */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + goto end; + } + + for (i = 0; i < curve_list_length; i++) { + const ec_list_element curve = curve_list[i]; + + data = curve.data; + /* Get the raw order byte data */ + params_seed = (const unsigned char *)(data + 1); /* skip header */ + params = params_seed + data->seed_len; + + /* Look for unique fields in the fixed curve data */ + if (data->field_type == field_type + && param_len == data->param_len + && (nid <= 0 || nid == curve.nid) + /* check the optional cofactor (ignore if its zero) */ + && (BN_is_zero(cofactor) + || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) + /* Check the optional seed (ignore if its not set) */ + && (data->seed_len == 0 || seed_len == 0 + || ((size_t)data->seed_len == seed_len + && memcmp(params_seed, seed, seed_len) == 0)) + /* Check that the groups params match the built-in curve params */ + && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) + == 0) { + ret = curve.nid; + goto end; + } + } + /* Gets here if the group was not found */ + ret = NID_undef; +end: + OPENSSL_free(param_bytes); + BN_CTX_end(ctx); + return ret; +} diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_cvt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_cvt.c index 0ec346c12..944e317d9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_cvt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_cvt.c @@ -9,7 +9,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_err.c index ce3493823..bfe742265 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -341,6 +341,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_key.c index 9349abf03..23efbd015 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_key.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -10,10 +10,11 @@ #include "internal/cryptlib.h" #include -#include "ec_lcl.h" +#include "ec_local.h" #include "internal/refcount.h" #include #include +#include "crypto/bn.h" EC_KEY *EC_KEY_new(void) { @@ -416,17 +417,86 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) { + int fixed_top; + const BIGNUM *order = NULL; + BIGNUM *tmp_key = NULL; + if (key->group == NULL || key->group->meth == NULL) return 0; + + /* + * Not only should key->group be set, but it should also be in a valid + * fully initialized state. + * + * Specifically, to operate in constant time, we need that the group order + * is set, as we use its length as the fixed public size of any scalar used + * as an EC private key. + */ + order = EC_GROUP_get0_order(key->group); + if (order == NULL || BN_is_zero(order)) + return 0; /* This should never happen */ + if (key->group->meth->set_private != NULL && key->group->meth->set_private(key, priv_key) == 0) return 0; if (key->meth->set_private != NULL && key->meth->set_private(key, priv_key) == 0) return 0; + + /* + * We should never leak the bit length of the secret scalar in the key, + * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM` + * holding the secret scalar. + * + * This is important also because `BN_dup()` (and `BN_copy()`) do not + * propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and + * this brings an extra risk of inadvertently losing the flag, even when + * the caller specifically set it. + * + * The propagation has been turned on and off a few times in the past + * years because in some conditions has shown unintended consequences in + * some code paths, so at the moment we can't fix this in the BN layer. + * + * In `EC_KEY_set_private_key()` we can work around the propagation by + * manually setting the flag after `BN_dup()` as we know for sure that + * inside the EC module the `BN_FLG_CONSTTIME` is always treated + * correctly and should not generate unintended consequences. + * + * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have + * to preallocate the BIGNUM internal buffer to a fixed public size big + * enough that operations performed during the processing never trigger + * a realloc which would leak the size of the scalar through memory + * accesses. + * + * Fixed Length + * ------------ + * + * The order of the large prime subgroup of the curve is our choice for + * a fixed public size, as that is generally the upper bound for + * generating a private key in EC cryptosystems and should fit all valid + * secret scalars. + * + * For preallocating the BIGNUM storage we look at the number of "words" + * required for the internal representation of the order, and we + * preallocate 2 extra "words" in case any of the subsequent processing + * might temporarily overflow the order length. + */ + tmp_key = BN_dup(priv_key); + if (tmp_key == NULL) + return 0; + + BN_set_flags(tmp_key, BN_FLG_CONSTTIME); + + fixed_top = bn_get_top(order) + 2; + if (bn_wexpand(tmp_key, fixed_top) == NULL) { + BN_clear_free(tmp_key); + return 0; + } + BN_clear_free(key->priv_key); - key->priv_key = BN_dup(priv_key); - return (key->priv_key == NULL) ? 0 : 1; + key->priv_key = tmp_key; + + return 1; } const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) @@ -494,6 +564,13 @@ void EC_KEY_clear_flags(EC_KEY *key, int flags) key->flags &= ~flags; } +int EC_KEY_decoded_from_explicit_params(const EC_KEY *key) +{ + if (key == NULL || key->group == NULL) + return -1; + return key->group->decoded_from_explicit_params; +} + size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, unsigned char **pbuf, BN_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_kmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_kmeth.c index 64a5d2087..53a4a9295 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_kmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_kmeth.c @@ -11,7 +11,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" static const EC_KEY_METHOD openssl_ec_key_method = { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lib.c index b89e3979d..08db89fce 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -13,7 +13,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" /* functions for EC_GROUP objects */ @@ -211,6 +211,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) dest->asn1_flag = src->asn1_flag; dest->asn1_form = src->asn1_form; + dest->decoded_from_explicit_params = src->decoded_from_explicit_params; if (src->seed) { OPENSSL_free(dest->seed); @@ -265,6 +266,67 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth) static int ec_precompute_mont_data(EC_GROUP *); +/*- + * Try computing cofactor from the generator order (n) and field cardinality (q). + * This works for all curves of cryptographic interest. + * + * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q) + * h_min = (q + 1 - 2*sqrt(q))/n + * h_max = (q + 1 + 2*sqrt(q))/n + * h_max - h_min = 4*sqrt(q)/n + * So if n > 4*sqrt(q) holds, there is only one possible value for h: + * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil + * + * Otherwise, zero cofactor and return success. + */ +static int ec_guess_cofactor(EC_GROUP *group) { + int ret = 0; + BN_CTX *ctx = NULL; + BIGNUM *q = NULL; + + /*- + * If the cofactor is too large, we cannot guess it. + * The RHS of below is a strict overestimate of lg(4 * sqrt(q)) + */ + if (BN_num_bits(group->order) <= (BN_num_bits(group->field) + 1) / 2 + 3) { + /* default to 0 */ + BN_zero(group->cofactor); + /* return success */ + return 1; + } + + if ((ctx = BN_CTX_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; + + /* set q = 2**m for binary fields; q = p otherwise */ + if (group->meth->field_type == NID_X9_62_characteristic_two_field) { + BN_zero(q); + if (!BN_set_bit(q, BN_num_bits(group->field) - 1)) + goto err; + } else { + if (!BN_copy(q, group->field)) + goto err; + } + + /* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor */ + if (!BN_rshift1(group->cofactor, group->order) /* n/2 */ + || !BN_add(group->cofactor, group->cofactor, q) /* q + n/2 */ + /* q + 1 + n/2 */ + || !BN_add(group->cofactor, group->cofactor, BN_value_one()) + /* (q + 1 + n/2)/n */ + || !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx)) + goto err; + ret = 1; + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { @@ -273,6 +335,34 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, return 0; } + /* require group->field >= 1 */ + if (group->field == NULL || BN_is_zero(group->field) + || BN_is_negative(group->field)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD); + return 0; + } + + /*- + * - require order >= 1 + * - enforce upper bound due to Hasse thm: order can be no more than one bit + * longer than field cardinality + */ + if (order == NULL || BN_is_zero(order) || BN_is_negative(order) + || BN_num_bits(order) > BN_num_bits(group->field) + 1) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_GROUP_ORDER); + return 0; + } + + /*- + * Unfortunately the cofactor is an optional field in many standards. + * Internally, the lib uses 0 cofactor as a marker for "unknown cofactor". + * So accept cofactor == NULL or cofactor >= 0. + */ + if (cofactor != NULL && BN_is_negative(cofactor)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_UNKNOWN_COFACTOR); + return 0; + } + if (group->generator == NULL) { group->generator = EC_POINT_new(group); if (group->generator == NULL) @@ -281,17 +371,17 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, if (!EC_POINT_copy(group->generator, generator)) return 0; - if (order != NULL) { - if (!BN_copy(group->order, order)) - return 0; - } else - BN_zero(group->order); + if (!BN_copy(group->order, order)) + return 0; - if (cofactor != NULL) { + /* Either take the provided positive cofactor, or try to compute it */ + if (cofactor != NULL && !BN_is_zero(cofactor)) { if (!BN_copy(group->cofactor, cofactor)) return 0; - } else + } else if (!ec_guess_cofactor(group)) { BN_zero(group->cofactor); + return 0; + } /* * Some groups have an order with @@ -918,14 +1008,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t i = 0; BN_CTX *new_ctx = NULL; - if ((scalar == NULL) && (num == 0)) { - return EC_POINT_set_to_infinity(group, r); - } - if (!ec_point_is_compat(r, group)) { ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } + + if (scalar == NULL && num == 0) + return EC_POINT_set_to_infinity(group, r); + for (i = 0; i < num; i++) { if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); @@ -1074,8 +1164,7 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_local.h similarity index 98% rename from trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_local.h index 119255f1d..64725a9c9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -14,7 +14,7 @@ #include #include #include "internal/refcount.h" -#include "internal/ec_int.h" +#include "crypto/ec.h" #if defined(__SUNPRO_C) # if __SUNPRO_C >= 0x520 @@ -154,7 +154,7 @@ struct ec_method_st { int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); /*- - * 'field_inv' computes the multipicative inverse of a in the field, + * 'field_inv' computes the multiplicative inverse of a in the field, * storing the result in r. * * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error. @@ -209,6 +209,8 @@ struct ec_group_st { BIGNUM *order, *cofactor; int curve_name; /* optional NID for named curve */ int asn1_flag; /* flag to control the asn1 encoding */ + int decoded_from_explicit_params; /* set if decoded from explicit + * curve parameters encoding */ point_conversion_form_t asn1_form; unsigned char *seed; /* optional seed for parameters (appears in * ASN1) */ @@ -595,6 +597,8 @@ int ec_key_simple_generate_key(EC_KEY *eckey); int ec_key_simple_generate_public_key(EC_KEY *eckey); int ec_key_simple_check_key(const EC_KEY *eckey); +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); + /* EC_METHOD definitions */ struct ec_key_method_st { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_mult.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_mult.c index 0e0a5e139..9a1e3974e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_mult.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_mult.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,8 +12,8 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #include "internal/refcount.h" /* @@ -260,17 +260,10 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, goto err; } - /*- - * Apply coordinate blinding for EC_POINT. - * - * The underlying EC_METHOD can optionally implement this function: - * ec_point_blind_coordinates() returns 0 in case of errors or 1 on - * success or if coordinate blinding is not implemented for this - * group. - */ - if (!ec_point_blind_coordinates(group, p, ctx)) { - ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE); - goto err; + /* ensure input point is in affine coords for ladder step efficiency */ + if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); + goto err; } /* Initialize the Montgomery ladder */ @@ -378,7 +371,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, err: EC_POINT_free(p); - EC_POINT_free(s); + EC_POINT_clear_free(s); BN_CTX_end(ctx); return ret; @@ -441,7 +434,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * scalar multiplication implementation based on a Montgomery ladder, * with various timing attack defenses. */ - if ((scalar != NULL) && (num == 0)) { + if ((scalar != group->order) && (scalar != NULL) && (num == 0)) { /*- * In this case we want to compute scalar * GeneratorPoint: this * codepath is reached most prominently by (ephemeral) key @@ -452,7 +445,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, */ return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); } - if ((scalar == NULL) && (num == 1)) { + if ((scalar == NULL) && (num == 1) && (scalars[0] != group->order)) { /*- * In this case we want to compute scalar * VariablePoint: this * codepath is reached most prominently by the second half of ECDH, @@ -747,6 +740,20 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (r_is_at_infinity) { if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err; + + /*- + * Apply coordinate blinding for EC_POINT. + * + * The underlying EC_METHOD can optionally implement this function: + * ec_point_blind_coordinates() returns 0 in case of errors or 1 on + * success or if coordinate blinding is not implemented for this + * group. + */ + if (!ec_point_blind_coordinates(group, r, ctx)) { + ECerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE); + goto err; + } + r_is_at_infinity = 0; } else { if (!EC_POINT_add @@ -948,8 +955,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); EC_ec_pre_comp_free(pre_comp); if (points) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_oct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_oct.c index 522f79e67..7ddc86b04 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_oct.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_oct.c @@ -13,7 +13,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_pmeth.c index f4ad0749e..64d2cc93a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,9 +12,9 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* EC pkey context structure */ @@ -323,7 +323,11 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { + EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) { ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); return 0; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_print.c index 027a51928..660fc400f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_print.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ec_print.c @@ -9,7 +9,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *point, @@ -39,13 +39,13 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, EC_POINT *ret; if ((buf_len = BN_num_bytes(bn)) == 0) - return NULL; + buf_len = 1; if ((buf = OPENSSL_malloc(buf_len)) == NULL) { ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE); return NULL; } - if (!BN_bn2bin(bn, buf)) { + if (!BN_bn2binpad(bn, buf, buf_len)) { OPENSSL_free(buf); return NULL; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_kdf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_kdf.c index d686f9d89..96efac62f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_kdf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_kdf.c @@ -10,7 +10,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" /* Key derivation function from X9.63/SECG */ /* Way more than we will ever need */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_ossl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_ossl.c index bd93793a1..0be00d43d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_ossl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdh_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -17,7 +17,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, const EC_POINT *pub_key, const EC_KEY *ecdh) @@ -58,7 +58,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, priv_key = EC_KEY_get0_private_key(ecdh); if (priv_key == NULL) { - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_NO_PRIVATE_VALUE); + ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_MISSING_PRIVATE_KEY); goto err; } @@ -112,9 +112,8 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, ret = 1; err: - EC_POINT_free(tmp); - if (ctx) - BN_CTX_end(ctx); + EC_POINT_clear_free(tmp); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_free(buf); return ret; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_ossl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_ossl.c index e35c7600d..1da87bfb5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_ossl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,8 +11,8 @@ #include #include #include -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, @@ -41,11 +41,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, const EC_GROUP *group; int ret = 0; int order_bits; + const BIGNUM *priv_key; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) { + ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_MISSING_PRIVATE_KEY); + return 0; + } if (!EC_KEY_can_sign(eckey)) { ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); @@ -83,8 +88,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, /* get random k */ do { if (dgst != NULL) { - if (!BN_generate_dsa_nonce(k, order, - EC_KEY_get0_private_key(eckey), + if (!BN_generate_dsa_nonce(k, order, priv_key, dgst, dlen, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_RANDOM_NUMBER_GENERATION_FAILED); @@ -162,10 +166,14 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); - if (group == NULL || priv_key == NULL) { + if (group == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER); return NULL; } + if (priv_key == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY); + return NULL; + } if (!EC_KEY_can_sign(eckey)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); @@ -301,7 +309,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, goto err; ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); err: - OPENSSL_clear_free(der, derlen); + OPENSSL_free(der); ECDSA_SIG_free(s); return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_sign.c index aee06e991..dc79c8c8e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_sign.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_sign.c @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_vrf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_vrf.c index f61a20063..ff597bdc1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_vrf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecdsa_vrf.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include /*- @@ -23,7 +23,7 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, if (eckey->meth->verify_sig != NULL) return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED); - return 0; + return -1; } /*- @@ -39,5 +39,5 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len, eckey); ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED); - return 0; + return -1; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_mont.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_mont.c index 252e66ef3..bdc39d5ef 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_mont.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_mont.c @@ -10,7 +10,7 @@ #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_mont_method(void) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nist.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nist.c index 5eaa99d84..9fd01279a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nist.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nist.c @@ -12,7 +12,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_nist_method(void) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp224.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp224.c index 025273a14..6f7d66c8b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp224.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp224.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -72,6 +72,7 @@ typedef uint64_t u64; */ typedef uint64_t limb; +typedef uint64_t limb_aX __attribute((__aligned__(1))); typedef uint128_t widelimb; typedef limb felem[4]; @@ -307,10 +308,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void) */ static void bin28_to_felem(felem out, const u8 in[28]) { - out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; - out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; - out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const uint64_t *)(in+20))) >> 8; + out[0] = *((const limb *)(in)) & 0x00ffffffffffffff; + out[1] = (*((const limb_aX *)(in + 7))) & 0x00ffffffffffffff; + out[2] = (*((const limb_aX *)(in + 14))) & 0x00ffffffffffffff; + out[3] = (*((const limb_aX *)(in + 20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) @@ -324,34 +325,21 @@ static void felem_to_bin28(u8 out[28], const felem in) } } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* From OpenSSL BIGNUM to internal representation */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { - ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { + ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } bin28_to_felem(out, b_out); return 1; } @@ -359,10 +347,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* From internal representation to OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin28(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin28(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /******************************************************************************/ @@ -921,6 +908,7 @@ static void point_add(felem x3, felem y3, felem z3, felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out; widefelem tmp, tmp2; limb z1_is_zero, z2_is_zero, x_equal, y_equal; + limb points_equal; if (!mixed) { /* ftmp2 = z2^2 */ @@ -977,15 +965,41 @@ static void point_add(felem x3, felem y3, felem z3, felem_reduce(ftmp, tmp); /* - * the formulae are incorrect if the points are equal so we check for - * this and do doubling if this happens + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. */ x_equal = felem_is_zero(ftmp); y_equal = felem_is_zero(ftmp3); + /* + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + */ z1_is_zero = felem_is_zero(z1); z2_is_zero = felem_is_zero(z2); - /* In affine coordinates, (X_1, Y_1) == (X_2, Y_2) */ - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + + /* + * Compared to `ecp_nistp256.c` and `ecp_nistp521.c`, in this + * specific implementation `felem_is_zero()` returns truth as `0x1` + * (rather than `0xff..ff`). + * + * This implies that `~true` in this implementation becomes + * `0xff..fe` (rather than `0x0`): for this reason, to be used in + * the if expression, we mask out only the last bit in the next + * line. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)) & 1; + + if (points_equal) { + /* + * This is obviously not constant-time but, as mentioned before, this + * case never happens during single point multiplication, so there is no + * timing leak for ECDH or ECDSA signing. + */ point_double(x3, y3, z3, x1, y1, z1); return; } @@ -1402,8 +1416,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned num_bytes; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1478,14 +1491,12 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* the generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1501,10 +1512,16 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -1547,20 +1564,21 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp256.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp256.c index a21e5f78f..e23e9d2a0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp256.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp256.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,7 +39,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -74,8 +74,8 @@ static const felem_bytearray nistp256_curve_params[5] = { {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, /* b */ - {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, + {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, /* b */ 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b}, @@ -146,34 +146,21 @@ static void smallfelem_to_bin32(u8 out[32], const smallfelem in) *((u64 *)&out[24]) = in[3]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { - ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { + ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } bin32_to_felem(out, b_out); return 1; } @@ -181,10 +168,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { - felem_bytearray b_in, b_out; - smallfelem_to_bin32(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + smallfelem_to_bin32(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -1255,6 +1241,7 @@ static void point_add(felem x3, felem y3, felem z3, longfelem tmp, tmp2; smallfelem small1, small2, small3, small4, small5; limb x_equal, y_equal, z1_is_zero, z2_is_zero; + limb points_equal; felem_shrink(small3, z1); @@ -1354,7 +1341,26 @@ static void point_add(felem x3, felem y3, felem z3, felem_shrink(small1, ftmp5); y_equal = smallfelem_is_zero(small1); - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + /* + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. + * + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)); + + if (points_equal) { + /* + * This is obviously not constant-time but, as mentioned before, this + * case never happens during single point multiplication, so there is no + * timing leak for ECDH or ECDSA signing. + */ point_double(x3, y3, z3, x1, y1, z1); return; } @@ -2024,8 +2030,8 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; smallfelem (*pre_comp)[17][3] = NULL; smallfelem *tmp_smallfelems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; smallfelem x_in, y_in, z_in; @@ -2102,17 +2108,15 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, memset(secrets, 0, sizeof(*secrets) * num_points); memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -2128,10 +2132,16 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -2176,20 +2186,21 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp521.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp521.c index 2f47772a3..08b327872 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp521.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistp521.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -128,6 +128,7 @@ static const felem_bytearray nistp521_curve_params[5] = { # define NLIMBS 9 typedef uint64_t limb; +typedef limb limb_aX __attribute((__aligned__(1))); typedef limb felem[NLIMBS]; typedef uint128_t largefelem[NLIMBS]; @@ -141,14 +142,14 @@ static const limb bottom58bits = 0x3ffffffffffffff; static void bin66_to_felem(felem out, const u8 in[66]) { out[0] = (*((limb *) & in[0])) & bottom58bits; - out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits; - out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits; - out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits; - out[4] = (*((limb *) & in[29])) & bottom58bits; - out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits; - out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits; - out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits; - out[8] = (*((limb *) & in[58])) & bottom57bits; + out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits; + out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits; + out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits; + out[4] = (*((limb_aX *) & in[29])) & bottom58bits; + out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits; + out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits; + out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits; + out[8] = (*((limb_aX *) & in[58])) & bottom57bits; } /* @@ -159,44 +160,31 @@ static void felem_to_bin66(u8 out[66], const felem in) { memset(out, 0, 66); (*((limb *) & out[0])) = in[0]; - (*((limb *) & out[7])) |= in[1] << 2; - (*((limb *) & out[14])) |= in[2] << 4; - (*((limb *) & out[21])) |= in[3] << 6; - (*((limb *) & out[29])) = in[4]; - (*((limb *) & out[36])) |= in[5] << 2; - (*((limb *) & out[43])) |= in[6] << 4; - (*((limb *) & out[50])) |= in[7] << 6; - (*((limb *) & out[58])) = in[8]; -} - -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; + (*((limb_aX *) & out[7])) |= in[1] << 2; + (*((limb_aX *) & out[14])) |= in[2] << 4; + (*((limb_aX *) & out[21])) |= in[3] << 6; + (*((limb_aX *) & out[29])) = in[4]; + (*((limb_aX *) & out[36])) |= in[5] << 2; + (*((limb_aX *) & out[43])) |= in[6] << 4; + (*((limb_aX *) & out[50])) |= in[7] << 6; + (*((limb_aX *) & out[58])) = in[8]; } /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { - ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { + ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } bin66_to_felem(out, b_out); return 1; } @@ -204,10 +192,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin66(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin66(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -357,10 +344,15 @@ static void felem_diff64(felem out, const felem in) static void felem_diff_128_64(largefelem out, const felem in) { /* - * In order to prevent underflow, we add 0 mod p before subtracting. + * In order to prevent underflow, we add 64p mod p (which is equivalent + * to 0 mod p) before subtracting. p is 2^521 - 1, i.e. in binary a 521 + * digit number with all bits set to 1. See "The representation of field + * elements" comment above for a description of how limbs are used to + * represent a number. 64p is represented with 8 limbs containing a number + * with 58 bits set and one limb with a number with 57 bits set. */ - static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5); - static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4); + static const limb two63m6 = (((limb) 1) << 63) - (((limb) 1) << 6); + static const limb two63m5 = (((limb) 1) << 63) - (((limb) 1) << 5); out[0] += two63m6 - in[0]; out[1] += two63m5 - in[1]; @@ -1167,6 +1159,7 @@ static void point_add(felem x3, felem y3, felem z3, felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; largefelem tmp, tmp2; limb x_equal, y_equal, z1_is_zero, z2_is_zero; + limb points_equal; z1_is_zero = felem_is_zero(z1); z2_is_zero = felem_is_zero(z2); @@ -1251,7 +1244,24 @@ static void point_add(felem x3, felem y3, felem z3, felem_scalar64(ftmp5, 2); /* ftmp5[i] < 2^61 */ - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + /* + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. + * + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + * + * Notice the comment below on the implications of this branching for timing + * leaks and why it is considered practically irrelevant. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)); + + if (points_equal) { /* * This is obviously not constant-time but it will almost-never happen * for ECDH / ECDSA. The case where it can happen is during scalar-mult @@ -1264,7 +1274,7 @@ static void point_add(felem x3, felem y3, felem z3, * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb * 71e913863f7, in that case the penultimate intermediate is -9G and * the final digit is also -9G. Since this only happens for a single - * scalar, the timing leak is irrelevent. (Any attacker who wanted to + * scalar, the timing leak is irrelevant. (Any attacker who wanted to * check whether a secret scalar was that exact value, can already do * so.) */ @@ -1861,8 +1871,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1937,17 +1947,15 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1963,10 +1971,16 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -2009,21 +2023,22 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, (const felem(*)[3])g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistputil.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistputil.c index 97fb63100..60e1325c3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistputil.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistputil.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,7 +33,7 @@ NON_EMPTY_TRANSLATION_UNIT */ # include -# include "ec_lcl.h" +# include "ec_local.h" /* * Convert an array of points into affine coordinates. (If the point at @@ -158,13 +158,13 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, * of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1 * by using bit-wise subtraction as follows: * - * b_k b_(k-1) ... b_2 b_1 b_0 - * - b_k ... b_3 b_2 b_1 b_0 - * ------------------------------------- - * s_k b_(k-1) ... s_3 s_2 s_1 s_0 + * b_k b_(k-1) ... b_2 b_1 b_0 + * - b_k ... b_3 b_2 b_1 b_0 + * ----------------------------------------- + * s_(k+1) s_k ... s_3 s_2 s_1 s_0 * * A left-shift followed by subtraction of the original value yields a new - * representation of the same value, using signed bits s_i = b_(i+1) - b_i. + * representation of the same value, using signed bits s_i = b_(i-1) - b_i. * This representation from Booth's paper has since appeared in the * literature under a variety of different names including "reversed binary * form", "alternating greedy expansion", "mutual opposite form", and @@ -188,7 +188,7 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, * (1961), pp. 67-91), in a radix-2^5 setting. That is, we always combine five * signed bits into a signed digit: * - * s_(4j + 4) s_(4j + 3) s_(4j + 2) s_(4j + 1) s_(4j) + * s_(5j + 4) s_(5j + 3) s_(5j + 2) s_(5j + 1) s_(5j) * * The sign-alternating property implies that the resulting digit values are * integers from -16 to 16. @@ -196,14 +196,14 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, * Of course, we don't actually need to compute the signed digits s_i as an * intermediate step (that's just a nice way to see how this scheme relates * to the wNAF): a direct computation obtains the recoded digit from the - * six bits b_(4j + 4) ... b_(4j - 1). + * six bits b_(5j + 4) ... b_(5j - 1). * - * This function takes those five bits as an integer (0 .. 63), writing the + * This function takes those six bits as an integer (0 .. 63), writing the * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute - * value, in the range 0 .. 8). Note that this integer essentially provides the - * input bits "shifted to the left" by one position: for example, the input to - * compute the least significant recoded digit, given that there's no bit b_-1, - * has to be b_4 b_3 b_2 b_1 b_0 0. + * value, in the range 0 .. 16). Note that this integer essentially provides + * the input bits "shifted to the left" by one position: for example, the input + * to compute the least significant recoded digit, given that there's no bit + * b_-1, has to be b_4 b_3 b_2 b_1 b_0 0. * */ void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256.c index aea639416..5005249b0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_nistz256.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2014, Intel Corporation. All Rights Reserved. * Copyright (c) 2015, CloudFlare, Inc. * @@ -21,8 +21,8 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #include "internal/refcount.h" #if BN_BITS2 != 64 @@ -358,16 +358,47 @@ static void ecp_nistz256_point_add(P256_POINT *r, ecp_nistz256_sub(H, U2, U1); /* H = U2 - U1 */ /* - * This should not happen during sign/ecdh, so no constant time violation + * The formulae are incorrect if the points are equal so we check for + * this and do doubling if this happens. + * + * Points here are in Jacobian projective coordinates (Xi, Yi, Zi) + * that are bound to the affine coordinates (xi, yi) by the following + * equations: + * - xi = Xi / (Zi)^2 + * - y1 = Yi / (Zi)^3 + * + * For the sake of optimization, the algorithm operates over + * intermediate variables U1, U2 and S1, S2 that are derived from + * the projective coordinates: + * - U1 = X1 * (Z2)^2 ; U2 = X2 * (Z1)^2 + * - S1 = Y1 * (Z2)^3 ; S2 = Y2 * (Z1)^3 + * + * It is easy to prove that is_equal(U1, U2) implies that the affine + * x-coordinates are equal, or either point is at infinity. + * Likewise is_equal(S1, S2) implies that the affine y-coordinates are + * equal, or either point is at infinity. + * + * The special case of either point being the point at infinity (Z1 or Z2 + * is zero), is handled separately later on in this function, so we avoid + * jumping to point_double here in those special cases. + * + * When both points are inverse of each other, we know that the affine + * x-coordinates are equal, and the y-coordinates have different sign. + * Therefore since U1 = U2, we know H = 0, and therefore Z3 = H*Z1*Z2 + * will equal 0, thus the result is infinity, if we simply let this + * function continue normally. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. */ - if (is_equal(U1, U2) && !in1infty && !in2infty) { - if (is_equal(S1, S2)) { - ecp_nistz256_point_double(r, a); - return; - } else { - memset(r, 0, sizeof(*r)); - return; - } + if (is_equal(U1, U2) & ~in1infty & ~in2infty & is_equal(S1, S2)) { + /* + * This is obviously not constant-time but it should never happen during + * single point multiplication, so there is no timing leak for ECDH or + * ECDSA signing. + */ + ecp_nistz256_point_double(r, a); + return; } ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ @@ -888,8 +919,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); EC_nistz256_pre_comp_free(pre_comp); @@ -899,207 +929,6 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) return ret; } -/* - * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great - * code processing 4 points in parallel, corresponding serial operation - * is several times slower, because it uses 29x29=58-bit multiplication - * as opposite to 64x64=128-bit in integer-only scalar case. As result - * it doesn't provide *significant* performance improvement. Note that - * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work, - * you'd need to compile even asm/ecp_nistz256-avx.pl module. - */ -#if defined(ECP_NISTZ256_AVX2) -# if !(defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) || \ - !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */ -# undef ECP_NISTZ256_AVX2 -# else -/* Constant time access, loading four values, from four consecutive tables */ -void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, - int index0, int index1, int index2, - int index3); -void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in); -void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4); -void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_point_add_affines_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_to_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_from_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_set1(void *RESULTx4); -int ecp_nistz_avx2_eligible(void); - -static void booth_recode_w7(unsigned char *sign, - unsigned char *digit, unsigned char in) -{ - unsigned char s, d; - - s = ~((in >> 7) - 1); - d = (1 << 8) - in - 1; - d = (d & s) | (in & ~s); - d = (d >> 1) + (d & 1); - - *sign = s & 1; - *digit = d; -} - -/* - * ecp_nistz256_avx2_mul_g performs multiplication by G, using only the - * precomputed table. It does 4 affine point additions in parallel, - * significantly speeding up point multiplication for a fixed value. - */ -static void ecp_nistz256_avx2_mul_g(P256_POINT *r, - unsigned char p_str[33], - const P256_POINT_AFFINE(*preComputedTable)[64]) -{ - const unsigned int window_size = 7; - const unsigned int mask = (1 << (window_size + 1)) - 1; - unsigned int wvalue; - /* Using 4 windows at a time */ - unsigned char sign0, digit0; - unsigned char sign1, digit1; - unsigned char sign2, digit2; - unsigned char sign3, digit3; - unsigned int idx = 0; - BN_ULONG tmp[P256_LIMBS]; - int i; - - ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 }; - ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 }; - ALIGN32 P256_POINT_AFFINE point_arr[4]; - ALIGN32 P256_POINT res_point_arr[4]; - - /* Initial four windows */ - wvalue = *((u16 *) & p_str[0]); - wvalue = (wvalue << 1) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(aX4, point_arr); - ecp_nistz256_avx2_to_mont(aX4, aX4); - ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]); - ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]); - - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - /* Optimized when both inputs are affine */ - ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4); - - for (i = 2; i < 9; i++) { - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, - preComputedTable[4 * i], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - - ecp_nistz256_avx2_point_add_affine_x4(aX4, aX4, bX4); - } - - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 0], &aX4[4 * 9 * 0]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 1], &aX4[4 * 9 * 1]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 2], &aX4[4 * 9 * 2]); - - ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4); - /* Last window is performed serially */ - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - booth_recode_w7(&sign0, &digit0, wvalue); - ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r, - preComputedTable[36], digit0); - ecp_nistz256_neg(tmp, r->Y); - copy_conditional(r->Y, tmp, sign0); - memcpy(r->Z, ONE, sizeof(ONE)); - /* Sum the four windows */ - ecp_nistz256_point_add(r, r, &res_point_arr[0]); - ecp_nistz256_point_add(r, r, &res_point_arr[1]); - ecp_nistz256_point_add(r, r, &res_point_arr[2]); - ecp_nistz256_point_add(r, r, &res_point_arr[3]); -} -# endif -#endif - __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, const P256_POINT_AFFINE *in, BN_CTX *ctx) @@ -1189,6 +1018,8 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, } if (preComputedTable) { + BN_ULONG infty; + if ((BN_num_bits(scalar) > 256) || BN_is_negative(scalar)) { if ((tmp_scalar = BN_CTX_get(ctx)) == NULL) @@ -1220,67 +1051,58 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, for (; i < 33; i++) p_str[i] = 0; -#if defined(ECP_NISTZ256_AVX2) - if (ecp_nistz_avx2_eligible()) { - ecp_nistz256_avx2_mul_g(&p.p, p_str, preComputedTable); - } else -#endif - { - BN_ULONG infty; + /* First window */ + wvalue = (p_str[0] << 1) & mask; + idx += window_size; - /* First window */ - wvalue = (p_str[0] << 1) & mask; + wvalue = _booth_recode_w7(wvalue); + + ecp_nistz256_gather_w7(&p.a, preComputedTable[0], + wvalue >> 1); + + ecp_nistz256_neg(p.p.Z, p.p.Y); + copy_conditional(p.p.Y, p.p.Z, wvalue & 1); + + /* + * Since affine infinity is encoded as (0,0) and + * Jacobian is (,,0), we need to harmonize them + * by assigning "one" or zero to Z. + */ + infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | + p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); + if (P256_LIMBS == 8) + infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | + p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); + + infty = 0 - is_zero(infty); + infty = ~infty; + + p.p.Z[0] = ONE[0] & infty; + p.p.Z[1] = ONE[1] & infty; + p.p.Z[2] = ONE[2] & infty; + p.p.Z[3] = ONE[3] & infty; + if (P256_LIMBS == 8) { + p.p.Z[4] = ONE[4] & infty; + p.p.Z[5] = ONE[5] & infty; + p.p.Z[6] = ONE[6] & infty; + p.p.Z[7] = ONE[7] & infty; + } + + for (i = 1; i < 37; i++) { + unsigned int off = (idx - 1) / 8; + wvalue = p_str[off] | p_str[off + 1] << 8; + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; idx += window_size; wvalue = _booth_recode_w7(wvalue); - ecp_nistz256_gather_w7(&p.a, preComputedTable[0], - wvalue >> 1); + ecp_nistz256_gather_w7(&t.a, + preComputedTable[i], wvalue >> 1); - ecp_nistz256_neg(p.p.Z, p.p.Y); - copy_conditional(p.p.Y, p.p.Z, wvalue & 1); + ecp_nistz256_neg(t.p.Z, t.a.Y); + copy_conditional(t.a.Y, t.p.Z, wvalue & 1); - /* - * Since affine infinity is encoded as (0,0) and - * Jacobian ias (,,0), we need to harmonize them - * by assigning "one" or zero to Z. - */ - infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | - p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); - if (P256_LIMBS == 8) - infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | - p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); - - infty = 0 - is_zero(infty); - infty = ~infty; - - p.p.Z[0] = ONE[0] & infty; - p.p.Z[1] = ONE[1] & infty; - p.p.Z[2] = ONE[2] & infty; - p.p.Z[3] = ONE[3] & infty; - if (P256_LIMBS == 8) { - p.p.Z[4] = ONE[4] & infty; - p.p.Z[5] = ONE[5] & infty; - p.p.Z[6] = ONE[6] & infty; - p.p.Z[7] = ONE[7] & infty; - } - - for (i = 1; i < 37; i++) { - unsigned int off = (idx - 1) / 8; - wvalue = p_str[off] | p_str[off + 1] << 8; - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - - wvalue = _booth_recode_w7(wvalue); - - ecp_nistz256_gather_w7(&t.a, - preComputedTable[i], wvalue >> 1); - - ecp_nistz256_neg(t.p.Z, t.a.Y); - copy_conditional(t.a.Y, t.p.Z, wvalue & 1); - - ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); - } + ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); } } else { p_is_infinity = 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_oct.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_oct.c index 7ade1b3d2..946076325 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_oct.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_oct.c @@ -11,7 +11,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_smpl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_smpl.c index f6a6cedb0..b3110ec89 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_smpl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecp_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -11,7 +11,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_simple_method(void) { @@ -307,8 +307,7 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } @@ -787,8 +786,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ret = 1; end: - if (ctx) /* otherwise we already called BN_CTX_end */ - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } @@ -1374,6 +1372,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, * Computes the multiplicative inverse of a in GF(p), storing the result in r. * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error. * Since we don't have a Mont structure here, SCA hardening is with blinding. + * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.) */ int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) @@ -1433,112 +1432,133 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, temp = BN_CTX_get(ctx); if (temp == NULL) { ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE); - goto err; + goto end; } - /* make sure lambda is not zero */ + /*- + * Make sure lambda is not zero. + * If the RNG fails, we cannot blind but nevertheless want + * code to continue smoothly and not clobber the error stack. + */ do { - if (!BN_priv_rand_range(lambda, group->field)) { - ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB); - goto err; + ERR_set_mark(); + ret = BN_priv_rand_range(lambda, group->field); + ERR_pop_to_mark(); + if (ret == 0) { + ret = 1; + goto end; } } while (BN_is_zero(lambda)); /* if field_encode defined convert between representations */ - if (group->meth->field_encode != NULL - && !group->meth->field_encode(group, lambda, lambda, ctx)) - goto err; - if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx)) - goto err; - if (!group->meth->field_sqr(group, temp, lambda, ctx)) - goto err; - if (!group->meth->field_mul(group, p->X, p->X, temp, ctx)) - goto err; - if (!group->meth->field_mul(group, temp, temp, lambda, ctx)) - goto err; - if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx)) - goto err; - p->Z_is_one = 0; + if ((group->meth->field_encode != NULL + && !group->meth->field_encode(group, lambda, lambda, ctx)) + || !group->meth->field_mul(group, p->Z, p->Z, lambda, ctx) + || !group->meth->field_sqr(group, temp, lambda, ctx) + || !group->meth->field_mul(group, p->X, p->X, temp, ctx) + || !group->meth->field_mul(group, temp, temp, lambda, ctx) + || !group->meth->field_mul(group, p->Y, p->Y, temp, ctx)) + goto end; + p->Z_is_one = 0; ret = 1; - err: + end: BN_CTX_end(ctx); return ret; } /*- - * Set s := p, r := 2p. + * Input: + * - p: affine coordinates + * + * Output: + * - s := p, r := 2p: blinded projective (homogeneous) coordinates * * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve - * multiplication resistant against side channel attacks" appendix, as described - * at + * multiplication resistant against side channel attacks" appendix, described at * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2 + * simplified for Z1=1. * - * The input point p will be in randomized Jacobian projective coords: - * x = X/Z**2, y=Y/Z**3 - * - * The output points p, s, and r are converted to standard (homogeneous) - * projective coords: - * x = X/Z, y=Y/Z + * Blinding uses the equivalence relation (\lambda X, \lambda Y, \lambda Z) + * for any non-zero \lambda that holds for projective (homogeneous) coords. */ int ec_GFp_simple_ladder_pre(const EC_GROUP *group, EC_POINT *r, EC_POINT *s, EC_POINT *p, BN_CTX *ctx) { - BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL; + BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL; - t1 = r->Z; - t2 = r->Y; + t1 = s->Z; + t2 = r->Z; t3 = s->X; t4 = r->X; t5 = s->Y; - t6 = s->Z; - /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */ - if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx) - || !group->meth->field_sqr(group, t1, p->Z, ctx) - || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx) - /* r := 2p */ - || !group->meth->field_sqr(group, t2, p->X, ctx) - || !group->meth->field_sqr(group, t3, p->Z, ctx) - || !group->meth->field_mul(group, t4, t3, group->a, ctx) - || !BN_mod_sub_quick(t5, t2, t4, group->field) - || !BN_mod_add_quick(t2, t2, t4, group->field) - || !group->meth->field_sqr(group, t5, t5, ctx) - || !group->meth->field_mul(group, t6, t3, group->b, ctx) - || !group->meth->field_mul(group, t1, p->X, p->Z, ctx) - || !group->meth->field_mul(group, t4, t1, t6, ctx) - || !BN_mod_lshift_quick(t4, t4, 3, group->field) + if (!p->Z_is_one /* r := 2p */ + || !group->meth->field_sqr(group, t3, p->X, ctx) + || !BN_mod_sub_quick(t4, t3, group->a, group->field) + || !group->meth->field_sqr(group, t4, t4, ctx) + || !group->meth->field_mul(group, t5, p->X, group->b, ctx) + || !BN_mod_lshift_quick(t5, t5, 3, group->field) /* r->X coord output */ - || !BN_mod_sub_quick(r->X, t5, t4, group->field) - || !group->meth->field_mul(group, t1, t1, t2, ctx) - || !group->meth->field_mul(group, t2, t3, t6, ctx) - || !BN_mod_add_quick(t1, t1, t2, group->field) + || !BN_mod_sub_quick(r->X, t4, t5, group->field) + || !BN_mod_add_quick(t1, t3, group->a, group->field) + || !group->meth->field_mul(group, t2, p->X, t1, ctx) + || !BN_mod_add_quick(t2, group->b, t2, group->field) /* r->Z coord output */ - || !BN_mod_lshift_quick(r->Z, t1, 2, group->field) - || !EC_POINT_copy(s, p)) + || !BN_mod_lshift_quick(r->Z, t2, 2, group->field)) + return 0; + + /* make sure lambda (r->Y here for storage) is not zero */ + do { + if (!BN_priv_rand_range(r->Y, group->field)) + return 0; + } while (BN_is_zero(r->Y)); + + /* make sure lambda (s->Z here for storage) is not zero */ + do { + if (!BN_priv_rand_range(s->Z, group->field)) + return 0; + } while (BN_is_zero(s->Z)); + + /* if field_encode defined convert between representations */ + if (group->meth->field_encode != NULL + && (!group->meth->field_encode(group, r->Y, r->Y, ctx) + || !group->meth->field_encode(group, s->Z, s->Z, ctx))) + return 0; + + /* blind r and s independently */ + if (!group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx) + || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx) + || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) /* s := p */ return 0; r->Z_is_one = 0; s->Z_is_one = 0; - p->Z_is_one = 0; return 1; } /*- - * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi + * Input: + * - s, r: projective (homogeneous) coordinates + * - p: affine coordinates + * + * Output: + * - s := r + s, r := 2r: projective (homogeneous) coordinates + * + * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi * "A fast parallel elliptic curve multiplication resistant against side channel * attacks", as described at - * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4 + * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4 */ int ec_GFp_simple_ladder_step(const EC_GROUP *group, EC_POINT *r, EC_POINT *s, EC_POINT *p, BN_CTX *ctx) { int ret = 0; - BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL; + BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL; BN_CTX_start(ctx); t0 = BN_CTX_get(ctx); @@ -1548,50 +1568,47 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group, t4 = BN_CTX_get(ctx); t5 = BN_CTX_get(ctx); t6 = BN_CTX_get(ctx); - t7 = BN_CTX_get(ctx); - if (t7 == NULL - || !group->meth->field_mul(group, t0, r->X, s->X, ctx) - || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx) - || !group->meth->field_mul(group, t2, r->X, s->Z, ctx) + if (t6 == NULL + || !group->meth->field_mul(group, t6, r->X, s->X, ctx) + || !group->meth->field_mul(group, t0, r->Z, s->Z, ctx) + || !group->meth->field_mul(group, t4, r->X, s->Z, ctx) || !group->meth->field_mul(group, t3, r->Z, s->X, ctx) - || !group->meth->field_mul(group, t4, group->a, t1, ctx) - || !BN_mod_add_quick(t0, t0, t4, group->field) - || !BN_mod_add_quick(t4, t3, t2, group->field) - || !group->meth->field_mul(group, t0, t4, t0, ctx) - || !group->meth->field_sqr(group, t1, t1, ctx) - || !BN_mod_lshift_quick(t7, group->b, 2, group->field) - || !group->meth->field_mul(group, t1, t7, t1, ctx) - || !BN_mod_lshift1_quick(t0, t0, group->field) - || !BN_mod_add_quick(t0, t1, t0, group->field) - || !BN_mod_sub_quick(t1, t2, t3, group->field) - || !group->meth->field_sqr(group, t1, t1, ctx) - || !group->meth->field_mul(group, t3, t1, p->X, ctx) - || !group->meth->field_mul(group, t0, p->Z, t0, ctx) - /* s->X coord output */ - || !BN_mod_sub_quick(s->X, t0, t3, group->field) - /* s->Z coord output */ - || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx) - || !group->meth->field_sqr(group, t3, r->X, ctx) - || !group->meth->field_sqr(group, t2, r->Z, ctx) - || !group->meth->field_mul(group, t4, t2, group->a, ctx) - || !BN_mod_add_quick(t5, r->X, r->Z, group->field) - || !group->meth->field_sqr(group, t5, t5, ctx) - || !BN_mod_sub_quick(t5, t5, t3, group->field) - || !BN_mod_sub_quick(t5, t5, t2, group->field) - || !BN_mod_sub_quick(t6, t3, t4, group->field) - || !group->meth->field_sqr(group, t6, t6, ctx) - || !group->meth->field_mul(group, t0, t2, t5, ctx) - || !group->meth->field_mul(group, t0, t7, t0, ctx) - /* r->X coord output */ - || !BN_mod_sub_quick(r->X, t6, t0, group->field) + || !group->meth->field_mul(group, t5, group->a, t0, ctx) + || !BN_mod_add_quick(t5, t6, t5, group->field) || !BN_mod_add_quick(t6, t3, t4, group->field) - || !group->meth->field_sqr(group, t3, t2, ctx) - || !group->meth->field_mul(group, t7, t3, t7, ctx) - || !group->meth->field_mul(group, t5, t5, t6, ctx) + || !group->meth->field_mul(group, t5, t6, t5, ctx) + || !group->meth->field_sqr(group, t0, t0, ctx) + || !BN_mod_lshift_quick(t2, group->b, 2, group->field) + || !group->meth->field_mul(group, t0, t2, t0, ctx) || !BN_mod_lshift1_quick(t5, t5, group->field) + || !BN_mod_sub_quick(t3, t4, t3, group->field) + /* s->Z coord output */ + || !group->meth->field_sqr(group, s->Z, t3, ctx) + || !group->meth->field_mul(group, t4, s->Z, p->X, ctx) + || !BN_mod_add_quick(t0, t0, t5, group->field) + /* s->X coord output */ + || !BN_mod_sub_quick(s->X, t0, t4, group->field) + || !group->meth->field_sqr(group, t4, r->X, ctx) + || !group->meth->field_sqr(group, t5, r->Z, ctx) + || !group->meth->field_mul(group, t6, t5, group->a, ctx) + || !BN_mod_add_quick(t1, r->X, r->Z, group->field) + || !group->meth->field_sqr(group, t1, t1, ctx) + || !BN_mod_sub_quick(t1, t1, t4, group->field) + || !BN_mod_sub_quick(t1, t1, t5, group->field) + || !BN_mod_sub_quick(t3, t4, t6, group->field) + || !group->meth->field_sqr(group, t3, t3, ctx) + || !group->meth->field_mul(group, t0, t5, t1, ctx) + || !group->meth->field_mul(group, t0, t2, t0, ctx) + /* r->X coord output */ + || !BN_mod_sub_quick(r->X, t3, t0, group->field) + || !BN_mod_add_quick(t3, t4, t6, group->field) + || !group->meth->field_sqr(group, t4, t5, ctx) + || !group->meth->field_mul(group, t4, t4, t2, ctx) + || !group->meth->field_mul(group, t1, t1, t3, ctx) + || !BN_mod_lshift1_quick(t1, t1, group->field) /* r->Z coord output */ - || !BN_mod_add_quick(r->Z, t7, t5, group->field)) + || !BN_mod_add_quick(r->Z, t4, t1, group->field)) goto err; ret = 1; @@ -1602,17 +1619,23 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group, } /*- - * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass - * Elliptic Curves and Side-Channel Attacks", modified to work in projective - * coordinates and return r in Jacobian projective coordinates. + * Input: + * - s, r: projective (homogeneous) coordinates + * - p: affine coordinates * - * X4 = two*Y1*X2*Z3*Z2*Z1; - * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1); - * Z4 = two*Y1*Z3*SQR(Z2)*Z1; + * Output: + * - r := (x,y): affine coordinates + * + * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass + * Elliptic Curves and Side-Channel Attacks", modified to work in mixed + * projective coords, i.e. p is affine and (r,s) in projective (homogeneous) + * coords, and return r in affine coordinates. + * + * X4 = two*Y1*X2*Z3*Z2; + * Y4 = two*b*Z3*SQR(Z2) + Z3*(a*Z2+X1*X2)*(X1*Z2+X2) - X3*SQR(X1*Z2-X2); + * Z4 = two*Y1*Z3*SQR(Z2); * * Z4 != 0 because: - * - Z1==0 implies p is at infinity, which would have caused an early exit in - * the caller; * - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch); * - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch); * - Y1==0 implies p has order 2, so either r or s are infinity and handled by @@ -1629,11 +1652,7 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group, return EC_POINT_set_to_infinity(group, r); if (BN_is_zero(s->Z)) { - /* (X,Y,Z) -> (XZ,YZ**2,Z) */ - if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx) - || !group->meth->field_sqr(group, r->Z, p->Z, ctx) - || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx) - || !BN_copy(r->Z, p->Z) + if (!EC_POINT_copy(r, p) || !EC_POINT_invert(group, r, ctx)) return 0; return 1; @@ -1649,38 +1668,46 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group, t6 = BN_CTX_get(ctx); if (t6 == NULL - || !BN_mod_lshift1_quick(t0, p->Y, group->field) - || !group->meth->field_mul(group, t1, r->X, p->Z, ctx) - || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx) - || !group->meth->field_mul(group, t2, t1, t2, ctx) - || !group->meth->field_mul(group, t3, t2, t0, ctx) - || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx) - || !group->meth->field_sqr(group, t4, t2, ctx) - || !BN_mod_lshift1_quick(t5, group->b, group->field) - || !group->meth->field_mul(group, t4, t4, t5, ctx) - || !group->meth->field_mul(group, t6, t2, group->a, ctx) - || !group->meth->field_mul(group, t5, r->X, p->X, ctx) - || !BN_mod_add_quick(t5, t6, t5, group->field) - || !group->meth->field_mul(group, t6, r->Z, p->X, ctx) - || !BN_mod_add_quick(t2, t6, t1, group->field) - || !group->meth->field_mul(group, t5, t5, t2, ctx) - || !BN_mod_sub_quick(t6, t6, t1, group->field) - || !group->meth->field_sqr(group, t6, t6, ctx) - || !group->meth->field_mul(group, t6, t6, s->X, ctx) - || !BN_mod_add_quick(t4, t5, t4, group->field) - || !group->meth->field_mul(group, t4, t4, s->Z, ctx) - || !BN_mod_sub_quick(t4, t4, t6, group->field) - || !group->meth->field_sqr(group, t5, r->Z, ctx) - || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx) - || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx) - || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx) - /* t3 := X, t4 := Y */ - /* (X,Y,Z) -> (XZ,YZ**2,Z) */ - || !group->meth->field_mul(group, r->X, t3, r->Z, ctx) + || !BN_mod_lshift1_quick(t4, p->Y, group->field) + || !group->meth->field_mul(group, t6, r->X, t4, ctx) + || !group->meth->field_mul(group, t6, s->Z, t6, ctx) + || !group->meth->field_mul(group, t5, r->Z, t6, ctx) + || !BN_mod_lshift1_quick(t1, group->b, group->field) + || !group->meth->field_mul(group, t1, s->Z, t1, ctx) || !group->meth->field_sqr(group, t3, r->Z, ctx) - || !group->meth->field_mul(group, r->Y, t4, t3, ctx)) + || !group->meth->field_mul(group, t2, t3, t1, ctx) + || !group->meth->field_mul(group, t6, r->Z, group->a, ctx) + || !group->meth->field_mul(group, t1, p->X, r->X, ctx) + || !BN_mod_add_quick(t1, t1, t6, group->field) + || !group->meth->field_mul(group, t1, s->Z, t1, ctx) + || !group->meth->field_mul(group, t0, p->X, r->Z, ctx) + || !BN_mod_add_quick(t6, r->X, t0, group->field) + || !group->meth->field_mul(group, t6, t6, t1, ctx) + || !BN_mod_add_quick(t6, t6, t2, group->field) + || !BN_mod_sub_quick(t0, t0, r->X, group->field) + || !group->meth->field_sqr(group, t0, t0, ctx) + || !group->meth->field_mul(group, t0, t0, s->X, ctx) + || !BN_mod_sub_quick(t0, t6, t0, group->field) + || !group->meth->field_mul(group, t1, s->Z, t4, ctx) + || !group->meth->field_mul(group, t1, t3, t1, ctx) + || (group->meth->field_decode != NULL + && !group->meth->field_decode(group, t1, t1, ctx)) + || !group->meth->field_inv(group, t1, t1, ctx) + || (group->meth->field_encode != NULL + && !group->meth->field_encode(group, t1, t1, ctx)) + || !group->meth->field_mul(group, r->X, t5, t1, ctx) + || !group->meth->field_mul(group, r->Y, t0, t1, ctx)) goto err; + if (group->meth->field_set_to_one != NULL) { + if (!group->meth->field_set_to_one(group, r->Z, ctx)) + goto err; + } else { + if (!BN_one(r->Z)) + goto err; + } + + r->Z_is_one = 1; ret = 1; err: diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecx_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecx_meth.c index e4cac99e2..9dc5259e4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecx_meth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ec/ecx_meth.c @@ -12,10 +12,10 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "ec_lcl.h" -#include "curve448/curve448_lcl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "ec_local.h" +#include "curve448/curve448_local.h" #define X25519_BITS 253 #define X25519_SECURITY_BITS 128 @@ -191,7 +191,7 @@ static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) } rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE); - ASN1_OCTET_STRING_free(oct); + ASN1_STRING_clear_free(oct); return rv; } @@ -532,7 +532,7 @@ static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); if (alg2) X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); - /* Algorithm idetifiers set: carry on as normal */ + /* Algorithm identifiers set: carry on as normal */ return 3; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/README b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/README index c7a5696ca..0f8a8fbde 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/README +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/README @@ -9,7 +9,7 @@ for masochists" document *and* a rather extensive commit log message. (I'd get lynched for sticking all this in CHANGES or the commit mails :-). ENGINE_TABLE underlies this restructuring, as described in the internal header -"eng_int.h", implemented in eng_table.c, and used in each of the "class" files; +"eng_local.h", implemented in eng_table.c, and used in each of the "class" files; tb_rsa.c, tb_dsa.c, etc. However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_all.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_all.c index af306ccff..b675ed789 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_all.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_all.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "eng_int.h" +#include "eng_local.h" void ENGINE_load_builtin_engines(void) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_cnf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_cnf.c index 6f0a066d0..df00df6ac 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_cnf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_cnf.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include /* #define ENGINE_CONF_DEBUG */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_ctrl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_ctrl.c index 3bc4aab16..e65e78447 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_ctrl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_ctrl.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* * When querying a ENGINE-specific control command's 'description', this diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_devcrypto.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_devcrypto.c index 717d7c277..84a3b7dbe 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_devcrypto.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_devcrypto.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,11 +22,11 @@ #include #include -#include "internal/engine.h" +#include "crypto/engine.h" /* #define ENGINE_DEVCRYPTO_DEBUG */ -#ifdef CRYPTO_ALGORITHM_MIN +#if CRYPTO_ALGORITHM_MIN < CRYPTO_ALGORITHM_MAX # define CHECK_BSD_STYLE_MACROS #endif @@ -758,8 +758,9 @@ static int devcrypto_unload(ENGINE *e) void engine_load_devcrypto_int() { ENGINE *e = NULL; + int fd; - if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { + if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) { #ifndef ENGINE_DEVCRYPTO_DEBUG if (errno != ENOENT) #endif @@ -767,6 +768,18 @@ void engine_load_devcrypto_int() return; } +#ifdef CRIOGET + if (ioctl(fd, CRIOGET, &cfd) < 0) { + fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno)); + close(fd); + cfd = -1; + return; + } + close(fd); +#else + cfd = fd; +#endif + if ((e = ENGINE_new()) == NULL || !ENGINE_set_destroy_function(e, devcrypto_unload)) { ENGINE_free(e); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_dyn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_dyn.c index 843226c07..06e677290 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_dyn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_dyn.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include "internal/dso.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_fat.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_fat.c index 591fddc8e..fe231a65f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_fat.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_fat.c @@ -8,7 +8,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include int ENGINE_set_default(ENGINE *e, unsigned int flags) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_init.c index 7c235fc47..6c9063f8f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_init.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_init.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" /* * Initialise a engine type for use (or up its functional reference count if diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_lib.c index d7f2026fa..5bd584c59 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" #include #include "internal/refcount.h" @@ -171,6 +171,7 @@ void engine_cleanup_int(void) cleanup_stack = NULL; } CRYPTO_THREAD_lock_free(global_engine_lock); + global_engine_lock = NULL; } /* Now the "ex_data" support */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_list.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_list.c index 45c339c54..1352fb7c9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_list.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_list.c @@ -8,7 +8,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* * The linked-list of pointers to engine types. engine_list_head incorporates diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_local.h similarity index 97% rename from trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_int.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_local.h index b95483341..8ef7172b9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_int.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_local.h @@ -8,11 +8,11 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_ENGINE_INT_H -# define HEADER_ENGINE_INT_H +#ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H +# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H # include "internal/cryptlib.h" -# include "internal/engine.h" +# include "crypto/engine.h" # include "internal/thread_once.h" # include "internal/refcount.h" @@ -168,4 +168,4 @@ typedef struct st_engine_pile ENGINE_PILE; DEFINE_LHASH_OF(ENGINE_PILE); -#endif /* HEADER_ENGINE_INT_H */ +#endif /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_openssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_openssl.c index f7ad7a5f4..25631fb87 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_openssl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -11,7 +11,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/engine.h" +#include "crypto/engine.h" #include #include #include @@ -29,12 +29,14 @@ */ #define TEST_ENG_OPENSSL_RC4 #ifndef OPENSSL_NO_STDIO -#define TEST_ENG_OPENSSL_PKEY +# define TEST_ENG_OPENSSL_PKEY #endif /* #define TEST_ENG_OPENSSL_HMAC */ /* #define TEST_ENG_OPENSSL_HMAC_INIT */ /* #define TEST_ENG_OPENSSL_RC4_OTHERS */ -#define TEST_ENG_OPENSSL_RC4_P_INIT +#ifndef OPENSSL_NO_STDIO +# define TEST_ENG_OPENSSL_RC4_P_INIT +#endif /* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ #define TEST_ENG_OPENSSL_SHA /* #define TEST_ENG_OPENSSL_SHA_OTHERS */ @@ -165,7 +167,7 @@ static int bind_fn(ENGINE *e, const char *id) } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */ #ifdef TEST_ENG_OPENSSL_RC4 /*- diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_pkey.c index 305a648fe..e813bc6db 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_pkey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_pkey.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* Basic get/set stuff */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_rdrand.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_rdrand.c index 261e5debb..9dceb1671 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_rdrand.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_rdrand.c @@ -11,7 +11,7 @@ #include #include -#include "internal/engine.h" +#include "crypto/engine.h" #include #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_table.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_table.c index ac4b02fc1..72f393dbe 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_table.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/eng_table.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include #include -#include "eng_int.h" +#include "eng_local.h" /* The type of the items in the table */ struct st_engine_pile { @@ -26,7 +26,7 @@ struct st_engine_pile { int uptodate; }; -/* The type exposed in eng_int.h */ +/* The type exposed in eng_local.h */ struct st_engine_table { LHASH_OF(ENGINE_PILE) piles; }; /* ENGINE_TABLE */ @@ -76,7 +76,7 @@ static int int_table_check(ENGINE_TABLE **t, int create) } /* - * Privately exposed (via eng_int.h) functions for adding and/or removing + * Privately exposed (via eng_local.h) functions for adding and/or removing * ENGINEs from the implementation table */ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_asnmth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_asnmth.c index 4bcc76136..72850b939 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_asnmth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_asnmth.c @@ -8,9 +8,9 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" /* * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the @@ -147,7 +147,8 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); for (i = 0; i < nidcount; i++) { e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); - if (((int)strlen(ameth->pem_str) == len) + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == len) && strncasecmp(ameth->pem_str, str, len) == 0) return ameth; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_cipher.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_cipher.c index faa967c47..236da346c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_cipher.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_cipher.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *cipher_table = NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dh.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dh.c index 785119f65..a13a13950 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dh.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dh.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dh_table = NULL; static const int dummy_nid = 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_digest.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_digest.c index d644b1b0a..a6e6337a0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_digest.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_digest.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *digest_table = NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dsa.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dsa.c index 65b6ea8d3..2c77f0f3e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dsa.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_dsa.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dsa_table = NULL; static const int dummy_nid = 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_eckey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_eckey.c index 1e5073685..907d55ae8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_eckey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_eckey.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dh_table = NULL; static const int dummy_nid = 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_pkmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_pkmeth.c index 03cd1e69d..c5c001c5c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_pkmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_pkmeth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include static ENGINE_TABLE *pkey_meth_table = NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rand.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rand.c index 98a98073c..92f61c5a8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rand.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rand.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *rand_table = NULL; static const int dummy_nid = 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rsa.c b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rsa.c index d8d2e34f8..43e865e6d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rsa.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/engine/tb_rsa.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *rsa_table = NULL; static const int dummy_nid = 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err.c index c737b2a9c..1372d52f8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/err/err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err.c @@ -10,17 +10,17 @@ #include #include #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/err.h" -#include "internal/err_int.h" +#include "crypto/err.h" #include #include #include #include #include #include "internal/thread_once.h" -#include "internal/ctype.h" -#include "internal/constant_time_locl.h" +#include "crypto/ctype.h" +#include "internal/constant_time.h" #include "e_os.h" static int err_load_strings(const ERR_STRING_DATA *str); @@ -184,8 +184,8 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) } #ifndef OPENSSL_NO_ERR -/* A measurement on Linux 2018-11-21 showed about 3.5kib */ -# define SPACE_SYS_STR_REASONS 4 * 1024 +/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */ +# define SPACE_SYS_STR_REASONS 8 * 1024 # define NUM_SYS_STR_REASONS 127 static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; @@ -219,21 +219,23 @@ static void build_SYS_str_reasons(void) ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; str->error = ERR_PACK(ERR_LIB_SYS, 0, i); - if (str->string == NULL) { + /* + * If we have used up all the space in strerror_pool, + * there's no point in calling openssl_strerror_r() + */ + if (str->string == NULL && cnt < sizeof(strerror_pool)) { if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) { size_t l = strlen(cur); str->string = cur; cnt += l; - if (cnt > sizeof(strerror_pool)) - cnt = sizeof(strerror_pool); cur += l; /* * VMS has an unusual quirk of adding spaces at the end of - * some (most? all?) messages. Lets trim them off. + * some (most? all?) messages. Lets trim them off. */ - while (ossl_isspace(cur[-1])) { + while (cur > strerror_pool && ossl_isspace(cur[-1])) { cur--; cnt--; } @@ -523,8 +525,24 @@ static unsigned long get_error_values(int inc, int top, const char **file, return ERR_R_INTERNAL_ERROR; } + while (es->bottom != es->top) { + if (es->err_flags[es->top] & ERR_FLAG_CLEAR) { + err_clear(es, es->top); + es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1; + continue; + } + i = (es->bottom + 1) % ERR_NUM_ERRORS; + if (es->err_flags[i] & ERR_FLAG_CLEAR) { + es->bottom = i; + err_clear(es, es->bottom); + continue; + } + break; + } + if (es->bottom == es->top) return 0; + if (top) i = es->top; /* last error */ else @@ -913,25 +931,6 @@ int ERR_clear_last_mark(void) return 1; } -#ifdef UINTPTR_T -# undef UINTPTR_T -#endif -/* - * uintptr_t is the answer, but unfortunately C89, current "least common - * denominator" doesn't define it. Most legacy platforms typedef it anyway, - * so that attempt to fill the gaps means that one would have to identify - * that track these gaps, which would be undesirable. Macro it is... - */ -#if defined(__VMS) && __INITIAL_POINTER_SIZE==64 -/* - * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4 - * even in 64-bit builds, which means that it won't work as mask. - */ -# define UINTPTR_T unsigned long long -#else -# define UINTPTR_T size_t -#endif - void err_clear_last_constant_time(int clear) { ERR_STATE *es; @@ -943,11 +942,11 @@ void err_clear_last_constant_time(int clear) top = es->top; - es->err_flags[top] &= ~(0 - clear); - es->err_buffer[top] &= ~(0UL - clear); - es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] & - ~((UINTPTR_T)0 - clear)); - es->err_line[top] |= 0 - clear; - - es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS; + /* + * Flag error as cleared but remove it elsewhere to avoid two errors + * accessing the same error stack location, revealing timing information. + */ + clear = constant_time_select_int(constant_time_eq_int(clear, 0), + 0, ERR_FLAG_CLEAR); + es->err_flags[top] |= clear; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_all.c b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_all.c index d9ec04b60..7c0a5f0b9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_all.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/err_all.c @@ -8,7 +8,7 @@ */ #include -#include "internal/err_int.h" +#include "crypto/err.h" #include #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.ec b/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.ec index 3e092eae0..5976d1501 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.ec +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.ec @@ -32,15 +32,15 @@ L CMS include/openssl/cms.h crypto/cms/cms_err.c L CT include/openssl/ct.h crypto/ct/ct_err.c L ASYNC include/openssl/async.h crypto/async/async_err.c L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c -L SM2 crypto/include/internal/sm2.h crypto/sm2/sm2_err.c +L SM2 include/crypto/sm2.h crypto/sm2/sm2_err.c L OSSL_STORE include/openssl/store.h crypto/store/store_err.c # additional header files to be scanned for function names L NONE include/openssl/x509_vfy.h NONE -L NONE crypto/ec/ec_lcl.h NONE -L NONE crypto/cms/cms_lcl.h NONE -L NONE crypto/ct/ct_locl.h NONE -L NONE ssl/ssl_locl.h NONE +L NONE crypto/ec/ec_local.h NONE +L NONE crypto/cms/cms_local.h NONE +L NONE crypto/ct/ct_local.h NONE +L NONE ssl/ssl_local.h NONE # SSL/TLS alerts R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.txt b/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.txt index feff1dccd..902e97b84 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.txt +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -36,6 +36,7 @@ ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new +ASN1_F_ASN1_ITEM_EX_I2D:144:ASN1_item_ex_i2d ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp @@ -314,6 +315,7 @@ CMS_F_CMS_SIGNERINFO_VERIFY:152:CMS_SignerInfo_verify CMS_F_CMS_SIGNERINFO_VERIFY_CERT:153:cms_signerinfo_verify_cert CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT:154:CMS_SignerInfo_verify_content CMS_F_CMS_SIGN_RECEIPT:163:CMS_sign_receipt +CMS_F_CMS_SI_CHECK_ATTRIBUTES:183:CMS_si_check_attributes CMS_F_CMS_STREAM:155:CMS_stream CMS_F_CMS_UNCOMPRESS:156:CMS_uncompress CMS_F_CMS_VERIFY:157:CMS_verify @@ -713,11 +715,14 @@ ENGINE_F_INT_ENGINE_CONFIGURE:188:int_engine_configure ENGINE_F_INT_ENGINE_MODULE_INIT:187:int_engine_module_init ENGINE_F_OSSL_HMAC_INIT:200:ossl_hmac_init EVP_F_AESNI_INIT_KEY:165:aesni_init_key +EVP_F_AESNI_XTS_INIT_KEY:207:aesni_xts_init_key EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl EVP_F_AES_INIT_KEY:133:aes_init_key EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key +EVP_F_AES_T4_XTS_INIT_KEY:208:aes_t4_xts_init_key EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher +EVP_F_AES_XTS_INIT_KEY:209:aes_xts_init_key EVP_F_ALG_MODULE_INIT:177:alg_module_init EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl @@ -808,6 +813,7 @@ EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen EVP_F_PKEY_SET_TYPE:158:pkey_set_type EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth EVP_F_RC5_CTRL:125:rc5_ctrl +EVP_F_R_32_12_16_INIT_KEY:242:r_32_12_16_init_key EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl EVP_F_UPDATE:173:update KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str @@ -929,6 +935,8 @@ PEM_F_PEM_READ_PRIVATEKEY:124:PEM_read_PrivateKey PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal PEM_F_PEM_WRITE:113:PEM_write PEM_F_PEM_WRITE_BIO:114:PEM_write_bio +PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL:147:\ + PEM_write_bio_PrivateKey_traditional PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio @@ -997,6 +1005,7 @@ PKCS7_F_PKCS7_SIGNER_INFO_SIGN:139:PKCS7_SIGNER_INFO_sign PKCS7_F_PKCS7_SIGN_ADD_SIGNER:137:PKCS7_sign_add_signer PKCS7_F_PKCS7_SIMPLE_SMIMECAP:119:PKCS7_simple_smimecap PKCS7_F_PKCS7_VERIFY:117:PKCS7_verify +RAND_F_DATA_COLLECT_METHOD:127:data_collect_method RAND_F_DRBG_BYTES:101:drbg_bytes RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy RAND_F_DRBG_SETUP:117:drbg_setup @@ -1020,7 +1029,9 @@ RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed +RAND_F_RAND_POOL_GROW:125:rand_pool_grow RAND_F_RAND_POOL_NEW:116:rand_pool_new +RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo_bytes RAND_F_RAND_WRITE_FILE:112:RAND_write_file RSA_F_CHECK_PADDING_MD:140:check_padding_md RSA_F_ENCODE_PKCS1:146:encode_pkcs1 @@ -1149,6 +1160,7 @@ SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats SSL_F_FINAL_EMS:486:final_ems SSL_F_FINAL_KEY_SHARE:503:final_key_share SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen +SSL_F_FINAL_PSK:639:final_psk SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate SSL_F_FINAL_SERVER_NAME:558:final_server_name SSL_F_FINAL_SIG_ALGS:497:final_sig_algs @@ -1172,6 +1184,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:* SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\ ossl_statem_server_post_process_message SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work +SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640: SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ @@ -1640,6 +1653,7 @@ X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS +X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID X509V3_F_LEVEL_ADD_NODE:168:level_add_node X509V3_F_NOTICE_SECTION:132:notice_section X509V3_F_NREF_NOS:133:nref_nos @@ -1680,6 +1694,7 @@ X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d +X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias @@ -1733,6 +1748,7 @@ X509_F_X509_NAME_PRINT:117:X509_NAME_print X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode +X509_F_X509_PUBKEY_GET:161:X509_PUBKEY_get X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0 X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key @@ -1759,6 +1775,7 @@ ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error ASN1_R_AUX_ERROR:100:aux error ASN1_R_BAD_OBJECT_HEADER:102:bad object header +ASN1_R_BAD_TEMPLATE:230:bad template ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length ASN1_R_BN_LIB:105:bn lib ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length @@ -1930,6 +1947,7 @@ BN_R_P_IS_NOT_PRIME:112:p is not prime BN_R_TOO_MANY_ITERATIONS:113:too many iterations BN_R_TOO_MANY_TEMPORARY_VARIABLES:109:too many temporary variables CMS_R_ADD_SIGNER_ERROR:99:add signer error +CMS_R_ATTRIBUTE_ERROR:161:attribute error CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present CMS_R_CERTIFICATE_HAS_NO_KEYID:160:certificate has no keyid CMS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error @@ -2094,6 +2112,7 @@ DSA_R_DECODE_ERROR:104:decode error DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type DSA_R_INVALID_PARAMETERS:112:invalid parameters DSA_R_MISSING_PARAMETERS:101:missing parameters +DSA_R_MISSING_PRIVATE_KEY:111:missing private key DSA_R_MODULUS_TOO_LARGE:103:modulus too large DSA_R_NO_PARAMETERS_SET:107:no parameters set DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error @@ -2153,6 +2172,7 @@ EC_R_KEYS_NOT_SET:140:keys not set EC_R_LADDER_POST_FAILURE:136:ladder post failure EC_R_LADDER_PRE_FAILURE:153:ladder pre failure EC_R_LADDER_STEP_FAILURE:162:ladder step failure +EC_R_MISSING_OID:167:missing OID EC_R_MISSING_PARAMETERS:124:missing parameters EC_R_MISSING_PRIVATE_KEY:125:missing private key EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values @@ -2218,6 +2238,7 @@ ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed EVP_R_BAD_DECRYPT:100:bad decrypt +EVP_R_BAD_KEY_LENGTH:195:bad key length EVP_R_BUFFER_TOO_SMALL:155:buffer too small EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error @@ -2245,6 +2266,7 @@ EVP_R_INITIALIZATION_ERROR:134:initialization error EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized EVP_R_INVALID_DIGEST:152:invalid digest EVP_R_INVALID_FIPS_MODE:168:invalid fips mode +EVP_R_INVALID_IV_LENGTH:194:invalid iv length EVP_R_INVALID_KEY:163:invalid key EVP_R_INVALID_KEY_LENGTH:130:invalid key length EVP_R_INVALID_OPERATION:148:invalid operation @@ -2264,6 +2286,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized +EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PBKDF2_ERROR:181:pbkdf2 error EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ @@ -2287,6 +2310,7 @@ EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:118:unsupported private key algorithm EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length +EVP_R_XTS_DUPLICATED_KEYS:183:xts duplicated keys KDF_R_INVALID_DIGEST:100:invalid digest KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count KDF_R_MISSING_KEY:104:missing key @@ -2384,6 +2408,7 @@ PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components +PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data PKCS12_R_DECODE_ERROR:101:decode error @@ -2527,6 +2552,7 @@ RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small RSA_R_LAST_OCTET_INVALID:134:last octet invalid RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed +RSA_R_MISSING_PRIVATE_KEY:179:missing private key RSA_R_MODULUS_TOO_LARGE:105:modulus too large RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d @@ -2718,6 +2744,7 @@ SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert SSL_R_MISSING_FATAL:256:missing fatal SSL_R_MISSING_PARAMETERS:290:missing parameters +SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert @@ -2761,6 +2788,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback SSL_R_NULL_SSL_CTX:195:null ssl ctx SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed +SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\ old session compression algorithm not returned @@ -3003,6 +3031,7 @@ X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table X509_R_CRL_ALREADY_DELTA:127:crl already delta X509_R_CRL_VERIFY_FAILURE:131:crl verify failure X509_R_IDP_MISMATCH:128:idp mismatch +X509_R_INVALID_ATTRIBUTES:138:invalid attributes X509_R_INVALID_DIRECTORY:113:invalid directory X509_R_INVALID_FIELD_NAME:119:invalid field name X509_R_INVALID_TRUST:123:invalid trust diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_md.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_md.c index 288dee01b..fed4cf1eb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_md.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_md.c @@ -12,8 +12,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" #include "internal/bio.h" /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_ok.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_ok.c index a0462219b..9610f3c1e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_ok.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/bio_ok.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,9 +38,9 @@ of memory. BIO_f_reliable splits data stream into blocks. Each block is prefixed - with it's length and suffixed with it's digest. So you need only + with its length and suffixed with its digest. So you need only several Kbytes of memory to buffer single block before verifying - it's digest. + its digest. BIO_f_reliable goes further and adds several important capabilities: @@ -76,7 +76,7 @@ #include "internal/bio.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int ok_write(BIO *h, const char *buf, int num); static int ok_read(BIO *h, char *buf, int size); @@ -203,7 +203,7 @@ static int ok_read(BIO *b, char *out, int outl) /* * copy start of the next block into proper place */ - if (ctx->buf_len_save - ctx->buf_off_save > 0) { + if (ctx->buf_len_save > ctx->buf_off_save) { ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save; memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), ctx->buf_len); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_allc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_allc.c index 086b3c4d5..22fdcc409 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_allc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_allc.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_alld.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_alld.c index 1267531a7..16ac1b67f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_alld.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/c_alld.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/cmeth_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/cmeth_lib.c index e2295c4dc..272e48249 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/cmeth_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/cmeth_lib.c @@ -10,8 +10,8 @@ #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/digest.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/digest.c index f78dab767..d1bfa274c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/digest.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,8 +12,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" /* This call frees resources associated with the context */ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) @@ -150,6 +150,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { + if (count == 0) + return 1; + return ctx->update(ctx, data, count); } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes.c index 39eb4f379..a1d3ab90f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,10 +14,10 @@ #include #include #include -#include "internal/evp_int.h" -#include "modes_lcl.h" +#include "crypto/evp.h" +#include "modes_local.h" #include -#include "evp_locl.h" +#include "evp_local.h" typedef struct { union { @@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter) # define HWAES_xts_decrypt aes_p8_xts_decrypt #endif -#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ +#if defined(OPENSSL_CPUID_OBJ) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ defined(__x86_64) || defined(__x86_64__) || \ @@ -383,10 +383,25 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); + if (!iv && !key) return 1; if (key) { + /* The key is two half length keys in reality */ + const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + + /* + * Verify that the two keys are different. + * + * This addresses Rogaway's vulnerability. + * See comment in aes_xts_init_key() below. + */ + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; + } + /* key_len is two AES keys */ if (enc) { aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, @@ -596,22 +611,22 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out, */ void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, unsigned char *ivec); @@ -787,11 +802,26 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); + if (!iv && !key) return 1; if (key) { - int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; + /* The key is two half length keys in reality */ + const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + const int bits = bytes * 8; + + /* + * Verify that the two keys are different. + * + * This addresses Rogaway's vulnerability. + * See comment in aes_xts_init_key() below. + */ + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; + } + xctx->stream = NULL; /* key_len is two AES keys */ if (enc) { @@ -1097,7 +1127,7 @@ typedef struct { } icv; unsigned char k[32]; } kmac_param; - /* KMAC-AES paramater block - end */ + /* KMAC-AES parameter block - end */ union { unsigned long long g[2]; @@ -1138,9 +1168,9 @@ typedef struct { static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_cbc_CAPABLE 1 -# define S390X_aes_256_cbc_CAPABLE 1 +# define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 0 +# define S390X_aes_256_cbc_CAPABLE 0 # define S390X_AES_CBC_CTX EVP_AES_KEY # define s390x_aes_cbc_init_key aes_init_key @@ -1160,11 +1190,11 @@ static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx, S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); - cctx->fc = S390X_AES_FC(keylen); - if (!enc) - cctx->fc |= S390X_DECRYPT; + cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT); + + if (key != NULL) + memcpy(cctx->km.param.k, key, keylen); - memcpy(cctx->km.param.k, key, keylen); return 1; } @@ -1192,14 +1222,17 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *ivec, int enc) { S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); - const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); - memcpy(cctx->kmo.param.cv, iv, ivlen); - memcpy(cctx->kmo.param.k, key, keylen); cctx->fc = S390X_AES_FC(keylen); + + if (key != NULL) + memcpy(cctx->kmo.param.k, key, keylen); + cctx->res = 0; + memcpy(cctx->kmo.param.cv, oiv, ivlen); return 1; } @@ -1207,9 +1240,12 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); int n = cctx->res; int rem; + memcpy(cctx->kmo.param.cv, iv, ivlen); while (n && len) { *out = *in ^ cctx->kmo.param.cv[n]; n = (n + 1) & 0xf; @@ -1238,6 +1274,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } + memcpy(iv, cctx->kmo.param.cv, ivlen); cctx->res = n; return 1; } @@ -1257,18 +1294,18 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *ivec, int enc) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); - cctx->fc = S390X_AES_FC(keylen); - cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */ - if (!enc) - cctx->fc |= S390X_DECRYPT; + cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT) + | (16 << 24); /* 16 bytes cipher feedback */ + + if (key != NULL) + memcpy(cctx->kmf.param.k, key, keylen); cctx->res = 0; - memcpy(cctx->kmf.param.cv, iv, ivlen); - memcpy(cctx->kmf.param.k, key, keylen); + memcpy(cctx->kmf.param.cv, oiv, ivlen); return 1; } @@ -1278,10 +1315,13 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); const int enc = EVP_CIPHER_CTX_encrypting(ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); int n = cctx->res; int rem; unsigned char tmp; + memcpy(cctx->kmf.param.cv, iv, ivlen); while (n && len) { tmp = *in; *out = cctx->kmf.param.cv[n] ^ tmp; @@ -1314,6 +1354,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } + memcpy(iv, cctx->kmf.param.cv, ivlen); cctx->res = n; return 1; } @@ -1330,17 +1371,18 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *ivec, int enc) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); - cctx->fc = S390X_AES_FC(keylen); - cctx->fc |= 1 << 24; /* 1 byte cipher feedback */ - if (!enc) - cctx->fc |= S390X_DECRYPT; + cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT) + | (1 << 24); /* 1 byte cipher feedback flag */ - memcpy(cctx->kmf.param.cv, iv, ivlen); - memcpy(cctx->kmf.param.k, key, keylen); + if (key != NULL) + memcpy(cctx->kmf.param.k, key, keylen); + + cctx->res = 0; + memcpy(cctx->kmf.param.cv, oiv, ivlen); return 1; } @@ -1348,8 +1390,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); + memcpy(cctx->kmf.param.cv, iv, ivlen); s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); + memcpy(iv, cctx->kmf.param.cv, ivlen); return 1; } @@ -1363,9 +1409,9 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_ctr_CAPABLE 1 -# define S390X_aes_256_ctr_CAPABLE 1 +# define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 0 +# define S390X_aes_256_ctr_CAPABLE 0 # define S390X_AES_CTR_CTX EVP_AES_KEY # define s390x_aes_ctr_init_key aes_init_key @@ -1384,7 +1430,7 @@ static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, (OPENSSL_s390xcap_P.kma[0] & \ S390X_CAPBIT(S390X_AES_256))) -/* iv + padding length for iv lenghts != 12 */ +/* iv + padding length for iv lengths != 12 */ # define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) /*- @@ -1533,8 +1579,7 @@ static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in, /*- * Initialize context structure. Code is big-endian. */ -static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx, - const unsigned char *iv) +static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx) { ctx->kma.param.t.g[0] = 0; ctx->kma.param.t.g[1] = 0; @@ -1545,12 +1590,11 @@ static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx, ctx->kreslen = 0; if (ctx->ivlen == 12) { - memcpy(&ctx->kma.param.j0, iv, ctx->ivlen); + memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen); ctx->kma.param.j0.w[3] = 1; ctx->kma.param.cv.w = 1; } else { /* ctx->iv has the right size and is already padded. */ - memcpy(ctx->iv, iv, ctx->ivlen); s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL, ctx->fc, &ctx->kma.param); ctx->fc |= S390X_KMA_HS; @@ -1578,7 +1622,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_INIT: - ivlen = EVP_CIPHER_CTX_iv_length(c); + ivlen = EVP_CIPHER_iv_length(c->cipher); iv = EVP_CIPHER_CTX_iv_noconst(c); gctx->key_set = 0; gctx->iv_set = 0; @@ -1589,6 +1633,10 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) gctx->tls_aad_len = -1; return 1; + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = gctx->ivlen; + return 1; + case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; @@ -1660,7 +1708,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) if (gctx->iv_gen == 0 || gctx->key_set == 0) return 0; - s390x_aes_gcm_setiv(gctx, gctx->iv); + s390x_aes_gcm_setiv(gctx); if (arg <= 0 || arg > gctx->ivlen) arg = gctx->ivlen; @@ -1680,7 +1728,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); - s390x_aes_gcm_setiv(gctx, gctx->iv); + s390x_aes_gcm_setiv(gctx); gctx->iv_set = 1; return 1; @@ -1736,43 +1784,36 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) } /*- - * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned. + * Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned. */ static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); - int keylen; + const int keylen = EVP_CIPHER_CTX_key_length(ctx); - if (iv == NULL && key == NULL) - return 1; + gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT); if (key != NULL) { - keylen = EVP_CIPHER_CTX_key_length(ctx); + gctx->fc &= ~S390X_KMA_HS; memcpy(&gctx->kma.param.k, key, keylen); - - gctx->fc = S390X_AES_FC(keylen); - if (!enc) - gctx->fc |= S390X_DECRYPT; - - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - - if (iv != NULL) { - s390x_aes_gcm_setiv(gctx, iv); - gctx->iv_set = 1; - } gctx->key_set = 1; - } else { - if (gctx->key_set) - s390x_aes_gcm_setiv(gctx, iv); - else - memcpy(gctx->iv, iv, gctx->ivlen); - - gctx->iv_set = 1; - gctx->iv_gen = 0; } + + if (iv != NULL) { + memcpy(gctx->iv, iv, gctx->ivlen); + gctx->iv_gen = 0; + gctx->iv_set = 1; + } + + if (gctx->key_set && gctx->iv_set) + s390x_aes_gcm_setiv(gctx); + + gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD); + gctx->areslen = 0; + gctx->mreslen = 0; + gctx->kreslen = 0; return 1; } @@ -1861,7 +1902,6 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* recall that we already did en-/decrypt gctx->mres * and returned it to caller... */ OPENSSL_cleanse(tmp, gctx->mreslen); - gctx->iv_set = 0; enc = EVP_CIPHER_CTX_encrypting(ctx); if (enc) { @@ -1895,8 +1935,8 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c) } # define S390X_AES_XTS_CTX EVP_AES_XTS_CTX -# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ -# define S390X_aes_256_xts_CAPABLE 1 +# define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */ +# define S390X_aes_256_xts_CAPABLE 0 # define s390x_aes_xts_init_key aes_xts_init_key static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, @@ -2100,9 +2140,10 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); - unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx); + const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx); unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); const int enc = EVP_CIPHER_CTX_encrypting(ctx); + unsigned char iv[EVP_MAX_IV_LENGTH]; if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) @@ -2118,8 +2159,9 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * Get explicit iv (sequence number). We already have fixed iv * (server/client_write_iv) here. */ - memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); - s390x_aes_ccm_setiv(cctx, ivec, len); + memcpy(iv, ivec, sizeof(iv)); + memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); + s390x_aes_ccm_setiv(cctx, iv, len); /* Process aad (sequence number|type|version|length) */ s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len); @@ -2146,42 +2188,35 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } /*- - * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is - * returned. + * Set key or iv or enc/dec. Returns 1 if successful. + * Otherwise 0 is returned. */ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); - unsigned char *ivec; - int keylen; + const int keylen = EVP_CIPHER_CTX_key_length(ctx); + unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx); - if (iv == NULL && key == NULL) - return 1; + cctx->aes.ccm.fc = S390X_AES_FC(keylen); if (key != NULL) { - keylen = EVP_CIPHER_CTX_key_length(ctx); - cctx->aes.ccm.fc = S390X_AES_FC(keylen); memcpy(cctx->aes.ccm.kmac_param.k, key, keylen); - - /* Store encoded m and l. */ - cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) - | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; - memset(cctx->aes.ccm.nonce.b + 1, 0, - sizeof(cctx->aes.ccm.nonce.b)); - cctx->aes.ccm.blocks = 0; - cctx->aes.ccm.key_set = 1; } - if (iv != NULL) { - ivec = EVP_CIPHER_CTX_iv_noconst(ctx); memcpy(ivec, iv, 15 - cctx->aes.ccm.l); - cctx->aes.ccm.iv_set = 1; } + /* Store encoded m and l. */ + cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) + | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; + memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1); + + cctx->aes.ccm.blocks = 0; + cctx->aes.ccm.len_set = 0; return 1; } @@ -2196,8 +2231,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); const int enc = EVP_CIPHER_CTX_encrypting(ctx); + const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx); + unsigned char *buf; int rv; - unsigned char *buf, *ivec; if (!cctx->aes.ccm.key_set) return -1; @@ -2216,13 +2252,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!cctx->aes.ccm.iv_set) return -1; - if (!enc && !cctx->aes.ccm.tag_set) - return -1; - if (out == NULL) { /* Update(): Pass message length. */ if (in == NULL) { - ivec = EVP_CIPHER_CTX_iv_noconst(ctx); s390x_aes_ccm_setiv(cctx, ivec, len); cctx->aes.ccm.len_set = 1; @@ -2237,6 +2269,10 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return len; } + /* The tag must be set before actually decrypting data */ + if (!enc && !cctx->aes.ccm.tag_set) + return -1; + /* Update(): Process message. */ if (!cctx->aes.ccm.len_set) { @@ -2244,7 +2280,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * In case message length was not previously set explicitly via * Update(), set it now. */ - ivec = EVP_CIPHER_CTX_iv_noconst(ctx); s390x_aes_ccm_setiv(cctx, ivec, len); cctx->aes.ccm.len_set = 1; @@ -2269,9 +2304,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (rv == -1) OPENSSL_cleanse(out, len); - cctx->aes.ccm.iv_set = 0; - cctx->aes.ccm.tag_set = 0; - cctx->aes.ccm.len_set = 0; return rv; } } @@ -2298,6 +2330,10 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) cctx->aes.ccm.tls_aad_len = -1; return 1; + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = 15 - cctx->aes.ccm.l; + return 1; + case EVP_CTRL_AEAD_TLS1_AAD: if (arg != EVP_AEAD_TLS1_AAD_LEN) return 0; @@ -2375,9 +2411,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); - cctx->aes.ccm.tag_set = 0; - cctx->aes.ccm.iv_set = 0; - cctx->aes.ccm.len_set = 0; return 1; case EVP_CTRL_COPY: @@ -2414,7 +2447,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ keylen / 8, \ ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ + flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \ s390x_aes_##mode##_init_key, \ s390x_aes_##mode##_cipher, \ NULL, \ @@ -2451,7 +2484,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ blocksize, \ (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \ ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ + flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \ s390x_aes_##mode##_init_key, \ s390x_aes_##mode##_cipher, \ s390x_aes_##mode##_cleanup, \ @@ -2816,13 +2849,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_INIT: gctx->key_set = 0; gctx->iv_set = 0; - gctx->ivlen = c->cipher->iv_len; + gctx->ivlen = EVP_CIPHER_iv_length(c->cipher); gctx->iv = c->iv; gctx->taglen = -1; gctx->iv_gen = 0; gctx->tls_aad_len = -1; return 1; + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = gctx->ivlen; + return 1; + case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; @@ -3272,7 +3309,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) + | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH) BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) @@ -3283,10 +3320,12 @@ BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c); + EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c); + if (type == EVP_CTRL_COPY) { EVP_CIPHER_CTX *out = ptr; EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out); + if (xctx->xts.key1) { if (xctx->xts.key1 != &xctx->ks1) return 0; @@ -3310,11 +3349,36 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); + if (!iv && !key) return 1; if (key) do { + /* The key is two half length keys in reality */ + const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + + /* + * Verify that the two keys are different. + * + * This addresses the vulnerability described in Rogaway's + * September 2004 paper: + * + * "Efficient Instantiations of Tweakable Blockciphers and + * Refinements to Modes OCB and PMAC". + * (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf) + * + * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states + * that: + * "The check for Key_1 != Key_2 shall be done at any place + * BEFORE using the keys in the XTS-AES algorithm to process + * data with them." + */ + if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; + } + #ifdef AES_XTS_ASM xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; #else @@ -3447,7 +3511,9 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) cctx->len_set = 0; cctx->tls_aad_len = -1; return 1; - + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = 15 - cctx->L; + return 1; case EVP_CTRL_AEAD_TLS1_AAD: /* Save the AAD for later use */ if (arg != EVP_AEAD_TLS1_AAD_LEN) @@ -3643,8 +3709,6 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!cctx->iv_set) return -1; - if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) - return -1; if (!out) { if (!in) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), @@ -3659,6 +3723,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_ccm128_aad(ccm, in, len); return len; } + + /* The tag must be set before actually decrypting data */ + if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) + return -1; + /* If not set length yet do it */ if (!cctx->len_set) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), @@ -3893,13 +3962,17 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_INIT: octx->key_set = 0; octx->iv_set = 0; - octx->ivlen = EVP_CIPHER_CTX_iv_length(c); + octx->ivlen = EVP_CIPHER_iv_length(c->cipher); octx->iv = EVP_CIPHER_CTX_iv_noconst(c); octx->taglen = 16; octx->data_buf_len = 0; octx->aad_buf_len = 0; return 1; + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = octx->ivlen; + return 1; + case EVP_CTRL_AEAD_SET_IVLEN: /* IV len must be 1 to 15 */ if (arg <= 0 || arg > 15) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha1.c index 09d24dc3d..27c36b46e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -17,9 +17,9 @@ #include #include #include -#include "modes_lcl.h" -#include "internal/evp_int.h" -#include "internal/constant_time_locl.h" +#include "modes_local.h" +#include "crypto/evp.h" +#include "internal/constant_time.h" typedef struct { AES_KEY ks; @@ -33,7 +33,7 @@ typedef struct { #define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ +#if defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha256.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha256.c index caac0c9d3..cc622b6fa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -18,9 +18,9 @@ #include #include #include -#include "modes_lcl.h" -#include "internal/constant_time_locl.h" -#include "internal/evp_int.h" +#include "modes_local.h" +#include "internal/constant_time.h" +#include "crypto/evp.h" typedef struct { AES_KEY ks; @@ -34,7 +34,7 @@ typedef struct { # define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ +#if defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) @@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) { return NULL; } -#endif +#endif /* AESNI_ASM */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aria.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aria.c index 81c8a7eaf..1cc6dd91a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aria.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_aria.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -14,10 +14,10 @@ # include # include # include -# include "internal/aria.h" -# include "internal/evp_int.h" -# include "modes_lcl.h" -# include "evp_locl.h" +# include "crypto/aria.h" +# include "crypto/evp.h" +# include "modes_local.h" +# include "evp_local.h" /* ARIA subkey Structure */ typedef struct { @@ -252,7 +252,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_INIT: gctx->key_set = 0; gctx->iv_set = 0; - gctx->ivlen = EVP_CIPHER_CTX_iv_length(c); + gctx->ivlen = EVP_CIPHER_iv_length(c->cipher); gctx->iv = EVP_CIPHER_CTX_iv_noconst(c); gctx->taglen = -1; gctx->iv_gen = 0; @@ -274,6 +274,10 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) gctx->ivlen = arg; return 1; + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = gctx->ivlen; + return 1; + case EVP_CTRL_AEAD_SET_TAG: if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c)) return 0; @@ -486,6 +490,16 @@ static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; } +static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx) +{ + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx); + + if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(ctx)) + OPENSSL_free(gctx->iv); + + return 1; +} + static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { @@ -563,6 +577,10 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg); return 1; + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = 15 - cctx->L; + return 1; + case EVP_CTRL_AEAD_SET_IVLEN: arg = 15 - arg; /* fall thru */ @@ -677,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!cctx->iv_set) return -1; - if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) - return -1; if (!out) { if (!in) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), @@ -693,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_ccm128_aad(ccm, in, len); return len; } + + /* The tag must be set before actually decrypting data */ + if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) + return -1; + /* If not set length yet do it */ if (!cctx->len_set) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), @@ -727,10 +748,13 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } +#define aria_ccm_cleanup NULL + #define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER) + | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \ + | EVP_CIPH_CUSTOM_IV_LENGTH) #define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ static const EVP_CIPHER aria_##keylen##_##mode = { \ @@ -739,7 +763,7 @@ static const EVP_CIPHER aria_##keylen##_##mode = { \ ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \ aria_##mode##_init_key, \ aria_##mode##_cipher, \ - NULL, \ + aria_##mode##_cleanup, \ sizeof(EVP_ARIA_##MODE##_CTX), \ NULL,NULL,aria_##mode##_ctrl,NULL }; \ const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_bf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_bf.c index dc386905c..9a065582c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_bf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_bf.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #ifndef OPENSSL_NO_BF # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_camellia.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_camellia.c index 2df4a6e3e..f8c019801 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_camellia.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_camellia.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,8 +17,8 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "internal/evp_int.h" -# include "modes_lcl.h" +# include "crypto/evp.h" +# include "modes_local.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); @@ -55,16 +55,16 @@ void cmll_t4_decrypt(const unsigned char *in, unsigned char *out, void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const CAMELLIA_KEY *key, unsigned char *ivec); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_cast.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_cast.c index 259d44059..df9f445bd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_cast.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_cast.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_CAST # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_chacha20_poly1305.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_chacha20_poly1305.c index c1917bb86..bdc406bb6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_chacha20_poly1305.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_chacha20_poly1305.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,9 +14,9 @@ # include # include -# include "evp_locl.h" -# include "internal/evp_int.h" -# include "internal/chacha.h" +# include "evp_local.h" +# include "crypto/evp.h" +# include "crypto/chacha.h" typedef struct { union { @@ -30,6 +30,8 @@ typedef struct { #define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) +#define CHACHA20_POLY1305_MAX_IVLEN 12 + static int chacha_init_key(EVP_CIPHER_CTX *ctx, const unsigned char user_key[CHACHA_KEY_SIZE], const unsigned char iv[CHACHA_CTR_SIZE], int enc) @@ -144,7 +146,7 @@ const EVP_CIPHER *EVP_chacha20(void) } # ifndef OPENSSL_NO_POLY1305 -# include "internal/poly1305.h" +# include "crypto/poly1305.h" typedef struct { EVP_CHACHA_KEY key; @@ -532,8 +534,12 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, } return 1; + case EVP_CTRL_GET_IVLEN: + *(int *)ptr = actx->nonce_len; + return 1; + case EVP_CTRL_AEAD_SET_IVLEN: - if (arg <= 0 || arg > CHACHA_CTR_SIZE) + if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN) return 0; actx->nonce_len = arg; return 1; @@ -611,7 +617,8 @@ static EVP_CIPHER chacha20_poly1305 = { 12, /* iv_len, 96-bit nonce in the context */ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | - EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER, + EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | + EVP_CIPH_CUSTOM_IV_LENGTH, chacha20_poly1305_init_key, chacha20_poly1305_cipher, chacha20_poly1305_cleanup, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des.c index c13fb3e25..6d6e919af 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des.c @@ -12,7 +12,7 @@ #ifndef OPENSSL_NO_DES # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des3.c index 6b492ce47..2a5597fee 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des3.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_des3.c @@ -12,10 +12,10 @@ #ifndef OPENSSL_NO_DES # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include -# include "evp_locl.h" +# include "evp_local.h" typedef struct { union { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_idea.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_idea.c index 93f6a4131..1068378dd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_idea.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_idea.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_IDEA # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_null.c index 18a846821..0725454a3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_null.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_null.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc2.c index aa0d14018..4d8a0ee4b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc2.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc2.c @@ -14,7 +14,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4.c index d16abdd0d..c24bc8fe5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4.c @@ -16,7 +16,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" typedef struct { RC4_KEY ks; /* working key */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4_hmac_md5.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4_hmac_md5.c index b1e8ccd6d..201ce4434 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4_hmac_md5.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc4_hmac_md5.c @@ -19,7 +19,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" typedef struct { RC4_KEY ks; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc5.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc5.c index a2f26d8c5..c86e87b65 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc5.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_rc5.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,9 +13,9 @@ #ifndef OPENSSL_NO_RC5 # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include -# include "evp_locl.h" +# include "evp_local.h" # include static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -66,6 +66,10 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { + if (EVP_CIPHER_CTX_key_length(ctx) > 255) { + EVPerr(EVP_F_R_32_12_16_INIT_KEY, EVP_R_BAD_KEY_LENGTH); + return 0; + } RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key, data(ctx)->rounds); return 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_seed.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_seed.c index 40aec5fc6..aeb2363be 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_seed.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_seed.c @@ -16,7 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_sm4.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_sm4.c index 79deb6563..fce32794f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_sm4.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_sm4.c @@ -13,8 +13,8 @@ #ifndef OPENSSL_NO_SM4 # include # include -# include "internal/sm4.h" -# include "internal/evp_int.h" +# include "crypto/sm4.h" +# include "crypto/evp.h" typedef struct { SM4_KEY ks; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_xcbc_d.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_xcbc_d.c index 57ce813da..b73077542 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_xcbc_d.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/e_xcbc_d.c @@ -14,7 +14,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/encode.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/encode.c index da32d4fd1..85926434c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/encode.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/encode.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,8 +11,8 @@ #include #include "internal/cryptlib.h" #include -#include "evp_locl.h" -#include "internal/evp_int.h" +#include "evp_local.h" +#include "crypto/evp.h" static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table); @@ -423,7 +423,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, table = data_ascii2bin; /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) { + while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) { f++; n--; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_enc.c index 05dd791b6..e3c165d48 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,6 +8,7 @@ */ #include +#include #include #include "internal/cryptlib.h" #include @@ -15,8 +16,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) { @@ -305,6 +306,17 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; + /* + * CCM mode needs to know about the case where inl == 0 && in == NULL - it + * means the plaintext/ciphertext length is 0 + */ + if (inl < 0 + || (inl == 0 + && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -320,10 +332,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -348,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } else { j = bl - i; + + /* + * Once we've processed the first j bytes from in, the amount of + * data left that is a multiple of the block length is: + * (inl - j) & ~(bl - 1) + * We must ensure that this amount of data, plus the one block that + * we process from ctx->buf does not exceed INT_MAX + */ + if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { + EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, + EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(&(ctx->buf[i]), in, j); inl -= j; in += j; @@ -457,6 +478,17 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; + /* + * CCM mode needs to know about the case where inl == 0 - it means the + * plaintext/ciphertext length is 0 + */ + if (inl < 0 + || (inl == 0 + && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -472,11 +504,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); @@ -489,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; } + /* + * final_used is only ever set if buf_len is 0. Therefore the maximum + * length output we will ever see from evp_EncryptDecryptUpdate is + * the maximum multiple of the block length that is <= inl, or just: + * inl & ~(b - 1) + * Since final_used has been set then the final output length is: + * (inl & ~(b - 1)) + b + * This must never exceed INT_MAX + */ + if ((inl & ~(b - 1)) > INT_MAX - b) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(out, ctx->final, b); out += b; fix_len = 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_err.c index 60df27cbc..32ac0125d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,11 +15,15 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), + "aes_t4_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, @@ -149,6 +153,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0), + "r_32_12_16_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, {0, NULL} @@ -160,6 +166,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED), "aria key setup failed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, @@ -206,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "input not initialized"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, @@ -231,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), + "output would overflow"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, @@ -266,6 +276,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), + "xts duplicated keys"}, {0, NULL} }; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_lib.c index 1b3c9840c..45cde0da8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { @@ -242,6 +242,13 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { + int i, rv; + + if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { + rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, + 0, &i); + return (rv == 1) ? i : -1; + } return ctx->cipher->iv_len; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pbe.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pbe.c index 5a88817b4..967203f37 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pbe.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pbe.c @@ -12,7 +12,7 @@ #include #include #include -#include "evp_locl.h" +#include "evp_local.h" /* Password based encryption (PBE) functions */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pkey.c index e61a8761a..586b74605 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pkey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/evp_pkey.c @@ -12,9 +12,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "internal/x509_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "crypto/x509.h" /* Extract a private key from a PKCS8 structure */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md2.c index c4e28ae17..1aec51852 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md2.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md2.c @@ -18,7 +18,7 @@ # include # include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md4.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md4.c index 0efc586db..45d2cafee 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md4.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md4.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5.c index 3d96ae93b..d26b5a4d3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5_sha1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5_sha1.c index 2d98886ba..eeec2b13e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5_sha1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_md5_sha1.c @@ -15,7 +15,7 @@ # include # include # include "internal/cryptlib.h" -# include "internal/evp_int.h" +# include "crypto/evp.h" # include struct md5_sha1_ctx { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_mdc2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_mdc2.c index 1051a9070..fffa751ef 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_mdc2.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_mdc2.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_null.c index 5dce1d510..0847139df 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_null.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_null.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_ripemd.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_ripemd.c index 7ab320843..d93ad24fe 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_ripemd.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_ripemd.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha1.c index ac5241785..22b9bbc7d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha1.c @@ -14,8 +14,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "internal/sha.h" +#include "crypto/evp.h" +#include "crypto/sha.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha3.c index 31379c0f6..54c592a3c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha3.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sha3.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,8 +12,8 @@ #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, size_t r); @@ -108,6 +108,9 @@ static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md) size_t bsz = ctx->block_size; size_t num = ctx->num; + if (ctx->md_size == 0) + return 1; + /* * Pad the data with 10*1. Note that |num| can be |bsz - 1| * in which case both byte operations below are performed on diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sigver.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sigver.c index 94e37f02b..04643acc8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sigver.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_sigver.c @@ -12,8 +12,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_wp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_wp.c index 27e2b3c5c..5ce15d2d5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_wp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/m_wp.c @@ -16,7 +16,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/names.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/names.c index 077c2a6c4..90c7b73b7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/names.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/names.c @@ -10,9 +10,9 @@ #include #include "internal/cryptlib.h" #include -#include "internal/objects.h" +#include "crypto/objects.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_add_cipher(const EVP_CIPHER *c) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt.c index 7e55d0bfb..6c5f45f73 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int i; + int i, ivl, kl; PBEPARAM *pbe; int saltlen, iter; unsigned char *salt; @@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } + ivl = EVP_CIPHER_iv_length(cipher); + if (ivl < 0 || ivl > 16) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + kl = EVP_CIPHER_key_length(cipher); + if (kl < 0 || kl > (int)sizeof(md_tmp)) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + if (!pbe->iter) iter = 1; else @@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); + pbe = NULL; if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); @@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); - memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); - memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), - EVP_CIPHER_iv_length(cipher)); + memcpy(key, md_tmp, kl); + memcpy(iv, md_tmp + (16 - ivl), ivl); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) goto err; OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); @@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: + PBEPARAM_free(pbe); EVP_MD_CTX_free(ctx); return rv; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt2.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt2.c index e819eb9b4..7f625b3d5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt2.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p5_crpt2.c @@ -13,7 +13,7 @@ # include # include # include -# include "evp_locl.h" +# include "evp_local.h" /* set this to print out info about the keygen algorithm */ /* #define OPENSSL_DEBUG_PKCS5V2 */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_lib.c index 148df90f8..9f1a485a5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,8 +21,8 @@ #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" static void EVP_PKEY_free_it(EVP_PKEY *x); @@ -102,7 +102,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { - if (pkey->ameth && pkey->ameth->param_missing) + if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing) return pkey->ameth->param_missing(pkey); return 0; } @@ -394,6 +394,11 @@ int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) pkey->pmeth_engine = e; return 1; } + +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey) +{ + return pkey->engine; +} #endif int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { @@ -460,7 +465,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { - if (pkey->type != EVP_PKEY_RSA) { + if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } @@ -535,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { - int ret = EVP_PKEY_assign_DH(pkey, key); + int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX; + int ret = EVP_PKEY_assign(pkey, type, key); + if (ret) DH_up_ref(key); return ret; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_open.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_open.c index f2976f8a9..1ce87454b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_open.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_open.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,7 +40,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, } size = EVP_PKEY_size(priv); - key = OPENSSL_malloc(size + 2); + key = OPENSSL_malloc(size); if (key == NULL) { /* ERROR */ EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_sign.c index 6cb442e4f..0383294a8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_sign.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_sign.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_verify.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_verify.c index 6e8c565df..e27196f7c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_verify.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/p_verify.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_fn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_fn.c index de1c07e17..02f409346 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_fn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_fn.c @@ -12,7 +12,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #define M_check_autoarg(ctx, arg, arglen, err) \ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_gn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_gn.c index e14965f33..3ad6d5c7c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_gn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_gn.c @@ -12,9 +12,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/bn_int.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/bn.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_lib.c index 7fbf895e0..603ccd835 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/evp/pmeth_lib.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include "internal/numbers.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -642,6 +642,21 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl_str = ctrl_str; } +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + pmeth->digestsign = digestsign; +} + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) +{ + pmeth->digestverify = digestverify; +} + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)) { @@ -834,6 +849,23 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, *pctrl_str = pmeth->ctrl_str; } +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + if (digestsign) + *digestsign = pmeth->digestsign; +} + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) +{ + if (digestverify) + *digestverify = pmeth->digestverify; +} + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ex_data.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ex_data.c index 08dc7c407..0f5a92950 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ex_data.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ex_data.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/thread_once.h" /* @@ -235,7 +235,7 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) return 0; } for (i = 0; i < mx; i++) { - if (storage[i] && storage[i]->new_func) { + if (storage[i] != NULL && storage[i]->new_func != NULL) { ptr = CRYPTO_get_ex_data(ad, i); storage[i]->new_func(obj, ptr, ad, i, storage[i]->argl, storage[i]->argp); @@ -299,7 +299,7 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, for (i = 0; i < mx; i++) { ptr = CRYPTO_get_ex_data(from, i); - if (storage[i] && storage[i]->dup_func) + if (storage[i] != NULL && storage[i]->dup_func != NULL) if (!storage[i]->dup_func(to, from, &ptr, i, storage[i]->argl, storage[i]->argp)) goto err; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_ameth.c index fa204e906..f871e4fe7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_ameth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,8 +10,8 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output @@ -47,7 +47,8 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); + /* the ameth pub_cmp must return 1 on match, 0 on mismatch */ + return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0; } static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_pmeth.c index 55dd27d63..56f98707f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hm_pmeth.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* HMAC pkey context structure */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac.c b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac.c index e4031b44a..5e087bf92 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,21 +13,22 @@ #include "internal/cryptlib.h" #include #include -#include "hmac_lcl.h" +#include "hmac_local.h" int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) { - int rv = 0; - int i, j, reset = 0; + int rv = 0, reset = 0; + int i, j; unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; + unsigned int keytmp_length; + unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE]; /* If we are changing MD then we must have a key */ if (md != NULL && md != ctx->md && (key == NULL || len < 0)) return 0; if (md != NULL) { - reset = 1; ctx->md = md; } else if (ctx->md) { md = ctx->md; @@ -35,37 +36,43 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return 0; } + /* + * The HMAC construction is not allowed to be used with the + * extendable-output functions (XOF) shake128 and shake256. + */ + if ((EVP_MD_meth_get_flags(md) & EVP_MD_FLAG_XOF) != 0) + return 0; + if (key != NULL) { reset = 1; + j = EVP_MD_block_size(md); - if (!ossl_assert(j <= (int)sizeof(ctx->key))) + if (!ossl_assert(j <= (int)sizeof(keytmp))) return 0; if (j < len) { if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) || !EVP_DigestUpdate(ctx->md_ctx, key, len) - || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, - &ctx->key_length)) + || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, + &keytmp_length)) return 0; } else { - if (len < 0 || len > (int)sizeof(ctx->key)) + if (len < 0 || len > (int)sizeof(keytmp)) return 0; - memcpy(ctx->key, key, len); - ctx->key_length = len; + memcpy(keytmp, key, len); + keytmp_length = len; } - if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE) - memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length); - } + if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE) + memset(&keytmp[keytmp_length], 0, + HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length); - if (reset) { for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) - pad[i] = 0x36 ^ ctx->key[i]; + pad[i] = 0x36 ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) goto err; for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) - pad[i] = 0x5c ^ ctx->key[i]; + pad[i] = 0x5c ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) goto err; @@ -74,8 +81,10 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, goto err; rv = 1; err: - if (reset) + if (reset) { + OPENSSL_cleanse(keytmp, sizeof(keytmp)); OPENSSL_cleanse(pad, sizeof(pad)); + } return rv; } @@ -142,8 +151,6 @@ static void hmac_ctx_cleanup(HMAC_CTX *ctx) EVP_MD_CTX_reset(ctx->o_ctx); EVP_MD_CTX_reset(ctx->md_ctx); ctx->md = NULL; - ctx->key_length = 0; - OPENSSL_cleanse(ctx->key, sizeof(ctx->key)); } void HMAC_CTX_free(HMAC_CTX *ctx) @@ -194,8 +201,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) goto err; if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE); - dctx->key_length = sctx->key_length; dctx->md = sctx->md; return 1; err: diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_local.h similarity index 71% rename from trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_local.h index 8fd834569..8bcc55817 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/hmac/hmac_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_HMAC_LCL_H -# define HEADER_HMAC_LCL_H +#ifndef OSSL_CRYPTO_HMAC_LOCAL_H +# define OSSL_CRYPTO_HMAC_LOCAL_H /* The current largest case is for SHA3-224 */ #define HMAC_MAX_MD_CBLOCK_SIZE 144 @@ -18,8 +18,6 @@ struct hmac_ctx_st { EVP_MD_CTX *md_ctx; EVP_MD_CTX *i_ctx; EVP_MD_CTX *o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE]; }; #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cbc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cbc.c index a70a8682a..4eff46711 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cbc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cbc.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cfb64.c index daf467eb5..61c723015 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cfb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ecb.c index 058d0c14c..cb724e1a6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ecb.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" #include const char *IDEA_options(void) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ofb64.c index 997a7b88e..f000ced58 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ofb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_skey.c index 9d9145580..230338d7e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_skey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/i_skey.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" static IDEA_INT inverse(unsigned int xin); void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/idea/idea_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/idea/idea_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/idea/idea_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/idea/idea_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store.h b/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store.h deleted file mode 100644 index f5013dc36..000000000 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store.h +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -void ossl_store_cleanup_int(void); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/init.c index b9a7334a7..1b0d523be 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/init.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/init.c @@ -8,25 +8,25 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include -#include "internal/rand_int.h" +#include "crypto/rand.h" #include "internal/bio.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include "internal/conf.h" -#include "internal/async.h" -#include "internal/engine.h" +#include "crypto/async.h" +#include "crypto/engine.h" #include "internal/comp.h" #include "internal/err.h" -#include "internal/err_int.h" -#include "internal/objects.h" +#include "crypto/err.h" +#include "crypto/objects.h" #include #include #include "internal/thread_once.h" -#include "internal/dso_conf.h" +#include "crypto/dso_conf.h" #include "internal/dso.h" -#include "internal/store.h" +#include "crypto/store.h" static int stopped = 0; @@ -40,7 +40,7 @@ static int stopped = 0; * destructor for threads terminating before libcrypto is initialized or * after it's de-initialized. Access to the key doesn't have to be * serialized for the said threads, because they didn't use libcrypto - * and it doesn't matter if they pick "impossible" or derefernce real + * and it doesn't matter if they pick "impossible" or dereference real * key value and pull NULL past initialization in the first thread that * intends to use libcrypto. */ @@ -161,10 +161,9 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n"); #endif -#if !defined(OPENSSL_NO_DSO) \ - && !defined(OPENSSL_USE_NODELETE) \ +#if !defined(OPENSSL_USE_NODELETE) \ && !defined(OPENSSL_NO_PINSHARED) -# ifdef DSO_WIN32 +# if defined(DSO_WIN32) && !defined(_WIN32_WCE) { HMODULE handle = NULL; BOOL ret; @@ -180,7 +179,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) # endif return (ret == TRUE) ? 1 : 0; } -# else +# elif !defined(DSO_NONE) /* * Deliberately leak a reference to ourselves. This will force the library * to remain loaded until the atexit() handler is run at process exit. @@ -702,7 +701,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) ret = RUN_ONCE(&config, ossl_init_config); conf_settings = NULL; CRYPTO_THREAD_unlock(init_lock); - if (!ret) + if (ret <= 0) return 0; } @@ -764,8 +763,7 @@ int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; -#if !defined(OPENSSL_NO_DSO) \ - && !defined(OPENSSL_USE_NODELETE)\ +#if !defined(OPENSSL_USE_NODELETE)\ && !defined(OPENSSL_NO_PINSHARED) { union { @@ -774,7 +772,7 @@ int OPENSSL_atexit(void (*handler)(void)) } handlersym; handlersym.func = handler; -# ifdef DSO_WIN32 +# if defined(DSO_WIN32) && !defined(_WIN32_WCE) { HMODULE handle = NULL; BOOL ret; @@ -790,7 +788,7 @@ int OPENSSL_atexit(void (*handler)(void)) if (!ret) return 0; } -# else +# elif !defined(DSO_NONE) /* * Deliberately leak a reference to the handler. This will force the * library/code containing the handler to remain loaded until we run the @@ -849,6 +847,5 @@ void OPENSSL_fork_parent(void) void OPENSSL_fork_child(void) { - rand_fork(); } #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/hkdf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/hkdf.c index ae46fad60..25bf4b729 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/hkdf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/hkdf.c @@ -13,7 +13,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" #define HKDF_MAXBUF 1024 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/scrypt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/scrypt.c index 61fd390e9..68606ac00 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/scrypt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/scrypt.c @@ -13,7 +13,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" #ifndef OPENSSL_NO_SCRYPT diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/tls1_prf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/tls1_prf.c index 49f7ecced..e9ca8e127 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/tls1_prf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/kdf/tls1_prf.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int tls1_prf_alg(const EVP_MD *md, const unsigned char *sec, size_t slen, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lh_stats.c b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lh_stats.c index 65b91e1ef..45f1b1055 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lh_stats.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lh_stats.c @@ -18,7 +18,7 @@ #include #include -#include "lhash_lcl.h" +#include "lhash_local.h" # ifndef OPENSSL_NO_STDIO void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash.c b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash.c index 8d9f933df..9dc887d91 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,20 +13,20 @@ #include #include #include -#include "internal/ctype.h" -#include "internal/lhash.h" -#include "lhash_lcl.h" +#include "crypto/ctype.h" +#include "crypto/lhash.h" +#include "lhash_local.h" /* * A hashing implementation that appears to be based on the linear hashing - * alogrithm: + * algorithm: * https://en.wikipedia.org/wiki/Linear_hashing * * Litwin, Witold (1980), "Linear hashing: A new tool for file and table * addressing", Proc. 6th Conference on Very Large Databases: 212-223 - * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf + * https://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf * - * From the wikipedia article "Linear hashing is used in the BDB Berkeley + * From the Wikipedia article "Linear hashing is used in the BDB Berkeley * database system, which in turn is used by many software systems such as * OpenLDAP, using a C implementation derived from the CACM article and first * published on the Usenet in 1988 by Esmond Pitt." diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/lhash/lhash_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_dgst.c index 531961861..29b6b252b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_dgst.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_dgst.c @@ -9,7 +9,7 @@ #include #include -#include "md4_locl.h" +#include "md4_local.h" /* * Implemented from RFC1186 The MD4 Message-Digest Algorithm @@ -39,7 +39,7 @@ void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) const unsigned char *data = data_; register unsigned MD32_REG_T A, B, C, D, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_local.h similarity index 96% rename from trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_local.h index a6c4003fd..5f05720e9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md4/md4_local.h @@ -31,7 +31,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER md4_block_data_order -#include "internal/md32_common.h" +#include "crypto/md32_common.h" /*- #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) @@ -53,7 +53,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); #define R1(a,b,c,d,k,s,t) { \ a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); };\ + a=ROTATE(a,s); }; #define R2(a,b,c,d,k,s,t) { \ a+=((k)+(t)+H((b),(c),(d))); \ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-586.pl index 15e14864d..7986a2413 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -43,7 +43,7 @@ $X="esi"; &md5_block("md5_block_asm_data_order"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub Np { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-sparcv9.pl index 6a62c6253..3595e3d32 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -434,4 +434,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-x86_64.pl index 386d8048e..c6a172d44 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/asm/md5-x86_64.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # Author: Marc Bevand -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -390,4 +390,4 @@ ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_dgst.c index fbede6742..d84cba37a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_dgst.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_dgst.c @@ -8,7 +8,7 @@ */ #include -#include "md5_locl.h" +#include "md5_local.h" #include /* @@ -39,7 +39,7 @@ void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) const unsigned char *data = data_; register unsigned MD32_REG_T A, B, C, D, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_local.h similarity index 98% rename from trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_local.h index 4eb7e50ef..b0087bea8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/md5/md5_local.h @@ -42,7 +42,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER md5_block_data_order -#include "internal/md32_common.h" +#include "crypto/md32_common.h" /*- #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) @@ -62,7 +62,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); #define R0(a,b,c,d,k,s,t) { \ a+=((k)+(t)+F((b),(c),(d))); \ a=ROTATE(a,s); \ - a+=b; };\ + a+=b; }; #define R1(a,b,c,d,k,s,t) { \ a+=((k)+(t)+G((b),(c),(d))); \ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mem.c b/trunk/3rdparty/openssl-1.1-fit/crypto/mem.c index 780053ffe..2b39ca3a1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/mem.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mem.c @@ -9,7 +9,7 @@ #include "e_os.h" #include "internal/cryptlib.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mem_sec.c b/trunk/3rdparty/openssl-1.1-fit/crypto/mem_sec.c index 9e0f6702f..222c786cb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/mem_sec.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mem_sec.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -34,6 +34,12 @@ # include # endif # endif +# if defined(__FreeBSD__) +# define MADV_DONTDUMP MADV_NOCORE +# endif +# if !defined(MAP_CONCEAL) +# define MAP_CONCEAL 0 +# endif # include # include # include @@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize) if (1) { #ifdef MAP_ANON sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0); + PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); } else { #endif int fd; @@ -502,7 +508,7 @@ static void sh_done(void) OPENSSL_free(sh.freelist); OPENSSL_free(sh.bittable); OPENSSL_free(sh.bitmalloc); - if (sh.map_result != NULL && sh.map_size) + if (sh.map_result != MAP_FAILED && sh.map_size) munmap(sh.map_result, sh.map_size); memset(&sh, 0, sizeof(sh)); } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/mips_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/mips_arch.h index 75043e79d..4ae1a1a93 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/mips_arch.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/mips_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,11 +7,11 @@ * https://www.openssl.org/source/license.html */ -#ifndef __MIPS_ARCH_H__ -# define __MIPS_ARCH_H__ +#ifndef OSSL_CRYPTO_MIPS_ARCH_H +# define OSSL_CRYPTO_MIPS_ARCH_H # if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \ - defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) + defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \ && !defined(_MIPS_ARCH_MIPS32R2) # define _MIPS_ARCH_MIPS32R2 # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/aesni-gcm-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/aesni-gcm-x86_64.pl index b42016101..60f03e4fe 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/aesni-gcm-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -90,6 +90,7 @@ $code=<<___; .type _aesni_ctr32_ghash_6x,\@abi-omnipotent .align 32 _aesni_ctr32_ghash_6x: +.cfi_startproc vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb sub \$6,$len vpxor $Z0,$Z0,$Z0 # $Z0 = 0 @@ -397,6 +398,7 @@ _aesni_ctr32_ghash_6x: vpxor $Z0,$Xi,$Xi # modulo-scheduled ret +.cfi_endproc .size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x ___ ###################################################################### @@ -543,6 +545,7 @@ $code.=<<___; .type _aesni_ctr32_6x,\@abi-omnipotent .align 32 _aesni_ctr32_6x: +.cfi_startproc vmovdqu 0x00-0x80($key),$Z0 # borrow $Z0 for $rndkey vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb lea -1($rounds),%r13 @@ -629,6 +632,7 @@ _aesni_ctr32_6x: vpshufb $Ii,$T1,$T1 # next counter value vpxor $Z0,$inout5,$inout5 jmp .Loop_ctr32 +.cfi_endproc .size _aesni_ctr32_6x,.-_aesni_ctr32_6x .globl aesni_gcm_encrypt @@ -1079,15 +1083,19 @@ $code=<<___; # assembler is too old .globl aesni_gcm_encrypt .type aesni_gcm_encrypt,\@abi-omnipotent aesni_gcm_encrypt: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size aesni_gcm_encrypt,.-aesni_gcm_encrypt .globl aesni_gcm_decrypt .type aesni_gcm_decrypt,\@abi-omnipotent aesni_gcm_decrypt: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size aesni_gcm_decrypt,.-aesni_gcm_decrypt ___ }}} @@ -1096,4 +1104,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-alpha.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-alpha.pl index ccf6b2bd6..d80920723 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-alpha.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-alpha.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -463,5 +463,5 @@ rem_4bit: ___ $output=pop and open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-armv4.pl index dcc23f7d7..d84ac6f2b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-armv4.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -548,4 +548,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-c64xplus.pl index 3cadda399..5826dcbdf 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-c64xplus.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -244,4 +244,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-ia64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-ia64.pl index eb9ded91e..6e29f995f 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-ia64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-ia64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -467,4 +467,4 @@ $code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm if ($big_endian); $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-parisc.pl index a614c99c2..d798b7abf 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-parisc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -745,4 +745,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-s390x.pl index 17dc37505..2f3ca295b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-s390x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -259,4 +259,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-sparcv9.pl index c4eb3b1f0..ccebc74b4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -578,4 +578,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86.pl index bcbe6e399..4183d99b6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1378,7 +1378,7 @@ my ($Xhi,$Xi)=@_; &asciz("GHASH for x86, CRYPTOGAMS by "); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; # A question was risen about choice of vanilla MMX. Or rather why wasn't # SSE2 chosen instead? In addition to the fact that MMX runs on legacy diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86_64.pl index 30158aa07..9bdba41d1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghash-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -116,7 +116,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1155,6 +1155,7 @@ ___ } else { $code.=<<___; jmp .L_init_clmul +.cfi_endproc .size gcm_init_avx,.-gcm_init_avx ___ } @@ -1594,6 +1595,7 @@ ___ } else { $code.=<<___; jmp .L_ghash_clmul +.cfi_endproc .size gcm_ghash_avx,.-gcm_ghash_avx ___ } @@ -1813,4 +1815,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashp8-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashp8-ppc.pl index 6a2ac7129..447472cb4 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashp8-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashp8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -668,4 +668,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashv8-armx.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashv8-armx.pl index 47e882008..d0e398b50 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashv8-armx.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -778,4 +778,4 @@ if ($flavour =~ /64/) { ######## 64-bit code } } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cbc128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cbc128.c index 4ce5eb2ae..15a14be70 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cbc128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cbc128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,13 +8,19 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) # define STRICT_ALIGNMENT 0 #endif +#if defined(__GNUC__) && !STRICT_ALIGNMENT +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], block128_f block) @@ -40,8 +46,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, } else { while (len >= 16) { for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(iv + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n); (*block) (out, out, key); iv = out; len -= 16; @@ -63,7 +69,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, in += 16; out += 16; } - memcpy(ivec, iv, 16); + if (ivec != iv) + memcpy(ivec, iv, 16); } void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, @@ -96,7 +103,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *iv_t = (size_t_aX *)iv; (*block) (in, out, key); for (n = 0; n < 16 / sizeof(size_t); n++) @@ -107,7 +115,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, out += 16; } } - memcpy(ivec, iv, 16); + if (ivec != iv) + memcpy(ivec, iv, 16); } else { if (STRICT_ALIGNMENT && ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { @@ -125,8 +134,10 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec; - const size_t *in_t = (const size_t *)in; + size_t c; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *ivec_t = (size_t_aX *)ivec; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (in, tmp.c, key); for (n = 0; n < 16 / sizeof(size_t); n++) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ccm128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ccm128.c index 85ce84f10..655b10350 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ccm128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ccm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,17 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + /* * First you setup M and L parameters and pass the key schedule. This is * called once per session setup... @@ -170,8 +178,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[0] ^= temp.u[0]; ctx->cmac.u[1] ^= temp.u[1]; #else - ctx->cmac.u[0] ^= ((u64 *)inp)[0]; - ctx->cmac.u[1] ^= ((u64 *)inp)[1]; + ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0]; + ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1]; #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); (*block) (ctx->nonce.c, scratch.c, key); @@ -181,8 +189,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, temp.u[1] ^= scratch.u[1]; memcpy(out, temp.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; - ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ ((u64_a1 *)inp)[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ ((u64_a1 *)inp)[1]; #endif inp += 16; out += 16; @@ -254,8 +262,10 @@ int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); memcpy(out, scratch.c, 16); #else - ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]); - ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]); + ctx->cmac.u[0] ^= (((u64_a1 *)out)[0] + = scratch.u[0] ^ ((u64_a1 *)inp)[0]); + ctx->cmac.u[1] ^= (((u64_a1 *)out)[1] + = scratch.u[1] ^ ((u64_a1 *)inp)[1]); #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); @@ -425,7 +435,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len) M *= 2; M += 2; - if (len < M) + if (len != M) return 0; memcpy(tag, ctx->cmac.c, M); return M; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cfb128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cfb128.c index e439567fe..b2530007b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cfb128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cfb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,15 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit cfb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -43,8 +49,9 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - *(size_t *)(out + n) = - *(size_t *)(ivec + n) ^= *(size_t *)(in + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(ivec + n) + ^= *(size_t_aX *)(in + n); } len -= 16; out += 16; @@ -92,9 +99,10 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - size_t t = *(size_t *)(in + n); - *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t; - *(size_t *)(ivec + n) = t; + size_t t = *(size_t_aX *)(in + n); + *(size_t_aX *)(out + n) + = *(size_t_aX *)(ivec + n) ^ t; + *(size_t_aX *)(ivec + n) = t; } len -= 16; out += 16; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ctr128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ctr128.c index 03920b447..1ed7deced 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ctr128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ctr128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,15 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * NOTE: the IV/counter CTR mode is big-endian. The code itself is * endian-neutral. @@ -97,8 +103,9 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, (*block) (ivec, ecount_buf, key); ctr128_inc_aligned(ivec); for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ecount_buf + n); len -= 16; out += 16; in += 16; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cts128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cts128.c index 93826a1e2..9052e8577 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cts128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/cts128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/gcm128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/gcm128.c index 15f76e3e8..8304efff4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/gcm128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,15 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) /* redefine, because alignment is ensured */ # undef GETU32 @@ -1080,8 +1086,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = GHASH_CHUNK; while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1107,8 +1113,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = i; while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1318,8 +1324,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, GHASH(ctx, in, GHASH_CHUNK); while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1343,8 +1349,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if ((i = (len & (size_t)-16))) { GHASH(ctx, in, i); while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1379,8 +1385,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) { - size_t c = in[i]; - out[i] = c ^ ctx->EKi.t[i]; + size_t c = in_t[i]; + out_t[i] = c ^ ctx->EKi.t[i]; ctx->Xi.t[i] ^= c; } GCM_MUL(ctx); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_local.h similarity index 91% rename from trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_local.h index f2ae01d11..888141681 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/modes_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,14 @@ typedef unsigned char u8; # endif #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u32 u32_a1 __attribute((__aligned__(1))); +# else +typedef u32 u32_a1; +# endif +#endif + #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__GNUC__) && __GNUC__>=2 # if defined(__x86_64) || defined(__x86_64__) @@ -55,12 +63,15 @@ typedef unsigned char u8; asm ("bswapl %0" \ : "+r"(ret_)); ret_; }) # elif defined(__aarch64__) -# define BSWAP8(x) ({ u64 ret_; \ +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ + __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ +# define BSWAP8(x) ({ u64 ret_; \ asm ("rev %0,%1" \ : "=r"(ret_) : "r"(x)); ret_; }) -# define BSWAP4(x) ({ u32 ret_; \ +# define BSWAP4(x) ({ u32 ret_; \ asm ("rev %w0,%w1" \ : "=r"(ret_) : "r"(x)); ret_; }) +# endif # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) # define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ asm ("rev %0,%0; rev %1,%1" \ @@ -86,8 +97,8 @@ _asm mov eax, val _asm bswap eax} # endif #endif #if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +# define GETU32(p) BSWAP4(*(const u32_a1 *)(p)) +# define PUTU32(p,v) *(u32_a1 *)(p) = BSWAP4(v) #else # define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) # define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ocb128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ocb128.c index 713b9aaf1..b39a55a1a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ocb128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ocb128.c @@ -10,7 +10,7 @@ #include #include #include -#include "modes_lcl.h" +#include "modes_local.h" #ifndef OPENSSL_NO_OCB diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ofb128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ofb128.c index 83092564c..a3469712b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ofb128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/ofb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,15 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit ofb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -41,8 +47,9 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ivec + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ivec + n); len -= 16; out += 16; in += 16; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/xts128.c b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/xts128.c index 81b1eacd5..fe1626c62 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/modes/xts128.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/modes/xts128.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,17 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, @@ -45,8 +53,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); #if defined(STRICT_ALIGNMENT) @@ -54,8 +62,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1]; #endif inp += 16; out += 16; @@ -128,8 +136,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak1.u[0]; @@ -148,8 +156,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1]; #endif } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/o_str.c b/trunk/3rdparty/openssl-1.1-fit/crypto/o_str.c index a8357691a..eb9f21cc0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/o_str.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/o_str.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -220,10 +220,29 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) int openssl_strerror_r(int errnum, char *buf, size_t buflen) { -#if defined(_MSC_VER) && _MSC_VER>=1400 +#if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE) return !strerror_s(buf, buflen, errnum); #elif defined(_GNU_SOURCE) - return strerror_r(errnum, buf, buflen) != NULL; + char *err; + + /* + * GNU strerror_r may not actually set buf. + * It can return a pointer to some (immutable) static string in which case + * buf is left unused. + */ + err = strerror_r(errnum, buf, buflen); + if (err == NULL || buflen == 0) + return 0; + /* + * If err is statically allocated, err != buf and we need to copy the data. + * If err points somewhere inside buf, OPENSSL_strlcpy can handle this, + * since src and dest are not annotated with __restrict and the function + * reads src byte for byte and writes to dest. + * If err == buf we do not have to copy anything. + */ + if (err != buf) + OPENSSL_strlcpy(buf, err, buflen); + return 1; #elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \ (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) /* @@ -234,6 +253,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) return !strerror_r(errnum, buf, buflen); #else char *err; + /* Fall back to non-thread safe strerror()...its all we can do */ if (buflen < 2) return 0; @@ -241,8 +261,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) /* Can this ever happen? */ if (err == NULL) return 0; - strncpy(buf, err, buflen - 1); - buf[buflen - 1] = '\0'; + OPENSSL_strlcpy(buf, err, buflen); return 1; #endif } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/o_time.c b/trunk/3rdparty/openssl-1.1-fit/crypto/o_time.c index 6d764f55e..3fa70c45a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/o_time.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/o_time.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; -#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 +#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) if (gmtime_s(result, timer)) return NULL; ts = result; @@ -133,8 +133,8 @@ int OPENSSL_gmtime_diff(int *pday, int *psec, static int julian_adj(const struct tm *tm, int off_day, long offset_sec, long *pday, int *psec) { - int offset_hms, offset_day; - long time_jd; + int offset_hms; + long offset_day, time_jd; int time_year, time_month, time_day; /* split offset into days and day seconds */ offset_day = offset_sec / SECS_PER_DAY; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/o_names.c b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/o_names.c index c4355370c..979d83577 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/o_names.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/o_names.c @@ -17,8 +17,8 @@ #include #include #include "internal/thread_once.h" -#include "internal/lhash.h" -#include "obj_lcl.h" +#include "crypto/lhash.h" +#include "obj_local.h" #include "e_os.h" /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.c b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.c index ef2d1e0dd..46006fe6c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.c @@ -8,15 +8,15 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include #include -#include "internal/objects.h" +#include "crypto/objects.h" #include -#include "internal/asn1_int.h" -#include "obj_lcl.h" +#include "crypto/asn1.h" +#include "obj_local.h" /* obj_dat.h is generated from objects.h by obj_dat.pl */ #include "obj_dat.h" diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.h b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.h index 9ab1a14b9..24b49a2df 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -1070,7 +1070,7 @@ static const unsigned char so[7762] = { 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */ 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */ 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */ @@ -1728,8 +1728,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"ITU-T", "itu-t", NID_itu_t}, {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t}, {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]}, - {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]}, - {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]}, + {"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 10, &so[4440]}, + {"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, &so[4450]}, {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1}, {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1}, {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1}, @@ -3578,9 +3578,9 @@ static const unsigned int ln_objs[NUM_LN] = { 134, /* "Microsoft Individual Code Signing" */ 856, /* "Microsoft Local Key set" */ 137, /* "Microsoft Server Gated Crypto" */ - 648, /* "Microsoft Smartcardlogin" */ + 648, /* "Microsoft Smartcard Login" */ 136, /* "Microsoft Trust List Signing" */ - 649, /* "Microsoft Universal Principal Name" */ + 649, /* "Microsoft User Principal Name" */ 393, /* "NULL" */ 404, /* "NULL" */ 72, /* "Netscape Base Url" */ @@ -5364,7 +5364,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1177, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */ 1178, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */ 1181, /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */ - 1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */ + 1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 2 1 */ 1148, /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */ 1184, /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */ 1185, /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lib.c index acbdeec2c..456a1598c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lib.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.h b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.h index 9144d569d..5c3561ab7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.txt b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.txt index 6dbc41ce3..c49d4c568 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.txt +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/objects/objects.txt @@ -426,9 +426,9 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc !Cname ms-efs 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System !Cname ms-smartcard-login -1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin +1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login !Cname ms-upn -1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name +1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft User Principal Name 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb @@ -1358,7 +1358,7 @@ id-tc26-algorithms 7 : id-tc26-wrap id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-magma-kexp15 id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik -id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15 +id-tc26-wrap-gostr3412-2015-kuznyechik 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15 id-tc26 2 : id-tc26-constants diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_asn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_asn.c index 1e0b82797..a869e32bc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_asn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_asn.c @@ -10,7 +10,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" ASN1_SEQUENCE(OCSP_SIGNATURE) = { ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_cl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_cl.c index 739ac0180..55ffd45c6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_cl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_cl.c @@ -16,7 +16,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" /* * Utility functions related to sending OCSP requests and extracting relevant diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ext.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ext.c index 27ee21245..f6c387ffb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ext.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ext.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include #include @@ -439,6 +439,7 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) if ((sloc = OCSP_SERVICELOC_new()) == NULL) goto err; + X509_NAME_free(sloc->issuer); if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL) goto err; if (urls && *urls @@ -449,12 +450,11 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) goto err; if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL) goto err; - if ((ad->location = GENERAL_NAME_new()) == NULL) - goto err; if ((ia5 = ASN1_IA5STRING_new()) == NULL) goto err; if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1)) goto err; + /* ad->location is allocated inside ACCESS_DESCRIPTION_new */ ad->location->type = GEN_URI; ad->location->d.ia5 = ia5; ia5 = NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ht.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ht.c index 42c368643..ba408bc86 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ht.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_ht.c @@ -10,7 +10,7 @@ #include "e_os.h" #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lib.c index 8edd70ac8..37ac6c03f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include /* Convert a certificate and its issuer to an OCSP_CERTID */ @@ -88,7 +88,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, return NULL; } -int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) { int ret; ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); @@ -100,7 +100,7 @@ int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); } -int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) { int ret; ret = OCSP_id_issuer_cmp(a, b); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_prn.c index 5605812ef..1965f2a18 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_prn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_prn.c @@ -10,7 +10,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include "internal/cryptlib.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_srv.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_srv.c index 6bd6f7b6d..e35fc52fd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_srv.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_srv.c @@ -14,7 +14,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" /* * Utility functions related to sending OCSP responses and extracting diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_vfy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_vfy.c index 9a8d34386..e87b71c0c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_vfy.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/ocsp_vfy.c @@ -8,7 +8,7 @@ */ #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/v3_ocsp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/v3_ocsp.c index 2d425a895..a174ce15a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/v3_ocsp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ocsp/v3_ocsp.c @@ -12,7 +12,7 @@ # include # include # include -# include "ocsp_lcl.h" +# include "ocsp_local.h" # include # include "../x509v3/ext_dat.h" diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pariscid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/pariscid.pl index 5a231c49f..f4d364754 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pariscid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pariscid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -272,5 +272,5 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_all.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_all.c index 0e7181311..9d57ee7cc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_all.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -84,9 +84,8 @@ IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, - RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, - PEM_STRING_PUBLIC, - RSA_PUBKEY) + RSAPublicKey) +IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) #endif #ifndef OPENSSL_NO_DSA static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) @@ -115,7 +114,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) - IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) +IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) # ifndef OPENSSL_NO_STDIO DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) { @@ -176,6 +175,6 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, #ifndef OPENSSL_NO_DH IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) - IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) +IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) #endif IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_err.c index f642030aa..0f3cb0240 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -60,6 +60,8 @@ static const ERR_STRING_DATA PEM_str_functs[] = { {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, 0), + "PEM_write_bio_PrivateKey_traditional"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0), "PEM_write_PrivateKey"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"}, @@ -109,6 +111,8 @@ static const ERR_STRING_DATA PEM_str_reasons[] = { "unsupported encryption"}, {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), "unsupported key components"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type"}, {0, NULL} }; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_lib.c index 4bb86463f..a26322119 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include @@ -18,7 +18,7 @@ #include #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include @@ -332,7 +332,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } } - if ((dsize = i2d(x, NULL)) < 0) { + if ((dsize = i2d(x, NULL)) <= 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); dsize = 0; goto err; @@ -791,7 +791,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, { BIO *tmp = *header; char *linebuf, *p; - int len, line, ret = 0, end = 0; + int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; /* 0 if not seen (yet), 1 if reading header, 2 if finished header */ enum header_status got_header = MAYBE_HEADER; unsigned int flags_mask; @@ -809,10 +809,18 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER); + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); goto err; } + /* + * Check if line has been read completely or if only part of the line + * has been read. Keep the previous value to ignore newlines that + * appear due to reading a line up until the char before the newline. + */ + prev_partial_line_read = partial_line_read; + partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n'; + if (got_header == MAYBE_HEADER) { if (memchr(linebuf, ':', len) != NULL) got_header = IN_HEADER; @@ -823,13 +831,19 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, /* Check for end of header. */ if (linebuf[0] == '\n') { - if (got_header == POST_HEADER) { - /* Another blank line is an error. */ - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); - goto err; + /* + * If previous line has been read only partially this newline is a + * regular newline at the end of a line and not an empty line. + */ + if (!prev_partial_line_read) { + if (got_header == POST_HEADER) { + /* Another blank line is an error. */ + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); + goto err; + } + got_header = POST_HEADER; + tmp = *data; } - got_header = POST_HEADER; - tmp = *data; continue; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pkey.c index aa032d2b1..4a9492724 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pkey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,8 +17,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int pem_check_suffix(const char *pem_str, const char *suffix); @@ -108,6 +108,12 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, pem_password_cb *cb, void *u) { char pem_str[80]; + + if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) { + PEMerr(PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, + PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return 0; + } BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, pem_str, bp, x, enc, kstr, klen, cb, u); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_sign.c index 9662eb14d..7e7b32ebf 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_sign.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pem_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, int i, ret = 0; unsigned int m_len; - m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); + m = OPENSSL_malloc(EVP_PKEY_size(pkey)); if (m == NULL) { PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE); goto err; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pvkfmt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pvkfmt.c index e39c24381..a933b7c18 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pvkfmt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pem/pvkfmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,10 +29,10 @@ static unsigned int read_ledword(const unsigned char **in) { const unsigned char *p = *in; unsigned int ret; - ret = *p++; - ret |= (*p++ << 8); - ret |= (*p++ << 16); - ret |= (*p++ << 24); + ret = (unsigned int)*p++; + ret |= (unsigned int)*p++ << 8; + ret |= (unsigned int)*p++ << 16; + ret |= (unsigned int)*p++ << 24; *in = p; return ret; } @@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, if (!read_lebn(&p, 20, &priv_key)) goto memerr; + /* Set constant time flag before public key calculation */ + BN_set_flags(priv_key, BN_FLG_CONSTTIME); + /* Calculate public key */ pub_key = BN_new(); if (pub_key == NULL) @@ -841,9 +844,9 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) goto error; OPENSSL_cleanse(keybuf, 20); - if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) + if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) goto error; - if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen)) + if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen)) goto error; } @@ -872,9 +875,9 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, wrlen = BIO_write(out, tmp, outlen); OPENSSL_free(tmp); if (wrlen == outlen) { - PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); return outlen; } + PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); return -1; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/README b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/README index 3177c3716..59f2c9551 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/README +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/README @@ -35,7 +35,7 @@ Functions of interest are: &function_begin_B(name,extra) Same as normal function_begin but no pushing. &function_end(name) Call at end of function. &function_end_A(name) Standard pop and ret, for use inside functions -&function_end_B(name) Call at end but with poping or 'ret'. +&function_end_B(name) Call at end but with pop or ret. &swtmp(num) Address on stack temp word. &wparam(num) Parameter number num, that was push in C convention. This all works over pushes diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/arm-xlate.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/arm-xlate.pl index ca2f8b990..48819be54 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/arm-xlate.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/arm-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -174,4 +174,4 @@ while(my $line=<>) { print "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/ppc-xlate.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/ppc-xlate.pl index d220c6245..08668b295 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/ppc-xlate.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/ppc-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -341,4 +341,4 @@ while($line=<>) { print "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86_64-xlate.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86_64-xlate.pl index 29a0eacfd..59af6df9c 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86_64-xlate.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/perlasm/x86_64-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1216,7 +1216,7 @@ while(defined(my $line=<>)) { print "\n$current_segment\tENDS\n" if ($current_segment && $masm); print "END\n" if ($masm); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; ################################################# # Cross-reference x86_64 ABI "card" diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_add.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_add.c index 193ed8097..af184c86a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_add.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_add.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Pack an object into an OCTET STRING and turn into a safebag */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_asn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_asn.c index 422dfc398..88f145890 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_asn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_asn.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "p12_lcl.h" +#include "p12_local.h" /* PKCS#12 ASN1 module */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_attr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_attr.c index c324f5051..a958fdf34 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_attr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_attr.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Add a local keyid to a safebag */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crt.c index 10cf8dd58..bfcae3f69 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); @@ -62,7 +62,8 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 * if (pkey && cert) { if (!X509_check_private_key(cert, pkey)) return NULL; - X509_digest(cert, EVP_sha1(), keyid, &keyidlen); + if (!X509_digest(cert, EVP_sha1(), keyid, &keyidlen)) + return NULL; } if (cert) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_init.c index 88db0f2dc..7ecc29ec0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_init.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_init.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Initialise a PKCS12 structure to take data */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_key.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_key.c index ab31a6129..03eda2664 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_key.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -101,7 +101,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, #endif v = EVP_MD_block_size(md_type); u = EVP_MD_size(md_type); - if (u < 0 || v <= 0) + if (u <= 0 || v <= 0) goto err; D = OPENSSL_malloc(v); Ai = OPENSSL_malloc(u); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_mutl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_mutl.c index 0cbbed364..3658003fe 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_mutl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_mutl.c @@ -13,7 +13,7 @@ #include #include #include -#include "p12_lcl.h" +#include "p12_local.h" int PKCS12_mac_present(const PKCS12 *p12) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_npas.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_npas.c index 0ce75ed33..0334289a8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_npas.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_npas.c @@ -13,7 +13,7 @@ #include #include #include -#include "p12_lcl.h" +#include "p12_local.h" /* PKCS#12 password change routine */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8e.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8e.c index 86a07e133..05fc388a9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8e.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_p8e.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_sbag.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_sbag.c index a09c5b931..7cf522786 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_sbag.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs12/p12_sbag.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" #if OPENSSL_API_COMPAT < 0x10100000L ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_doit.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_doit.c index ee08e602a..f63fbc50e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_doit.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -137,7 +137,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, } static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) + PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, + size_t fixlen) { EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; @@ -170,7 +171,9 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, } if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) { + ri->enc_key->data, ri->enc_key->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { ret = 0; PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); goto err; @@ -499,13 +502,14 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ri = sk_PKCS7_RECIP_INFO_value(rsk, i); - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, + EVP_CIPHER_key_length(evp_cipher)) < 0) goto err; ERR_clear_error(); } } else { /* Only exit on fatal errors, not decrypt failure */ - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0) goto err; ERR_clear_error(); } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_lib.c index 16b76431d..ec4d9abd5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_lib.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_smime.c b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_smime.c index 44187230e..a95db6217 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_smime.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/pkcs7/pk7_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -301,7 +301,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, char *ptr; long len; len = BIO_get_mem_data(indata, &ptr); - tmpin = BIO_new_mem_buf(ptr, len); + tmpin = (len == 0) ? indata : BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); goto err; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv4.pl index 5cdb6be05..70f46cd14 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv4.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -133,10 +133,10 @@ poly1305_init: # ifdef __thumb2__ itete eq # endif - addeq r12,r11,#(poly1305_emit-.Lpoly1305_init) - addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init) - addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init) - addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init) + addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init) + addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init) + addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init) + addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init) # endif # ifdef __thumb2__ orr r12,r12,#1 @ thumb-ify address @@ -352,6 +352,7 @@ $code.=<<___; .type poly1305_emit,%function .align 5 poly1305_emit: +.Lpoly1305_emit: stmdb sp!,{r4-r11} .Lpoly1305_emit_enter: @@ -671,6 +672,7 @@ poly1305_init_neon: .type poly1305_blocks_neon,%function .align 5 poly1305_blocks_neon: +.Lpoly1305_blocks_neon: ldr ip,[$ctx,#36] @ is_base2_26 ands $len,$len,#-16 beq .Lno_data_neon @@ -1157,6 +1159,7 @@ poly1305_blocks_neon: .type poly1305_emit_neon,%function .align 5 poly1305_emit_neon: +.Lpoly1305_emit_neon: ldr ip,[$ctx,#36] @ is_base2_26 stmdb sp!,{r4-r11} @@ -1250,4 +1253,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv8.pl index 6c6c9bb05..2a42b64a9 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv8.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -57,10 +57,14 @@ $code.=<<___; // forward "declarations" are required for Apple .extern OPENSSL_armcap_P -.globl poly1305_blocks -.globl poly1305_emit - +.hidden OPENSSL_armcap_P .globl poly1305_init +.hidden poly1305_init +.globl poly1305_blocks +.hidden poly1305_blocks +.globl poly1305_emit +.hidden poly1305_emit + .type poly1305_init,%function .align 5 poly1305_init: @@ -860,8 +864,8 @@ poly1305_blocks_neon: st1 {$ACC4}[0],[$ctx] .Lno_data_neon: - .inst 0xd50323bf // autiasp ldr x29,[sp],#80 + .inst 0xd50323bf // autiasp ret .size poly1305_blocks_neon,.-poly1305_blocks_neon @@ -943,4 +947,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-mips.pl index 28b6772ee..965825dc3 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-mips.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -433,5 +433,5 @@ ___ $output=pop and open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppc.pl index 0c6d015d5..e5d6933ac 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -642,4 +642,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppcfp.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppcfp.pl index 09f818584..a9ab20714 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppcfp.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-ppcfp.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -736,4 +736,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-s390x.pl index 82d757d9a..bcc8fd3b8 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-s390x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -224,4 +224,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-sparcv9.pl index 0bdd04892..997e0d834 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1117,4 +1117,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86.pl index 1e09ddcc1..2ae16a230 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -71,7 +71,7 @@ if ($sse2) { $avx = ($1>=2.09) + ($1>=2.10); } - if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { + if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } } @@ -1812,4 +1812,4 @@ sub vlazy_reduction { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86_64.pl index 342ad7f18..5f834d8fa 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/asm/poly1305-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -90,7 +90,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -168,6 +168,7 @@ $code.=<<___; .type poly1305_init,\@function,3 .align 32 poly1305_init: +.cfi_startproc xor %rax,%rax mov %rax,0($ctx) # initialize hash value mov %rax,8($ctx) @@ -219,6 +220,7 @@ $code.=<<___; mov \$1,%eax .Lno_key: ret +.cfi_endproc .size poly1305_init,.-poly1305_init .type poly1305_blocks,\@function,4 @@ -298,6 +300,7 @@ $code.=<<___; .type poly1305_emit,\@function,3 .align 32 poly1305_emit: +.cfi_startproc .Lemit: mov 0($ctx),%r8 # load hash value mov 8($ctx),%r9 @@ -318,6 +321,7 @@ poly1305_emit: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit,.-poly1305_emit ___ if ($avx) { @@ -342,15 +346,18 @@ $code.=<<___; .type __poly1305_block,\@abi-omnipotent .align 32 __poly1305_block: +.cfi_startproc ___ &poly1305_iteration(); $code.=<<___; ret +.cfi_endproc .size __poly1305_block,.-__poly1305_block .type __poly1305_init_avx,\@abi-omnipotent .align 32 __poly1305_init_avx: +.cfi_startproc mov $r0,$h0 mov $r1,$h1 xor $h2,$h2 @@ -508,6 +515,7 @@ __poly1305_init_avx: lea -48-64($ctx),$ctx # size [de-]optimization ret +.cfi_endproc .size __poly1305_init_avx,.-__poly1305_init_avx .type poly1305_blocks_avx,\@function,4 @@ -1373,6 +1381,7 @@ $code.=<<___; .type poly1305_emit_avx,\@function,3 .align 32 poly1305_emit_avx: +.cfi_startproc cmpl \$0,20($ctx) # is_base2_26? je .Lemit @@ -1423,6 +1432,7 @@ poly1305_emit_avx: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit_avx,.-poly1305_emit_avx ___ @@ -2741,6 +2751,7 @@ $code.=<<___; .type poly1305_init_base2_44,\@function,3 .align 32 poly1305_init_base2_44: +.cfi_startproc xor %rax,%rax mov %rax,0($ctx) # initialize hash value mov %rax,8($ctx) @@ -2782,6 +2793,7 @@ ___ $code.=<<___; mov \$1,%eax ret +.cfi_endproc .size poly1305_init_base2_44,.-poly1305_init_base2_44 ___ { @@ -2793,6 +2805,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52,\@function,4 .align 32 poly1305_blocks_vpmadd52: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52 # too short @@ -2899,6 +2912,7 @@ poly1305_blocks_vpmadd52: .Lno_data_vpmadd52: ret +.cfi_endproc .size poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52 ___ } @@ -2916,6 +2930,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52_4x,\@function,4 .align 32 poly1305_blocks_vpmadd52_4x: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52_4x # too short @@ -3340,6 +3355,7 @@ poly1305_blocks_vpmadd52_4x: .Lno_data_vpmadd52_4x: ret +.cfi_endproc .size poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x ___ } @@ -3358,6 +3374,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52_8x,\@function,4 .align 32 poly1305_blocks_vpmadd52_8x: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52_8x # too short @@ -3713,6 +3730,7 @@ $code.=<<___; .Lno_data_vpmadd52_8x: ret +.cfi_endproc .size poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x ___ } @@ -3720,6 +3738,7 @@ $code.=<<___; .type poly1305_emit_base2_44,\@function,3 .align 32 poly1305_emit_base2_44: +.cfi_startproc mov 0($ctx),%r8 # load hash value mov 8($ctx),%r9 mov 16($ctx),%r10 @@ -3750,6 +3769,7 @@ poly1305_emit_base2_44: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit_base2_44,.-poly1305_emit_base2_44 ___ } } } @@ -3800,6 +3820,7 @@ $code.=<<___; .type xor128_encrypt_n_pad,\@abi-omnipotent .align 16 xor128_encrypt_n_pad: +.cfi_startproc sub $otp,$inp sub $otp,$out mov $len,%r10 # put len aside @@ -3841,12 +3862,14 @@ xor128_encrypt_n_pad: .Ldone_enc: mov $otp,%rax ret +.cfi_endproc .size xor128_encrypt_n_pad,.-xor128_encrypt_n_pad .globl xor128_decrypt_n_pad .type xor128_decrypt_n_pad,\@abi-omnipotent .align 16 xor128_decrypt_n_pad: +.cfi_startproc sub $otp,$inp sub $otp,$out mov $len,%r10 # put len aside @@ -3892,6 +3915,7 @@ xor128_decrypt_n_pad: .Ldone_dec: mov $otp,%rax ret +.cfi_endproc .size xor128_decrypt_n_pad,.-xor128_decrypt_n_pad ___ } @@ -4156,4 +4180,4 @@ foreach (split('\n',$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/build.info index 631b32b8e..4e4dcca52 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/build.info +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/build.info @@ -17,6 +17,7 @@ GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME) INCLUDE[poly1305-armv8.o]=.. GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME) INCLUDE[poly1305-mips.o]=.. +GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME) BEGINRAW[Makefile(unix)] {- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305.c b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305.c index 1d182364a..e7f5b92c8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305.c @@ -11,7 +11,7 @@ #include #include -#include "internal/poly1305.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" size_t Poly1305_ctx_size(void) @@ -89,7 +89,7 @@ static void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit); /* - * Type-agnostic "rip-off" from constant_time_locl.h + * Type-agnostic "rip-off" from constant_time.h */ # define CONSTANT_TIME_CARRY(a,b) ( \ (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ameth.c index 033ee8cd9..0dddf7962 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ameth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,10 +10,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/poly1305.h" +#include "crypto/asn1.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* * POLY1305 "ASN1" method. This is just here to indicate the maximum @@ -43,7 +43,7 @@ static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); + return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0; } static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_pmeth.c index 3bc24c98c..49a799a12 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/poly1305/poly1305_pmeth.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/poly1305.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* POLY1305 pkey context structure */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ppc_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ppc_arch.h index 72bd74687..e3845e939 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ppc_arch.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ppc_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_PPC_ARCH_H -# define HEADER_PPC_ARCH_H +#ifndef OSSL_CRYPTO_PPC_ARCH_H +# define OSSL_CRYPTO_PPC_ARCH_H extern unsigned int OPENSSL_ppccap_P; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ppccap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ppccap.c index afb9e31b0..eeaa47cc6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ppccap.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ppccap.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,8 +29,8 @@ #include #include #include -#include -#include "bn/bn_lcl.h" +#include +#include "bn/bn_local.h" #include "ppc_arch.h" @@ -211,6 +211,30 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) # if __GLIBC_PREREQ(2, 16) # include # define OSSL_IMPLEMENT_GETAUXVAL +# elif defined(__ANDROID_API__) +/* see https://developer.android.google.cn/ndk/guides/cpu-features */ +# if __ANDROID_API__ >= 18 +# include +# define OSSL_IMPLEMENT_GETAUXVAL +# endif +# endif +#endif + +#if defined(__FreeBSD__) +# include +# if __FreeBSD_version >= 1200000 +# include +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} # endif #endif @@ -314,6 +338,7 @@ void OPENSSL_cpuid_setup(void) #ifdef OSSL_IMPLEMENT_GETAUXVAL { unsigned long hwcap = getauxval(HWCAP); + unsigned long hwcap2 = getauxval(HWCAP2); if (hwcap & HWCAP_FPU) { OPENSSL_ppccap_P |= PPC_FPU; @@ -332,11 +357,11 @@ void OPENSSL_cpuid_setup(void) if (hwcap & HWCAP_ALTIVEC) { OPENSSL_ppccap_P |= PPC_ALTIVEC; - if ((hwcap & HWCAP_VSX) && (getauxval(HWCAP2) & HWCAP_VEC_CRYPTO)) + if ((hwcap & HWCAP_VSX) && (hwcap2 & HWCAP_VEC_CRYPTO)) OPENSSL_ppccap_P |= PPC_CRYPTO207; } - if (hwcap & HWCAP_ARCH_3_00) { + if (hwcap2 & HWCAP_ARCH_3_00) { OPENSSL_ppccap_P |= PPC_MADD300; } } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ppccpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ppccpuid.pl index a38445fd3..2065cbb84 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ppccpuid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ppccpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -379,4 +379,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info index df9bac67f..a4e7900bd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/build.info @@ -2,3 +2,5 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ randfile.c rand_lib.c rand_err.c rand_egd.c \ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c + +INCLUDE[drbg_ctr.o]=../modes diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c index a243361b5..a757d0a25 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_ctr.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,28 +12,25 @@ #include #include #include +#include "modes_local.h" #include "internal/thread_once.h" -#include "internal/thread_once.h" -#include "rand_lcl.h" +#include "rand_local.h" + /* * Implementation of NIST SP 800-90A CTR DRBG. */ static void inc_128(RAND_DRBG_CTR *ctr) { - int i; - unsigned char c; - unsigned char *p = &ctr->V[15]; + unsigned char *p = &ctr->V[0]; + u32 n = 16, c = 1; - for (i = 0; i < 16; i++, p--) { - c = *p; - c++; - *p = c; - if (c != 0) { - /* If we didn't wrap around, we're done. */ - break; - } - } + do { + --n; + c += p[n]; + p[n] = (u8)c; + c >>= 8; + } while (n); } static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) @@ -66,15 +63,15 @@ static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) * Process a complete block using BCC algorithm of SP 800-90A 10.3.3 */ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, - const unsigned char *in) + const unsigned char *in, int len) { int i, outlen = AES_BLOCK_SIZE; - for (i = 0; i < 16; i++) + for (i = 0; i < len; i++) out[i] ^= in[i]; - if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len) + || outlen != len) return 0; return 1; } @@ -85,12 +82,16 @@ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, */ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) { - if (!ctr_BCC_block(ctr, ctr->KX, in) - || !ctr_BCC_block(ctr, ctr->KX + 16, in)) - return 0; - if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in)) - return 0; - return 1; + unsigned char in_tmp[48]; + unsigned char num_of_blk = 2; + + memcpy(in_tmp, in, 16); + memcpy(in_tmp + 16, in, 16); + if (ctr->keylen != 16) { + memcpy(in_tmp + 32, in, 16); + num_of_blk = 3; + } + return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk); } /* @@ -99,19 +100,14 @@ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) */ __owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr) { + unsigned char bltmp[48] = {0}; + unsigned char num_of_blk; + memset(ctr->KX, 0, 48); - memset(ctr->bltmp, 0, 16); - if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp)) - return 0; - ctr->bltmp[3] = 1; - if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp)) - return 0; - if (ctr->keylen != 16) { - ctr->bltmp[3] = 2; - if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp)) - return 0; - } - return 1; + num_of_blk = ctr->keylen == 16 ? 2 : 3; + bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1; + bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2; + return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE); } /* @@ -200,20 +196,20 @@ __owur static int ctr_df(RAND_DRBG_CTR *ctr, || !ctr_BCC_final(ctr)) return 0; /* Set up key K */ - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1)) return 0; /* X follows key K */ - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; if (ctr->keylen != 16) - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16, - AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen, + ctr->KX + 16, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; return 1; @@ -232,31 +228,25 @@ __owur static int ctr_update(RAND_DRBG *drbg, { RAND_DRBG_CTR *ctr = &drbg->data.ctr; int outlen = AES_BLOCK_SIZE; + unsigned char V_tmp[48], out[48]; + unsigned char len; /* correct key is already set up. */ + memcpy(V_tmp, ctr->V, 16); inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) - return 0; - - /* If keylen longer than 128 bits need extra encrypt */ - if (ctr->keylen != 16) { + memcpy(V_tmp + 16, ctr->V, 16); + if (ctr->keylen == 16) { + len = 32; + } else { inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V, - AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) - return 0; + memcpy(V_tmp + 32, ctr->V, 16); + len = 48; } - inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len) + || outlen != len) return 0; - - /* If 192 bit key part of V is on end of K */ - if (ctr->keylen == 24) { - memcpy(ctr->V + 8, ctr->V, 8); - memcpy(ctr->V, ctr->K + 24, 8); - } + memcpy(ctr->K, out, ctr->keylen); + memcpy(ctr->V, out + ctr->keylen, 16); if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { /* If no input reuse existing derived value */ @@ -271,7 +261,8 @@ __owur static int ctr_update(RAND_DRBG *drbg, ctr_XOR(ctr, in2, in2len); } - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1)) return 0; return 1; } @@ -288,8 +279,10 @@ __owur static int drbg_ctr_instantiate(RAND_DRBG *drbg, memset(ctr->K, 0, sizeof(ctr->K)); memset(ctr->V, 0, sizeof(ctr->V)); - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)) return 0; + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen)) return 0; return 1; @@ -299,20 +292,40 @@ __owur static int drbg_ctr_reseed(RAND_DRBG *drbg, const unsigned char *entropy, size_t entropylen, const unsigned char *adin, size_t adinlen) { + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + if (entropy == NULL) return 0; + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0)) return 0; return 1; } +static void ctr96_inc(unsigned char *counter) +{ + u32 n = 12, c = 1; + + do { + --n; + c += counter[n]; + counter[n] = (u8)c; + c >>= 8; + } while (n); +} + __owur static int drbg_ctr_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, const unsigned char *adin, size_t adinlen) { RAND_DRBG_CTR *ctr = &drbg->data.ctr; + unsigned int ctr32, blocks; + int outl, buflen; if (adin != NULL && adinlen != 0) { + inc_128(ctr); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; /* This means we reuse derived value */ @@ -324,28 +337,53 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, adinlen = 0; } - for ( ; ; ) { - int outl = AES_BLOCK_SIZE; + inc_128(ctr); + if (outlen == 0) { inc_128(ctr); - if (outlen < 16) { - /* Use K as temp space as it will be updated */ - if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V, - AES_BLOCK_SIZE) - || outl != AES_BLOCK_SIZE) - return 0; - memcpy(out, ctr->K, outlen); - break; - } - if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE) - || outl != AES_BLOCK_SIZE) + + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; - out += 16; - outlen -= 16; - if (outlen == 0) - break; + return 1; } + memset(out, 0, outlen); + + do { + if (!EVP_CipherInit_ex(ctr->ctx_ctr, + NULL, NULL, NULL, ctr->V, -1)) + return 0; + + /*- + * outlen has type size_t while EVP_CipherUpdate takes an + * int argument and thus cannot be guaranteed to process more + * than 2^31-1 bytes at a time. We process such huge generate + * requests in 2^30 byte chunks, which is the greatest multiple + * of AES block size lower than or equal to 2^31-1. + */ + buflen = outlen > (1U << 30) ? (1U << 30) : outlen; + blocks = (buflen + 15) / 16; + + ctr32 = GETU32(ctr->V + 12) + blocks; + if (ctr32 < blocks) { + /* 32-bit counter overflow into V. */ + if (ctr32 != 0) { + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + } + ctr96_inc(ctr->V); + } + PUTU32(ctr->V + 12, ctr32); + + if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen) + || outl != buflen) + return 0; + + out += buflen; + outlen -= buflen; + } while (outlen); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; return 1; @@ -353,7 +391,8 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, static int drbg_ctr_uninstantiate(RAND_DRBG *drbg) { - EVP_CIPHER_CTX_free(drbg->data.ctr.ctx); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr); EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df); OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr)); return 1; @@ -377,25 +416,36 @@ int drbg_ctr_init(RAND_DRBG *drbg) return 0; case NID_aes_128_ctr: keylen = 16; - ctr->cipher = EVP_aes_128_ecb(); + ctr->cipher_ecb = EVP_aes_128_ecb(); + ctr->cipher_ctr = EVP_aes_128_ctr(); break; case NID_aes_192_ctr: keylen = 24; - ctr->cipher = EVP_aes_192_ecb(); + ctr->cipher_ecb = EVP_aes_192_ecb(); + ctr->cipher_ctr = EVP_aes_192_ctr(); break; case NID_aes_256_ctr: keylen = 32; - ctr->cipher = EVP_aes_256_ecb(); + ctr->cipher_ecb = EVP_aes_256_ecb(); + ctr->cipher_ctr = EVP_aes_256_ctr(); break; } drbg->meth = &drbg_ctr_meth; ctr->keylen = keylen; - if (ctr->ctx == NULL) - ctr->ctx = EVP_CIPHER_CTX_new(); - if (ctr->ctx == NULL) + if (ctr->ctx_ecb == NULL) + ctr->ctx_ecb = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ctr == NULL) + ctr->ctx_ctr = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL + || !EVP_CipherInit_ex(ctr->ctx_ecb, + ctr->cipher_ecb, NULL, NULL, NULL, 1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, + ctr->cipher_ctr, NULL, NULL, NULL, 1)) return 0; + + drbg->meth = &drbg_ctr_meth; drbg->strength = keylen * 8; drbg->seedlen = keylen + 16; @@ -413,7 +463,8 @@ int drbg_ctr_init(RAND_DRBG *drbg) if (ctr->ctx_df == NULL) return 0; /* Set key schedule for df_key */ - if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_df, + ctr->cipher_ecb, NULL, df_key, NULL, 1)) return 0; drbg->min_entropylen = ctr->keylen; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c index a13282181..8c7c28c97 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/drbg_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,10 +11,10 @@ #include #include #include -#include "rand_lcl.h" +#include "rand_local.h" #include "internal/thread_once.h" -#include "internal/rand_int.h" -#include "internal/cryptlib_int.h" +#include "crypto/rand.h" +#include "crypto/cryptlib.h" /* * Support framework for NIST SP 800-90A DRBG @@ -188,8 +188,8 @@ static RAND_DRBG *rand_drbg_new(int secure, unsigned int flags, RAND_DRBG *parent) { - RAND_DRBG *drbg = secure ? - OPENSSL_secure_zalloc(sizeof(*drbg)) : OPENSSL_zalloc(sizeof(*drbg)); + RAND_DRBG *drbg = secure ? OPENSSL_secure_zalloc(sizeof(*drbg)) + : OPENSSL_zalloc(sizeof(*drbg)); if (drbg == NULL) { RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE); @@ -197,7 +197,7 @@ static RAND_DRBG *rand_drbg_new(int secure, } drbg->secure = secure && CRYPTO_secure_allocated(drbg); - drbg->fork_count = rand_fork_count; + drbg->fork_id = openssl_get_fork_id(); drbg->parent = parent; if (parent == NULL) { @@ -318,7 +318,7 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, /* * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy * and nonce in 1 call by increasing the entropy with 50% and increasing - * the minimum length to accomadate the length of the nonce. + * the minimum length to accommodate the length of the nonce. * We do this in case a nonce is require and get_nonce is NULL. */ if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) { @@ -327,13 +327,6 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, max_entropylen += drbg->max_noncelen; } - drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); - if (drbg->reseed_next_counter) { - drbg->reseed_next_counter++; - if(!drbg->reseed_next_counter) - drbg->reseed_next_counter = 1; - } - if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, min_entropylen, max_entropylen, 0); @@ -359,9 +352,15 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, } drbg->state = DRBG_READY; - drbg->reseed_gen_counter = 1; + drbg->generate_counter = 1; drbg->reseed_time = time(NULL); - tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + if (drbg->enable_reseed_propagation) { + if (drbg->parent == NULL) + tsan_counter(&drbg->reseed_counter); + else + tsan_store(&drbg->reseed_counter, + tsan_load(&drbg->parent->reseed_counter)); + } end: if (entropy != NULL && drbg->cleanup_entropy != NULL) @@ -428,14 +427,6 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, } drbg->state = DRBG_ERROR; - - drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); - if (drbg->reseed_next_counter) { - drbg->reseed_next_counter++; - if(!drbg->reseed_next_counter) - drbg->reseed_next_counter = 1; - } - if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, @@ -451,9 +442,15 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, goto end; drbg->state = DRBG_READY; - drbg->reseed_gen_counter = 1; + drbg->generate_counter = 1; drbg->reseed_time = time(NULL); - tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + if (drbg->enable_reseed_propagation) { + if (drbg->parent == NULL) + tsan_counter(&drbg->reseed_counter); + else + tsan_store(&drbg->reseed_counter, + tsan_load(&drbg->parent->reseed_counter)); + } end: if (entropy != NULL && drbg->cleanup_entropy != NULL) @@ -554,7 +551,9 @@ int rand_drbg_restart(RAND_DRBG *drbg, drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); } else if (reseeded == 0) { /* do a full reseeding if it has not been done yet above */ - RAND_DRBG_reseed(drbg, NULL, 0, 0); + if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) { + RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR); + } } } @@ -578,6 +577,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, int prediction_resistance, const unsigned char *adin, size_t adinlen) { + int fork_id; int reseed_required = 0; if (drbg->state != DRBG_READY) { @@ -603,13 +603,15 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - if (drbg->fork_count != rand_fork_count) { - drbg->fork_count = rand_fork_count; + fork_id = openssl_get_fork_id(); + + if (drbg->fork_id != fork_id) { + drbg->fork_id = fork_id; reseed_required = 1; } if (drbg->reseed_interval > 0) { - if (drbg->reseed_gen_counter >= drbg->reseed_interval) + if (drbg->generate_counter >= drbg->reseed_interval) reseed_required = 1; } if (drbg->reseed_time_interval > 0) { @@ -618,11 +620,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, || now - drbg->reseed_time >= drbg->reseed_time_interval) reseed_required = 1; } - if (drbg->parent != NULL) { - unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter); - if (reseed_counter > 0 - && tsan_load(&drbg->parent->reseed_prop_counter) - != reseed_counter) + if (drbg->enable_reseed_propagation && drbg->parent != NULL) { + if (drbg->reseed_counter != tsan_load(&drbg->parent->reseed_counter)) reseed_required = 1; } @@ -641,7 +640,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - drbg->reseed_gen_counter++; + drbg->generate_counter++; return 1; } @@ -664,7 +663,7 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) if (drbg->adin_pool == NULL) { if (drbg->type == 0) goto err; - drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen); + drbg->adin_pool = rand_pool_new(0, 0, 0, drbg->max_adinlen); if (drbg->adin_pool == NULL) goto err; } @@ -703,8 +702,7 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, RAND_DRBG_get_nonce_fn get_nonce, RAND_DRBG_cleanup_nonce_fn cleanup_nonce) { - if (drbg->state != DRBG_UNINITIALISED - || drbg->parent != NULL) + if (drbg->state != DRBG_UNINITIALISED) return 0; drbg->get_entropy = get_entropy; drbg->cleanup_entropy = cleanup_entropy; @@ -880,8 +878,9 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent) if (parent == NULL && rand_drbg_enable_locking(drbg) == 0) goto err; - /* enable seed propagation */ - tsan_store(&drbg->reseed_prop_counter, 1); + /* enable reseed propagation */ + drbg->enable_reseed_propagation = 1; + drbg->reseed_counter = 1; /* * Ignore instantiation error to support just-in-time instantiation. @@ -1041,7 +1040,7 @@ static int drbg_add(const void *buf, int num, double randomness) return ret; #else /* - * If an os entropy source is avaible then we declare the buffer content + * If an os entropy source is available then we declare the buffer content * as additional data by setting randomness to zero and trigger a regular * reseeding. */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c index 6a870455d..a3ae5f53c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,8 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA RAND_str_functs[] = { + {ERR_PACK(ERR_LIB_RAND, RAND_F_DATA_COLLECT_METHOD, 0), + "data_collect_method"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"}, @@ -47,7 +49,9 @@ static const ERR_STRING_DATA RAND_str_functs[] = { {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0), "rand_pool_bytes_needed"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_GROW, 0), "rand_pool_grow"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_PSEUDO_BYTES, 0), "RAND_pseudo_bytes"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"}, {0, NULL} }; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c index d8639c4a0..5c72fad8c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,10 +11,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/rand_int.h" +#include "crypto/rand.h" #include #include "internal/thread_once.h" -#include "rand_lcl.h" +#include "rand_local.h" #include "e_os.h" #ifndef OPENSSL_NO_ENGINE @@ -26,8 +26,6 @@ static CRYPTO_RWLOCK *rand_meth_lock; static const RAND_METHOD *default_RAND_meth; static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; -int rand_fork_count; - static CRYPTO_RWLOCK *rand_nonce_lock; static int rand_nonce_count; @@ -137,7 +135,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, size_t entropy_available = 0; RAND_POOL *pool; - if (drbg->parent && drbg->strength > drbg->parent->strength) { + if (drbg->parent != NULL && drbg->strength > drbg->parent->strength) { /* * We currently don't support the algorithm from NIST SP 800-90C * 10.1.2 to use a weaker DRBG as source @@ -150,12 +148,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, pool = drbg->seed_pool; pool->entropy_requested = entropy; } else { - pool = rand_pool_new(entropy, min_len, max_len); + pool = rand_pool_new(entropy, drbg->secure, min_len, max_len); if (pool == NULL) return 0; } - if (drbg->parent) { + if (drbg->parent != NULL) { size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed); @@ -163,7 +161,9 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, size_t bytes = 0; /* - * Get random from parent, include our state as additional input. + * Get random data from parent. Include our address as additional input, + * in order to provide some additional distinction between different + * DRBG child instances. * Our lock is already held, but we need to lock our parent before * generating bits from it. (Note: taking the lock will be a no-op * if locking if drbg->parent->lock == NULL.) @@ -172,10 +172,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, if (RAND_DRBG_generate(drbg->parent, buffer, bytes_needed, prediction_resistance, - NULL, 0) != 0) + (unsigned char *)&drbg, sizeof(drbg)) != 0) bytes = bytes_needed; - drbg->reseed_next_counter - = tsan_load(&drbg->parent->reseed_prop_counter); rand_drbg_unlock(drbg->parent); rand_pool_add_end(pool, bytes, 8 * bytes); @@ -216,8 +214,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { - if (drbg->seed_pool == NULL) - OPENSSL_secure_clear_free(out, outlen); + if (drbg->seed_pool == NULL) { + if (drbg->secure) + OPENSSL_secure_clear_free(out, outlen); + else + OPENSSL_clear_free(out, outlen); + } } @@ -235,9 +237,10 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, struct { void * instance; int count; - } data = { 0 }; + } data; - pool = rand_pool_new(0, min_len, max_len); + memset(&data, 0, sizeof(data)); + pool = rand_pool_new(0, 0, min_len, max_len); if (pool == NULL) return 0; @@ -266,7 +269,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, unsigned char *out, size_t outlen) { - OPENSSL_secure_clear_free(out, outlen); + OPENSSL_clear_free(out, outlen); } /* @@ -298,11 +301,6 @@ void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out) rand_pool_reattach(pool, out); } -void rand_fork(void) -{ - rand_fork_count++; -} - DEFINE_RUN_ONCE_STATIC(do_rand_init) { #ifndef OPENSSL_NO_ENGINE @@ -362,7 +360,7 @@ void rand_cleanup_int(void) } /* - * RAND_close_seed_files() ensures that any seed file decriptors are + * RAND_close_seed_files() ensures that any seed file descriptors are * closed after use. */ void RAND_keep_random_devices_open(int keep) @@ -386,6 +384,9 @@ int RAND_poll(void) const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth == NULL) + return 0; + if (meth == RAND_OpenSSL()) { /* fill random pool and seed the master DRBG */ RAND_DRBG *drbg = RAND_DRBG_get0_master(); @@ -401,8 +402,8 @@ int RAND_poll(void) } else { /* fill random pool and seed the current legacy RNG */ - pool = rand_pool_new(RAND_DRBG_STRENGTH, - RAND_DRBG_STRENGTH / 8, + pool = rand_pool_new(RAND_DRBG_STRENGTH, 1, + (RAND_DRBG_STRENGTH + 7) / 8, RAND_POOL_MAX_LENGTH); if (pool == NULL) return 0; @@ -428,10 +429,16 @@ err: * Allocate memory and initialize a new random pool */ -RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len) +RAND_POOL *rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len) { - RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); + RAND_POOL *pool; + size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); + if (!RUN_ONCE(&rand_init, do_rand_init)) + return NULL; + + pool = OPENSSL_zalloc(sizeof(*pool)); if (pool == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -440,14 +447,22 @@ RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len) pool->min_len = min_len; pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? RAND_POOL_MAX_LENGTH : max_len; + pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len; + if (pool->alloc_len > pool->max_len) + pool->alloc_len = pool->max_len; + + if (secure) + pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len); + else + pool->buffer = OPENSSL_zalloc(pool->alloc_len); - pool->buffer = OPENSSL_secure_zalloc(pool->max_len); if (pool->buffer == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); goto err; } pool->entropy_requested = entropy_requested; + pool->secure = secure; return pool; @@ -482,7 +497,7 @@ RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, pool->attached = 1; - pool->min_len = pool->max_len = pool->len; + pool->min_len = pool->max_len = pool->alloc_len = pool->len; pool->entropy = entropy; return pool; @@ -502,8 +517,13 @@ void rand_pool_free(RAND_POOL *pool) * to rand_pool_attach() as `const unsigned char*`. * (see corresponding comment in rand_pool_attach()). */ - if (!pool->attached) - OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + if (!pool->attached) { + if (pool->secure) + OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); + else + OPENSSL_clear_free(pool->buffer, pool->alloc_len); + } + OPENSSL_free(pool); } @@ -596,6 +616,42 @@ size_t rand_pool_entropy_needed(RAND_POOL *pool) return 0; } +/* Increase the allocation size -- not usable for an attached pool */ +static int rand_pool_grow(RAND_POOL *pool, size_t len) +{ + if (len > pool->alloc_len - pool->len) { + unsigned char *p; + const size_t limit = pool->max_len / 2; + size_t newlen = pool->alloc_len; + + if (pool->attached || len > pool->max_len - pool->len) { + RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR); + return 0; + } + + do + newlen = newlen < limit ? newlen * 2 : pool->max_len; + while (len > newlen - pool->len); + + if (pool->secure) + p = OPENSSL_secure_zalloc(newlen); + else + p = OPENSSL_zalloc(newlen); + if (p == NULL) { + RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(p, pool->buffer, pool->len); + if (pool->secure) + OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); + else + OPENSSL_clear_free(pool->buffer, pool->alloc_len); + pool->buffer = p; + pool->alloc_len = newlen; + } + return 1; +} + /* * Returns the number of bytes needed to fill the pool, assuming * the input has 1 / |entropy_factor| entropy bits per data bit. @@ -625,6 +681,24 @@ size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor) /* to meet the min_len requirement */ bytes_needed = pool->min_len - pool->len; + /* + * Make sure the buffer is large enough for the requested amount + * of data. This guarantees that existing code patterns where + * rand_pool_add_begin, rand_pool_add_end or rand_pool_add + * are used to collect entropy data without any error handling + * whatsoever, continue to be valid. + * Furthermore if the allocation here fails once, make sure that + * we don't fall back to a less secure or even blocking random source, + * as that could happen by the existing code patterns. + * This is not a concern for additional data, therefore that + * is not needed if rand_pool_grow fails in other places. + */ + if (!rand_pool_grow(pool, bytes_needed)) { + /* persistent error for this pool */ + pool->max_len = pool->len = 0; + return 0; + } + return bytes_needed; } @@ -657,6 +731,27 @@ int rand_pool_add(RAND_POOL *pool, } if (len > 0) { + /* + * This is to protect us from accidentally passing the buffer + * returned from rand_pool_add_begin. + * The check for alloc_len makes sure we do not compare the + * address of the end of the allocated memory to something + * different, since that comparison would have an + * indeterminate result. + */ + if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) { + RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR); + return 0; + } + /* + * We have that only for cases when a pool is used to collect + * additional data. + * For entropy data, as long as the allocation request stays within + * the limits given by rand_pool_bytes_needed this rand_pool_grow + * below is guaranteed to succeed, thus no allocation happens. + */ + if (!rand_pool_grow(pool, len)) + return 0; memcpy(pool->buffer + pool->len, buffer, len); pool->len += len; pool->entropy += entropy; @@ -675,7 +770,7 @@ int rand_pool_add(RAND_POOL *pool, * is returned without producing an error message. * * After updating the buffer, rand_pool_add_end() needs to be called - * to finish the udpate operation (see next comment). + * to finish the update operation (see next comment). */ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) { @@ -689,9 +784,21 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) if (pool->buffer == NULL) { RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR); - return 0; + return NULL; } + /* + * As long as the allocation request stays within the limits given + * by rand_pool_bytes_needed this rand_pool_grow below is guaranteed + * to succeed, thus no allocation happens. + * We have that only for cases when a pool is used to collect + * additional data. Then the buffer might need to grow here, + * and of course the caller is responsible to check the return + * value of this function. + */ + if (!rand_pool_grow(pool, len)) + return NULL; + return pool->buffer + pool->len; } @@ -706,7 +813,7 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) */ int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) { - if (len > pool->max_len - pool->len) { + if (len > pool->alloc_len - pool->len) { RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW); return 0; } @@ -794,7 +901,7 @@ void RAND_seed(const void *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->seed != NULL) + if (meth != NULL && meth->seed != NULL) meth->seed(buf, num); } @@ -802,7 +909,7 @@ void RAND_add(const void *buf, int num, double randomness) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->add != NULL) + if (meth != NULL && meth->add != NULL) meth->add(buf, num, randomness); } @@ -815,24 +922,22 @@ int RAND_priv_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); RAND_DRBG *drbg; - int ret; - if (meth != RAND_OpenSSL()) + if (meth != NULL && meth != RAND_OpenSSL()) return RAND_bytes(buf, num); drbg = RAND_DRBG_get0_private(); - if (drbg == NULL) - return 0; + if (drbg != NULL) + return RAND_DRBG_bytes(drbg, buf, num); - ret = RAND_DRBG_bytes(drbg, buf, num); - return ret; + return 0; } int RAND_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->bytes != NULL) + if (meth != NULL && meth->bytes != NULL) return meth->bytes(buf, num); RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; @@ -843,8 +948,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->pseudorand != NULL) + if (meth != NULL && meth->pseudorand != NULL) return meth->pseudorand(buf, num); + RANDerr(RAND_F_RAND_PSEUDO_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } #endif @@ -853,7 +959,7 @@ int RAND_status(void) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->status != NULL) + if (meth != NULL && meth->status != NULL) return meth->status(); return 0; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_local.h similarity index 84% rename from trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_local.h index c3e9804dc..a5de5252d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_RAND_LCL_H -# define HEADER_RAND_LCL_H +#ifndef OSSL_CRYPTO_RAND_LOCAL_H +# define OSSL_CRYPTO_RAND_LOCAL_H # include # include @@ -45,7 +45,6 @@ # define DRBG_MAX_LENGTH INT32_MAX - /* * Maximum allocation size for RANDOM_POOL buffers * @@ -72,6 +71,24 @@ * 1.5 * (RAND_DRBG_STRENGTH / 8)) */ +/* + * Initial allocation minimum. + * + * There is a distinction between the secure and normal allocation minimums. + * Ideally, the secure allocation size should be a power of two. The normal + * allocation size doesn't have any such restriction. + * + * The secure value is based on 128 bits of secure material, which is 16 bytes. + * Typically, the DRBGs will set a minimum larger than this so optimal + * allocation ought to take place (for full quality seed material). + * + * The normal value has been chosen by noticing that the rand_drbg_get_nonce + * function is usually the largest of the built in allocation (twenty four + * bytes and then appending another sixteen bytes). This means the buffer ends + * with 40 bytes. The value of forty eight is comfortably above this which + * allows some slack in the platform specific values used. + */ +# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48) /* DRBG status values */ typedef enum drbg_status_e { @@ -121,9 +138,11 @@ typedef struct rand_drbg_method_st { * The state of a DRBG AES-CTR. */ typedef struct rand_drbg_ctr_st { - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx_ecb; + EVP_CIPHER_CTX *ctx_ctr; EVP_CIPHER_CTX *ctx_df; - const EVP_CIPHER *cipher; + const EVP_CIPHER *cipher_ecb; + const EVP_CIPHER *cipher_ctr; size_t keylen; unsigned char K[32]; unsigned char V[16]; @@ -150,9 +169,11 @@ struct rand_pool_st { size_t len; /* current number of random bytes contained in the pool */ int attached; /* true pool was attached to existing buffer */ + int secure; /* 1: allocated on the secure heap, 0: otherwise */ size_t min_len; /* minimum number of random bytes requested */ size_t max_len; /* maximum number of random bytes (allocated buffer size) */ + size_t alloc_len; /* current number of bytes allocated */ size_t entropy; /* current entropy count in bits */ size_t entropy_requested; /* requested entropy count in bits */ }; @@ -167,12 +188,12 @@ struct rand_drbg_st { int secure; /* 1: allocated on the secure heap, 0: otherwise */ int type; /* the nid of the underlying algorithm */ /* - * Stores the value of the rand_fork_count global as of when we last - * reseeded. The DRBG reseeds automatically whenever drbg->fork_count != - * rand_fork_count. Used to provide fork-safety and reseed this DRBG in - * the child process. + * Stores the return value of openssl_get_fork_id() as of when we last + * reseeded. The DRBG reseeds automatically whenever drbg->fork_id != + * openssl_get_fork_id(). Used to provide fork-safety and reseed this + * DRBG in the child process. */ - int fork_count; + int fork_id; unsigned short flags; /* various external flags */ /* @@ -214,7 +235,7 @@ struct rand_drbg_st { size_t max_perslen, max_adinlen; /* Counts the number of generate requests since the last reseed. */ - unsigned int reseed_gen_counter; + unsigned int generate_counter; /* * Maximum number of generate requests until a reseed is required. * This value is ignored if it is zero. @@ -227,9 +248,15 @@ struct rand_drbg_st { * This value is ignored if it is zero. */ time_t reseed_time_interval; + + /* + * Enables reseed propagation (see following comment) + */ + unsigned int enable_reseed_propagation; + /* * Counts the number of reseeds since instantiation. - * This value is ignored if it is zero. + * This value is ignored if enable_reseed_propagation is zero. * * This counter is used only for seed propagation from the DRBG * to its two children, the and DRBG. This feature is @@ -237,8 +264,7 @@ struct rand_drbg_st { * is added by RAND_add() or RAND_seed() will have an immediate effect on * the output of RAND_bytes() resp. RAND_priv_bytes(). */ - TSAN_QUALIFIER unsigned int reseed_prop_counter; - unsigned int reseed_next_counter; + TSAN_QUALIFIER unsigned int reseed_counter; size_t seedlen; DRBG_STATUS state; @@ -264,19 +290,6 @@ struct rand_drbg_st { /* The global RAND method, and the global buffer and DRBG instance. */ extern RAND_METHOD rand_meth; -/* - * A "generation count" of forks. Incremented in the child process after a - * fork. Since rand_fork_count is increment-only, and only ever written to in - * the child process of the fork, which is guaranteed to be single-threaded, no - * locking is needed for normal (read) accesses; the rest of pthread fork - * processing is assumed to introduce the necessary memory barriers. Sibling - * children of a given parent will produce duplicate values, but this is not - * problematic because the reseeding process pulls input from the system CSPRNG - * and/or other global sources, so the siblings will end up generating - * different output streams. - */ -extern int rand_fork_count; - /* DRBG helpers */ int rand_drbg_restart(RAND_DRBG *drbg, const unsigned char *buffer, size_t len, size_t entropy); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c index 9cbc9ade7..43f1069d1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,21 +14,29 @@ #include #include "internal/cryptlib.h" #include -#include "rand_lcl.h" -#include "internal/rand_int.h" +#include +#include "rand_local.h" +#include "crypto/rand.h" #include #include "internal/dso.h" -#if defined(__linux) +#ifdef __linux # include +# ifdef DEVRANDOM_WAIT +# include +# include +# endif #endif -#if defined(__FreeBSD__) +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) # include # include # include #endif -#if defined(__OpenBSD__) || defined(__NetBSD__) +#if defined(__OpenBSD__) # include #endif +#if defined(__APPLE__) +# include +#endif #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) # include @@ -75,7 +83,8 @@ static uint64_t get_timer_bits(void); # define OSSL_POSIX_TIMER_OKAY # endif # endif -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) + || defined(__DJGPP__) */ #if defined(OPENSSL_RAND_SEED_NONE) /* none means none. this simplifies the following logic */ @@ -241,10 +250,12 @@ static ssize_t sysctl_random(char *buf, size_t buflen) * when the sysctl returns long and we want to request something not a * multiple of longs, which should never be the case. */ +#if defined(__FreeBSD__) if (!ossl_assert(buflen % sizeof(long) == 0)) { errno = EINVAL; return -1; } +#endif /* * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only @@ -262,7 +273,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen) mib[1] = KERN_ARND; do { - len = buflen; + len = buflen > 256 ? 256 : buflen; if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) return done > 0 ? done : -1; done += len; @@ -275,6 +286,63 @@ static ssize_t sysctl_random(char *buf, size_t buflen) # endif # if defined(OPENSSL_RAND_SEED_GETRANDOM) + +# if defined(__linux) && !defined(__NR_getrandom) +# if defined(__arm__) +# define __NR_getrandom (__NR_SYSCALL_BASE+384) +# elif defined(__i386__) +# define __NR_getrandom 355 +# elif defined(__x86_64__) +# if defined(__ILP32__) +# define __NR_getrandom (__X32_SYSCALL_BIT + 318) +# else +# define __NR_getrandom 318 +# endif +# elif defined(__xtensa__) +# define __NR_getrandom 338 +# elif defined(__s390__) || defined(__s390x__) +# define __NR_getrandom 349 +# elif defined(__bfin__) +# define __NR_getrandom 389 +# elif defined(__powerpc__) +# define __NR_getrandom 359 +# elif defined(__mips__) || defined(__mips64) +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define __NR_getrandom (__NR_Linux + 353) +# elif _MIPS_SIM == _MIPS_SIM_ABI64 +# define __NR_getrandom (__NR_Linux + 313) +# elif _MIPS_SIM == _MIPS_SIM_NABI32 +# define __NR_getrandom (__NR_Linux + 317) +# endif +# elif defined(__hppa__) +# define __NR_getrandom (__NR_Linux + 339) +# elif defined(__sparc__) +# define __NR_getrandom 347 +# elif defined(__ia64__) +# define __NR_getrandom 1339 +# elif defined(__alpha__) +# define __NR_getrandom 511 +# elif defined(__sh__) +# if defined(__SH5__) +# define __NR_getrandom 373 +# else +# define __NR_getrandom 384 +# endif +# elif defined(__avr32__) +# define __NR_getrandom 317 +# elif defined(__microblaze__) +# define __NR_getrandom 385 +# elif defined(__m68k__) +# define __NR_getrandom 352 +# elif defined(__cris__) +# define __NR_getrandom 356 +# elif defined(__aarch64__) +# define __NR_getrandom 278 +# else /* generic */ +# define __NR_getrandom 278 +# endif +# endif + /* * syscall_random(): Try to get random data using a system call * returns the number of bytes returned in buf, or < 0 on error. @@ -300,12 +368,24 @@ static ssize_t syscall_random(void *buf, size_t buflen) * - OpenBSD since 5.6 * - Linux since 3.17 with glibc 2.25 * - FreeBSD since 12.0 (1200061) + * + * Note: Sometimes getentropy() can be provided but not implemented + * internally. So we need to check errno for ENOSYS */ # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *buffer, size_t length) __attribute__((weak)); - if (getentropy != NULL) - return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1; + if (getentropy != NULL) { + if (getentropy(buf, buflen) == 0) + return (ssize_t)buflen; + if (errno != ENOSYS) + return -1; + } +# elif defined(__APPLE__) + if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) + return (ssize_t)buflen; + + return -1; # else union { void *p; @@ -324,8 +404,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) # endif /* Linux supports this since version 3.17 */ -# if defined(__linux) && defined(SYS_getrandom) - return syscall(SYS_getrandom, buf, buflen, 0); +# if defined(__linux) && defined(__NR_getrandom) + return syscall(__NR_getrandom, buf, buflen, 0); # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) return sysctl_random(buf, buflen); # else @@ -346,6 +426,92 @@ static struct random_device { } random_devices[OSSL_NELEM(random_device_paths)]; static int keep_random_devices_open = 1; +# if defined(__linux) && defined(DEVRANDOM_WAIT) \ + && defined(OPENSSL_RAND_SEED_GETRANDOM) +static void *shm_addr; + +static void cleanup_shm(void) +{ + shmdt(shm_addr); +} + +/* + * Ensure that the system randomness source has been adequately seeded. + * This is done by having the first start of libcrypto, wait until the device + * /dev/random becomes able to supply a byte of entropy. Subsequent starts + * of the library and later reseedings do not need to do this. + */ +static int wait_random_seeded(void) +{ + static int seeded = OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID < 0; + static const int kernel_version[] = { DEVRANDOM_SAFE_KERNEL }; + int kernel[2]; + int shm_id, fd, r; + char c, *p; + struct utsname un; + fd_set fds; + + if (!seeded) { + /* See if anything has created the global seeded indication */ + if ((shm_id = shmget(OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID, 1, 0)) == -1) { + /* + * Check the kernel's version and fail if it is too recent. + * + * Linux kernels from 4.8 onwards do not guarantee that + * /dev/urandom is properly seeded when /dev/random becomes + * readable. However, such kernels support the getentropy(2) + * system call and this should always succeed which renders + * this alternative but essentially identical source moot. + */ + if (uname(&un) == 0) { + kernel[0] = atoi(un.release); + p = strchr(un.release, '.'); + kernel[1] = p == NULL ? 0 : atoi(p + 1); + if (kernel[0] > kernel_version[0] + || (kernel[0] == kernel_version[0] + && kernel[1] >= kernel_version[1])) { + return 0; + } + } + /* Open /dev/random and wait for it to be readable */ + if ((fd = open(DEVRANDOM_WAIT, O_RDONLY)) != -1) { + if (DEVRANDM_WAIT_USE_SELECT && fd < FD_SETSIZE) { + FD_ZERO(&fds); + FD_SET(fd, &fds); + while ((r = select(fd + 1, &fds, NULL, NULL, NULL)) < 0 + && errno == EINTR); + } else { + while ((r = read(fd, &c, 1)) < 0 && errno == EINTR); + } + close(fd); + if (r == 1) { + seeded = 1; + /* Create the shared memory indicator */ + shm_id = shmget(OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID, 1, + IPC_CREAT | S_IRUSR | S_IRGRP | S_IROTH); + } + } + } + if (shm_id != -1) { + seeded = 1; + /* + * Map the shared memory to prevent its premature destruction. + * If this call fails, it isn't a big problem. + */ + shm_addr = shmat(shm_id, NULL, SHM_RDONLY); + if (shm_addr != (void *)-1) + OPENSSL_atexit(&cleanup_shm); + } + } + return seeded; +} +# else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */ +static int wait_random_seeded(void) +{ + return 1; +} +# endif + /* * Verify that the file descriptor associated with the random source is * still valid. The rationale for doing this is the fact that it is not @@ -472,12 +638,12 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # if defined(OPENSSL_RAND_SEED_NONE) return rand_pool_entropy_available(pool); # else - size_t bytes_needed; - size_t entropy_available = 0; - unsigned char *buffer; + size_t entropy_available; # if defined(OPENSSL_RAND_SEED_GETRANDOM) { + size_t bytes_needed; + unsigned char *buffer; ssize_t bytes; /* Maximum allowed number of consecutive unsuccessful attempts */ int attempts = 3; @@ -507,13 +673,16 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif # if defined(OPENSSL_RAND_SEED_DEVRANDOM) - bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - { + if (wait_random_seeded()) { + size_t bytes_needed; + unsigned char *buffer; size_t i; - for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) { + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); + i++) { ssize_t bytes = 0; - /* Maximum allowed number of consecutive unsuccessful attempts */ + /* Maximum number of consecutive unsuccessful attempts */ int attempts = 3; const int fd = get_random_device(i); @@ -527,7 +696,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) if (bytes > 0) { rand_pool_add_end(pool, bytes, 8 * bytes); bytes_needed -= bytes; - attempts = 3; /* reset counter after successful attempt */ + attempts = 3; /* reset counter on successful attempt */ } else if (bytes < 0 && errno != EINTR) { break; } @@ -535,7 +704,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) if (bytes < 0 || !keep_random_devices_open) close_random_device(i); - bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + bytes_needed = rand_pool_bytes_needed(pool, 1); } entropy_available = rand_pool_entropy_available(pool); if (entropy_available > 0) @@ -556,26 +725,29 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif # if defined(OPENSSL_RAND_SEED_EGD) - bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - if (bytes_needed > 0) { + { static const char *paths[] = { DEVRANDOM_EGD, NULL }; + size_t bytes_needed; + unsigned char *buffer; int i; - for (i = 0; paths[i] != NULL; i++) { - buffer = rand_pool_add_begin(pool, bytes_needed); - if (buffer != NULL) { - size_t bytes = 0; - int num = RAND_query_egd_bytes(paths[i], - buffer, (int)bytes_needed); - if (num == (int)bytes_needed) - bytes = bytes_needed; + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + for (i = 0; bytes_needed > 0 && paths[i] != NULL; i++) { + size_t bytes = 0; + int num; - rand_pool_add_end(pool, bytes, 8 * bytes); - entropy_available = rand_pool_entropy_available(pool); - } - if (entropy_available > 0) - return entropy_available; + buffer = rand_pool_add_begin(pool, bytes_needed); + num = RAND_query_egd_bytes(paths[i], + buffer, (int)bytes_needed); + if (num == (int)bytes_needed) + bytes = bytes_needed; + + rand_pool_add_end(pool, bytes, 8 * bytes); + bytes_needed = rand_pool_bytes_needed(pool, 1); } + entropy_available = rand_pool_entropy_available(pool); + if (entropy_available > 0) + return entropy_available; } # endif @@ -609,15 +781,18 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) int rand_pool_add_additional_data(RAND_POOL *pool) { struct { + int fork_id; CRYPTO_THREAD_ID tid; uint64_t time; } data = { 0 }; /* * Add some noise from the thread id and a high resolution timer. + * The fork_id adds some extra fork-safety. * The thread id adds a little randomness if the drbg is accessed * concurrently (which is the case for the drbg). */ + data.fork_id = openssl_get_fork_id(); data.tid = CRYPTO_THREAD_get_current_id(); data.time = get_timer_bits(); @@ -704,4 +879,5 @@ static uint64_t get_timer_bits(void) # endif return time(NULL); } -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) + || defined(__DJGPP__) */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c index bfcf6f0a8..61c2f1029 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_vms.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,9 +13,11 @@ # define __NEW_STARLET 1 /* New starlet definitions since VMS 7.0 */ # include # include "internal/cryptlib.h" +# include +# include # include -# include "internal/rand_int.h" -# include "rand_lcl.h" +# include "crypto/rand.h" +# include "rand_local.h" # include # include # include @@ -32,10 +34,21 @@ # pragma message disable DOLLARID # endif +# include /* SYS$GET_ENTROPY presence */ + # ifndef OPENSSL_RAND_SEED_OS # error "Unsupported seeding method configured; must be os" # endif +/* + * DATA COLLECTION METHOD + * ====================== + * + * This is a method to get low quality entropy. + * It works by collecting all kinds of statistical data that + * VMS offers and using them as random seed. + */ + /* We need to make sure we have the right size pointer in some cases */ # if __INITIAL_POINTER_SIZE == 64 # pragma pointer_size save @@ -330,7 +343,7 @@ static void massage_JPI(ILE3 *items) */ #define ENTROPY_FACTOR 20 -size_t rand_pool_acquire_entropy(RAND_POOL *pool) +size_t data_collect_method(RAND_POOL *pool) { ILE3 JPI_items_64bit[OSSL_NELEM(JPI_item_data_64bit) + 1]; ILE3 RMI_items_64bit[OSSL_NELEM(RMI_item_data_64bit) + 1]; @@ -445,15 +458,12 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) * If we can't feed the requirements from the caller, we're in deep trouble. */ if (!ossl_assert(total_length >= bytes_needed)) { - char neededstr[20]; - char availablestr[20]; + char buf[100]; /* That should be enough */ - BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed); - BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length); - RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY, - RAND_R_RANDOM_POOL_UNDERFLOW); - ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ", - availablestr); + BIO_snprintf(buf, sizeof(buf), "Needed: %zu, Available: %zu", + bytes_needed, total_length); + RANDerr(RAND_F_DATA_COLLECT_METHOD, RAND_R_RANDOM_POOL_UNDERFLOW); + ERR_add_error_data(1, buf); return 0; } @@ -480,7 +490,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) /* * Add process id, thread id, and a high resolution timestamp * (where available, which is OpenVMS v8.4 and up) to ensure that - * the nonce is unique whith high probability for different process + * the nonce is unique with high probability for different process * instances. */ data.pid = getpid(); @@ -494,6 +504,80 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } +/* + * SYS$GET_ENTROPY METHOD + * ====================== + * + * This is a high entropy method based on a new system service that is + * based on getentropy() from FreeBSD 12. It's only used if available, + * and its availability is detected at run-time. + * + * We assume that this function provides full entropy random output. + */ +#define PUBLIC_VECTORS "SYS$LIBRARY:SYS$PUBLIC_VECTORS.EXE" +#define GET_ENTROPY "SYS$GET_ENTROPY" + +static int get_entropy_address_flag = 0; +static int (*get_entropy_address)(void *buffer, size_t buffer_size) = NULL; +static int init_get_entropy_address(void) +{ + if (get_entropy_address_flag == 0) + get_entropy_address = dlsym(dlopen(PUBLIC_VECTORS, 0), GET_ENTROPY); + get_entropy_address_flag = 1; + return get_entropy_address != NULL; +} + +size_t get_entropy_method(RAND_POOL *pool) +{ + /* + * The documentation says that SYS$GET_ENTROPY will give a maximum of + * 256 bytes of data. + */ + unsigned char buffer[256]; + size_t bytes_needed; + size_t bytes_to_get = 0; + uint32_t status; + + for (bytes_needed = rand_pool_bytes_needed(pool, 1); + bytes_needed > 0; + bytes_needed -= bytes_to_get) { + bytes_to_get = + bytes_needed > sizeof(buffer) ? sizeof(buffer) : bytes_needed; + + status = get_entropy_address(buffer, bytes_to_get); + if (status == SS$_RETRY) { + /* Set to zero so the loop doesn't diminish |bytes_needed| */ + bytes_to_get = 0; + /* Should sleep some amount of time */ + continue; + } + + if (status != SS$_NORMAL) { + lib$signal(status); + return 0; + } + + rand_pool_add(pool, buffer, bytes_to_get, 8 * bytes_to_get); + } + + return rand_pool_entropy_available(pool); +} + +/* + * MAIN ENTROPY ACQUISITION FUNCTIONS + * ================================== + * + * These functions are called by the RAND / DRBG functions + */ + +size_t rand_pool_acquire_entropy(RAND_POOL *pool) +{ + if (init_get_entropy_address()) + return get_entropy_method(pool); + return data_collect_method(pool); +} + + int rand_pool_add_additional_data(RAND_POOL *pool) { struct { @@ -507,7 +591,11 @@ int rand_pool_add_additional_data(RAND_POOL *pool) * concurrently (which is the case for the drbg). */ data.tid = CRYPTO_THREAD_get_current_id(); +#if __CRTL_VER >= 80400000 sys$gettim_prec(&data.time); +#else + sys$gettim((void*)&data.time); +#endif return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c index d2039eb22..903654600 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_win.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,8 +9,8 @@ #include "internal/cryptlib.h" #include -#include "rand_lcl.h" -#include "internal/rand_int.h" +#include "rand_local.h" +#include "crypto/rand.h" #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) # ifndef OPENSSL_RAND_SEED_OS @@ -18,8 +18,9 @@ # endif # include -/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */ -# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601 +/* On Windows Vista or higher use BCrypt instead of the legacy CryptoAPI */ +# if defined(_MSC_VER) && _MSC_VER > 1500 /* 1500 = Visual Studio 2008 */ \ + && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 # define USE_BCRYPTGENRANDOM # endif @@ -129,7 +130,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) /* * Add process id, thread id, and a high resolution timestamp to - * ensure that the nonce is unique whith high probability for + * ensure that the nonce is unique with high probability for * different process instances. */ data.pid = GetCurrentProcessId(); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c index 1b737d1ba..229ce864a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ #ifndef OPENSSL_NO_POSIX_IO # include # include -# ifdef _WIN32 +# if defined(_WIN32) && !defined(_WIN32_WCE) # include # include # define stat _stat @@ -254,7 +254,7 @@ const char *RAND_file_name(char *buf, size_t size) size_t len; int use_randfile = 1; -#if defined(_WIN32) && defined(CP_UTF8) +#if defined(_WIN32) && defined(CP_UTF8) && !defined(_WIN32_WCE) DWORD envlen; WCHAR *var; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_cbc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_cbc.c index 2b59353b1..17e86f690 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_cbc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_cbc.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *ks, unsigned char *iv, int encrypt) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_ecb.c index fb2f78273..8d9927cd5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_ecb.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" #include /*- diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_skey.c index 55d8ba371..60ebd42f2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_skey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" static const unsigned char key_table[256] = { 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2cfb64.c index e11093db9..8d1c3a4d8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2cfb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2ofb64.c index d610278a9..61b2c5643 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2ofb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc2/rc2ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-586.pl index 8c5cf87d0..3a936de1f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -423,4 +423,4 @@ $idx="edx"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-c64xplus.pl index 1354d1821..b12d044af 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-c64xplus.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -189,4 +189,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-md5-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-md5-x86_64.pl index 74e519105..7aa5c21bd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-md5-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-md5-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -484,6 +484,7 @@ $code.=<<___; .type RC4_set_key,\@function,3 .align 16 RC4_set_key: +.cfi_startproc lea 8($dat),$dat lea ($inp,$len),$inp neg $len @@ -519,6 +520,7 @@ RC4_set_key: mov %eax,-8($dat) mov %eax,-4($dat) ret +.cfi_endproc .size RC4_set_key,.-RC4_set_key .globl RC4_options @@ -658,4 +660,4 @@ $code =~ s/#rc4#//gm if ($rc4); print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-parisc.pl index 4111f339d..631e742b7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-parisc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -330,4 +330,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-s390x.pl index 469f110fa..dded0b75e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-s390x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -184,7 +184,7 @@ $code.=<<___; RC4_set_key: stm${g} %r6,%r8,6*$SIZE_T($sp) lhi $cnt,256 - la $idx,0(%r0) + la $idx,0 sth $idx,0($key) .align 4 .L1stloop: @@ -194,8 +194,8 @@ RC4_set_key: lghi $ikey,-256 lr $cnt,$len - la $iinp,0(%r0) - la $idx,0(%r0) + la $iinp,0 + la $idx,0 .align 16 .L2ndloop: llgc $acc,2+256($ikey,$key) @@ -212,7 +212,7 @@ RC4_set_key: jz .Ldone brct $cnt,.L2ndloop lr $cnt,$len - la $iinp,0(%r0) + la $iinp,0 j .L2ndloop .Ldone: lm${g} %r6,%r8,6*$SIZE_T($sp) @@ -238,4 +238,4 @@ RC4_options: ___ print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-x86_64.pl index 1a9cc47d7..423eb5b4a 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/asm/rc4-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -138,11 +138,12 @@ $code=<<___; .globl RC4 .type RC4,\@function,4 .align 16 -RC4: or $len,$len +RC4: +.cfi_startproc + or $len,$len jne .Lentry ret .Lentry: -.cfi_startproc push %rbx .cfi_push %rbx push %r12 @@ -453,6 +454,7 @@ $code.=<<___; .type RC4_set_key,\@function,3 .align 16 RC4_set_key: +.cfi_startproc lea 8($dat),$dat lea ($inp,$len),$inp neg $len @@ -519,12 +521,14 @@ RC4_set_key: mov %eax,-8($dat) mov %eax,-4($dat) ret +.cfi_endproc .size RC4_set_key,.-RC4_set_key .globl RC4_options .type RC4_options,\@abi-omnipotent .align 16 RC4_options: +.cfi_startproc lea .Lopts(%rip),%rax mov OPENSSL_ia32cap_P(%rip),%edx bt \$20,%edx @@ -537,6 +541,7 @@ RC4_options: add \$12,%rax .Ldone: ret +.cfi_endproc .align 64 .Lopts: .asciz "rc4(8x,int)" @@ -693,4 +698,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/build.info b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/build.info index 46ee66b61..913942b5e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/build.info +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/build.info @@ -11,6 +11,8 @@ GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME) GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME) +GENERATE[rc4-s390x.s]=asm/rc4-s390x.pl $(PERLASM_SCHEME) + BEGINRAW[Makefile] # GNU make "catch all" {- $builddir -}/rc4-%.s: {- $sourcedir -}/asm/rc4-%.pl diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_enc.c index 638a75bb0..09ef6a896 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_enc.c @@ -8,7 +8,7 @@ */ #include -#include "rc4_locl.h" +#include "rc4_local.h" /*- * RC4 as implemented from a posting from diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_local.h similarity index 86% rename from trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_local.h index 4380addbc..e739be4be 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_RC4_LOCL_H -# define HEADER_RC4_LOCL_H +#ifndef OSSL_CRYPTO_RC4_LOCAL_H +# define OSSL_CRYPTO_RC4_LOCAL_H # include # include "internal/cryptlib.h" diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_skey.c index e9007331e..100eb79c2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_skey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc4/rc4_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc4_locl.h" +#include "rc4_local.h" #include const char *RC4_options(void) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/asm/rc5-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/asm/rc5-586.pl index e58a98bc8..af11be816 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/asm/rc5-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/asm/rc5-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ $tmp4="edx"; &cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub RC5_32_encrypt { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_ecb.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_ecb.c index c32f38e47..94ec64639 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_ecb.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" #include void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_enc.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_enc.c index 58631dee2..75ddeb2ea 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_enc.c @@ -9,7 +9,7 @@ #include #include -#include "rc5_locl.h" +#include "rc5_local.h" void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC5_32_KEY *ks, unsigned char *iv, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_skey.c index 943a7849b..b2e6bbb1a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_skey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5cfb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5cfb64.c index 9a8aa6b24..cfce7ec1e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5cfb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5ofb64.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5ofb64.c index 3a41d773c..224eb9685 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5ofb64.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rc5/rc5ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/asm/rmd-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/asm/rmd-586.pl index 84aa7ced1..e8d02812b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/asm/rmd-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/asm/rmd-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ $KR3=0x7A6D76E9; &ripemd160_block("ripemd160_block_asm_data_order"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub Xv { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_dgst.c index a1670c7fb..e9e440f18 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_dgst.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_dgst.c @@ -8,7 +8,7 @@ */ #include -#include "rmd_locl.h" +#include "rmd_local.h" #include #ifdef RMD160_ASM @@ -39,7 +39,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num) register unsigned MD32_REG_T A, B, C, D, E; unsigned MD32_REG_T a, b, c, d, e, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_local.h similarity index 96% rename from trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_local.h index f1ae4323c..f3604e349 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ripemd/rmd_local.h @@ -13,7 +13,7 @@ #include /* - * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c + * DO EXAMINE COMMENTS IN crypto/md5/md5_local.h & crypto/md5/md5_dgst.c * FOR EXPLANATIONS ON FOLLOWING "CODE." */ #ifdef RMD160_ASM @@ -42,7 +42,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order -#include "internal/md32_common.h" +#include "crypto/md32_common.h" /* * Transformed F2 and F4 are courtesy of Wei Dai diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ameth.c index 75debb3e0..fb045544a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ameth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,9 +13,9 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "rsa_local.h" #ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si); @@ -118,6 +118,15 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { + /* + * Don't check the public/private key, this is mostly for smart + * cards. + */ + if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) + || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) { + return 1; + } + if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) return 0; @@ -458,6 +467,9 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { X509_ALGOR *alg = NULL; + const EVP_MD *md; + const EVP_MD *mgf1md; + int min_saltlen; switch (op) { @@ -497,6 +509,16 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + if (pkey->pkey.rsa->pss != NULL) { + if (!rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md, + &min_saltlen)) { + RSAerr(0, ERR_R_INTERNAL_ERROR); + return 0; + } + *(int *)arg2 = EVP_MD_type(md); + /* Return of 2 indicates this MD is mandatory */ + return 2; + } *(int *)arg2 = NID_sha256; return 1; @@ -583,10 +605,12 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) return NULL; if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); - } else if (saltlen == -2) { + } else if (saltlen == -2 || saltlen == -3) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; if ((EVP_PKEY_bits(pk) & 0x7) == 1) saltlen--; + if (saltlen < 0) + return NULL; } return rsa_pss_params_create(sigmd, mgf1md, saltlen); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_asn1.c index 9fe62c82e..e8df8d762 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_asn1.c @@ -12,7 +12,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" /* * Override the default free and new methods, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_chk.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_chk.c index 1b69be30c..b4ba7fce3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_chk.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_chk.c @@ -9,7 +9,7 @@ #include #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_check_key(const RSA *key) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_crpt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_crpt.c index f4ef8b438..f1131ce9e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_crpt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_crpt.c @@ -10,9 +10,9 @@ #include #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_bits(const RSA *r) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_err.c index 62fd9e0b1..0687c1e62 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,6 +174,8 @@ static const ERR_STRING_DATA RSA_str_reasons[] = { {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED), "mgf1 digest not allowed"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MISSING_PRIVATE_KEY), + "missing private key"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R), "mp coefficient not inverse of r"}, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_gen.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_gen.c index 7f0a25648..29056a62a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_gen.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ #include #include "internal/cryptlib.h" #include -#include "rsa_locl.h" +#include "rsa_local.h" static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb); @@ -250,7 +250,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, * * This strategy has the following goals: * - * 1. 1024-bit factors are effcient when using 3072 and 4096-bit key + * 1. 1024-bit factors are efficient when using 3072 and 4096-bit key * 2. stay the same logic with normal 2-prime key */ bitse -= bitsr[i]; @@ -387,8 +387,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); ok = 0; } - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); return ok; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_lib.c index 49c34b7c3..63fd1a6db 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,11 +11,11 @@ #include #include "internal/cryptlib.h" #include "internal/refcount.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include #include -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/evp.h" +#include "rsa_local.h" RSA *RSA_new(void) { @@ -198,6 +198,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) if (d != NULL) { BN_clear_free(r->d); r->d = d; + BN_set_flags(r->d, BN_FLG_CONSTTIME); } return 1; @@ -215,10 +216,12 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) if (p != NULL) { BN_clear_free(r->p); r->p = p; + BN_set_flags(r->p, BN_FLG_CONSTTIME); } if (q != NULL) { BN_clear_free(r->q); r->q = q; + BN_set_flags(r->q, BN_FLG_CONSTTIME); } return 1; @@ -237,14 +240,17 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) if (dmp1 != NULL) { BN_clear_free(r->dmp1); r->dmp1 = dmp1; + BN_set_flags(r->dmp1, BN_FLG_CONSTTIME); } if (dmq1 != NULL) { BN_clear_free(r->dmq1); r->dmq1 = dmq1; + BN_set_flags(r->dmq1, BN_FLG_CONSTTIME); } if (iqmp != NULL) { BN_clear_free(r->iqmp); r->iqmp = iqmp; + BN_set_flags(r->iqmp, BN_FLG_CONSTTIME); } return 1; @@ -276,12 +282,15 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], if (pinfo == NULL) goto err; if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) { - BN_free(pinfo->r); - BN_free(pinfo->d); - BN_free(pinfo->t); + BN_clear_free(pinfo->r); + BN_clear_free(pinfo->d); + BN_clear_free(pinfo->t); pinfo->r = primes[i]; pinfo->d = exps[i]; pinfo->t = coeffs[i]; + BN_set_flags(pinfo->r, BN_FLG_CONSTTIME); + BN_set_flags(pinfo->d, BN_FLG_CONSTTIME); + BN_set_flags(pinfo->t, BN_FLG_CONSTTIME); } else { rsa_multip_info_free(pinfo); goto err; @@ -442,6 +451,11 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r) return r->iqmp; } +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r) +{ + return r->pss; +} + void RSA_clear_flags(RSA *r, int flags) { r->flags &= ~flags; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_meth.c index def19f375..2845b79db 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_meth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_meth.c @@ -8,7 +8,7 @@ */ #include -#include "rsa_locl.h" +#include "rsa_local.h" #include RSA_METHOD *RSA_meth_new(const char *name, int flags) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_mp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_mp.c index e7e810823..44dda8f80 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_mp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_mp.c @@ -10,7 +10,7 @@ #include #include -#include "rsa_locl.h" +#include "rsa_local.h" void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_oaep.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_oaep.c index 689e6dc22..302360a96 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_oaep.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_oaep.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,7 +20,7 @@ * one-wayness. For the RSA function, this is an equivalent notion. */ -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" #include #include "internal/cryptlib.h" @@ -28,7 +28,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *from, int flen, @@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, * |num| is the length of the modulus; |flen| is the length of the * encoded message. Therefore, for any |from| that was obtained by * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, - * num < 2 * mdlen + 2 must hold for the modulus irrespective of + * |num| >= 2 * |mdlen| + 2 must hold for the modulus irrespective of * the ciphertext, see PKCS #1 v2.2, section 7.1.2. * This does not leak any side-channel information. */ @@ -179,17 +179,16 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, from -= 1 & mask; *--em = *from & mask; } - from = em; /* * The first byte must be zero, however we must not leak if this is * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). */ - good = constant_time_is_zero(from[0]); + good = constant_time_is_zero(em[0]); - maskedseed = from + 1; - maskeddb = from + 1 + mdlen; + maskedseed = em + 1; + maskeddb = em + 1 + mdlen; if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) goto cleanup; @@ -230,29 +229,30 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, mlen = dblen - msg_index; /* - * For good measure, do this check in constant tine as well. + * For good measure, do this check in constant time as well. */ good &= constant_time_ge(tlen, mlen); /* - * Even though we can't fake result's length, we can pretend copying - * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |dblen| - * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, - * where |mlen'| is "saturated" |mlen| value. Deducing information - * about failure or |mlen| would take attacker's ability to observe - * memory access pattern with byte granularity *as it occurs*. It - * should be noted that failure is indistinguishable from normal - * operation if |tlen| is fixed by protocol. + * Move the result in-place by |dblen|-|mdlen|-1-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |db|+|mdlen|+1 to |to|. + * Otherwise leave |to| unchanged. + * Copy the memory back in a way that does not reveal the size of + * the data being copied via a timing side channel. This requires copying + * parts of the buffer multiple times based on the bits set in the real + * length. Clear bits do a non-copy with identical access pattern. + * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen); - msg_index = constant_time_select_int(good, msg_index, dblen - tlen); - mlen = dblen - msg_index; - for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) { - unsigned int equals = constant_time_eq(i, mlen); - - from -= dblen & equals; /* if (i == dblen) rewind */ - mask &= mask ^ equals; /* if (i == dblen) mask = 0 */ - to[i] = constant_time_select_8(mask, from[i], to[i]); + tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen), + dblen - mdlen - 1, tlen); + for (msg_index = 1; msg_index < dblen - mdlen - 1; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (dblen - mdlen - 1 - mlen), 0); + for (i = mdlen + 1; i < dblen - msg_index; i++) + db[i] = constant_time_select_8(mask, db[i + msg_index], db[i]); + } + for (i = 0; i < tlen; i++) { + mask = good & constant_time_lt(i, mlen); + to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]); } /* diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ossl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ossl.c index 465134257..b52a66f6a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ossl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,9 @@ */ #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "rsa_locl.h" -#include "internal/constant_time_locl.h" +#include "crypto/bn.h" +#include "rsa_local.h" +#include "internal/constant_time.h" static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); @@ -148,8 +148,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, */ r = BN_bn2binpad(ret, to, num); err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; @@ -322,6 +321,11 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } + if (rsa->d == NULL) { + RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_MISSING_PRIVATE_KEY); + BN_free(d); + goto err; + } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, @@ -354,8 +358,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, */ r = BN_bn2binpad(res, to, num); err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; @@ -440,6 +443,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } + if (rsa->d == NULL) { + RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_MISSING_PRIVATE_KEY); + BN_free(d); + goto err; + } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) @@ -481,11 +489,10 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, goto err; } RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); - err_clear_last_constant_time(r >= 0); + err_clear_last_constant_time(1 & ~constant_time_msb(r)); err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; @@ -581,8 +588,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pk1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pk1.c index 062690741..a3d0b7cef 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pk1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pk1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" #include #include "internal/cryptlib.h" @@ -57,7 +57,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, * D - data. */ - if (num < 11) + if (num < RSA_PKCS1_PADDING_SIZE) return -1; /* Accept inputs with and without the leading 0-byte. */ @@ -120,7 +120,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, int i, j; unsigned char *p; - if (flen > (tlen - 11)) { + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; @@ -169,7 +169,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * section 7.2.2. */ - if (flen > num || num < 11) { + if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); return -1; @@ -192,15 +192,14 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, from -= 1 & mask; *--em = *from & mask; } - from = em; - good = constant_time_is_zero(from[0]); - good &= constant_time_eq(from[1], 2); + good = constant_time_is_zero(em[0]); + good &= constant_time_eq(em[1], 2); /* scan over padding data */ found_zero_byte = 0; for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(from[i]); + unsigned int equals0 = constant_time_is_zero(em[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); @@ -208,7 +207,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, } /* - * PS must be at least 8 bytes long, and it starts two bytes into |from|. + * PS must be at least 8 bytes long, and it starts two bytes into |em|. * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ @@ -227,24 +226,25 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, good &= constant_time_ge(tlen, mlen); /* - * Even though we can't fake result's length, we can pretend copying - * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num| - * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, - * where |mlen'| is "saturated" |mlen| value. Deducing information - * about failure or |mlen| would take attacker's ability to observe - * memory access pattern with byte granularity *as it occurs*. It - * should be noted that failure is indistinguishable from normal - * operation if |tlen| is fixed by protocol. + * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. + * Otherwise leave |to| unchanged. + * Copy the memory back in a way that does not reveal the size of + * the data being copied via a timing side channel. This requires copying + * parts of the buffer multiple times based on the bits set in the real + * length. Clear bits do a non-copy with identical access pattern. + * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen); - msg_index = constant_time_select_int(good, msg_index, num - tlen); - mlen = num - msg_index; - for (from += msg_index, mask = good, i = 0; i < tlen; i++) { - unsigned int equals = constant_time_eq(i, mlen); - - from -= tlen & equals; /* if (i == mlen) rewind */ - mask &= mask ^ equals; /* if (i == mlen) mask = 0 */ - to[i] = constant_time_select_8(mask, from[i], to[i]); + tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), + num - RSA_PKCS1_PADDING_SIZE, tlen); + for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); + for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) + em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); + } + for (i = 0; i < tlen; i++) { + mask = good & constant_time_lt(i, mlen); + to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); } OPENSSL_clear_free(em, num); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pmeth.c index c10669f8a..0eb21c8af 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/constant_time.h" + #include #include "internal/cryptlib.h" #include @@ -16,8 +18,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/evp.h" +#include "rsa_local.h" /* RSA pkey context structure */ @@ -54,7 +56,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx) if (rctx == NULL) return 0; - rctx->nbits = 1024; + rctx->nbits = 2048; rctx->primes = RSA_DEFAULT_PRIME_NUM; if (pkey_ctx_is_pss(ctx)) rctx->pad_mode = RSA_PKCS1_PSS_PADDING; @@ -340,10 +342,9 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, rctx->pad_mode); } - if (ret < 0) - return ret; - *outlen = ret; - return 1; + *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); + ret = constant_time_select_int(constant_time_msb(ret), ret, 1); + return ret; } static int check_padding_md(const EVP_MD *md, int padding) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_prn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_prn.c index b5f4bce2a..23df448a5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_prn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,9 +34,11 @@ int RSA_print(BIO *bp, const RSA *x, int off) EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); - if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) + if (pk == NULL) return 0; - ret = EVP_PKEY_print_private(bp, pk, off, NULL); + ret = EVP_PKEY_set1_RSA(pk, (RSA *)x); + if (ret) + ret = EVP_PKEY_print_private(bp, pk, off, NULL); EVP_PKEY_free(pk); return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pss.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pss.c index f7c575d00..40ce1c4d3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pss.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_pss.c @@ -14,7 +14,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_sign.c index 952d24fb8..7fc69361b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_sign.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_sign.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/x509_int.h" -#include "rsa_locl.h" +#include "crypto/x509.h" +#include "rsa_local.h" /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ssl.c index c5654595f..e1c755ae4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ssl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ #include #include #include -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" int RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen) @@ -20,7 +20,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, int i, j; unsigned char *p; - if (flen > (tlen - 11)) { + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; @@ -67,7 +67,10 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned int good, found_zero_byte, mask, threes_in_row; int zero_index = 0, msg_index, mlen = -1, err; - if (flen < 10) { + if (tlen <= 0 || flen <= 0) + return -1; + + if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return -1; } @@ -89,10 +92,9 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, from -= 1 & mask; *--em = *from & mask; } - from = em; - good = constant_time_is_zero(from[0]); - good &= constant_time_eq(from[1], 2); + good = constant_time_is_zero(em[0]); + good &= constant_time_eq(em[1], 2); err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02); mask = ~good; @@ -100,18 +102,18 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, found_zero_byte = 0; threes_in_row = 0; for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(from[i]); + unsigned int equals0 = constant_time_is_zero(em[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); found_zero_byte |= equals0; threes_in_row += 1 & ~found_zero_byte; - threes_in_row &= found_zero_byte | constant_time_eq(from[i], 3); + threes_in_row &= found_zero_byte | constant_time_eq(em[i], 3); } /* - * PS must be at least 8 bytes long, and it starts two bytes into |from|. + * PS must be at least 8 bytes long, and it starts two bytes into |em|. * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ @@ -120,6 +122,12 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSA_R_NULL_BEFORE_BLOCK_MISSING); mask = ~good; + /* + * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note + * that RFC5246 incorrectly states this the other way around, i.e. reject + * if it is not preceded by 8 consecutive 0x03 bytes. However this is + * corrected in subsequent errata for that RFC. + */ good &= constant_time_lt(threes_in_row, 8); err = constant_time_select_int(mask | good, err, RSA_R_SSLV3_ROLLBACK_ATTACK); @@ -139,24 +147,25 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); /* - * Even though we can't fake result's length, we can pretend copying - * |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num| - * bytes are viewed as circular buffer with start at |tlen|-|mlen'|, - * where |mlen'| is "saturated" |mlen| value. Deducing information - * about failure or |mlen| would take attacker's ability to observe - * memory access pattern with byte granularity *as it occurs*. It - * should be noted that failure is indistinguishable from normal - * operation if |tlen| is fixed by protocol. + * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. + * Otherwise leave |to| unchanged. + * Copy the memory back in a way that does not reveal the size of + * the data being copied via a timing side channel. This requires copying + * parts of the buffer multiple times based on the bits set in the real + * length. Clear bits do a non-copy with identical access pattern. + * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen); - msg_index = constant_time_select_int(good, msg_index, num - tlen); - mlen = num - msg_index; - for (from += msg_index, mask = good, i = 0; i < tlen; i++) { - unsigned int equals = constant_time_eq(i, mlen); - - from -= tlen & equals; /* if (i == mlen) rewind */ - mask &= mask ^ equals; /* if (i == mlen) mask = 0 */ - to[i] = constant_time_select_8(mask, from[i], to[i]); + tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), + num - RSA_PKCS1_PADDING_SIZE, tlen); + for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); + for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) + em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); + } + for (i = 0; i < tlen; i++) { + mask = good & constant_time_lt(i, mlen); + to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); } OPENSSL_clear_free(em, num); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931g.c b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931g.c index 15e40e8d1..322cd14a8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931g.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/rsa/rsa_x931g.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" /* X9.31 RSA key derivation and generation */ @@ -133,8 +133,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, ret = 1; err: - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); BN_CTX_free(ctx2); @@ -188,8 +187,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, ok = 1; error: - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); if (ok) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/s390x_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/s390x_arch.h index 4a775a927..4d2cc02eb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/s390x_arch.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/s390x_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef S390X_ARCH_H -# define S390X_ARCH_H +#ifndef OSSL_CRYPTO_S390X_ARCH_H +# define OSSL_CRYPTO_S390X_ARCH_H # ifndef __ASSEMBLER__ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcap.c index e7c7f0a35..5d58b2d80 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcap.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,7 +29,7 @@ struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; void OPENSSL_cpuid_setup(void) { sigset_t oset; - struct sigaction ill_act, oact; + struct sigaction ill_act, oact_ill, oact_fpe; if (OPENSSL_s390xcap_P.stfle[0]) return; @@ -44,8 +44,8 @@ void OPENSSL_cpuid_setup(void) sigdelset(&ill_act.sa_mask, SIGFPE); sigdelset(&ill_act.sa_mask, SIGTRAP); sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); - sigaction(SIGILL, &ill_act, &oact); - sigaction(SIGFPE, &ill_act, &oact); + sigaction(SIGILL, &ill_act, &oact_ill); + sigaction(SIGFPE, &ill_act, &oact_fpe); /* protection against missing store-facility-list-extended */ if (sigsetjmp(ill_jmp, 1) == 0) @@ -61,7 +61,7 @@ void OPENSSL_cpuid_setup(void) | S390X_CAPBIT(S390X_VXE)); } - sigaction(SIGFPE, &oact, NULL); - sigaction(SIGILL, &oact, NULL); + sigaction(SIGFPE, &oact_fpe, NULL); + sigaction(SIGILL, &oact_ill, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcpuid.pl index ec700a47d..5cbb96253 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcpuid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/s390xcpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -418,4 +418,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed.c b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed.c index d62da91ed..c3a1f183a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed.c @@ -42,7 +42,7 @@ # endif # include -# include "seed_locl.h" +# include "seed_local.h" # ifdef SS /* can get defined on Solaris by inclusion of * */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_local.h similarity index 97% rename from trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_local.h index ac2950d97..e3681f8bd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/seed/seed_local.h @@ -32,8 +32,8 @@ * SUCH DAMAGE. * */ -#ifndef HEADER_SEED_LOCL_H -# define HEADER_SEED_LOCL_H +#ifndef OSSL_CRYPTO_SEED_LOCAL_H +# define OSSL_CRYPTO_SEED_LOCAL_H # include "openssl/e_os2.h" # include @@ -109,4 +109,4 @@ typedef unsigned int seed_word; (X1) ^= (T0); \ (X2) ^= (T1) -#endif /* HEADER_SEED_LOCL_H */ +#endif /* OSSL_CRYPTO_SEED_LOCAL_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv4.pl index 8bf665c8b..39fe559e9 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv4.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv4.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1104,9 +1104,9 @@ KeccakF1600_neon: .align 4 .Loop_neon: @ Theta - vst1.64 {q4}, [r0:64] @ offload A[0..1][4] + vst1.64 {q4}, [r0,:64] @ offload A[0..1][4] veor q13, q0, q5 @ A[0..1][0]^A[2..3][0] - vst1.64 {d18}, [r1:64] @ offload A[2][4] + vst1.64 {d18}, [r1,:64] @ offload A[2][4] veor q14, q1, q6 @ A[0..1][1]^A[2..3][1] veor q15, q2, q7 @ A[0..1][2]^A[2..3][2] veor d26, d26, d27 @ C[0]=A[0][0]^A[1][0]^A[2][0]^A[3][0] @@ -1149,10 +1149,10 @@ KeccakF1600_neon: veor d16, d16, d28 @ A[2][3] ^= C[2] veor d17, d17, d28 @ A[3][3] ^= C[2] veor d23, d23, d28 @ A[4][3] ^= C[2] - vld1.64 {q4}, [r0:64] @ restore A[0..1][4] + vld1.64 {q4}, [r0,:64] @ restore A[0..1][4] vmov d28, d29 - vld1.64 {d18}, [r1:64] @ restore A[2][4] + vld1.64 {d18}, [r1,:64] @ restore A[2][4] veor q2, q2, q13 @ A[0..1][2] ^= D[2] veor q7, q7, q13 @ A[2..3][2] ^= D[2] veor d22, d22, d27 @ A[4][2] ^= D[2] @@ -1227,7 +1227,7 @@ KeccakF1600_neon: veor q13, q13, q0 @ A[0..1][0] ^ (~A[0..1][1] & A[0..1][2]) veor q14, q14, q1 @ A[0..1][1] ^ (~A[0..1][2] & A[0..1][3]) veor q2, q2, q15 @ A[0..1][2] ^= (~A[0..1][3] & A[0..1][4]) - vst1.64 {q13}, [r0:64] @ offload A[0..1][0] + vst1.64 {q13}, [r0,:64] @ offload A[0..1][0] vbic q13, q0, q4 vbic q15, q1, q0 vmov q1, q14 @ A[0..1][1] @@ -1248,10 +1248,10 @@ KeccakF1600_neon: vmov q14, q10 @ A[4][0..1] veor q9, q9, q13 @ A[2..3][4] ^= (~A[2..3][0] & A[2..3][1]) - vld1.64 d25, [r2:64]! @ Iota[i++] + vld1.64 d25, [r2,:64]! @ Iota[i++] vbic d26, d22, d21 vbic d27, d23, d22 - vld1.64 {q0}, [r0:64] @ restore A[0..1][0] + vld1.64 {q0}, [r0,:64] @ restore A[0..1][0] veor d20, d20, d26 @ A[4][0] ^= (~A[4][1] & A[4][2]) vbic d26, d24, d23 veor d21, d21, d27 @ A[4][1] ^= (~A[4][2] & A[4][3]) @@ -1279,32 +1279,32 @@ SHA3_absorb_neon: mov r5, r2 @ len mov r6, r3 @ bsz - vld1.32 {d0}, [r0:64]! @ A[0][0] - vld1.32 {d2}, [r0:64]! @ A[0][1] - vld1.32 {d4}, [r0:64]! @ A[0][2] - vld1.32 {d6}, [r0:64]! @ A[0][3] - vld1.32 {d8}, [r0:64]! @ A[0][4] + vld1.32 {d0}, [r0,:64]! @ A[0][0] + vld1.32 {d2}, [r0,:64]! @ A[0][1] + vld1.32 {d4}, [r0,:64]! @ A[0][2] + vld1.32 {d6}, [r0,:64]! @ A[0][3] + vld1.32 {d8}, [r0,:64]! @ A[0][4] - vld1.32 {d1}, [r0:64]! @ A[1][0] - vld1.32 {d3}, [r0:64]! @ A[1][1] - vld1.32 {d5}, [r0:64]! @ A[1][2] - vld1.32 {d7}, [r0:64]! @ A[1][3] - vld1.32 {d9}, [r0:64]! @ A[1][4] + vld1.32 {d1}, [r0,:64]! @ A[1][0] + vld1.32 {d3}, [r0,:64]! @ A[1][1] + vld1.32 {d5}, [r0,:64]! @ A[1][2] + vld1.32 {d7}, [r0,:64]! @ A[1][3] + vld1.32 {d9}, [r0,:64]! @ A[1][4] - vld1.32 {d10}, [r0:64]! @ A[2][0] - vld1.32 {d12}, [r0:64]! @ A[2][1] - vld1.32 {d14}, [r0:64]! @ A[2][2] - vld1.32 {d16}, [r0:64]! @ A[2][3] - vld1.32 {d18}, [r0:64]! @ A[2][4] + vld1.32 {d10}, [r0,:64]! @ A[2][0] + vld1.32 {d12}, [r0,:64]! @ A[2][1] + vld1.32 {d14}, [r0,:64]! @ A[2][2] + vld1.32 {d16}, [r0,:64]! @ A[2][3] + vld1.32 {d18}, [r0,:64]! @ A[2][4] - vld1.32 {d11}, [r0:64]! @ A[3][0] - vld1.32 {d13}, [r0:64]! @ A[3][1] - vld1.32 {d15}, [r0:64]! @ A[3][2] - vld1.32 {d17}, [r0:64]! @ A[3][3] - vld1.32 {d19}, [r0:64]! @ A[3][4] + vld1.32 {d11}, [r0,:64]! @ A[3][0] + vld1.32 {d13}, [r0,:64]! @ A[3][1] + vld1.32 {d15}, [r0,:64]! @ A[3][2] + vld1.32 {d17}, [r0,:64]! @ A[3][3] + vld1.32 {d19}, [r0,:64]! @ A[3][4] - vld1.32 {d20-d23}, [r0:64]! @ A[4][0..3] - vld1.32 {d24}, [r0:64] @ A[4][4] + vld1.32 {d20-d23}, [r0,:64]! @ A[4][0..3] + vld1.32 {d24}, [r0,:64] @ A[4][4] sub r0, r0, #24*8 @ rewind b .Loop_absorb_neon @@ -1411,32 +1411,32 @@ SHA3_absorb_neon: .align 4 .Labsorbed_neon: - vst1.32 {d0}, [r0:64]! @ A[0][0..4] - vst1.32 {d2}, [r0:64]! - vst1.32 {d4}, [r0:64]! - vst1.32 {d6}, [r0:64]! - vst1.32 {d8}, [r0:64]! + vst1.32 {d0}, [r0,:64]! @ A[0][0..4] + vst1.32 {d2}, [r0,:64]! + vst1.32 {d4}, [r0,:64]! + vst1.32 {d6}, [r0,:64]! + vst1.32 {d8}, [r0,:64]! - vst1.32 {d1}, [r0:64]! @ A[1][0..4] - vst1.32 {d3}, [r0:64]! - vst1.32 {d5}, [r0:64]! - vst1.32 {d7}, [r0:64]! - vst1.32 {d9}, [r0:64]! + vst1.32 {d1}, [r0,:64]! @ A[1][0..4] + vst1.32 {d3}, [r0,:64]! + vst1.32 {d5}, [r0,:64]! + vst1.32 {d7}, [r0,:64]! + vst1.32 {d9}, [r0,:64]! - vst1.32 {d10}, [r0:64]! @ A[2][0..4] - vst1.32 {d12}, [r0:64]! - vst1.32 {d14}, [r0:64]! - vst1.32 {d16}, [r0:64]! - vst1.32 {d18}, [r0:64]! + vst1.32 {d10}, [r0,:64]! @ A[2][0..4] + vst1.32 {d12}, [r0,:64]! + vst1.32 {d14}, [r0,:64]! + vst1.32 {d16}, [r0,:64]! + vst1.32 {d18}, [r0,:64]! - vst1.32 {d11}, [r0:64]! @ A[3][0..4] - vst1.32 {d13}, [r0:64]! - vst1.32 {d15}, [r0:64]! - vst1.32 {d17}, [r0:64]! - vst1.32 {d19}, [r0:64]! + vst1.32 {d11}, [r0,:64]! @ A[3][0..4] + vst1.32 {d13}, [r0,:64]! + vst1.32 {d15}, [r0,:64]! + vst1.32 {d17}, [r0,:64]! + vst1.32 {d19}, [r0,:64]! - vst1.32 {d20-d23}, [r0:64]! @ A[4][0..4] - vst1.32 {d24}, [r0:64] + vst1.32 {d20-d23}, [r0,:64]! @ A[4][0..4] + vst1.32 {d24}, [r0,:64] mov r0, r5 @ return value vldmia sp!, {d8-d15} @@ -1471,64 +1471,64 @@ SHA3_squeeze_neon: vstmdb sp!, {d8-d15} - vld1.32 {d0}, [r0:64]! @ A[0][0..4] - vld1.32 {d2}, [r0:64]! - vld1.32 {d4}, [r0:64]! - vld1.32 {d6}, [r0:64]! - vld1.32 {d8}, [r0:64]! + vld1.32 {d0}, [r0,:64]! @ A[0][0..4] + vld1.32 {d2}, [r0,:64]! + vld1.32 {d4}, [r0,:64]! + vld1.32 {d6}, [r0,:64]! + vld1.32 {d8}, [r0,:64]! - vld1.32 {d1}, [r0:64]! @ A[1][0..4] - vld1.32 {d3}, [r0:64]! - vld1.32 {d5}, [r0:64]! - vld1.32 {d7}, [r0:64]! - vld1.32 {d9}, [r0:64]! + vld1.32 {d1}, [r0,:64]! @ A[1][0..4] + vld1.32 {d3}, [r0,:64]! + vld1.32 {d5}, [r0,:64]! + vld1.32 {d7}, [r0,:64]! + vld1.32 {d9}, [r0,:64]! - vld1.32 {d10}, [r0:64]! @ A[2][0..4] - vld1.32 {d12}, [r0:64]! - vld1.32 {d14}, [r0:64]! - vld1.32 {d16}, [r0:64]! - vld1.32 {d18}, [r0:64]! + vld1.32 {d10}, [r0,:64]! @ A[2][0..4] + vld1.32 {d12}, [r0,:64]! + vld1.32 {d14}, [r0,:64]! + vld1.32 {d16}, [r0,:64]! + vld1.32 {d18}, [r0,:64]! - vld1.32 {d11}, [r0:64]! @ A[3][0..4] - vld1.32 {d13}, [r0:64]! - vld1.32 {d15}, [r0:64]! - vld1.32 {d17}, [r0:64]! - vld1.32 {d19}, [r0:64]! + vld1.32 {d11}, [r0,:64]! @ A[3][0..4] + vld1.32 {d13}, [r0,:64]! + vld1.32 {d15}, [r0,:64]! + vld1.32 {d17}, [r0,:64]! + vld1.32 {d19}, [r0,:64]! - vld1.32 {d20-d23}, [r0:64]! @ A[4][0..4] - vld1.32 {d24}, [r0:64] + vld1.32 {d20-d23}, [r0,:64]! @ A[4][0..4] + vld1.32 {d24}, [r0,:64] sub r0, r0, #24*8 @ rewind bl KeccakF1600_neon mov r12, r0 @ A_flat - vst1.32 {d0}, [r0:64]! @ A[0][0..4] - vst1.32 {d2}, [r0:64]! - vst1.32 {d4}, [r0:64]! - vst1.32 {d6}, [r0:64]! - vst1.32 {d8}, [r0:64]! + vst1.32 {d0}, [r0,:64]! @ A[0][0..4] + vst1.32 {d2}, [r0,:64]! + vst1.32 {d4}, [r0,:64]! + vst1.32 {d6}, [r0,:64]! + vst1.32 {d8}, [r0,:64]! - vst1.32 {d1}, [r0:64]! @ A[1][0..4] - vst1.32 {d3}, [r0:64]! - vst1.32 {d5}, [r0:64]! - vst1.32 {d7}, [r0:64]! - vst1.32 {d9}, [r0:64]! + vst1.32 {d1}, [r0,:64]! @ A[1][0..4] + vst1.32 {d3}, [r0,:64]! + vst1.32 {d5}, [r0,:64]! + vst1.32 {d7}, [r0,:64]! + vst1.32 {d9}, [r0,:64]! - vst1.32 {d10}, [r0:64]! @ A[2][0..4] - vst1.32 {d12}, [r0:64]! - vst1.32 {d14}, [r0:64]! - vst1.32 {d16}, [r0:64]! - vst1.32 {d18}, [r0:64]! + vst1.32 {d10}, [r0,:64]! @ A[2][0..4] + vst1.32 {d12}, [r0,:64]! + vst1.32 {d14}, [r0,:64]! + vst1.32 {d16}, [r0,:64]! + vst1.32 {d18}, [r0,:64]! - vst1.32 {d11}, [r0:64]! @ A[3][0..4] - vst1.32 {d13}, [r0:64]! - vst1.32 {d15}, [r0:64]! - vst1.32 {d17}, [r0:64]! - vst1.32 {d19}, [r0:64]! + vst1.32 {d11}, [r0,:64]! @ A[3][0..4] + vst1.32 {d13}, [r0,:64]! + vst1.32 {d15}, [r0,:64]! + vst1.32 {d17}, [r0,:64]! + vst1.32 {d19}, [r0,:64]! - vst1.32 {d20-d23}, [r0:64]! @ A[4][0..4] + vst1.32 {d20-d23}, [r0,:64]! @ A[4][0..4] mov r14, r6 @ bsz - vst1.32 {d24}, [r0:64] + vst1.32 {d24}, [r0,:64] mov r0, r12 @ rewind vldmia sp!, {d8-d15} @@ -1603,4 +1603,4 @@ foreach (split($/,$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv8.pl index a3117bd75..ce5df4d6d 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv8.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-armv8.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -738,7 +738,7 @@ $code.=<<___; blo .Lprocess_block_ce ldr d31,[$inp],#8 // *inp++ #ifdef __AARCH64EB__ - rev v31.16b,v31.16b + rev64 v31.16b,v31.16b #endif eor $A[$j/5][$j%5],$A[$j/5][$j%5],v31.16b beq .Lprocess_block_ce @@ -747,7 +747,7 @@ ___ $code.=<<___; ldr d31,[$inp],#8 // *inp++ #ifdef __AARCH64EB__ - rev v31.16b,v31.16b + rev64 v31.16b,v31.16b #endif eor $A[4][4],$A[4][4],v31.16b @@ -877,4 +877,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx2.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx2.pl index d9fc1c59e..6104caf4f 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx2.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx2.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -479,4 +479,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512.pl index 9074ff02d..6bfff7881 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -548,4 +548,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512vl.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512vl.pl index a21bb8615..446706fc6 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512vl.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-avx512vl.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -389,4 +389,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-c64x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-c64x.pl index b00af9af9..4d1bbee2c 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-c64x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-c64x.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -882,4 +882,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-mmx.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-mmx.pl index c7685add7..353f1e147 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-mmx.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-mmx.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ # produce worse code. On the other hand one can wonder why not 128-bit # SSE2? Well, SSE2 won't provide double improvement, rather far from # that, if any at all on some processors, because it will take extra -# permutations and inter-bank data trasfers. Besides, contemporary +# permutations and inter-bank data transfers. Besides, contemporary # CPUs are better off executing 64-bit code, and it makes lesser sense # to invest into fancy 32-bit code. And the decision doesn't seem to # be inadequate, if one compares below results to "64-bit platforms in @@ -437,4 +437,4 @@ sub Rho() { ######### regular Rho step &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-ppc64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-ppc64.pl index 30e70c5d6..11b6329f0 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-ppc64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-ppc64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -755,4 +755,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-s390x.pl index 1184cf233..a7d819a59 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-s390x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-s390x.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -557,4 +557,4 @@ ___ $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-x86_64.pl index 42de5bf12..b1a7e65e6 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600-x86_64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,7 @@ # Ryzen 8.8 # # (*) Corresponds to SHA3-256. Improvement over compiler-generate -# varies a lot, most commont coefficient is 15% in comparison to +# varies a lot, most common coefficient is 15% in comparison to # gcc-5.x, 50% for gcc-4.x, 90% for gcc-3.x. # (**) Sandy Bridge has broken rotate instruction. Performance can be # improved by 14% by replacing rotates with double-precision @@ -84,6 +84,7 @@ $code.=<<___; .type __KeccakF1600,\@abi-omnipotent .align 32 __KeccakF1600: +.cfi_startproc mov $A[4][0](%rdi),@C[0] mov $A[4][1](%rdi),@C[1] mov $A[4][2](%rdi),@C[2] @@ -342,6 +343,7 @@ $code.=<<___; lea -192($iotas),$iotas # rewind iotas ret +.cfi_endproc .size __KeccakF1600,.-__KeccakF1600 .type KeccakF1600,\@abi-omnipotent @@ -604,4 +606,4 @@ foreach (split("\n",$code)) { print $_, "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600p8-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600p8-ppc.pl index de2bcd660..c04c7deaf 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600p8-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/keccak1600p8-ppc.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -847,4 +847,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-586.pl index 9d4ff7f39..b72869b86 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -144,7 +144,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 @@ -1488,4 +1488,4 @@ sub Xtail_avx() &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-alpha.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-alpha.pl index c1a0b0c69..540ef3b47 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-alpha.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-alpha.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -326,4 +326,4 @@ $code.=<<___; ___ $output=pop and open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv4-large.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv4-large.pl index 7ff5bfbba..52d426bb2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv4-large.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv4-large.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -739,4 +739,4 @@ foreach (split($/,$code)) { print $_,$/; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv8.pl index 3ba871fed..557cabc01 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv8.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -176,6 +176,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 @@ -329,7 +330,6 @@ $code.=<<___; #endif .asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by " .align 2 -.comm OPENSSL_armcap_P,4,4 ___ }}} @@ -361,4 +361,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-c64xplus.pl index 4db2bcb06..ceec503a9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-c64xplus.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -334,4 +334,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mb-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mb-x86_64.pl index 443b64983..47c588715 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mb-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1625,4 +1625,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mips.pl index 08f84bc3b..c293cd3bf 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mips.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -458,4 +458,4 @@ $code.=<<___; .asciiz "SHA1 for MIPS, CRYPTOGAMS by " ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-parisc.pl index b001be16a..70ef7956a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-parisc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -276,4 +276,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ppc.pl index 0cda0a3e1..650a62912 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -348,4 +348,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-s390x.pl index 5729c3089..653a6cb50 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-s390x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -246,4 +246,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9.pl index 3e612e3d5..8c23d85a3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -431,4 +431,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9a.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9a.pl index 50d3e136a..4e90da4b8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9a.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-sparcv9a.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -605,4 +605,4 @@ $code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/ &unalignaddr($1,$2,$3,$4) /gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-thumb.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-thumb.pl index ac74a25d6..b53e0bee0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-thumb.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-thumb.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -263,4 +263,4 @@ $code.=<<___; ___ print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-x86_64.pl index 60819f618..89146d137 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha1-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -119,7 +119,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -468,8 +468,8 @@ $code.=<<___ if ($win64); .Lepilogue_shaext: ___ $code.=<<___; -.cfi_endproc ret +.cfi_endproc .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext ___ }}} @@ -2129,4 +2129,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-586.pl index dccc771ad..7523dbc16 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -96,7 +96,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1293,4 +1293,4 @@ sub bodyx_00_15 () { # +10% &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-armv4.pl index edcfc3127..d120febb4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-armv4.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -729,4 +729,4 @@ foreach (split($/,$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-c64xplus.pl index 3ab7d9b68..b2d00e4fb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-c64xplus.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -317,4 +317,4 @@ K256: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-mb-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-mb-x86_64.pl index 73978dbd8..c8cc6efac 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-mb-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha256-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1611,4 +1611,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-586.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-586.pl index 867ce30b9..66b6e96f9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-586.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -922,4 +922,4 @@ sub BODY_00_15_ssse3 { # "phase-less" copy of BODY_00_15_sse2 &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv4.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv4.pl index 0b4c5674d..e9c5e0ce7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv4.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -665,4 +665,4 @@ while() { close SELF; print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv8.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv8.pl index 01ffe9f98..3188c905e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv8.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -193,6 +193,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl $func .type $func,%function .align 6 @@ -840,12 +841,6 @@ $code.=<<___; ___ } -$code.=<<___; -#ifndef __KERNEL__ -.comm OPENSSL_armcap_P,4,4 -#endif -___ - { my %opcode = ( "sha256h" => 0x5e004000, "sha256h2" => 0x5e005000, "sha256su0" => 0x5e282800, "sha256su1" => 0x5e006000 ); @@ -902,4 +897,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-c64xplus.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-c64xplus.pl index 9ebfc92e2..4263fb134 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-c64xplus.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -435,4 +435,4 @@ K512: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-mips.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-mips.pl index dab684dde..15acd5308 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-mips.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -518,4 +518,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-parisc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-parisc.pl index 59eb320ab..132f1db8e 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-parisc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -804,4 +804,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ppc.pl index 71699f663..265ecfa58 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -796,4 +796,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-s390x.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-s390x.pl index 4c0f4e793..9752fed4e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-s390x.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -321,4 +321,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-sparcv9.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-sparcv9.pl index 4432bda65..54429d34e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-sparcv9.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ # over 2x than 32-bit code. X[16] resides on stack, but access to it # is scheduled for L2 latency and staged through 32 least significant # bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI -# duality. Nevetheless it's ~40% faster than SHA256, which is pretty +# duality. Nevertheless it's ~40% faster than SHA256, which is pretty # good [optimal coefficient is 50%]. # # SHA512 on UltraSPARC T1. @@ -854,4 +854,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-x86_64.pl index f2ebdfdb6..ad37850e6 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -135,7 +135,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -569,6 +569,7 @@ $code.=<<___; .align 64 sha256_block_data_order_shaext: _shaext_shortcut: +.cfi_startproc ___ $code.=<<___ if ($win64); lea `-8-5*16`(%rsp),%rsp @@ -712,6 +713,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size sha256_block_data_order_shaext,.-sha256_block_data_order_shaext ___ }}} @@ -1992,7 +1994,23 @@ $code.=<<___; vmovdqa $t0,0x00(%rsp) xor $a1,$a1 vmovdqa $t1,0x20(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rdi as frame pointer + mov $_rsp,%rdi +.cfi_def_cfa %rdi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rdi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; mov $B,$a3 vmovdqa $t2,0x00(%rsp) xor $C,$a3 # magic @@ -2012,7 +2030,18 @@ my @X = @_; my @insns = (&$body,&$body,&$body,&$body); # 96 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%2)==0); + if (($j%2)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } + foreach (Xupdate_256_AVX()) { # 29 instructions eval; eval(shift(@insns)); @@ -2083,7 +2112,23 @@ $code.=<<___; vmovdqa $t2,0x40(%rsp) vpaddq 0x40($Tbl),@X[6],$t2 vmovdqa $t3,0x60(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rdi as frame pointer + mov $_rsp,%rdi +.cfi_def_cfa %rdi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rdi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; vpaddq 0x60($Tbl),@X[7],$t3 vmovdqa $t0,0x00(%rsp) xor $a1,$a1 @@ -2107,7 +2152,18 @@ my @X = @_; my @insns = (&$body,&$body); # 48 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%4)==0); + if (($j%4)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } + foreach (Xupdate_512_AVX()) { # 23 instructions eval; if ($_ !~ /\;$/) { @@ -2182,6 +2238,8 @@ $code.=<<___; add $a1,$A #mov `2*$SZ*$rounds+8`(%rsp),$inp # $_inp lea `2*$SZ*($rounds-8)`(%rsp),%rsp +# restore frame pointer to original location at $_rsp +.cfi_cfa_expression $_rsp,deref,+8 add $SZ*0($ctx),$A add $SZ*1($ctx),$B @@ -2207,22 +2265,24 @@ $code.=<<___; jbe .Loop_avx2 lea (%rsp),$Tbl +# temporarily use $Tbl as index to $_rsp +# this avoids the need to save a secondary frame pointer at -8(%rsp) +.cfi_cfa_expression $Tbl+`16*$SZ+3*8`,deref,+8 .Ldone_avx2: - lea ($Tbl),%rsp - mov $_rsp,%rsi + mov `16*$SZ+3*8`($Tbl),%rsi .cfi_def_cfa %rsi,8 vzeroupper ___ $code.=<<___ if ($win64); - movaps 16*$SZ+32(%rsp),%xmm6 - movaps 16*$SZ+48(%rsp),%xmm7 - movaps 16*$SZ+64(%rsp),%xmm8 - movaps 16*$SZ+80(%rsp),%xmm9 + movaps 16*$SZ+32($Tbl),%xmm6 + movaps 16*$SZ+48($Tbl),%xmm7 + movaps 16*$SZ+64($Tbl),%xmm8 + movaps 16*$SZ+80($Tbl),%xmm9 ___ $code.=<<___ if ($win64 && $SZ>4); - movaps 16*$SZ+96(%rsp),%xmm10 - movaps 16*$SZ+112(%rsp),%xmm11 + movaps 16*$SZ+96($Tbl),%xmm10 + movaps 16*$SZ+112($Tbl),%xmm11 ___ $code.=<<___; mov -48(%rsi),%r15 @@ -2495,4 +2555,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512p8-ppc.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512p8-ppc.pl index 0d4fdd292..3f2029642 100755 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512p8-ppc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/asm/sha512p8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -417,4 +417,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/keccak1600.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/keccak1600.c index e7223486a..55a44023d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/keccak1600.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/keccak1600.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,30 +78,30 @@ static const unsigned char rhotates[5][5] = { }; static const uint64_t iotas[] = { - BIT_INTERLEAVE ? 0x0000000000000001U : 0x0000000000000001U, - BIT_INTERLEAVE ? 0x0000008900000000U : 0x0000000000008082U, - BIT_INTERLEAVE ? 0x8000008b00000000U : 0x800000000000808aU, - BIT_INTERLEAVE ? 0x8000808000000000U : 0x8000000080008000U, - BIT_INTERLEAVE ? 0x0000008b00000001U : 0x000000000000808bU, - BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U, - BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U, - BIT_INTERLEAVE ? 0x8000008200000001U : 0x8000000000008009U, - BIT_INTERLEAVE ? 0x0000000b00000000U : 0x000000000000008aU, - BIT_INTERLEAVE ? 0x0000000a00000000U : 0x0000000000000088U, - BIT_INTERLEAVE ? 0x0000808200000001U : 0x0000000080008009U, - BIT_INTERLEAVE ? 0x0000800300000000U : 0x000000008000000aU, - BIT_INTERLEAVE ? 0x0000808b00000001U : 0x000000008000808bU, - BIT_INTERLEAVE ? 0x8000000b00000001U : 0x800000000000008bU, - BIT_INTERLEAVE ? 0x8000008a00000001U : 0x8000000000008089U, - BIT_INTERLEAVE ? 0x8000008100000001U : 0x8000000000008003U, - BIT_INTERLEAVE ? 0x8000008100000000U : 0x8000000000008002U, - BIT_INTERLEAVE ? 0x8000000800000000U : 0x8000000000000080U, - BIT_INTERLEAVE ? 0x0000008300000000U : 0x000000000000800aU, - BIT_INTERLEAVE ? 0x8000800300000000U : 0x800000008000000aU, - BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U, - BIT_INTERLEAVE ? 0x8000008800000000U : 0x8000000000008080U, - BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U, - BIT_INTERLEAVE ? 0x8000808200000000U : 0x8000000080008008U + BIT_INTERLEAVE ? 0x0000000000000001ULL : 0x0000000000000001ULL, + BIT_INTERLEAVE ? 0x0000008900000000ULL : 0x0000000000008082ULL, + BIT_INTERLEAVE ? 0x8000008b00000000ULL : 0x800000000000808aULL, + BIT_INTERLEAVE ? 0x8000808000000000ULL : 0x8000000080008000ULL, + BIT_INTERLEAVE ? 0x0000008b00000001ULL : 0x000000000000808bULL, + BIT_INTERLEAVE ? 0x0000800000000001ULL : 0x0000000080000001ULL, + BIT_INTERLEAVE ? 0x8000808800000001ULL : 0x8000000080008081ULL, + BIT_INTERLEAVE ? 0x8000008200000001ULL : 0x8000000000008009ULL, + BIT_INTERLEAVE ? 0x0000000b00000000ULL : 0x000000000000008aULL, + BIT_INTERLEAVE ? 0x0000000a00000000ULL : 0x0000000000000088ULL, + BIT_INTERLEAVE ? 0x0000808200000001ULL : 0x0000000080008009ULL, + BIT_INTERLEAVE ? 0x0000800300000000ULL : 0x000000008000000aULL, + BIT_INTERLEAVE ? 0x0000808b00000001ULL : 0x000000008000808bULL, + BIT_INTERLEAVE ? 0x8000000b00000001ULL : 0x800000000000008bULL, + BIT_INTERLEAVE ? 0x8000008a00000001ULL : 0x8000000000008089ULL, + BIT_INTERLEAVE ? 0x8000008100000001ULL : 0x8000000000008003ULL, + BIT_INTERLEAVE ? 0x8000008100000000ULL : 0x8000000000008002ULL, + BIT_INTERLEAVE ? 0x8000000800000000ULL : 0x8000000000000080ULL, + BIT_INTERLEAVE ? 0x0000008300000000ULL : 0x000000000000800aULL, + BIT_INTERLEAVE ? 0x8000800300000000ULL : 0x800000008000000aULL, + BIT_INTERLEAVE ? 0x8000808800000001ULL : 0x8000000080008081ULL, + BIT_INTERLEAVE ? 0x8000008800000000ULL : 0x8000000000008080ULL, + BIT_INTERLEAVE ? 0x0000800000000001ULL : 0x0000000080000001ULL, + BIT_INTERLEAVE ? 0x8000808200000000ULL : 0x8000000080008008ULL }; #if defined(KECCAK_REF) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1dgst.c index 819370e61..7965829e6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1dgst.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha1dgst.c @@ -14,4 +14,4 @@ /* The implementation is in ../md32_common.h */ -# include "sha_locl.h" +# include "sha_local.h" diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha256.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha256.c index bf78f075e..11050ba54 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha256.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha256.c @@ -128,7 +128,7 @@ static #endif void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); -#include "internal/md32_common.h" +#include "crypto/md32_common.h" #ifndef SHA256_ASM static const SHA_LONG K256[64] = { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha512.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha512.c index 50b65ee81..ca1f387a6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha512.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha512.c @@ -50,7 +50,7 @@ #include #include "internal/cryptlib.h" -#include "internal/sha.h" +#include "crypto/sha.h" #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_local.h similarity index 99% rename from trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_local.h index 4e5a09038..6edb9ef1d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sha/sha_local.h @@ -42,7 +42,7 @@ static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #endif -#include "internal/md32_common.h" +#include "crypto/md32_common.h" #define INIT_DATA_h0 0x67452301UL #define INIT_DATA_h1 0xefcdab89UL diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash.c b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash.c index be74a38d9..07d94c1e6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash.c @@ -27,7 +27,7 @@ #include #include -#include "internal/siphash.h" +#include "crypto/siphash.h" #include "siphash_local.h" /* default: SipHash-2-4 */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_ameth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_ameth.c index c0ab7efae..7fce76390 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_ameth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,10 +10,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/siphash.h" +#include "crypto/asn1.h" +#include "crypto/siphash.h" #include "siphash_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* * SIPHASH "ASN1" method. This is just here to indicate the maximum @@ -44,7 +44,7 @@ static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); + return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0; } static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_pmeth.c index 66e552fec..0c7d2c619 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/siphash/siphash_pmeth.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/siphash.h" +#include "crypto/siphash.h" #include "siphash_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* SIPHASH pkey context structure */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_crypt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_crypt.c index 4389fc731..83b97f4ed 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_crypt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_crypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -9,9 +9,9 @@ * https://www.openssl.org/source/license.html */ -#include "internal/sm2.h" -#include "internal/sm2err.h" -#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */ +#include "crypto/sm2.h" +#include "crypto/sm2err.h" +#include "crypto/ec.h" /* ecdh_KDF_X9_63() */ #include #include #include @@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group) return field_size; } -int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, - size_t *pt_size) +int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size) { - const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); - const int md_size = EVP_MD_size(digest); - size_t overhead; + struct SM2_Ciphertext_st *sm2_ctext = NULL; - if (md_size < 0) { - SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST); - return 0; - } - if (field_size == 0) { - SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD); - return 0; - } + sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); - overhead = 10 + 2 * field_size + (size_t)md_size; - if (msg_len <= overhead) { + if (sm2_ctext == NULL) { SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING); return 0; } - *pt_size = msg_len - overhead; + *pt_size = sm2_ctext->C2->length; + SM2_Ciphertext_free(sm2_ctext); + return 1; } @@ -303,6 +294,10 @@ int sm2_decrypt(const EC_KEY *key, C2 = sm2_ctext->C2->data; C3 = sm2_ctext->C3->data; msg_len = sm2_ctext->C2->length; + if (*ptext_len < (size_t)msg_len) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL); + goto done; + } ctx = BN_CTX_new(); if (ctx == NULL) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_err.c index 653c6797f..e5973e9c7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_err.c @@ -9,7 +9,7 @@ */ #include -#include "internal/sm2err.h" +#include "crypto/sm2err.h" #ifndef OPENSSL_NO_ERR diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_pmeth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_pmeth.c index d187699cc..0e722b910 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_pmeth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,9 @@ #include #include #include -#include "internal/evp_int.h" -#include "internal/sm2.h" -#include "internal/sm2err.h" +#include "crypto/evp.h" +#include "crypto/sm2.h" +#include "crypto/sm2err.h" /* EC pkey context structure */ @@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; if (out == NULL) { - if (!sm2_plaintext_size(ec, md, inlen, outlen)) + if (!sm2_plaintext_size(in, inlen, outlen)) return -1; else return 1; @@ -220,6 +220,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) *(size_t *)p2 = smctx->id_len; return 1; + case EVP_PKEY_CTRL_DIGESTINIT: + /* nothing to be inited, this is to suppress the error... */ + return 1; + default: return -2; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_sign.c index 0f9c14cb5..683f03f93 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_sign.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm2/sm2_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -9,9 +9,9 @@ * https://www.openssl.org/source/license.html */ -#include "internal/sm2.h" -#include "internal/sm2err.h" -#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */ +#include "crypto/sm2.h" +#include "crypto/sm2err.h" +#include "crypto/ec.h" /* ec_group_do_inverse_ord() */ #include "internal/numbers.h" #include #include @@ -313,12 +313,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, /* * B1: verify whether r' in [1,n-1], verification failed if not - * B2: vefify whether s' in [1,n-1], verification failed if not + * B2: verify whether s' in [1,n-1], verification failed if not * B3: set M'~=ZA || M' * B4: calculate e'=Hv(M'~) * B5: calculate t = (r' + s') modn, verification failed if t=0 * B6: calculate the point (x1', y1')=[s']G + [t]PA - * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed + * B7: calculate R=(e'+x1') modn, verification pass if yes, otherwise failed */ ECDSA_SIG_get0(sig, &r, &s); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/m_sm3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/m_sm3.c index 85538dc8a..7e54f4298 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/m_sm3.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/m_sm3.c @@ -12,8 +12,8 @@ #ifndef OPENSSL_NO_SM3 # include -# include "internal/evp_int.h" -# include "internal/sm3.h" +# include "crypto/evp.h" +# include "crypto/sm3.h" static int init(EVP_MD_CTX *ctx) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3.c index 1588dd115..d78292b4c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3.c @@ -10,7 +10,7 @@ */ #include -#include "sm3_locl.h" +#include "sm3_local.h" int sm3_init(SM3_CTX *c) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_local.h similarity index 97% rename from trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_local.h index efa6db57c..7171de510 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm3/sm3_local.h @@ -10,7 +10,7 @@ */ #include -#include "internal/sm3.h" +#include "crypto/sm3.h" #define DATA_ORDER_IS_BIG_ENDIAN @@ -36,7 +36,7 @@ void sm3_transform(SM3_CTX *c, const unsigned char *data); -#include "internal/md32_common.h" +#include "crypto/md32_common.h" #define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17)) #define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/sm4.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/sm4.c index 0c819a4b6..5750e7633 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/sm4.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sm4/sm4.c @@ -10,7 +10,7 @@ */ #include -#include "internal/sm4.h" +#include "crypto/sm4.h" static const uint8_t SM4_S[256] = { 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sparc_arch.h b/trunk/3rdparty/openssl-1.1-fit/crypto/sparc_arch.h index 99eafb331..c74063be2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sparc_arch.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sparc_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef __SPARC_ARCH_H__ -# define __SPARC_ARCH_H__ +#ifndef OSSL_CRYPTO_SPARC_ARCH_H +# define OSSL_CRYPTO_SPARC_ARCH_H # define SPARCV9_TICK_PRIVILEGED (1<<0) # define SPARCV9_PREFER_FPU (1<<1) @@ -115,4 +115,4 @@ mov tmp, %o7; # endif -#endif /* __SPARC_ARCH_H__ */ +#endif /* OSSL_CRYPTO_SPARC_ARCH_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/sparcv9cap.c b/trunk/3rdparty/openssl-1.1-fit/crypto/sparcv9cap.c index c8c567536..b3cb3d4be 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/sparcv9cap.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/sparcv9cap.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include #include #include "internal/cryptlib.h" +#include "bn/bn_local.h" /* for definition of bn_mul_mont */ #include "sparc_arch.h" @@ -268,7 +269,7 @@ void OPENSSL_cpuid_setup(void) /* * In wait for better solution _sparcv9_rdcfr is masked by - * VIS3 flag, because it goes to uninterruptable endless + * VIS3 flag, because it goes to uninterruptible endless * loop on UltraSPARC II running Solaris. Things might be * different on Linux... */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_lib.c index ca20f6d09..ce3504825 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -16,7 +16,7 @@ # include # include # include -# include "internal/bn_srp.h" +# include "crypto/bn_srp.h" /* calculate = SHA1(PAD(x) || PAD(y)) */ @@ -177,6 +177,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; + BIGNUM *xtmp = NULL; BN_CTX *bn_ctx; if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL @@ -185,10 +186,13 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, if ((tmp = BN_new()) == NULL || (tmp2 = BN_new()) == NULL || - (tmp3 = BN_new()) == NULL) + (tmp3 = BN_new()) == NULL || + (xtmp = BN_new()) == NULL) goto err; - if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) + BN_with_flags(xtmp, x, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + if (!BN_mod_exp(tmp, g, xtmp, N, bn_ctx)) goto err; if ((k = srp_Calc_k(N, g)) == NULL) goto err; @@ -196,7 +200,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, goto err; if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx)) goto err; - if (!BN_mul(tmp3, u, x, bn_ctx)) + if (!BN_mul(tmp3, u, xtmp, bn_ctx)) goto err; if (!BN_add(tmp2, a, tmp3)) goto err; @@ -208,6 +212,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, err: BN_CTX_free(bn_ctx); + BN_free(xtmp); BN_clear_free(tmp); BN_clear_free(tmp2); BN_clear_free(tmp3); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_vfy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_vfy.c index eb279dd41..394e1180d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_vfy.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/srp/srp_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_SRP # include "internal/cryptlib.h" -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include # include @@ -684,7 +684,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM *x = NULL; BN_CTX *bn_ctx = BN_CTX_new(); unsigned char tmp2[MAX_LEN]; - BIGNUM *salttmp = NULL; + BIGNUM *salttmp = NULL, *verif; if ((user == NULL) || (pass == NULL) || @@ -707,17 +707,18 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, if (x == NULL) goto err; - *verifier = BN_new(); - if (*verifier == NULL) + verif = BN_new(); + if (verif == NULL) goto err; - if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) { - BN_clear_free(*verifier); + if (!BN_mod_exp(verif, g, x, N, bn_ctx)) { + BN_clear_free(verif); goto err; } result = 1; *salt = salttmp; + *verifier = verif; err: if (salt != NULL && *salt != salttmp) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/loader_file.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/loader_file.c index 632e4511f..32e7b9f65 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/store/loader_file.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/loader_file.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,12 +24,12 @@ #include #include #include /* For the PKCS8 stuff o.O */ -#include "internal/asn1_int.h" -#include "internal/ctype.h" +#include "crypto/asn1.h" +#include "crypto/ctype.h" #include "internal/o_dir.h" #include "internal/cryptlib.h" -#include "internal/store_int.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" #ifdef _WIN32 # define stat _stat @@ -172,7 +172,7 @@ typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, typedef int (*file_eof_fn)(void *handler_ctx); /* * The destroy_ctx function is used to destroy the handler_ctx that was - * intiated by a repeatable try_decode fuction. This is only used when + * initiated by a repeatable try_decode function. This is only used when * the handler is marked repeatable. */ typedef void (*file_destroy_ctx_fn)(void **handler_ctx); @@ -370,6 +370,7 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, mem->data = (char *)new_data; mem->max = mem->length = (size_t)new_data_len; X509_SIG_free(p8); + p8 = NULL; store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem); if (store_info == NULL) { @@ -429,6 +430,42 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, } } else { int i; +#ifndef OPENSSL_NO_ENGINE + ENGINE *curengine = ENGINE_get_first(); + + while (curengine != NULL) { + ENGINE_PKEY_ASN1_METHS_PTR asn1meths = + ENGINE_get_pkey_asn1_meths(curengine); + + if (asn1meths != NULL) { + const int *nids = NULL; + int nids_n = asn1meths(curengine, NULL, &nids, 0); + + for (i = 0; i < nids_n; i++) { + EVP_PKEY_ASN1_METHOD *ameth2 = NULL; + EVP_PKEY *tmp_pkey = NULL; + const unsigned char *tmp_blob = blob; + + if (!asn1meths(curengine, &ameth2, NULL, nids[i])) + continue; + if (ameth2 == NULL + || ameth2->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + tmp_pkey = d2i_PrivateKey(ameth2->pkey_id, NULL, + &tmp_blob, len); + if (tmp_pkey != NULL) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + (*matchcount)++; + } + } + } + curengine = ENGINE_get_next(curengine); + } +#endif for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { EVP_PKEY *tmp_pkey = NULL; @@ -470,7 +507,7 @@ static FILE_HANDLER PrivateKey_handler = { }; /* - * Public key decoder. Only supports SubjectPublicKeyInfo formated keys. + * Public key decoder. Only supports SubjectPublicKeyInfo formatted keys. */ static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, const char *pem_header, @@ -860,10 +897,10 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, if (ctx->_.dir.last_entry == NULL) { if (ctx->_.dir.last_errno != 0) { char errbuf[256]; - errno = ctx->_.dir.last_errno; - openssl_strerror_r(errno, errbuf, sizeof(errbuf)); OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB); - ERR_add_error_data(1, errbuf); + errno = ctx->_.dir.last_errno; + if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) + ERR_add_error_data(1, errbuf); goto err; } ctx->_.dir.end_reached = 1; @@ -1260,11 +1297,11 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, if (!ctx->_.dir.end_reached) { char errbuf[256]; assert(ctx->_.dir.last_errno != 0); + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB); errno = ctx->_.dir.last_errno; ctx->errcnt++; - openssl_strerror_r(errno, errbuf, sizeof(errbuf)); - OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB); - ERR_add_error_data(1, errbuf); + if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) + ERR_add_error_data(1, errbuf); } return NULL; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_init.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_init.c index b398bf598..0103c8db8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_init.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_init.c @@ -8,8 +8,8 @@ */ #include -#include "internal/store.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(do_store_init) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_lib.c index 1c4354766..fb71f8472 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,8 +18,8 @@ #include #include #include "internal/thread_once.h" -#include "internal/store_int.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" struct ossl_store_ctx_st { const OSSL_STORE_LOADER *loader; @@ -218,7 +218,11 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) int OSSL_STORE_close(OSSL_STORE_CTX *ctx) { - int loader_ret = ctx->loader->close(ctx->loader_ctx); + int loader_ret; + + if (ctx == NULL) + return 1; + loader_ret = ctx->loader->close(ctx->loader_ctx); OPENSSL_free(ctx); return loader_ret; @@ -228,7 +232,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx) * Functions to generate OSSL_STORE_INFOs, one function for each type we * support having in them as well as a generic constructor. * - * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO * and will therefore be freed when the OSSL_STORE_INFO is freed. */ static OSSL_STORE_INFO *store_info_new(int type, void *data) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/store/store_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/store/store_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_register.c b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_register.c index e68cb3c56..3631d9b50 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_register.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/store/store_register.c @@ -8,12 +8,12 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include -#include "store_locl.h" +#include "store_local.h" static CRYPTO_RWLOCK *registry_lock; static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_none.c b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_none.c index 4b1940ae4..aaaaae872 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_none.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_none.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,11 @@ #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) +# if defined(OPENSSL_SYS_UNIX) +# include +# include +# endif + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { CRYPTO_RWLOCK *lock; @@ -133,4 +138,12 @@ int openssl_init_fork_handlers(void) return 0; } +int openssl_get_fork_id(void) +{ +# if defined(OPENSSL_SYS_UNIX) + return getpid(); +# else + return 0; +# endif +} #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_pthread.c b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_pthread.c index 5a59779eb..1774a2b2a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_pthread.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_pthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,11 @@ #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_UNIX) +# include +# include +#endif + # ifdef PTHREAD_RWLOCK_INITIALIZER # define USE_RWLOCK # endif @@ -193,4 +198,9 @@ int openssl_init_fork_handlers(void) # endif return 0; } + +int openssl_get_fork_id(void) +{ + return getpid(); +} #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_win.c b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_win.c index d8fdfb74f..83dccb84f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/threads_win.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/threads_win.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,11 +24,15 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) return NULL; } +# if !defined(_WIN32_WCE) /* 0x400 is the spin count value suggested in the documentation */ if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { OPENSSL_free(lock); return NULL; } +# else + InitializeCriticalSection(lock); +# endif return lock; } @@ -151,7 +155,7 @@ int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { - *ret = InterlockedExchangeAdd(val, amount) + amount; + *ret = (int)InterlockedExchangeAdd((long volatile *)val, (long)amount) + amount; return 1; } @@ -160,4 +164,8 @@ int openssl_init_fork_handlers(void) return 0; } +int openssl_get_fork_id(void) +{ + return 0; +} #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_asn1.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_asn1.c index 870720708..2840f5858 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_asn1.c @@ -10,7 +10,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" ASN1_SEQUENCE(TS_MSG_IMPRINT) = { ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lib.c index ce2e12c59..bfe981364 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lib.c @@ -14,7 +14,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_print.c index 0dedf47d9..4eba5cf01 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_print.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_print.c @@ -13,7 +13,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_REQ_print_bio(BIO *bio, TS_REQ *a) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_utils.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_utils.c index 2073d3395..a4568e3b7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_utils.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_req_utils.c @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_REQ_set_version(TS_REQ *a, long version) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_print.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_print.c index 6eb0ec8d7..a2451aaa8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_print.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_print.c @@ -13,7 +13,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" struct status_map_st { int bit; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_sign.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_sign.c index 1b2b84ef6..342582f02 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_sign.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); @@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) goto err; if (!ASN1_INTEGER_set(serial, 1)) goto err; + return serial; err: TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number generation."); + ASN1_INTEGER_free(serial); return NULL; } @@ -771,7 +773,8 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) X509_check_purpose(cert, -1, 0); if ((cid = ESS_CERT_ID_new()) == NULL) goto err; - X509_digest(cert, EVP_sha1(), cert_sha1, NULL); + if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) + goto err; if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH)) goto err; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_utils.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_utils.c index 3ecee39a2..3fa0dbd0f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_utils.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_utils.c @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_verify.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_verify.c index 9deda81b0..7fe3d27e7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_verify.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_rsp_verify.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, STACK_OF(X509) **chain); @@ -289,11 +289,12 @@ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) if (!cert_ids || !cert) return -1; - X509_digest(cert, EVP_sha1(), cert_sha1, NULL); - /* Recompute SHA1 hash of certificate if necessary (side effect). */ X509_check_purpose(cert, -1, 0); + if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) + return -1; + /* Look for cert in the cert_ids vector. */ for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); @@ -326,7 +327,8 @@ static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert) else md = EVP_sha256(); - X509_digest(cert, md, cert_digest, &len); + if (!X509_digest(cert, md, cert_digest, &len)) + return -1; if (cid->hash->length != (int)len) return -1; @@ -610,6 +612,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, err: EVP_MD_CTX_free(md_ctx); X509_ALGOR_free(*md_alg); + *md_alg = NULL; OPENSSL_free(*imprint); *imprint_len = 0; *imprint = 0; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_verify_ctx.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_verify_ctx.c index d4792ee04..32cd2f542 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_verify_ctx.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ts/ts_verify_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include #include -#include "ts_lcl.h" +#include "ts_local.h" TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) { @@ -126,6 +126,8 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) goto err; msg = imprint->hashed_msg; ret->imprint_len = ASN1_STRING_length(msg); + if (ret->imprint_len <= 0) + goto err; if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) goto err; memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_lib.c index 139485dcd..49cc45057 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ #include #include #include -#include "ui_locl.h" +#include "ui_local.h" UI *UI_new(void) { @@ -500,6 +500,7 @@ int UI_process(UI *ui) if (ui->meth->ui_flush != NULL) switch (ui->meth->ui_flush(ui)) { case -1: /* Interrupt/Cancel/something... */ + ui->flags &= ~UI_FLAG_REDOABLE; ok = -2; goto err; case 0: /* Errors */ @@ -517,6 +518,7 @@ int UI_process(UI *ui) sk_UI_STRING_value(ui->strings, i))) { case -1: /* Interrupt/Cancel/something... */ + ui->flags &= ~UI_FLAG_REDOABLE; ok = -2; goto err; case 0: /* Errors */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_local.h similarity index 98% rename from trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_local.h index 19b33b8fc..8a7dbda14 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_UI_LOCL_H -# define HEADER_UI_LOCL_H +#ifndef OSSL_CRYPTO_UI_LOCAL_H +# define OSSL_CRYPTO_UI_LOCAL_H # include # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_null.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_null.c index 9e5f6fca5..9ab00e0a7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_null.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_null.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ui_locl.h" +#include "ui_local.h" static const UI_METHOD ui_null = { "OpenSSL NULL UI", diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_openssl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_openssl.c index 5ca418d24..9526c1653 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_openssl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -53,7 +53,7 @@ # endif # endif -# include "ui_locl.h" +# include "ui_local.h" # include "internal/cryptlib.h" # ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ @@ -79,7 +79,7 @@ * systems that require something different. * * Note: we do not use SGTTY unless it's defined by the configuration. We - * may eventually opt to remove it's use entirely. + * may eventually opt to remove its use entirely. */ # if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) @@ -439,6 +439,16 @@ static int open_console(UI *ui) is_a_tty = 0; else # endif +# ifdef EPERM + /* + * Linux can return EPERM (Operation not permitted), + * e.g. if a daemon executes openssl via fork()+execve() + * This should be ok + */ + if (errno == EPERM) + is_a_tty = 0; + else +# endif # ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_util.c b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_util.c index b379324f9..32a3c4e38 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_util.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/ui/ui_util.c @@ -8,8 +8,9 @@ */ #include +#include /* PEM_def_callback() */ #include "internal/thread_once.h" -#include "ui_locl.h" +#include "ui_local.h" #ifndef BUFSIZ #define BUFSIZ 256 @@ -156,7 +157,7 @@ UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag) return NULL; } data->rwflag = rwflag; - data->cb = cb; + data->cb = cb != NULL ? cb : PEM_def_callback; return ui_method; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/uid.c b/trunk/3rdparty/openssl-1.1-fit/crypto/uid.c index b2b096446..5e3315eeb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/uid.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/uid.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,14 @@ #include #include -#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) + +int OPENSSL_issetugid(void) +{ + return 0; +} + +#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) # include OPENSSL_UNISTD @@ -19,13 +26,6 @@ int OPENSSL_issetugid(void) return issetugid(); } -#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) - -int OPENSSL_issetugid(void) -{ - return 0; -} - #else # include OPENSSL_UNISTD @@ -36,6 +36,12 @@ int OPENSSL_issetugid(void) # include # define OSSL_IMPLEMENT_GETAUXVAL # endif +# elif defined(__ANDROID_API__) +/* see https://developer.android.google.cn/ndk/guides/cpu-features */ +# if __ANDROID_API__ >= 18 +# include +# define OSSL_IMPLEMENT_GETAUXVAL +# endif # endif int OPENSSL_issetugid(void) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-mmx.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-mmx.pl index 2241c6f0f..176be50a6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-mmx.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-mmx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -69,19 +69,19 @@ sub LL() unshift(@_,pop(@_)); } } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } sub scale() { if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); } elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } sub row() { if ($SCALE==2) { ((8-shift)&7); } elsif ($SCALE==8) { (8*shift); } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } $tbl="ebp"; @@ -504,4 +504,4 @@ for($i=0;$i<8;$i++) { &function_end_B("whirlpool_block_mmx"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-x86_64.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-x86_64.pl index fe23d8cad..b4fcd8be3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-x86_64.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/asm/wp-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -614,4 +614,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_block.c b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_block.c index 0cc92a3b0..39ad009c0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_block.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_block.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,7 +36,7 @@ * */ -#include "wp_locl.h" +#include "wp_local.h" #include typedef unsigned char u8; @@ -63,6 +63,20 @@ typedef unsigned long long u64; # undef STRICT_ALIGNMENT #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef u64 u64_aX __attribute((__aligned__(1))); +#else +typedef u64 u64_aX; +#endif + #undef SMALL_REGISTER_BANK #if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define SMALL_REGISTER_BANK @@ -87,6 +101,7 @@ typedef unsigned long long u64; #ifndef PEDANTIC # if defined(_MSC_VER) # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# include # pragma intrinsic(_rotl64) # define ROTATE(a,n) _rotl64((a),n) # endif @@ -190,13 +205,13 @@ typedef unsigned long long u64; # define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ c0,c1,c2,c3,c4,c5,c6,c7 # define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) -# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) -# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) -# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) -# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) -# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) -# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) -# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) +# define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]]) +# define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]]) +# define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]]) +# define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]]) +# define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]]) +# define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]]) +# define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]]) #endif static const @@ -530,7 +545,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; @@ -768,7 +783,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; H->q[0] ^= S.q[0] ^ pa[0]; H->q[1] ^= S.q[1] ^ pa[1]; H->q[2] ^= S.q[2] ^ pa[2]; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_dgst.c b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_dgst.c index 1ac29803a..e8a339226 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_dgst.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_dgst.c @@ -53,7 +53,7 @@ */ #include -#include "wp_locl.h" +#include "wp_local.h" #include int WHIRLPOOL_Init(WHIRLPOOL_CTX *c) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_locl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_locl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/whrlpool/wp_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_dir.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_dir.c index b3760dbad..238c2519a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_dir.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_dir.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,8 +19,8 @@ #endif #include -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "x509_local.h" struct lookup_dir_hashes_st { unsigned long hash; @@ -327,10 +327,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, /* * we have added it to the cache so now pull it out again */ - CRYPTO_THREAD_write_lock(ctx->lock); + X509_STORE_lock(xl->store_ctx); j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); - CRYPTO_THREAD_unlock(ctx->lock); + X509_STORE_unlock(xl->store_ctx); /* If a CRL, update the last file suffix added for this */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_file.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_file.c index 244512c93..237b362e2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_file.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/by_file.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_req.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_req.c index 2d4c591b7..dc3b4f262 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_req.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -127,6 +127,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { ii = 0; count = X509_ATTRIBUTE_count(a); + if (count == 0) { + X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES); + return 0; + } get_next: at = X509_ATTRIBUTE_get0_type(a, ii); type = at->type; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_x509.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_x509.c index ccacbe7cb..ece987a6b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_x509.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/t_x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #ifndef OPENSSL_NO_STDIO int X509_print_fp(FILE *fp, X509 *x) @@ -365,9 +365,9 @@ int X509_aux_print(BIO *out, X509 *x, int indent) BIO_puts(out, "\n"); } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); - alias = X509_alias_get0(x, NULL); + alias = X509_alias_get0(x, &i); if (alias) - BIO_printf(out, "%*sAlias: %s\n", indent, "", alias); + BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias); keyid = X509_keyid_get0(x, &keyidlen); if (keyid) { BIO_printf(out, "%*sKey Id: ", indent, ""); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_att.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_att.c index 63895efe4..cc9f9d190 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_att.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_att.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { @@ -149,7 +149,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) return ret; } -void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, int lastpos, int type) { int i; @@ -314,7 +314,9 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, ttmp = X509_ATTRIBUTE_get0_type(attr, idx); if (!ttmp) return NULL; - if (atrtype != ASN1_TYPE_get(ttmp)) { + if (atrtype == V_ASN1_BOOLEAN + || atrtype == V_ASN1_NULL + || atrtype != ASN1_TYPE_get(ttmp)) { X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); return NULL; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_cmp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_cmp.c index 02fad0c67..1d8d2d7b2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_cmp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { @@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) if (ctx == NULL) goto err; f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); + if (f == NULL) + goto err; if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) @@ -133,14 +135,21 @@ unsigned long X509_subject_name_hash_old(X509 *x) */ int X509_cmp(const X509 *a, const X509 *b) { - int rv; - /* ensure hash is valid */ - X509_check_purpose((X509 *)a, -1, 0); - X509_check_purpose((X509 *)b, -1, 0); + int rv = 0; - rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); - if (rv) + if (a == b) /* for efficiency */ + return 0; + + /* try to make sure hash is valid */ + (void)X509_check_purpose((X509 *)a, -1, 0); + (void)X509_check_purpose((X509 *)b, -1, 0); + + if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0 + && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) + rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + if (rv != 0) return rv; + /* Check for match against stored encoding too */ if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { if (a->cert_info.enc.len < b->cert_info.enc.len) @@ -450,9 +459,17 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) STACK_OF(X509) *ret; int i; ret = sk_X509_dup(chain); + if (ret == NULL) + return NULL; for (i = 0; i < sk_X509_num(ret); i++) { X509 *x = sk_X509_value(ret, i); - X509_up_ref(x); + if (!X509_up_ref(x)) + goto err; } return ret; + err: + while (i-- > 0) + X509_free (sk_X509_value(ret, i)); + sk_X509_free(ret); + return NULL; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_err.c index 739708e24..bdd1e67cd 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,7 @@ static const ERR_STRING_DATA X509_str_functs[] = { {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0), "x509_pubkey_decode"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET, 0), "X509_PUBKEY_get"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0), @@ -123,6 +124,8 @@ static const ERR_STRING_DATA X509_str_reasons[] = { {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES), + "invalid attributes"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), "invalid field name"}, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_ext.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_ext.c index 2db843760..4cdab724e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_ext.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_ext.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include int X509_CRL_get_ext_count(const X509_CRL *x) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lcl.h b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_local.h similarity index 96% rename from trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lcl.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_local.h index c517a7745..10807e1de 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lcl.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -145,3 +145,5 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, const ASN1_STRING *sig); +int x509_likely_issued(X509 *issuer, X509 *subject); +int x509_signing_allowed(const X509 *issuer, const X509 *subject); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lu.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lu.c index be39015b0..641a41c35 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lu.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_lu.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,9 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include -#include "x509_lcl.h" +#include "x509_local.h" X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { @@ -289,21 +289,25 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { - X509_STORE *ctx = vs->ctx; + X509_STORE *store = vs->ctx; X509_LOOKUP *lu; X509_OBJECT stmp, *tmp; int i, j; - if (ctx == NULL) + if (store == NULL) return 0; - CRYPTO_THREAD_write_lock(ctx->lock); - tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); - CRYPTO_THREAD_unlock(ctx->lock); + stmp.type = X509_LU_NONE; + stmp.data.ptr = NULL; + + + X509_STORE_lock(store); + tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name); + X509_STORE_unlock(store); if (tmp == NULL || type == X509_LU_CRL) { - for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { - lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(store->get_cert_methods, i); j = X509_LOOKUP_by_subject(lu, type, name, &stmp); if (j) { tmp = &stmp; @@ -314,15 +318,16 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 0; } + if (!X509_OBJECT_up_ref_count(tmp)) + return 0; + ret->type = tmp->type; ret->data.ptr = tmp->data.ptr; - X509_OBJECT_up_ref_count(ret); - return 1; } -static int x509_store_add(X509_STORE *ctx, void *x, int crl) { +static int x509_store_add(X509_STORE *store, void *x, int crl) { X509_OBJECT *obj; int ret = 0, added = 0; @@ -339,18 +344,20 @@ static int x509_store_add(X509_STORE *ctx, void *x, int crl) { obj->type = X509_LU_X509; obj->data.x509 = (X509 *)x; } - X509_OBJECT_up_ref_count(obj); - - CRYPTO_THREAD_write_lock(ctx->lock); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - ret = 1; - } else { - added = sk_X509_OBJECT_push(ctx->objs, obj); - ret = added != 0; + if (!X509_OBJECT_up_ref_count(obj)) { + obj->type = X509_LU_NONE; + X509_OBJECT_free(obj); + return 0; } - CRYPTO_THREAD_unlock(ctx->lock); + X509_STORE_lock(store); + if (X509_OBJECT_retrieve_match(store->objs, obj)) { + ret = 1; + } else { + added = sk_X509_OBJECT_push(store->objs, obj); + ret = added != 0; + } + X509_STORE_unlock(store); if (added == 0) /* obj not pushed */ X509_OBJECT_free(obj); @@ -531,12 +538,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509) *sk = NULL; X509 *x; X509_OBJECT *obj; + X509_STORE *store = ctx->ctx; - if (ctx->ctx == NULL) + if (store == NULL) return NULL; - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { /* * Nothing found in cache: do lookup to possibly add new objects to @@ -544,7 +552,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) */ X509_OBJECT *xobj = X509_OBJECT_new(); - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); + if (xobj == NULL) return NULL; if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) { @@ -552,27 +561,31 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) return NULL; } X509_OBJECT_free(xobj); - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return NULL; } } sk = sk_X509_new_null(); for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.x509; - X509_up_ref(x); + if (!X509_up_ref(x)) { + X509_STORE_unlock(store); + sk_X509_pop_free(sk, X509_free); + return NULL; + } if (!sk_X509_push(sk, x)) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); X509_free(x); sk_X509_pop_free(sk, X509_free); return NULL; } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return sk; } @@ -582,37 +595,42 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); X509_CRL *x; X509_OBJECT *obj, *xobj = X509_OBJECT_new(); + X509_STORE *store = ctx->ctx; /* Always do lookup to possibly add new CRLs to cache */ if (sk == NULL || xobj == NULL - || ctx->ctx == NULL + || store == NULL || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { X509_OBJECT_free(xobj); sk_X509_CRL_free(sk); return NULL; } X509_OBJECT_free(xobj); - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, &cnt); if (idx < 0) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); sk_X509_CRL_free(sk); return NULL; } for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.crl; - X509_CRL_up_ref(x); + if (!X509_CRL_up_ref(x)) { + X509_STORE_unlock(store); + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; + } if (!sk_X509_CRL_push(sk, x)) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); X509_CRL_free(x); sk_X509_CRL_pop_free(sk, X509_CRL_free); return NULL; } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return sk; } @@ -660,6 +678,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; + X509_STORE *store = ctx->ctx; int i, ok, idx, ret; if (obj == NULL) @@ -675,25 +694,28 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) if (ctx->check_issued(ctx, x, obj->data.x509)) { if (x509_check_cert_time(ctx, obj->data.x509, -1)) { *issuer = obj->data.x509; - X509_up_ref(*issuer); + if (!X509_up_ref(*issuer)) { + *issuer = NULL; + ok = -1; + } X509_OBJECT_free(obj); - return 1; + return ok; } } X509_OBJECT_free(obj); - if (ctx->ctx == NULL) + if (store == NULL) return 0; /* Else find index of first cert accepted by 'check_issued' */ ret = 0; - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + X509_STORE_lock(store); + idx = X509_OBJECT_idx_by_subject(store->objs, X509_LU_X509, xn); if (idx != -1) { /* should be true as we've had at least one * match */ /* Look through all matching certs for suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + for (i = idx; i < sk_X509_OBJECT_num(store->objs); i++) { + pobj = sk_X509_OBJECT_value(store->objs, i); /* See if we've run past the matches */ if (pobj->type != X509_LU_X509) break; @@ -714,9 +736,11 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); - if (*issuer) - X509_up_ref(*issuer); + if (*issuer && !X509_up_ref(*issuer)) { + *issuer = NULL; + ret = -1; + } + X509_STORE_unlock(store); return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_meth.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_meth.c index 9dc587a09..9348cc8eb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_meth.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_meth.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_obj.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_obj.c index 85c39415c..f54d483cc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_obj.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_obj.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* * Limit to ensure we don't overflow: much greater than diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_r2x.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_r2x.c index 3d72787d3..6b1623fea 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_r2x.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_r2x.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_req.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_req.c index 0bdbb81db..dd674926d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_req.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include #include @@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, *palg = &req->sig_alg; } +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig) +{ + if (req->signature) + ASN1_BIT_STRING_free(req->signature); + req->signature = psig; +} + +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg) +{ + return X509_ALGOR_copy(&req->sig_alg, palg); +} + int X509_REQ_get_signature_nid(const X509_REQ *req) { return OBJ_obj2nid(req->sig_alg.algorithm); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_set.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_set.c index 3ab6bf351..164b4e2be 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_set.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_set.c @@ -15,9 +15,9 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/asn1.h" +#include "crypto/x509.h" +#include "x509_local.h" int X509_set_version(X509 *x, long version) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_trs.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_trs.c index d749af4d5..a10d43773 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_trs.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_trs.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); static void trtable_free(X509_TRUST *p); @@ -240,8 +240,9 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) static int trust_compat(X509_TRUST *trust, X509 *x, int flags) { /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, 0); - if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS) + if (X509_check_purpose(x, -1, 0) != 1) + return X509_TRUST_UNTRUSTED; + if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && (x->ex_flags & EXFLAG_SS)) return X509_TRUST_TRUSTED; else return X509_TRUST_UNTRUSTED; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_txt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_txt.c index 4755b39eb..02bde640d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_txt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_txt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,6 +174,8 @@ const char *X509_verify_cert_error_string(long n) return "OCSP verification failed"; case X509_V_ERR_OCSP_CERT_UNKNOWN: return "OCSP unknown cert"; + case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS: + return "Certificate public key has explicit ECC parameters"; default: /* Printing an error number into a static buffer is not thread-safe */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_v3.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_v3.c index 75ae767d6..c78760233 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_v3.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_v3.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vfy.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vfy.c index 4ced716e3..20a36e763 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vfy.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include @@ -22,8 +22,8 @@ #include #include #include "internal/dane.h" -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "x509_local.h" /* CRL score values */ @@ -80,6 +80,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); static int check_dane_issuer(X509_STORE_CTX *ctx, int depth); static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert); +static int check_curve(X509 *cert); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, X509_CRL *crl, X509 *x); @@ -104,15 +105,16 @@ static int null_callback(int ok, X509_STORE_CTX *e) return ok; } -/* Return 1 is a certificate is self signed */ +/* + * Return 1 if given cert is considered self-signed, 0 if not or on error. + * This does not verify self-signedness but relies on x509v3_cache_extensions() + * matching issuer and subject names (i.e., the cert being self-issued) and any + * present authority key identifier matching the subject key identifier, etc. + */ static int cert_self_signed(X509 *x) { - /* - * FIXME: x509v3_cache_extensions() needs to detect more failures and not - * set EXFLAG_SET when that happens. Especially, if the failures are - * parse errors, rather than memory pressure! - */ - X509_check_purpose(x, -1, 0); + if (X509_check_purpose(x, -1, 0) != 1) + return 0; if (x->ex_flags & EXFLAG_SS) return 1; else @@ -135,10 +137,9 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) xtmp = sk_X509_value(certs, i); if (!X509_cmp(xtmp, x)) break; + xtmp = NULL; } - if (i < sk_X509_num(certs)) - X509_up_ref(xtmp); - else + if (xtmp != NULL && !X509_up_ref(xtmp)) xtmp = NULL; sk_X509_pop_free(certs, X509_free); return xtmp; @@ -271,17 +272,24 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return -1; } + if (!X509_up_ref(ctx->cert)) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return -1; + } + /* * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { + if ((ctx->chain = sk_X509_new_null()) == NULL + || !sk_X509_push(ctx->chain, ctx->cert)) { + X509_free(ctx->cert); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return -1; } - X509_up_ref(ctx->cert); + ctx->num_untrusted = 1; /* If the peer's public key is too weak, we can stop early. */ @@ -304,8 +312,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return ret; } +static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert) +{ + int i, n = sk_X509_num(sk); + + for (i = 0; i < n; i++) + if (X509_cmp(sk_X509_value(sk, i), cert) == 0) + return 1; + return 0; +} + /* - * Given a STACK_OF(X509) find the issuer of cert (if any) + * Find in given STACK_OF(X509) sk an issuer cert of given cert x. + * The issuer must not yet be in ctx->chain, where the exceptional case + * that x is self-issued and ctx->chain has just one element is allowed. + * Prefer the first one that is not expired, else take the last expired one. */ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) { @@ -314,7 +335,9 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) for (i = 0; i < sk_X509_num(sk); i++) { issuer = sk_X509_value(sk, i); - if (ctx->check_issued(ctx, x, issuer)) { + if (ctx->check_issued(ctx, x, issuer) + && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1) + || !sk_X509_contains(ctx->chain, issuer))) { rv = issuer; if (x509_check_cert_time(ctx, rv, -1)) break; @@ -323,42 +346,25 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) return rv; } -/* Given a possible certificate and issuer check them */ - +/* Check that the given certificate 'x' is issued by the certificate 'issuer' */ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { - int ret; - if (x == issuer) - return cert_self_signed(x); - ret = X509_check_issued(issuer, x); - if (ret == X509_V_OK) { - int i; - X509 *ch; - /* Special case: single self signed certificate */ - if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1) - return 1; - for (i = 0; i < sk_X509_num(ctx->chain); i++) { - ch = sk_X509_value(ctx->chain, i); - if (ch == issuer || !X509_cmp(ch, issuer)) { - ret = X509_V_ERR_PATH_LOOP; - break; - } - } - } - - return (ret == X509_V_OK); + return x509_likely_issued(issuer, x) == X509_V_OK; } /* Alternative lookup method: look from a STACK stored in other_ctx */ - static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); - if (*issuer) { - X509_up_ref(*issuer); - return 1; - } else - return 0; + + if (*issuer == NULL || !X509_up_ref(*issuer)) + goto err; + + return 1; + + err: + *issuer = NULL; + return 0; } static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) @@ -370,15 +376,21 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { + if (!X509_up_ref(x)) { + sk_X509_pop_free(sk, X509_free); + X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return NULL; + } if (sk == NULL) sk = sk_X509_new_null(); - if (sk == NULL || sk_X509_push(sk, x) == 0) { + if (sk == NULL || !sk_X509_push(sk, x)) { + X509_free(x); sk_X509_pop_free(sk, X509_free); X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return NULL; } - X509_up_ref(x); } } return sk; @@ -512,6 +524,24 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ret = 1; break; } + if (ret > 0 + && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { + /* Check for presence of explicit elliptic curve parameters */ + ret = check_curve(x); + if (ret < 0) { + ctx->error = X509_V_ERR_UNSPECIFIED; + ret = 0; + } else if (ret == 0) { + ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS; + } + } + if (ret > 0 + && (x->ex_flags & EXFLAG_CA) == 0 + && x->ex_pathlen != -1 + && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + ret = 0; + } if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK)) return 0; /* check_purpose() makes the callback as needed */ @@ -1697,6 +1727,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) return 1; } +/* verify the issuer signatures and cert times of ctx->chain */ static int internal_verify(X509_STORE_CTX *ctx) { int n = sk_X509_num(ctx->chain) - 1; @@ -1711,19 +1742,25 @@ static int internal_verify(X509_STORE_CTX *ctx) if (ctx->bare_ta_signed) { xs = xi; xi = NULL; - goto check_cert; + goto check_cert_time; } if (ctx->check_issued(ctx, xi, xi)) - xs = xi; + xs = xi; /* the typical case: last cert in the chain is self-issued */ else { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { xs = xi; - goto check_cert; + goto check_cert_time; } - if (n <= 0) - return verify_cb_cert(ctx, xi, 0, - X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); + if (n <= 0) { + if (!verify_cb_cert(ctx, xi, 0, + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) + return 0; + + xs = xi; + goto check_cert_time; + } + n--; ctx->error_depth = n; xs = sk_X509_value(ctx->chain, n); @@ -1734,27 +1771,55 @@ static int internal_verify(X509_STORE_CTX *ctx) * is allowed to reset errors (at its own peril). */ while (n >= 0) { - EVP_PKEY *pkey; - /* - * Skip signature check for self signed certificates unless explicitly - * asked for. It doesn't add any security and just wastes time. If - * the issuer's public key is unusable, report the issuer certificate - * and its depth (rather than the depth of the subject). + * For each iteration of this loop: + * n is the subject depth + * xs is the subject cert, for which the signature is to be checked + * xi is the supposed issuer cert containing the public key to use + * Initially xs == xi if the last cert in the chain is self-issued. + * + * Skip signature check for self-signed certificates unless explicitly + * asked for because it does not add any security and just wastes time. */ - if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { + if (xs != xi || ((ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE) + && (xi->ex_flags & EXFLAG_SS) != 0)) { + EVP_PKEY *pkey; + /* + * If the issuer's public key is not available or its key usage + * does not support issuing the subject cert, report the issuer + * cert and its depth (rather than n, the depth of the subject). + */ + int issuer_depth = n + (xs == xi ? 0 : 1); + /* + * According to https://tools.ietf.org/html/rfc5280#section-6.1.4 + * step (n) we must check any given key usage extension in a CA cert + * when preparing the verification of a certificate issued by it. + * According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + * we must not verify a certifiate signature if the key usage of the + * CA certificate that issued the certificate prohibits signing. + * In case the 'issuing' certificate is the last in the chain and is + * not a CA certificate but a 'self-issued' end-entity cert (i.e., + * xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply + * (see https://tools.ietf.org/html/rfc6818#section-2) and thus + * we are free to ignore any key usage restrictions on such certs. + */ + int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0 + ? X509_V_OK : x509_signing_allowed(xi, xs); + + if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret)) + return 0; if ((pkey = X509_get0_pubkey(xi)) == NULL) { - if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) + ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; + if (!verify_cb_cert(ctx, xi, issuer_depth, ret)) return 0; } else if (X509_verify(xs, pkey) <= 0) { - if (!verify_cb_cert(ctx, xs, n, - X509_V_ERR_CERT_SIGNATURE_FAILURE)) + ret = X509_V_ERR_CERT_SIGNATURE_FAILURE; + if (!verify_cb_cert(ctx, xs, n, ret)) return 0; } } - check_cert: + check_cert_time: /* in addition to RFC 5280, do also for trusted (root) cert */ /* Calls verify callback as needed */ if (!x509_check_cert_time(ctx, xs, n)) return 0; @@ -1788,7 +1853,11 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1; ASN1_TIME *asn1_cmp_time = NULL; int i, day, sec, ret = 0; - +#ifdef CHARSET_EBCDIC + const char upper_z = 0x5A; +#else + const char upper_z = 'Z'; +#endif /* * Note that ASN.1 allows much more slack in the time format than RFC5280. * In RFC5280, the representation is fixed: @@ -1819,10 +1888,10 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) * Digit and date ranges will be verified in the conversion methods. */ for (i = 0; i < ctm->length - 1; i++) { - if (!ossl_isdigit(ctm->data[i])) + if (!ascii_isdigit(ctm->data[i])) return 0; } - if (ctm->data[ctm->length - 1] != 'Z') + if (ctm->data[ctm->length - 1] != upper_z) return 0; /* @@ -3152,7 +3221,16 @@ static int build_chain(X509_STORE_CTX *ctx) /* Drop this issuer from future consideration */ (void) sk_X509_delete_ptr(sktmp, xtmp); + if (!X509_up_ref(xtmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + trust = X509_TRUST_REJECTED; + ctx->error = X509_V_ERR_UNSPECIFIED; + search = 0; + continue; + } + if (!sk_X509_push(ctx->chain, xtmp)) { + X509_free(xtmp); X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); trust = X509_TRUST_REJECTED; ctx->error = X509_V_ERR_OUT_OF_MEM; @@ -3160,7 +3238,7 @@ static int build_chain(X509_STORE_CTX *ctx) continue; } - X509_up_ref(x = xtmp); + x = xtmp; ++ctx->num_untrusted; ss = cert_self_signed(xtmp); @@ -3251,6 +3329,32 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1]; } +/* + * Check whether the public key of ``cert`` does not use explicit params + * for an elliptic curve. + * + * Returns 1 on success, 0 if check fails, -1 for other errors. + */ +static int check_curve(X509 *cert) +{ +#ifndef OPENSSL_NO_EC + EVP_PKEY *pkey = X509_get0_pubkey(cert); + + /* Unsupported or malformed key */ + if (pkey == NULL) + return -1; + + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + int ret; + + ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey)); + return ret < 0 ? ret : !ret; + } +#endif + + return 1; +} + /* * Check whether the signature digest algorithm of ``cert`` meets the security * level of ``ctx``. Should not be checked for trust anchors (whether diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vpm.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vpm.c index aea186295..535f169a2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vpm.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,9 +14,9 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "x509_lcl.h" +#include "x509_local.h" /* X509_VERIFY_PARAM functions */ @@ -199,7 +199,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, return 0; } - /* Copy the host flags if and only if we're copying the host list */ + x509_verify_param_copy(hostflags, 0); + if (test_x509_verify_param_copy(hosts, NULL)) { sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); dest->hosts = NULL; @@ -208,7 +209,6 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); if (dest->hosts == NULL) return 0; - dest->hostflags = src->hostflags; } } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509cset.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509cset.c index 7645ce375..6c0850913 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509cset.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509cset.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_CRL_set_version(X509_CRL *x, long version) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509name.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509name.c index 64a73e793..c86d8e791 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509name.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509name.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509rset.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509rset.c index e8921b82a..9da3f2ee2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509rset.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x509rset.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_REQ_set_version(X509_REQ *x, long version) { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_all.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_all.c index 24e411460..a4e9cdaee 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_all.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include #include @@ -362,7 +362,8 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) { + if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0 + && (data->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { /* Asking for SHA1 and we already computed it. */ if (len != NULL) *len = sizeof(data->sha1_hash); @@ -376,7 +377,8 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) { + if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0 + && (data->flags & EXFLAG_INVALID) == 0) { /* Asking for SHA1; always computed in CRL d2i. */ if (len != NULL) *len = sizeof(data->sha1_hash); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_attrib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_attrib.c index 9a41e547c..7342c4f6b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_attrib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_attrib.c @@ -12,7 +12,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" /*- * X509_ATTRIBUTE: this has the following form: @@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) { X509_ATTRIBUTE *ret = NULL; ASN1_TYPE *val = NULL; + ASN1_OBJECT *oid; + if ((oid = OBJ_nid2obj(nid)) == NULL) + return NULL; if ((ret = X509_ATTRIBUTE_new()) == NULL) return NULL; - ret->object = OBJ_nid2obj(nid); + ret->object = oid; if ((val = ASN1_TYPE_new()) == NULL) goto err; if (!sk_ASN1_TYPE_push(ret->set, val)) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_crl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_crl.c index 12ab3cca4..c9762f9e2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_crl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,13 +11,13 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include -#include "x509_lcl.h" +#include "x509_local.h" static int X509_REVOKED_cmp(const X509_REVOKED *const *a, const X509_REVOKED *const *b); -static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); +static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); ASN1_SEQUENCE(X509_REVOKED) = { ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER), @@ -155,7 +155,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, X509_CRL *crl = (X509_CRL *)*pval; STACK_OF(X509_EXTENSION) *exts; X509_EXTENSION *ext; - int idx; + int idx, i; switch (operation) { case ASN1_OP_D2I_PRE: @@ -184,23 +184,35 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_D2I_POST: - X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); + if (!X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL)) + crl->flags |= EXFLAG_INVALID; crl->idp = X509_CRL_get_ext_d2i(crl, - NID_issuing_distribution_point, NULL, + NID_issuing_distribution_point, &i, NULL); - if (crl->idp) - setup_idp(crl, crl->idp); + if (crl->idp != NULL) { + if (!setup_idp(crl, crl->idp)) + crl->flags |= EXFLAG_INVALID; + } + else if (i != -1) { + crl->flags |= EXFLAG_INVALID; + } crl->akid = X509_CRL_get_ext_d2i(crl, - NID_authority_key_identifier, NULL, + NID_authority_key_identifier, &i, NULL); + if (crl->akid == NULL && i != -1) + crl->flags |= EXFLAG_INVALID; crl->crl_number = X509_CRL_get_ext_d2i(crl, - NID_crl_number, NULL, NULL); + NID_crl_number, &i, NULL); + if (crl->crl_number == NULL && i != -1) + crl->flags |= EXFLAG_INVALID; crl->base_crl_number = X509_CRL_get_ext_d2i(crl, - NID_delta_crl, NULL, + NID_delta_crl, &i, NULL); + if (crl->base_crl_number == NULL && i != -1) + crl->flags |= EXFLAG_INVALID; /* Delta CRLs must have CRL number */ if (crl->base_crl_number && !crl->crl_number) crl->flags |= EXFLAG_INVALID; @@ -259,9 +271,10 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Convert IDP into a more convenient form */ -static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) +static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) { int idp_only = 0; + /* Set various flags according to IDP */ crl->idp_flags |= IDP_PRESENT; if (idp->onlyuser > 0) { @@ -292,7 +305,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) crl->idp_reasons &= CRLDP_ALL_REASONS; } - DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); } ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_exten.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_exten.c index f10f4a4d8..bd7518ef1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_exten.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_exten.c @@ -11,7 +11,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" ASN1_SEQUENCE(X509_EXTENSION) = { ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_name.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_name.c index a1e9bbdb6..aa7f4722b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_name.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_name.c @@ -8,13 +8,13 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" -#include "internal/asn1_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "crypto/asn1.h" +#include "x509_local.h" /* * Maximum length of X509_NAME: much larger than anything we should diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_pubkey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_pubkey.c index 1c87b8268..9be7e9286 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_pubkey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_pubkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "internal/x509_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "crypto/x509.h" #include #include @@ -169,8 +169,11 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret = X509_PUBKEY_get0(key); - if (ret != NULL) - EVP_PKEY_up_ref(ret); + + if (ret != NULL && !EVP_PKEY_up_ref(ret)) { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_INTERNAL_ERROR); + ret = NULL; + } return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_req.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_req.c index c2da95a73..d2b02f6da 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_req.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_req.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /*- * X509_REQ_INFO is handled in an unusual way to get round diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509.c index afe59c46c..7aa8b77ae 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509a.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509a.c index 8c9ad71d1..c5175faef 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509a.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509/x_x509a.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* * X509_CERT_AUX routines. These are used to encode additional user diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_cache.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_cache.c index 623870b1f..04401bace 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_cache.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_cache.c @@ -10,9 +10,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "pcy_int.h" +#include "pcy_local.h" static int policy_data_cmp(const X509_POLICY_DATA *const *a, const X509_POLICY_DATA *const *b); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_data.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_data.c index bd3bb0e40..8c7bc6957 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_data.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* Policy Node routines */ @@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(id); return NULL; } ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_lib.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_lib.c index 67f7eafc6..2e196b838 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_lib.c @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* accessor functions */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_int.h b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_int.h rename to trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_map.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_map.c index ab9dd21b7..ae2a62c97 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_map.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_map.c @@ -10,9 +10,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "pcy_int.h" +#include "pcy_local.h" /* * Set policy mapping entries in cache. Note: this modifies the passed diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_node.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_node.c index 1ffe98498..e2d7b1532 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_node.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_node.c @@ -12,7 +12,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" static int node_cmp(const X509_POLICY_NODE *const *a, const X509_POLICY_NODE *const *b) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_tree.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_tree.c index 87f51d001..6e8322cbc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_tree.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/pcy_tree.c @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* * Enable this to print out the complete policy tree at various point during diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_addr.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_addr.c index bb58e0484..4258dbc40 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_addr.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_addr.c @@ -20,7 +20,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.h b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.h index fa23fc761..ea7632b37 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.h +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_admis.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_V3_ADMISSION_H -# define HEADER_V3_ADMISSION_H +#ifndef OSSL_CRYPTO_X509V3_V3_ADMIS_H +# define OSSL_CRYPTO_X509V3_V3_ADMIS_H struct NamingAuthority_st { ASN1_OBJECT* namingAuthorityId; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akey.c index d9f770433..33b1933d7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_akey.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,20 +39,48 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *extlist) { - char *tmp; + char *tmp = NULL; + STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; + if (akeyid->keyid) { tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); - X509V3_add_value("keyid", tmp, &extlist); + if (tmp == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!X509V3_add_value("keyid", tmp, &extlist)) { + OPENSSL_free(tmp); + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } OPENSSL_free(tmp); } - if (akeyid->issuer) - extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (akeyid->issuer) { + tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (tmpextlist == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } + extlist = tmpextlist; + } if (akeyid->serial) { tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); - X509V3_add_value("serial", tmp, &extlist); + if (tmp == NULL) { + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!X509V3_add_value("serial", tmp, &extlist)) { + OPENSSL_free(tmp); + X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); + goto err; + } OPENSSL_free(tmp); } return extlist; + err: + if (origextlist == NULL) + sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); + return NULL; } /*- diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_alt.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_alt.c index 832e6d128..7c32d4031 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_alt.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "crypto/x509.h" #include #include #include "ext_dat.h" @@ -52,11 +53,24 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, { int i; GENERAL_NAME *gen; + STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret; + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { gen = sk_GENERAL_NAME_value(gens, i); - ret = i2v_GENERAL_NAME(method, gen, ret); + /* + * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes + * wrong we need to free the stack - but only if it was empty when we + * originally entered this function. + */ + tmpret = i2v_GENERAL_NAME(method, gen, ret); + if (tmpret == NULL) { + if (origret == NULL) + sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); + return NULL; + } + ret = tmpret; } - if (!ret) + if (ret == NULL) return sk_CONF_VALUE_new_null(); return ret; } @@ -86,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, break; case GEN_EMAIL: - if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; case GEN_DNS: - if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; case GEN_URI: - if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) + if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, + gen->d.ia5->length, &ret)) return NULL; break; @@ -157,15 +174,18 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_EMAIL: - BIO_printf(out, "email:%s", gen->d.ia5->data); + BIO_printf(out, "email:"); + ASN1_STRING_print(out, gen->d.ia5); break; case GEN_DNS: - BIO_printf(out, "DNS:%s", gen->d.ia5->data); + BIO_printf(out, "DNS:"); + ASN1_STRING_print(out, gen->d.ia5); break; case GEN_URI: - BIO_printf(out, "URI:%s", gen->d.ia5->data); + BIO_printf(out, "URI:"); + ASN1_STRING_print(out, gen->d.ia5); break; case GEN_DIRNAME: @@ -259,6 +279,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) num = sk_GENERAL_NAME_num(ialt); if (!sk_GENERAL_NAME_reserve(gens, num)) { X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(ialt); goto err; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_asid.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_asid.c index 089f2ae29..ac6857267 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_asid.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_asid.c @@ -20,7 +20,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include "ext_dat.h" @@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor, static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) { ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; BIGNUM *bn = NULL; int i, ret = 0; @@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) */ if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1) || - (a_max_plus_one = - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { + !BN_add_word(bn, 1)) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, + ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, ERR_R_MALLOC_FAILURE); goto done; @@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid) static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) { ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; BIGNUM *bn = NULL; int i, ret = 0; @@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) */ if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1) || - (a_max_plus_one = - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { + !BN_add_word(bn, 1)) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, + ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); goto done; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_conf.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_conf.c index 7acaebfa2..e93de3454 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_conf.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_conf.c @@ -10,11 +10,11 @@ /* extension creation utilities */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include static int v3_check_critical(const char **value); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_cpols.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_cpols.c index 7a47fd38b..09804b584 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_cpols.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_cpols.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" #include "ext_dat.h" /* Certificate policies extension support: this one is a bit complex... */ @@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, qualinfo = sk_POLICYQUALINFO_value(quals, i); switch (OBJ_obj2nid(qualinfo->pqualid)) { case NID_id_qt_cps: - BIO_printf(out, "%*sCPS: %s\n", indent, "", + BIO_printf(out, "%*sCPS: %.*s\n", indent, "", + qualinfo->d.cpsuri->length, qualinfo->d.cpsuri->data); break; @@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; - BIO_printf(out, "%*sOrganization: %s\n", indent, "", + BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", + ref->organization->length, ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); @@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) BIO_puts(out, "\n"); } if (notice->exptext) - BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", + BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", + notice->exptext->length, notice->exptext->data); } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_crld.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_crld.c index 6cba4240a..4854748ff 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_crld.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_crld.c @@ -14,7 +14,7 @@ #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static void *v2i_crld(const X509V3_EXT_METHOD *method, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_genn.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_genn.c index 85fc3fc24..87a5eff47 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_genn.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_genn.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,8 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = { IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) ASN1_SEQUENCE(EDIPARTYNAME) = { - ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), - ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + /* DirectoryString is a CHOICE type so use explicit tagging */ + ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), + ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) } ASN1_SEQUENCE_END(EDIPARTYNAME) IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) @@ -57,6 +58,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a) (char *)a); } +static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) +{ + int res; + + if (a == NULL || b == NULL) { + /* + * Shouldn't be possible in a valid GENERAL_NAME, but we handle it + * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here + */ + return -1; + } + if (a->nameAssigner == NULL && b->nameAssigner != NULL) + return -1; + if (a->nameAssigner != NULL && b->nameAssigner == NULL) + return 1; + /* If we get here then both have nameAssigner set, or both unset */ + if (a->nameAssigner != NULL) { + res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); + if (res != 0) + return res; + } + /* + * partyName is required, so these should never be NULL. We treat it in + * the same way as the a == NULL || b == NULL case above + */ + if (a->partyName == NULL || b->partyName == NULL) + return -1; + + return ASN1_STRING_cmp(a->partyName, b->partyName); +} + /* Returns 0 if they are equal, != 0 otherwise. */ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) { @@ -66,8 +98,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) return -1; switch (a->type) { case GEN_X400: + result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); + break; + case GEN_EDIPARTY: - result = ASN1_TYPE_cmp(a->d.other, b->d.other); + result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); break; case GEN_OTHERNAME: @@ -114,8 +149,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) { switch (type) { case GEN_X400: + a->d.x400Address = value; + break; + case GEN_EDIPARTY: - a->d.other = value; + a->d.ediPartyName = value; break; case GEN_OTHERNAME: @@ -143,14 +181,16 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) a->type = type; } -void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype) +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype) { if (ptype) *ptype = a->type; switch (a->type) { case GEN_X400: + return a->d.x400Address; + case GEN_EDIPARTY: - return a->d.other; + return a->d.ediPartyName; case GEN_OTHERNAME: return a->d.otherName; @@ -188,7 +228,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, return 1; } -int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, ASN1_OBJECT **poid, ASN1_TYPE **pvalue) { if (gen->type != GEN_OTHERNAME) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ncons.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ncons.c index 9a2cd5af0..d985aa91d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ncons.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_ncons.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,12 @@ #include "internal/cryptlib.h" #include "internal/numbers.h" #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, @@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +#define IA5_OFFSET_LEN(ia5base, offset) \ + ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) + +/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the + * starting point to search from + */ +# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) + +/* Like memrrchr but for ASN1_IA5STRING */ +static char *ia5memrchr(ASN1_IA5STRING *str, int c) +{ + int i; + + for (i = str->length; i > 0 && str->data[i - 1] != c; i--); + + if (i == 0) + return NULL; + + return (char *)&str->data[i - 1]; +} + /* - * We cannot use strncasecmp here because that applies locale specific rules. + * We cannot use strncasecmp here because that applies locale specific rules. It + * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. * For example in Turkish 'I' is not the uppercase character for 'i'. We need to * do a simple ASCII case comparison ignoring the locale (that is why we use * numeric constants below). @@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n) /* c1 > c2 */ return 1; - } else if (*s1 == 0) { - /* If we get here we know that *s2 == 0 too */ - return 0; } } return 0; } -static int ia5casecmp(const char *s1, const char *s2) -{ - return ia5ncasecmp(s1, s2, SIZE_MAX); -} - static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { @@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) --utf8_length; /* Reject *embedded* NULs */ - if ((size_t)utf8_length != strlen((char *)utf8_value)) { + if (memchr(utf8_value, 0, utf8_length) != NULL) { OPENSSL_free(utf8_value); return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; } @@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) { char *baseptr = (char *)base->data; char *dnsptr = (char *)dns->data; + /* Empty matches everything */ - if (!*baseptr) + if (base->length == 0) return X509_V_OK; + + if (dns->length < base->length) + return X509_V_ERR_PERMITTED_VIOLATION; + /* * Otherwise can add zero or more components on the left so compare RHS * and if dns is longer and expect '.' as preceding character. @@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) return X509_V_ERR_PERMITTED_VIOLATION; } - if (ia5casecmp(baseptr, dnsptr)) + if (ia5ncasecmp(baseptr, dnsptr, base->length)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) { const char *baseptr = (char *)base->data; const char *emlptr = (char *)eml->data; + const char *baseat = ia5memrchr(base, '@'); + const char *emlat = ia5memrchr(eml, '@'); + size_t basehostlen, emlhostlen; - const char *baseat = strchr(baseptr, '@'); - const char *emlat = strchr(emlptr, '@'); if (!emlat) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: initial '.' is RHS match */ - if (!baseat && (*baseptr == '.')) { + if (!baseat && base->length > 0 && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (ia5casecmp(baseptr, emlptr) == 0) + if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) baseptr = baseat + 1; } emlptr = emlat + 1; + basehostlen = IA5_OFFSET_LEN(base, baseptr); + emlhostlen = IA5_OFFSET_LEN(eml, emlptr); /* Just have hostname left to match: case insensitive */ - if (ia5casecmp(baseptr, emlptr)) + if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) { const char *baseptr = (char *)base->data; const char *hostptr = (char *)uri->data; - const char *p = strchr(hostptr, ':'); + const char *p = ia5memchr(uri, (char *)uri->data, ':'); int hostlen; + /* Check for foo:// and skip past it */ - if (!p || (p[1] != '/') || (p[2] != '/')) + if (p == NULL + || IA5_OFFSET_LEN(uri, p) < 3 + || p[1] != '/' + || p[2] != '/') return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; hostptr = p + 3; @@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) /* Look for a port indicator as end of hostname first */ - p = strchr(hostptr, ':'); + p = ia5memchr(uri, hostptr, ':'); /* Otherwise look for trailing slash */ - if (!p) - p = strchr(hostptr, '/'); + if (p == NULL) + p = ia5memchr(uri, hostptr, '/'); - if (!p) - hostlen = strlen(hostptr); + if (p == NULL) + hostlen = IA5_OFFSET_LEN(uri, hostptr); else hostlen = p - hostptr; @@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Special case: initial '.' is RHS match */ - if (*baseptr == '.') { + if (base->length > 0 && *baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; if (ia5ncasecmp(p, baseptr, base->length) == 0) diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pci.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pci.c index 3d124fa6d..532d4e192 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pci.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_pci.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); BIO_puts(out, "\n"); if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) - BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", + BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", + pci->proxyPolicy->policy->length, pci->proxyPolicy->policy->data); return 1; } diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_purp.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_purp.c index 70b0397d9..a1aeb4e4c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_purp.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,8 @@ #include "internal/numbers.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" +#include "../x509/x509_local.h" /* for x509_signing_allowed() */ #include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); @@ -81,6 +82,8 @@ int X509_check_purpose(X509 *x, int id, int ca) const X509_PURPOSE *pt; x509v3_cache_extensions(x); + if (x->ex_flags & EXFLAG_INVALID) + return -1; /* Return if side-effect only call */ if (id == -1) @@ -300,10 +303,11 @@ int X509_supported_extension(X509_EXTENSION *ex) return 0; } -static void setup_dp(X509 *x, DIST_POINT *dp) +static int setup_dp(X509 *x, DIST_POINT *dp) { X509_NAME *iname = NULL; int i; + if (dp->reasons) { if (dp->reasons->length > 0) dp->dp_reasons = dp->reasons->data[0]; @@ -313,7 +317,7 @@ static void setup_dp(X509 *x, DIST_POINT *dp) } else dp->dp_reasons = CRLDP_ALL_REASONS; if (!dp->distpoint || (dp->distpoint->type != 1)) - return; + return 1; for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); if (gen->type == GEN_DIRNAME) { @@ -324,16 +328,39 @@ static void setup_dp(X509 *x, DIST_POINT *dp) if (!iname) iname = X509_get_issuer_name(x); - DIST_POINT_set_dpname(dp->distpoint, iname); - + return DIST_POINT_set_dpname(dp->distpoint, iname); } -static void setup_crldp(X509 *x) +static int setup_crldp(X509 *x) { int i; - x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); - for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) - setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); + + x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &i, NULL); + if (x->crldp == NULL && i != -1) + return 0; + for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { + if (!setup_dp(x, sk_DIST_POINT_value(x->crldp, i))) + return 0; + } + return 1; +} + +/* Check that issuer public key algorithm matches subject signature algorithm */ +static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) +{ + int pkey_sig_nid, subj_sig_nid; + + if (pkey == NULL) + return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey), + NULL, &pkey_sig_nid) == 0) + pkey_sig_nid = EVP_PKEY_base_id(pkey); + if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), + NULL, &subj_sig_nid) == 0) + return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; + if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid)) + return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; + return X509_V_OK; } #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) @@ -366,28 +393,36 @@ static void x509v3_cache_extensions(X509 *x) return; } - X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); + if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) + x->ex_flags |= (EXFLAG_NO_FINGERPRINT | EXFLAG_INVALID); + /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; /* Handle basic constraints */ - if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { + if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL))) { if (bs->ca) x->ex_flags |= EXFLAG_CA; if (bs->pathlen) { - if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) - || !bs->ca) { + if (bs->pathlen->type == V_ASN1_NEG_INTEGER) { x->ex_flags |= EXFLAG_INVALID; x->ex_pathlen = 0; - } else + } else { x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); + if (!bs->ca && x->ex_pathlen != 0) { + x->ex_flags |= EXFLAG_INVALID; + x->ex_pathlen = 0; + } + } } else x->ex_pathlen = -1; BASIC_CONSTRAINTS_free(bs); x->ex_flags |= EXFLAG_BCONS; + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } /* Handle proxy certificates */ - if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { + if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL))) { if (x->ex_flags & EXFLAG_CA || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { @@ -399,9 +434,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_pcpathlen = -1; PROXY_CERT_INFO_EXTENSION_free(pci); x->ex_flags |= EXFLAG_PROXY; + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } /* Handle key usage */ - if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { + if ((usage = X509_get_ext_d2i(x, NID_key_usage, &i, NULL))) { if (usage->length > 0) { x->ex_kusage = usage->data[0]; if (usage->length > 1) @@ -410,9 +447,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_kusage = 0; x->ex_flags |= EXFLAG_KUSAGE; ASN1_BIT_STRING_free(usage); + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } x->ex_xkusage = 0; - if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { + if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &i, NULL))) { x->ex_flags |= EXFLAG_XKUSAGE; for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { @@ -455,36 +494,50 @@ static void x509v3_cache_extensions(X509 *x) } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } - if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { + if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &i, NULL))) { if (ns->length > 0) x->ex_nscert = ns->data[0]; else x->ex_nscert = 0; x->ex_flags |= EXFLAG_NSCERT; ASN1_BIT_STRING_free(ns); + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } - x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); - x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); + x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &i, NULL); + if (x->skid == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; + x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &i, NULL); + if (x->akid == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; /* Does subject name match issuer ? */ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { - x->ex_flags |= EXFLAG_SI; - /* If SKID matches AKID also indicate self signed */ - if (X509_check_akid(x, x->akid) == X509_V_OK && - !ku_reject(x, KU_KEY_CERT_SIGN)) - x->ex_flags |= EXFLAG_SS; + x->ex_flags |= EXFLAG_SI; /* cert is self-issued */ + if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ + /* .. and the signature alg matches the PUBKEY alg: */ + && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) + x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ } - x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); - x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); - if (!x->nc && (i != -1)) + x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); + if (x->altname == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; + x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); + if (x->nc == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; + if (!setup_crldp(x)) x->ex_flags |= EXFLAG_INVALID; - setup_crldp(x); #ifndef OPENSSL_NO_RFC3779 - x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); - x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, - NULL, NULL); + x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL); + if (x->rfc3779_addr == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; + x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL); + if (x->rfc3779_asid == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; #endif for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); @@ -516,9 +569,11 @@ static void x509v3_cache_extensions(X509 *x) * return codes: * 0 not a CA * 1 is a CA - * 2 basicConstraints absent so "maybe" a CA + * 2 Only possible in older versions of openSSL when basicConstraints are absent + * new versions will not return this value. May be a CA * 3 basicConstraints absent but self signed V1. * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. + * 5 Netscape specific CA Flags present */ static int check_ca(const X509 *x) @@ -757,6 +812,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) return 1; } +/*- + * Check if certificate I is allowed to issue certificate I + * according to the B field of I if present + * depending on any proxyCertInfo extension of I. + * Returns 0 for OK, or positive for reason for rejection + * where reason codes match those for X509_verify_cert(). + */ +int x509_signing_allowed(const X509 *issuer, const X509 *subject) +{ + if (subject->ex_flags & EXFLAG_PROXY) { + if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; + } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + return X509_V_OK; +} + /*- * Various checks to see if one certificate issued the second. * This can be used to prune a set of possible issuer certificates @@ -765,19 +837,34 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) * These are: * 1. Check issuer_name(subject) == subject_name(issuer) * 2. If akid(subject) exists check it matches issuer - * 3. If key_usage(issuer) exists check it supports certificate signing + * 3. Check that issuer public key algorithm matches subject signature algorithm + * 4. If key_usage(issuer) exists check it supports certificate signing * returns 0 for OK, positive for reason for mismatch, reasons match * codes for X509_verify_cert() */ int X509_check_issued(X509 *issuer, X509 *subject) +{ + int ret; + + if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK) + return ret; + return x509_signing_allowed(issuer, subject); +} + +/* do the checks 1., 2., and 3. as described above for X509_check_issued() */ +int x509_likely_issued(X509 *issuer, X509 *subject) { if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; x509v3_cache_extensions(issuer); + if (issuer->ex_flags & EXFLAG_INVALID) + return X509_V_ERR_UNSPECIFIED; x509v3_cache_extensions(subject); + if (subject->ex_flags & EXFLAG_INVALID) + return X509_V_ERR_UNSPECIFIED; if (subject->akid) { int ret = X509_check_akid(issuer, subject->akid); @@ -785,12 +872,8 @@ int X509_check_issued(X509 *issuer, X509 *subject) return ret; } - if (subject->ex_flags & EXFLAG_PROXY) { - if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) - return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; - } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) - return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; - return X509_V_OK; + /* check if the subject signature alg matches the issuer's PUBKEY alg */ + return check_sig_alg_match(X509_get0_pubkey(issuer), subject); } int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) @@ -842,7 +925,8 @@ uint32_t X509_get_extension_flags(X509 *x) uint32_t X509_get_key_usage(X509 *x) { /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); + if (X509_check_purpose(x, -1, -1) != 1) + return 0; if (x->ex_flags & EXFLAG_KUSAGE) return x->ex_kusage; return UINT32_MAX; @@ -851,7 +935,8 @@ uint32_t X509_get_key_usage(X509 *x) uint32_t X509_get_extended_key_usage(X509 *x) { /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); + if (X509_check_purpose(x, -1, -1) != 1) + return 0; if (x->ex_flags & EXFLAG_XKUSAGE) return x->ex_xkusage; return UINT32_MAX; @@ -860,17 +945,35 @@ uint32_t X509_get_extended_key_usage(X509 *x) const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) { /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); + if (X509_check_purpose(x, -1, -1) != 1) + return NULL; return x->skid; } const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x) { /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, -1); + if (X509_check_purpose(x, -1, -1) != 1) + return NULL; return (x->akid != NULL ? x->akid->keyid : NULL); } +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1) + return NULL; + return (x->akid != NULL ? x->akid->issuer : NULL); +} + +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1) + return NULL; + return (x->akid != NULL ? x->akid->serial : NULL); +} + long X509_get_pathlen(X509 *x) { /* Called for side effect of caching extensions */ diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_skey.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_skey.c index 749f51b2f..c2e820456 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_skey.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_skey.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_utl.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_utl.c index c9b40d2c7..f41c699b5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_utl.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,11 +12,12 @@ #include "e_os.h" #include "internal/cryptlib.h" #include -#include "internal/ctype.h" +#include +#include "crypto/ctype.h" #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include "ext_dat.h" @@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); /* Add a CONF_VALUE name value pair to stack */ -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) +static int x509v3_add_len_value(const char *name, const char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist) { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; int sk_allocated = (*extlist == NULL); - if (name && (tname = OPENSSL_strdup(name)) == NULL) - goto err; - if (value && (tvalue = OPENSSL_strdup(value)) == NULL) + if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) goto err; + if (value != NULL && vallen > 0) { + /* + * We tolerate a single trailing NUL character, but otherwise no + * embedded NULs + */ + if (memchr(value, 0, vallen - 1) != NULL) + goto err; + tvalue = OPENSSL_strndup(value, vallen); + if (tvalue == NULL) + goto err; + } if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) goto err; if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) @@ -56,7 +66,7 @@ int X509V3_add_value(const char *name, const char *value, goto err; return 1; err: - X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE); if (sk_allocated) { sk_CONF_VALUE_free(*extlist); *extlist = NULL; @@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value, return 0; } +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist) +{ + return x509v3_add_len_value(name, value, + value != NULL ? strlen((const char *)value) : 0, + extlist); +} + int X509V3_add_value_uchar(const char *name, const unsigned char *value, STACK_OF(CONF_VALUE) **extlist) { - return X509V3_add_value(name, (const char *)value, extlist); + return x509v3_add_len_value(name, (const char *)value, + value != NULL ? strlen((const char *)value) : 0, + extlist); +} + +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist) +{ + return x509v3_add_len_value(name, (const char *)value, vallen, extlist); } /* Free function for STACK_OF(CONF_VALUE) */ @@ -502,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email /* First some sanity checks */ if (email->type != V_ASN1_IA5STRING) return 1; - if (!email->data || !email->length) + if (email->data == NULL || email->length == 0) + return 1; + if (memchr(email->data, 0, email->length) != NULL) return 1; if (*sk == NULL) *sk = sk_OPENSSL_STRING_new(sk_strcmp); if (*sk == NULL) return 0; + + emtmp = OPENSSL_strndup((char *)email->data, email->length); + if (emtmp == NULL) + return 0; + /* Don't add duplicates */ - if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) + if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { + OPENSSL_free(emtmp); return 1; - emtmp = OPENSSL_strdup((char *)email->data); - if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { - OPENSSL_free(emtmp); /* free on push failure */ + } + if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { + OPENSSL_free(emtmp); /* free on push failure */ X509_email_free(*sk); *sk = NULL; return 0; diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3err.c b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3err.c index 4f2ea52a4..8b2918a64 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3err.c +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = { "i2s_ASN1_INTEGER"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0), "i2v_AUTHORITY_INFO_ACCESS"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0), + "i2v_AUTHORITY_KEYID"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"}, @@ -104,6 +106,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = { {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0), "v3_generic_extension"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0), + "x509v3_add_len_value"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0), "X509V3_add_value"}, {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"}, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x86_64cpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/x86_64cpuid.pl index 6423e803b..d9536d657 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x86_64cpuid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x86_64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,7 @@ print<<___; .type OPENSSL_atomic_add,\@abi-omnipotent .align 16 OPENSSL_atomic_add: +.cfi_startproc movl ($arg1),%eax .Lspin: leaq ($arg2,%rax),%r8 .byte 0xf0 # lock @@ -47,16 +48,19 @@ OPENSSL_atomic_add: movl %r8d,%eax .byte 0x48,0x98 # cltq/cdqe ret +.cfi_endproc .size OPENSSL_atomic_add,.-OPENSSL_atomic_add .globl OPENSSL_rdtsc .type OPENSSL_rdtsc,\@abi-omnipotent .align 16 OPENSSL_rdtsc: +.cfi_startproc rdtsc shl \$32,%rdx or %rdx,%rax ret +.cfi_endproc .size OPENSSL_rdtsc,.-OPENSSL_rdtsc .globl OPENSSL_ia32_cpuid @@ -232,6 +236,7 @@ OPENSSL_ia32_cpuid: .type OPENSSL_cleanse,\@abi-omnipotent .align 16 OPENSSL_cleanse: +.cfi_startproc xor %rax,%rax cmp \$15,$arg2 jae .Lot @@ -261,12 +266,14 @@ OPENSSL_cleanse: cmp \$0,$arg2 jne .Little ret +.cfi_endproc .size OPENSSL_cleanse,.-OPENSSL_cleanse .globl CRYPTO_memcmp .type CRYPTO_memcmp,\@abi-omnipotent .align 16 CRYPTO_memcmp: +.cfi_startproc xor %rax,%rax xor %r10,%r10 cmp \$0,$arg3 @@ -295,6 +302,7 @@ CRYPTO_memcmp: shr \$63,%rax .Lno_data: ret +.cfi_endproc .size CRYPTO_memcmp,.-CRYPTO_memcmp ___ @@ -303,6 +311,7 @@ print<<___ if (!$win64); .type OPENSSL_wipe_cpu,\@abi-omnipotent .align 16 OPENSSL_wipe_cpu: +.cfi_startproc pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -329,6 +338,7 @@ OPENSSL_wipe_cpu: xorq %r11,%r11 leaq 8(%rsp),%rax ret +.cfi_endproc .size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu ___ print<<___ if ($win64); @@ -365,6 +375,7 @@ print<<___; .type OPENSSL_instrument_bus,\@abi-omnipotent .align 16 OPENSSL_instrument_bus: +.cfi_startproc mov $arg1,$out # tribute to Win64 mov $arg2,$cnt mov $arg2,$max @@ -391,12 +402,14 @@ OPENSSL_instrument_bus: mov $max,%rax ret +.cfi_endproc .size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus .globl OPENSSL_instrument_bus2 .type OPENSSL_instrument_bus2,\@abi-omnipotent .align 16 OPENSSL_instrument_bus2: +.cfi_startproc mov $arg1,$out # tribute to Win64 mov $arg2,$cnt mov $arg3,$max @@ -439,6 +452,7 @@ OPENSSL_instrument_bus2: mov $redzone(%rsp),%rax sub $cnt,%rax ret +.cfi_endproc .size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 ___ } @@ -450,6 +464,7 @@ print<<___; .type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent .align 16 OPENSSL_ia32_${rdop}_bytes: +.cfi_startproc xor %rax, %rax # return value cmp \$0,$arg2 je .Ldone_${rdop}_bytes @@ -486,10 +501,11 @@ OPENSSL_ia32_${rdop}_bytes: .Ldone_${rdop}_bytes: xor %r10,%r10 # Clear sensitive data from register ret +.cfi_endproc .size OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes ___ } gen_random("rdrand"); gen_random("rdseed"); -close STDOUT; # flush +close STDOUT or die "error closing STDOUT: $!"; # flush diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/x86cpuid.pl b/trunk/3rdparty/openssl-1.1-fit/crypto/x86cpuid.pl index d43dda4d9..ba4fd80fb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/x86cpuid.pl +++ b/trunk/3rdparty/openssl-1.1-fit/crypto/x86cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -506,4 +506,4 @@ my $rdop = shift; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/trunk/3rdparty/openssl-1.1-fit/e_os.h b/trunk/3rdparty/openssl-1.1-fit/e_os.h index 8e6efa961..9af7f3758 100644 --- a/trunk/3rdparty/openssl-1.1-fit/e_os.h +++ b/trunk/3rdparty/openssl-1.1-fit/e_os.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_E_OS_H -# define HEADER_E_OS_H +#ifndef OSSL_E_OS_H +# define OSSL_E_OS_H # include # include @@ -27,10 +27,35 @@ * set this to a comma-separated list of 'random' device files to try out. By * default, we will try to read at least one of these files */ -# if defined(__s390__) -# define DEVRANDOM "/dev/prandom","/dev/urandom","/dev/hwrng","/dev/random" -# else -# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" +# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" +# if defined(__linux) && !defined(__ANDROID__) +# ifndef DEVRANDOM_WAIT +# define DEVRANDOM_WAIT "/dev/random" +# endif +/* + * Linux kernels 4.8 and later changes how their random device works and there + * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2) + * should be used instead. + */ +# ifndef DEVRANDOM_SAFE_KERNEL +# define DEVRANDOM_SAFE_KERNEL 4, 8 +# endif +/* + * Some operating systems do not permit select(2) on their random devices, + * defining this to zero will force the use of read(2) to extract one byte + * from /dev/random. + */ +# ifndef DEVRANDM_WAIT_USE_SELECT +# define DEVRANDM_WAIT_USE_SELECT 1 +# endif +/* + * Define the shared memory identifier used to indicate if the operating + * system has properly seeded the DEVRANDOM source. + */ +# ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID +# define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114 +# endif + # endif # endif # if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) @@ -39,7 +64,7 @@ * sockets will be tried in the order listed in case accessing the device * files listed in DEVRANDOM did not return enough randomness. */ -# define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" +# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" # endif # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) @@ -283,7 +308,7 @@ extern FILE *_imp___iob; # if defined(OPENSSL_SYS_WINDOWS) # define strcasecmp _stricmp # define strncasecmp _strnicmp -# if (_MSC_VER >= 1310) +# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) # define open _open # define fdopen _fdopen # define close _close diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/build.info b/trunk/3rdparty/openssl-1.1-fit/engines/build.info index df173ea69..1db771971 100644 --- a/trunk/3rdparty/openssl-1.1-fit/engines/build.info +++ b/trunk/3rdparty/openssl-1.1-fit/engines/build.info @@ -2,8 +2,9 @@ IF[{- !$disabled{"engine"} -}] IF[{- $disabled{"dynamic-engine"} -}] LIBS=../libcrypto - SOURCE[../libcrypto]=\ - e_padlock.c {- $target{padlock_asm_src} -} + IF[{- !$disabled{hw} && !$disabled{'hw-padlock'} -}] + SOURCE[../libcrypto]= e_padlock.c {- $target{padlock_asm_src} -} + ENDIF IF[{- !$disabled{capieng} -}] SOURCE[../libcrypto]=e_capi.c ENDIF @@ -11,10 +12,12 @@ IF[{- !$disabled{"engine"} -}] SOURCE[../libcrypto]=e_afalg.c ENDIF ELSE - ENGINES=padlock - SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -} - DEPEND[padlock]=../libcrypto - INCLUDE[padlock]=../include + IF[{- !$disabled{hw} && !$disabled{'hw-padlock'} -}] + ENGINES=padlock + SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -} + DEPEND[padlock]=../libcrypto + INCLUDE[padlock]=../include + ENDIF IF[{- !$disabled{capieng} -}] ENGINES=capi SOURCE[capi]=e_capi.c diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.c index f09c396ed..4b1722846 100644 --- a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.c +++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,9 +63,6 @@ void engine_load_afalg_int(void) # define ALG_OP_TYPE unsigned int # define ALG_OP_LEN (sizeof(ALG_OP_TYPE)) -#define ALG_MAX_SALG_NAME 64 -#define ALG_MAX_SALG_TYPE 14 - # ifdef OPENSSL_NO_DYNAMIC_ENGINE void engine_load_afalg_int(void); # endif @@ -371,10 +368,8 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, memset(&sa, 0, sizeof(sa)); sa.salg_family = AF_ALG; - strncpy((char *) sa.salg_type, ciphertype, ALG_MAX_SALG_TYPE); - sa.salg_type[ALG_MAX_SALG_TYPE-1] = '\0'; - strncpy((char *) sa.salg_name, ciphername, ALG_MAX_SALG_NAME); - sa.salg_name[ALG_MAX_SALG_NAME-1] = '\0'; + OPENSSL_strlcpy((char *) sa.salg_type, ciphertype, sizeof(sa.salg_type)); + OPENSSL_strlcpy((char *) sa.salg_name, ciphername, sizeof(sa.salg_name)); actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (actx->bfd == -1) { @@ -461,7 +456,7 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, /* * vmsplice and splice are used to pin the user space input buffer for - * kernel space processing avoiding copys from user to kernel space + * kernel space processing avoiding copies from user to kernel space */ ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT); if (ret < 0) { @@ -502,7 +497,7 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, int ciphertype; int ret; afalg_ctx *actx; - char ciphername[ALG_MAX_SALG_NAME]; + const char *ciphername; if (ctx == NULL || key == NULL) { ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__); @@ -525,14 +520,13 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, case NID_aes_128_cbc: case NID_aes_192_cbc: case NID_aes_256_cbc: - strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME); + ciphername = "cbc(aes)"; break; default: ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__, ciphertype); return 0; } - ciphername[ALG_MAX_SALG_NAME-1]='\0'; if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) { ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__, diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.h index 2c03c448d..3323c898c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.h +++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_AFALG_H -# define HEADER_AFALG_H +#ifndef OSSL_ENGINES_E_AFALG_H +# define OSSL_ENGINES_E_AFALG_H # if defined(__GNUC__) && __GNUC__ >= 4 && \ (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.h index 3eb1332bb..3036443f4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.h +++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_afalg_err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_AFALGERR_H -# define HEADER_AFALGERR_H +#ifndef OSSL_ENGINES_E_AFALG_ERR_H +# define OSSL_ENGINES_E_AFALG_ERR_H # define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.h index e034c98ca..e3a927aa7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.h +++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_capi_err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CAPIERR_H -# define HEADER_CAPIERR_H +#ifndef OSSL_ENGINES_E_CAPI_ERR_H +# define OSSL_ENGINES_E_CAPI_ERR_H # define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.h index 7c2c02787..5b74d8be2 100644 --- a/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.h +++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_dasync_err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DASYNCERR_H -# define HEADER_DASYNCERR_H +#ifndef OSSL_ENGINES_E_DASYNC_ERR_H +# define OSSL_ENGINES_E_DASYNC_ERR_H # define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.h b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.h index e745c1a23..8e6535b76 100644 --- a/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.h +++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_ossltest_err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_OSSLTESTERR_H -# define HEADER_OSSLTESTERR_H +#ifndef OSSL_ENGINES_E_OSSLTEST_ERR_H +# define OSSL_ENGINES_E_OSSLTEST_ERR_H # define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) diff --git a/trunk/3rdparty/openssl-1.1-fit/engines/e_padlock.c b/trunk/3rdparty/openssl-1.1-fit/engines/e_padlock.c index f6b1f1698..a82c07e81 100644 --- a/trunk/3rdparty/openssl-1.1-fit/engines/e_padlock.c +++ b/trunk/3rdparty/openssl-1.1-fit/engines/e_padlock.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ */ # undef COMPILE_HW_PADLOCK -# if !defined(I386_ONLY) && defined(PADLOCK_ASM) +# if defined(PADLOCK_ASM) # define COMPILE_HW_PADLOCK # ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *ENGINE_padlock(void); @@ -148,7 +148,7 @@ static int padlock_init(ENGINE *e) * This stuff is needed if this ENGINE is being compiled into a * self-contained shared-library. */ -# ifdef DYNAMIC_ENGINE +# ifndef OPENSSL_NO_DYNAMIC_ENGINE static int padlock_bind_fn(ENGINE *e, const char *id) { if (id && (strcmp(id, padlock_id) != 0)) { @@ -164,7 +164,7 @@ static int padlock_bind_fn(ENGINE *e, const char *id) IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn) -# endif /* DYNAMIC_ENGINE */ +# endif /* !OPENSSL_NO_DYNAMIC_ENGINE */ /* ===== Here comes the "real" engine ===== */ /* Some AES-related constants */ diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1.c index fd2271bf5..9fa5f20b5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/oids.txt b/trunk/3rdparty/openssl-1.1-fit/fuzz/oids.txt index fe363fd37..eda55e4e7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/fuzz/oids.txt +++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/oids.txt @@ -1057,7 +1057,7 @@ OBJ_id_tc26_wrap="\x2A\x85\x03\x07\x01\x01\x07" OBJ_id_tc26_wrap_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x07\x01" OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01" OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x07\x02" -OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01" +OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x02\x01" OBJ_id_tc26_gost_3410_2012_256_paramSetB="\x2A\x85\x03\x07\x01\x02\x01\x01\x02" OBJ_id_tc26_gost_3410_2012_256_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x01\x03" OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" diff --git a/trunk/3rdparty/openssl-1.1-fit/fuzz/x509.c b/trunk/3rdparty/openssl-1.1-fit/fuzz/x509.c index 926287da4..ceaec0797 100644 --- a/trunk/3rdparty/openssl-1.1-fit/fuzz/x509.c +++ b/trunk/3rdparty/openssl-1.1-fit/fuzz/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -37,6 +37,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) X509_print(bio, x509); BIO_free(bio); + X509_issuer_and_serial_hash(x509); + i2d_X509(x509, &der); OPENSSL_free(der); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H b/trunk/3rdparty/openssl-1.1-fit/include/crypto/__DECC_INCLUDE_EPILOGUE.H similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/__DECC_INCLUDE_EPILOGUE.H diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H b/trunk/3rdparty/openssl-1.1-fit/include/crypto/__DECC_INCLUDE_PROLOGUE.H similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/__DECC_INCLUDE_PROLOGUE.H diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/aria.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/aria.h similarity index 96% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/aria.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/aria.h index 355abe539..03a62950a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/aria.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/aria.h @@ -10,8 +10,8 @@ /* Copyright (c) 2017 National Security Research Institute. All rights reserved. */ -#ifndef HEADER_ARIA_H -# define HEADER_ARIA_H +#ifndef OSSL_CRYPTO_ARIA_H +# define OSSL_CRYPTO_ARIA_H # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/asn1_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/asn1.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/asn1_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/asn1.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/async.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/async.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/async.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/async.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/bn.h similarity index 98% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/bn.h index 30be7efe1..60afda1da 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_int.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/bn.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BN_INT_H -# define HEADER_BN_INT_H +#ifndef OSSL_CRYPTO_BN_H +# define OSSL_CRYPTO_BN_H # include # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_conf.h.in b/trunk/3rdparty/openssl-1.1-fit/include/crypto/bn_conf.h.in similarity index 93% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_conf.h.in rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/bn_conf.h.in index ec6e4f6c1..b6b9eb743 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_conf.h.in +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/bn_conf.h.in @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BN_CONF_H -# define HEADER_BN_CONF_H +#ifndef OSSL_CRYPTO_BN_CONF_H +# define OSSL_CRYPTO_BN_CONF_H /* * The contents of this file are not used in the UEFI build, as diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_dh.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/bn_dh.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_dh.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/bn_dh.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_srp.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/bn_srp.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/bn_srp.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/bn_srp.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/chacha.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/chacha.h similarity index 96% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/chacha.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/chacha.h index 67243f222..4029400a6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/chacha.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/chacha.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CHACHA_H -#define HEADER_CHACHA_H +#ifndef OSSL_CRYPTO_CHACHA_H +#define OSSL_CRYPTO_CHACHA_H #include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/cryptlib_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/cryptlib.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/cryptlib_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/cryptlib.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ctype.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/ctype.h similarity index 94% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ctype.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/ctype.h index a35b12bfb..81ef8f5cf 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ctype.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/ctype.h @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,8 +18,8 @@ * throughout the rest of the source code. Refer to issue #4154 for * details. */ -#ifndef INTERNAL_CTYPE_H -# define INTERNAL_CTYPE_H +#ifndef OSSL_CRYPTO_CTYPE_H +# define OSSL_CRYPTO_CTYPE_H # define CTYPE_MASK_lower 0x1 # define CTYPE_MASK_upper 0x2 @@ -57,6 +57,8 @@ int ossl_ctype_check(int c, unsigned int mask); int ossl_tolower(int c); int ossl_toupper(int c); +int ascii_isdigit(const char inchar); + # define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum)) # define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha)) # ifdef CHARSET_EBCDIC diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/dso_conf.h.in b/trunk/3rdparty/openssl-1.1-fit/include/crypto/dso_conf.h.in similarity index 81% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/dso_conf.h.in rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/dso_conf.h.in index d6e9d1b1b..57a09b10a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/dso_conf.h.in +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/dso_conf.h.in @@ -1,6 +1,6 @@ {- join("\n",map { "/* $_ */" } @autowarntext) -} /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,16 +8,18 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DSO_CONF_H -# define HEADER_DSO_CONF_H -{- output_off() if $disabled{dso} -} +#ifndef OSSL_CRYPTO_DSO_CONF_H +# define OSSL_CRYPTO_DSO_CONF_H {- # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform # has support compiled in for them. Currently each method is enabled # by a define "DSO_" ... we translate the "dso_scheme" config # string entry into using the following logic; - my $scheme = uc $target{dso_scheme}; + my $scheme = $disabled{dso} ? undef : uc $target{dso_scheme}; + if (!$scheme) { + $scheme = "NONE"; + } my @macros = ( "DSO_$scheme" ); if ($scheme eq 'DLFCN') { @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" ); @@ -26,5 +28,4 @@ } join("\n", map { "# define $_" } @macros); -} # define DSO_EXTENSION "{- $target{dso_extension} -}" -{- output_on() if $disabled{dso} -} #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ec_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/ec.h similarity index 96% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ec_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/ec.h index 182c39cc8..fe52ae704 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/ec_int.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/ec.h @@ -9,8 +9,8 @@ /* Internal EC functions for other submodules: not for application use */ -#ifndef HEADER_OSSL_EC_INTERNAL_H -# define HEADER_OSSL_EC_INTERNAL_H +#ifndef OSSL_CRYPTO_EC_H +# define OSSL_CRYPTO_EC_H # include # ifndef OPENSSL_NO_EC diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/engine.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/engine.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/engine.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/engine.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/err_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/err.h similarity index 90% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/err_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/err.h index 44ac94462..8ab0e5baa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/err_int.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/err.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef INTERNAL_ERR_INT_H -# define INTERNAL_ERR_INT_H +#ifndef OSSL_CRYPTO_ERR_H +# define OSSL_CRYPTO_ERR_H int err_load_crypto_strings_int(void); void err_cleanup(void); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/evp_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/evp.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/evp_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/evp.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/lhash.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/lhash.h similarity index 87% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/lhash.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/lhash.h index 200ba8685..ab060cce7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/lhash.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/lhash.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef INTERNAL_LHASH_H -# define INTERNAL_LHASH_H +#ifndef OSSL_CRYPTO_LHASH_H +# define OSSL_CRYPTO_LHASH_H unsigned long openssl_lh_strcasehash(const char *); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/md32_common.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/md32_common.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/md32_common.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/md32_common.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/objects.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/objects.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/objects.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/objects.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/poly1305.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/poly1305.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/poly1305.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/poly1305.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/rand_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/rand.h similarity index 94% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/rand_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/rand.h index 888cab1b8..5350d3a93 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/rand_int.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/rand.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,8 +15,8 @@ * or in the file LICENSE in the source distribution. */ -#ifndef HEADER_RAND_INT_H -# define HEADER_RAND_INT_H +#ifndef OSSL_CRYPTO_RAND_H +# define OSSL_CRYPTO_RAND_H # include @@ -26,7 +26,6 @@ typedef struct rand_pool_st RAND_POOL; void rand_cleanup_int(void); void rand_drbg_cleanup_int(void); void drbg_delete_thread_state(void); -void rand_fork(void); /* Hardware-based seeding functions. */ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); @@ -52,7 +51,8 @@ void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); /* * RAND_POOL functions */ -RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len); +RAND_POOL *rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len); RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, size_t entropy); void rand_pool_free(RAND_POOL *pool); diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sha.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sha.h similarity index 89% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sha.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/sha.h index 458a75e89..6d15edb9e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sha.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sha.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_SHA_H -# define HEADER_INTERNAL_SHA_H +#ifndef OSSL_CRYPTO_SHA_H +# define OSSL_CRYPTO_SHA_H # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/siphash.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/siphash.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/siphash.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/siphash.h diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sm2.h similarity index 90% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/sm2.h index 5c5cd4b4f..a7f5548c0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sm2.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -9,8 +9,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SM2_H -# define HEADER_SM2_H +#ifndef OSSL_CRYPTO_SM2_H +# define OSSL_CRYPTO_SM2_H # include # ifndef OPENSSL_NO_SM2 @@ -60,8 +60,7 @@ int sm2_verify(const unsigned char *dgst, int dgstlen, int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, size_t *ct_size); -int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, - size_t *pt_size); +int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size); int sm2_encrypt(const EC_KEY *key, const EVP_MD *digest, diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2err.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sm2err.h similarity index 92% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2err.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/sm2err.h index a4db1b73d..d1c0ee259 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm2err.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sm2err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,8 +8,12 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SM2ERR_H -# define HEADER_SM2ERR_H +#ifndef OSSL_CRYPTO_SM2ERR_H +# define OSSL_CRYPTO_SM2ERR_H + +# ifndef HEADER_SYMHACKS_H +# include +# endif # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm3.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sm3.h similarity index 94% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm3.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/sm3.h index 27eb471c2..97e746033 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm3.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sm3.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SM3_H -# define HEADER_SM3_H +#ifndef OSSL_CRYPTO_SM3_H +# define OSSL_CRYPTO_SM3_H # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm4.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sm4.h similarity index 94% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm4.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/sm4.h index f1f157ef5..abe28f385 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/sm4.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/sm4.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SM4_H -# define HEADER_SM4_H +#ifndef OSSL_CRYPTO_SM4_H +# define OSSL_CRYPTO_SM4_H # include # include diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/store.h similarity index 82% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/store.h index 6f31e019e..428d3c60e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/store_int.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_STORE_INT_H -# define HEADER_STORE_INT_H +#ifndef OSSL_CRYPTO_STORE_H +# define OSSL_CRYPTO_STORE_H # include # include @@ -23,4 +23,6 @@ OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, void *ui_data); int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx); +void ossl_store_cleanup_int(void); + #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/x509_int.h b/trunk/3rdparty/openssl-1.1-fit/include/crypto/x509.h similarity index 97% rename from trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/x509_int.h rename to trunk/3rdparty/openssl-1.1-fit/include/crypto/x509.h index b53c2b03c..243ea74f6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/crypto/include/internal/x509_int.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/crypto/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,6 +8,8 @@ */ #include "internal/refcount.h" +#include +#include /* Internal X509 structures and functions: not for application use */ @@ -284,3 +286,6 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc); int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); void x509_init_sig_info(X509 *x); + +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/conf.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/conf.h index 29bc9f963..163fea8de 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/conf.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/conf.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_CONF_H -# define HEADER_INTERNAL_CONF_H +#ifndef OSSL_INTERNAL_CONF_H +# define OSSL_INTERNAL_CONF_H #include diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time_locl.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time.h similarity index 85% rename from trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time_locl.h rename to trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time.h index cde30f406..6600a1d72 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/constant_time.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CONSTANT_TIME_LOCL_H -# define HEADER_CONSTANT_TIME_LOCL_H +#ifndef OSSL_INTERNAL_CONSTANT_TIME_H +# define OSSL_INTERNAL_CONSTANT_TIME_H # include # include @@ -213,18 +213,72 @@ static ossl_inline unsigned char constant_time_eq_int_8(int a, int b) return constant_time_eq_8((unsigned)(a), (unsigned)(b)); } +/* + * Returns the value unmodified, but avoids optimizations. + * The barriers prevent the compiler from narrowing down the + * possible value range of the mask and ~mask in the select + * statements, which avoids the recognition of the select + * and turning it into a conditional load or branch. + */ +static ossl_inline unsigned int value_barrier(unsigned int a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned int r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned int r = a; +#endif + return r; +} + +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t value_barrier_32(uint32_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint32_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint32_t r = a; +#endif + return r; +} + +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t value_barrier_64(uint64_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint64_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint64_t r = a; +#endif + return r; +} + +/* Convenience method for size_t. */ +static ossl_inline size_t value_barrier_s(size_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + size_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile size_t r = a; +#endif + return r; +} + static ossl_inline unsigned int constant_time_select(unsigned int mask, unsigned int a, unsigned int b) { - return (mask & a) | (~mask & b); + return (value_barrier(mask) & a) | (value_barrier(~mask) & b); } static ossl_inline size_t constant_time_select_s(size_t mask, size_t a, size_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b); } static ossl_inline unsigned char constant_time_select_8(unsigned char mask, @@ -249,13 +303,13 @@ static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b) static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, uint32_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b); } static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, uint64_t b) { - return (mask & a) | (~mask & b); + return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b); } /* @@ -330,4 +384,4 @@ static ossl_inline void constant_time_lookup(void *out, */ void err_clear_last_constant_time(int clear); -#endif /* HEADER_CONSTANT_TIME_LOCL_H */ +#endif /* OSSL_INTERNAL_CONSTANT_TIME_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/cryptlib.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/cryptlib.h index b4d76d5f2..6e7291ae4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/cryptlib.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/cryptlib.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CRYPTLIB_H -# define HEADER_CRYPTLIB_H +#ifndef OSSL_INTERNAL_CRYPTLIB_H +# define OSSL_INTERNAL_CRYPTLIB_H # include # include @@ -80,6 +80,7 @@ extern unsigned int OPENSSL_ia32cap_P[]; void OPENSSL_showfatal(const char *fmta, ...); void crypto_cleanup_all_ex_data_int(void); int openssl_init_fork_handlers(void); +int openssl_get_fork_id(void); char *ossl_safe_getenv(const char *name); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/dane.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/dane.h index a1cb5488b..7a39bd7d7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/dane.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/dane.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_DANE_H -#define HEADER_INTERNAL_DANE_H +#ifndef OSSL_INTERNAL_DANE_H +#define OSSL_INTERNAL_DANE_H #include @@ -100,4 +100,4 @@ struct ssl_dane_st { #define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) #define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) -#endif /* HEADER_INTERNAL_DANE_H */ +#endif /* OSSL_INTERNAL_DANE_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/dso.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/dso.h index eb5f7d53c..c57c0c407 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/dso.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/dso.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DSO_H -# define HEADER_DSO_H +#ifndef OSSL_INTERNAL_DSO_H +# define OSSL_INTERNAL_DSO_H # include # include "internal/dsoerr.h" diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/dsoerr.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/dsoerr.h index a54a18545..94d642a22 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/dsoerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/dsoerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,16 +8,16 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DSOERR_H -# define HEADER_DSOERR_H +#ifndef OSSL_INTERNAL_DSOERR_H +# define OSSL_INTERNAL_DSOERR_H -# include +# ifndef HEADER_SYMHACKS_H +# include +# endif -# ifndef OPENSSL_NO_DSO - -# ifdef __cplusplus +# ifdef __cplusplus extern "C" -# endif +# endif int ERR_load_DSO_strings(void); /* @@ -79,5 +79,4 @@ int ERR_load_DSO_strings(void); # define DSO_R_UNLOAD_FAILED 107 # define DSO_R_UNSUPPORTED 108 -# endif #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/err.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/err.h index d46b8bdb2..88dde7059 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/err.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/err.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef INTERNAL_ERR_H -# define INTERNAL_ERR_H +#ifndef OSSL_INTERNAL_ERR_H +# define OSSL_INTERNAL_ERR_H void err_free_strings_int(void); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/nelem.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/nelem.h index d65a21a9f..699ef88ee 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/nelem.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/nelem.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_NELEM_H -# define HEADER_NELEM_H +#ifndef OSSL_INTERNAL_NELEM_H +# define OSSL_INTERNAL_NELEM_H # define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/numbers.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/numbers.h index 31931df3c..f5ade5226 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/numbers.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/numbers.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_NUMBERS_H -# define HEADER_NUMBERS_H +#ifndef OSSL_INTERNAL_NUMBERS_H +# define OSSL_INTERNAL_NUMBERS_H # include diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/o_dir.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/o_dir.h index e7b55e0c1..dafc8dd2e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/o_dir.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/o_dir.h @@ -36,8 +36,8 @@ * SUCH DAMAGE. */ -#ifndef O_DIR_H -# define O_DIR_H +#ifndef OSSL_INTERNAL_O_DIR_H +# define OSSL_INTERNAL_O_DIR_H typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/o_str.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/o_str.h index 86403c9ee..15c12e820 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/o_str.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/o_str.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_O_STR_H -# define HEADER_O_STR_H +#ifndef OSSL_INTERNAL_O_STR_H +# define OSSL_INTERNAL_O_STR_H # include /* to get size_t */ diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/refcount.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/refcount.h index 75d70a641..8fb536ead 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/refcount.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/refcount.h @@ -1,13 +1,13 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_REFCOUNT_H -# define HEADER_INTERNAL_REFCOUNT_H +#ifndef OSSL_INTERNAL_REFCOUNT_H +# define OSSL_INTERNAL_REFCOUNT_H /* Used to checking reference counts, most while doing perl5 stuff :-) */ # if defined(OPENSSL_NO_STDIO) @@ -79,7 +79,7 @@ static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock) typedef volatile int CRYPTO_REF_COUNT; -# if (defined(_M_ARM) && _M_ARM>=7) || defined(_M_ARM64) +# if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) # include # if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) # define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH @@ -99,7 +99,17 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) return 1; } # else -# pragma intrinsic(_InterlockedExchangeAdd) +# if !defined(_WIN32_WCE) +# pragma intrinsic(_InterlockedExchangeAdd) +# else +# if _WIN32_WCE >= 0x600 + extern long __cdecl _InterlockedExchangeAdd(long volatile*, long); +# else + /* under Windows CE we still have old-style Interlocked* functions */ + extern long __cdecl InterlockedExchangeAdd(long volatile*, long); +# define _InterlockedExchangeAdd InterlockedExchangeAdd +# endif +# endif static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) { diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/sockets.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/sockets.h index 5bb0355f0..39186efef 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/sockets.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/sockets.h @@ -8,8 +8,8 @@ */ -#ifndef HEADER_INTERNAL_SOCKETS -# define HEADER_INTERNAL_SOCKETS +#ifndef OSSL_INTERNAL_SOCKETS_H +# define OSSL_INTERNAL_SOCKETS_H # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) # define NO_SYS_PARAM_H diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/sslconf.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/sslconf.h index d538f8614..92c8941d0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/sslconf.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/sslconf.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SSLCONF_H -# define HEADER_SSLCONF_H +#ifndef OSSL_INTERNAL_SSLCONF_H +# define OSSL_INTERNAL_SSLCONF_H typedef struct ssl_conf_cmd_st SSL_CONF_CMD; diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/thread_once.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/thread_once.h index 8a25d04d2..8f8aa6e1c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/thread_once.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/thread_once.h @@ -72,7 +72,7 @@ * function defined via DEFINE_ONCE_STATIC where both functions use the same * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function * is used only one of the primary or the alternative initialiser function will - * ever be called - and that function will be called exactly once. Definitition + * ever be called - and that function will be called exactly once. Definition * of an alternative initialiser function MUST occur AFTER the definition of the * primary initialiser function. * diff --git a/trunk/3rdparty/openssl-1.1-fit/include/internal/tsan_assist.h b/trunk/3rdparty/openssl-1.1-fit/include/internal/tsan_assist.h index 38ba0c7eb..cc30162eb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/internal/tsan_assist.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/internal/tsan_assist.h @@ -18,7 +18,7 @@ * if (var == NOT_YET_INITIALIZED) * var = function_returning_same_value(); * - * This does work provided that loads and stores are single-instuction + * This does work provided that loads and stores are single-instruction * operations (and integer ones are on *all* supported platforms), but * it upsets Thread Sanitizer. Suggested solution is * @@ -77,7 +77,7 @@ #elif defined(_MSC_VER) && _MSC_VER>=1200 \ && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7)) + defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE))) /* * There is subtle dependency on /volatile: command-line option. * "ms" implies same semantic as memory_order_acquire for loads and diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_EPILOGUE.H index c350018ad..ad0a5f56d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_EPILOGUE.H +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_EPILOGUE.H @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,15 @@ */ /* - * This file is only used by HP C on VMS, and is included automatically + * This file is only used by HP C/C++ on VMS, and is included automatically * after each header file from this directory */ +/* + * The C++ compiler doesn't understand these pragmas, even though it + * understands the corresponding command line qualifier. + */ +#ifndef __cplusplus /* restore state. Must correspond to the save in __decc_include_prologue.h */ -#pragma names restore +# pragma names restore +#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_PROLOGUE.H index 9a9c777f9..5f5513e82 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_PROLOGUE.H +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/__DECC_INCLUDE_PROLOGUE.H @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,13 +8,19 @@ */ /* - * This file is only used by HP C on VMS, and is included automatically + * This file is only used by HP C/C++ on VMS, and is included automatically * after each header file from this directory */ +/* + * The C++ compiler doesn't understand these pragmas, even though it + * understands the corresponding command line qualifier. + */ +#ifndef __cplusplus /* save state */ -#pragma names save +# pragma names save /* have the compiler shorten symbols larger than 31 chars to 23 chars * followed by a 8 hex char CRC */ -#pragma names as_is,shortened +# pragma names as_is,shortened +#endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1err.h index 5a91126db..e1ad1fefe 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1err.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asn1err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,8 @@ #ifndef HEADER_ASN1ERR_H # define HEADER_ASN1ERR_H +# include + # ifdef __cplusplus extern "C" # endif @@ -49,6 +51,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_ITEM_DUP 191 # define ASN1_F_ASN1_ITEM_EMBED_D2I 120 # define ASN1_F_ASN1_ITEM_EMBED_NEW 121 +# define ASN1_F_ASN1_ITEM_EX_I2D 144 # define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 # define ASN1_F_ASN1_ITEM_I2D_BIO 192 # define ASN1_F_ASN1_ITEM_I2D_FP 193 @@ -141,6 +144,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_R_ASN1_SIG_PARSE_ERROR 204 # define ASN1_R_AUX_ERROR 100 # define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BAD_TEMPLATE 230 # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 # define ASN1_R_BN_LIB 105 # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asyncerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asyncerr.h index 5497ba752..91afbbb2f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/asyncerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/asyncerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_ASYNCERR_H # define HEADER_ASYNCERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bio.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bio.h index 2888b42da..ae559a510 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bio.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bio.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,10 +20,6 @@ # include # include -# ifndef OPENSSL_NO_SCTP -# include -# endif - #ifdef __cplusplus extern "C" { #endif @@ -173,6 +169,7 @@ extern "C" { */ # define BIO_FLAGS_MEM_RDONLY 0x200 # define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 typedef union bio_addr_st BIO_ADDR; typedef struct bio_addrinfo_st BIO_ADDRINFO; diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bioerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bioerr.h index f119a59c3..46e2c96ee 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bioerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bioerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_BIOERR_H # define HEADER_BIOERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bn.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bn.h index 8af05d00e..d87766049 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bn.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bn.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -56,7 +56,7 @@ extern "C" { * avoid leaking exponent information through timing, * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. + * BN_mod_inverse() will call bn_mod_inverse_no_branch. */ # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bnerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bnerr.h index 8a022cc06..9f3c7cfaa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/bnerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/bnerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_BNERR_H # define HEADER_BNERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffererr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffererr.h index 3aee13232..04f6ff7a8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffererr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/buffererr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_BUFERR_H # define HEADER_BUFERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cms.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cms.h index ddf37e56f..c7627968c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cms.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cms.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -284,8 +284,6 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos, int type); -# ifdef HEADER_X509V3_H - int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, @@ -298,7 +296,6 @@ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto); -# endif int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pukm); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmserr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmserr.h index 3f8ae26da..7dbc13dc9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmserr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_CMSERR_H # define HEADER_CMSERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_CMS @@ -101,6 +105,7 @@ int ERR_load_CMS_strings(void); # define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 # define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 # define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 183 # define CMS_F_CMS_STREAM 155 # define CMS_F_CMS_UNCOMPRESS 156 # define CMS_F_CMS_VERIFY 157 @@ -110,6 +115,7 @@ int ERR_load_CMS_strings(void); * CMS reason codes. */ # define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 # define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 # define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 # define CMS_R_CERTIFICATE_VERIFY_ERROR 100 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/comperr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/comperr.h index edea63a68..90231e9aa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/comperr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/comperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_COMPERR_H # define HEADER_COMPERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_COMP diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/conferr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/conferr.h index d1c92f45d..32b922918 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/conferr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/conferr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_CONFERR_H # define HEADER_CONFERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cryptoerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cryptoerr.h index 10723d045..3db5a4ee9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cryptoerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cryptoerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,12 +11,13 @@ #ifndef HEADER_CRYPTOERR_H # define HEADER_CRYPTOERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif - -# include - int ERR_load_CRYPTO_strings(void); /* diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ct.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ct.h index d4262fa04..ebdba34d6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ct.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ct.h @@ -463,8 +463,6 @@ __owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); /* * Loads the default CT log list into a |store|. - * See internal/cryptlib.h for the environment variable and file path that are - * consulted to find the default file. * Returns 1 if loading is successful, or 0 otherwise. */ __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cterr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cterr.h index 764e1a220..feb7bc566 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/cterr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/cterr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_CTERR_H # define HEADER_CTERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_CT diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dherr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dherr.h index 81e73f75c..916b3bed0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dherr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dherr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_DHERR_H # define HEADER_DHERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_DH diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsa.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsa.h index 822eff347..6d8a18a4a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsa.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsa.h @@ -162,6 +162,12 @@ DH *DSA_dup_DH(const DSA *r); # define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) # define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsaerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsaerr.h index d94f97bba..495a1ac89 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsaerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dsaerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_DSAERR_H # define HEADER_DSAERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_DSA @@ -57,6 +61,7 @@ int ERR_load_DSA_strings(void); # define DSA_R_INVALID_DIGEST_TYPE 106 # define DSA_R_INVALID_PARAMETERS 112 # define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 # define DSA_R_MODULUS_TOO_LARGE 103 # define DSA_R_NO_PARAMETERS_SET 107 # define DSA_R_PARAMETER_ENCODING_ERROR 105 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dtls1.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dtls1.h index a312e386c..d55ca9c33 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/dtls1.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/dtls1.h @@ -43,7 +43,7 @@ extern "C" { # define DTLS1_AL_HEADER_LENGTH 2 -/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +/* Timeout multipliers */ # define DTLS1_TMO_READ_COUNT 2 # define DTLS1_TMO_WRITE_COUNT 2 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/e_os2.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/e_os2.h index 97a776cda..5c88e5194 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/e_os2.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -241,7 +241,7 @@ typedef UINT64 uint64_t; defined(__osf__) || defined(__sgi) || defined(__hpux) || \ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) # include -# elif defined(_MSC_VER) && _MSC_VER<=1500 +# elif defined(_MSC_VER) && _MSC_VER<1600 /* * minimally required typdefs for systems not supporting inttypes.h or * stdint.h: currently just older VC++ @@ -279,7 +279,8 @@ typedef unsigned __int64 uint64_t; # define ossl_inline inline # endif -# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \ + !defined(__cplusplus) # define ossl_noreturn _Noreturn # elif defined(__GNUC__) && __GNUC__ >= 2 # define ossl_noreturn __attribute__((noreturn)) diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ec.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ec.h index 347cfb6d0..44cc13996 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ec.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -142,7 +142,7 @@ const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); */ int EC_METHOD_get_field_type(const EC_METHOD *meth); -/** Sets the generator and it's order/cofactor of a EC_GROUP object. +/** Sets the generator and its order/cofactor of a EC_GROUP object. * \param group EC_GROUP object * \param generator EC_POINT object with the generator. * \param order the order of the group generated by the generator. @@ -829,6 +829,8 @@ void EC_KEY_set_flags(EC_KEY *key, int flags); void EC_KEY_clear_flags(EC_KEY *key, int flags); +int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); + /** Creates a new EC_KEY object using a named curve as underlying * EC_GROUP object. * \param nid NID of the named curve. @@ -1138,7 +1140,8 @@ void ECDSA_SIG_free(ECDSA_SIG *sig); * (*pp += length of the DER encoded signature)). * \param sig pointer to the ECDSA_SIG object * \param pp pointer to a unsigned char pointer for the output or NULL - * \return the length of the DER encoded ECDSA_SIG object or 0 + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error */ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecerr.h index be313d285..51738113d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ecerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_ECERR_H # define HEADER_ECERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_EC @@ -239,6 +243,7 @@ int ERR_load_EC_strings(void); # define EC_R_LADDER_POST_FAILURE 136 # define EC_R_LADDER_PRE_FAILURE 153 # define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 # define EC_R_NEED_NEW_SETUP_VALUES 157 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/engineerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/engineerr.h index b4c036b21..05e84bd2a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/engineerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/engineerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_ENGINEERR_H # define HEADER_ENGINEERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_ENGINE diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/err.h index 6cae1a365..b49f88129 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/err.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/err.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,7 @@ extern "C" { # define ERR_TXT_STRING 0x02 # define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 # define ERR_NUM_ERRORS 16 typedef struct err_state_st { diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/evp.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/evp.h index 9f05b5a3b..a411f3f2f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/evp.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/evp.h @@ -180,7 +180,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, * if the following flag is set. */ # define EVP_MD_CTX_FLAG_FINALISE 0x0200 -/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */ +/* NOTE: 0x0400 is reserved for internal usage */ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); @@ -260,6 +260,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, # define EVP_CIPH_RAND_KEY 0x200 /* cipher has its own additional copying logic */ # define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 /* Allow use default ASN1 get/set iv */ # define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 /* Buffer length in bits not bytes: CFB1 mode only */ @@ -349,6 +351,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, /* Set the input buffer lengths to use for a pipelined operation */ # define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 +# define EVP_CTRL_GET_IVLEN 0x25 + /* Padding modes */ #define EVP_PADDING_PKCS7 1 #define EVP_PADDING_ISO7816_4 2 @@ -995,6 +999,7 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); # ifndef OPENSSL_NO_ENGINE int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); # endif int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); void *EVP_PKEY_get0(const EVP_PKEY *pkey); @@ -1507,6 +1512,20 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); @@ -1612,6 +1631,20 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/evperr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/evperr.h index 84f03eb3c..b4ea90ae9 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/evperr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,8 @@ #ifndef HEADER_EVPERR_H # define HEADER_EVPERR_H +# include + # ifdef __cplusplus extern "C" # endif @@ -20,11 +22,14 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_INIT_KEY 207 # define EVP_F_AES_GCM_CTRL 196 # define EVP_F_AES_INIT_KEY 133 # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_T4_XTS_INIT_KEY 208 # define EVP_F_AES_WRAP_CIPHER 170 +# define EVP_F_AES_XTS_INIT_KEY 209 # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 @@ -115,6 +120,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_PKEY_SET_TYPE 158 # define EVP_F_RC2_MAGIC_TO_METH 109 # define EVP_F_RC5_CTRL 125 +# define EVP_F_R_32_12_16_INIT_KEY 242 # define EVP_F_S390X_AES_GCM_CTRL 201 # define EVP_F_UPDATE 173 @@ -124,6 +130,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_AES_KEY_SETUP_FAILED 143 # define EVP_R_ARIA_KEY_SETUP_FAILED 176 # define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 # define EVP_R_BUFFER_TOO_SMALL 155 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 # define EVP_R_CIPHER_PARAMETER_ERROR 122 @@ -151,6 +158,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_INPUT_NOT_INITIALIZED 111 # define EVP_R_INVALID_DIGEST 152 # define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 # define EVP_R_INVALID_KEY 163 # define EVP_R_INVALID_KEY_LENGTH 130 # define EVP_R_INVALID_OPERATION 148 @@ -169,6 +177,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_OUTPUT_WOULD_OVERFLOW 184 # define EVP_R_PARTIALLY_OVERLAPPING 162 # define EVP_R_PBKDF2_ERROR 181 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 @@ -190,5 +199,6 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_SALT_TYPE 126 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DUPLICATED_KEYS 183 #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdferr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdferr.h index 6437c271d..3f51bd022 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdferr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/kdferr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_KDFERR_H # define HEADER_KDFERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/lhash.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/lhash.h index 47b99d17f..2e42d727d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/lhash.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -120,9 +120,8 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); # define DEFINE_LHASH_OF(type) \ LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ - static ossl_inline LHASH_OF(type) * \ - lh_##type##_new(unsigned long (*hfn)(const type *), \ - int (*cfn)(const type *, const type *)) \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ { \ return (LHASH_OF(type) *) \ OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/obj_mac.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/obj_mac.h index 31fad4640..eb812ed18 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/obj_mac.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -1290,12 +1290,12 @@ #define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L #define SN_ms_smartcard_login "msSmartcardLogin" -#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" #define NID_ms_smartcard_login 648 #define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L #define SN_ms_upn "msUPN" -#define LN_ms_upn "Microsoft Universal Principal Name" +#define LN_ms_upn "Microsoft User Principal Name" #define NID_ms_upn 649 #define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L @@ -4280,7 +4280,7 @@ #define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" #define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 -#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L #define SN_id_tc26_constants "id-tc26-constants" #define NID_id_tc26_constants 994 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/objectserr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/objectserr.h index 02308dfac..02e166f1a 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/objectserr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/objectserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_OBJERR_H # define HEADER_OBJERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsp.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsp.h index 0a17166b5..4d759a49d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsp.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsp.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -123,7 +123,7 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ bp,(char **)(x),cb,NULL) -# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ bp,(char **)(x),cb,NULL) @@ -229,8 +229,8 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, int *pssl); -int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); -int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); int OCSP_request_onereq_count(OCSP_REQUEST *req); OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsperr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsperr.h index 7d93b12d4..8dd9e01a1 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsperr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ocsperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_OCSPERR_H # define HEADER_OCSPERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_OCSP diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslconf.h.in b/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslconf.h.in index bc98cad51..06270922c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslconf.h.in +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslconf.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,11 @@ extern "C" { # undef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif # endif #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslv.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslv.h index a4aa45bd2..cbbfab12b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslv.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/opensslv.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010102fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b 26 Feb 2019" +# define OPENSSL_VERSION_NUMBER 0x101010cfL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ossl_typ.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ossl_typ.h index 7993ca28f..e0edfaaf4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ossl_typ.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ossl_typ.h @@ -109,6 +109,7 @@ typedef struct dsa_method DSA_METHOD; typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; typedef struct ec_key_st EC_KEY; typedef struct ec_key_method_st EC_KEY_METHOD; diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pemerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pemerr.h index cd61b823d..4f7e3574b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pemerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pemerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_PEMERR_H # define HEADER_PEMERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif @@ -57,6 +61,7 @@ int ERR_load_PEM_strings(void); # define PEM_F_PEM_SIGNFINAL 112 # define PEM_F_PEM_WRITE 113 # define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL 147 # define PEM_F_PEM_WRITE_PRIVATEKEY 139 # define PEM_F_PEM_X509_INFO_READ 115 # define PEM_F_PEM_X509_INFO_READ_BIO 116 @@ -95,5 +100,6 @@ int ERR_load_PEM_strings(void); # define PEM_R_UNSUPPORTED_CIPHER 113 # define PEM_R_UNSUPPORTED_ENCRYPTION 114 # define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 +# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE 110 #endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12err.h index c7184ffe7..eff5eb260 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12err.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs12err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_PKCS12ERR_H # define HEADER_PKCS12ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7err.h index 0ba418d78..02e0299a3 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7err.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/pkcs7err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_PKCS7ERR_H # define HEADER_PKCS7ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/randerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/randerr.h index 599a2a18d..79d57905e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/randerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/randerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,8 @@ #ifndef HEADER_RANDERR_H # define HEADER_RANDERR_H +# include + # ifdef __cplusplus extern "C" # endif @@ -19,6 +21,7 @@ int ERR_load_RAND_strings(void); /* * RAND function codes. */ +# define RAND_F_DATA_COLLECT_METHOD 127 # define RAND_F_DRBG_BYTES 101 # define RAND_F_DRBG_GET_ENTROPY 105 # define RAND_F_DRBG_SETUP 117 @@ -42,7 +45,9 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_POOL_ADD_END 114 # define RAND_F_RAND_POOL_ATTACH 124 # define RAND_F_RAND_POOL_BYTES_NEEDED 115 +# define RAND_F_RAND_POOL_GROW 125 # define RAND_F_RAND_POOL_NEW 116 +# define RAND_F_RAND_PSEUDO_BYTES 126 # define RAND_F_RAND_WRITE_FILE 112 /* diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsa.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsa.h index cdce1264e..5e76365c0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsa.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsa.h @@ -224,6 +224,7 @@ const BIGNUM *RSA_get0_q(const RSA *d); const BIGNUM *RSA_get0_dmp1(const RSA *r); const BIGNUM *RSA_get0_dmq1(const RSA *r); const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); @@ -279,14 +280,14 @@ int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) -typedef struct rsa_pss_params_st { +struct rsa_pss_params_st { X509_ALGOR *hashAlgorithm; X509_ALGOR *maskGenAlgorithm; ASN1_INTEGER *saltLength; ASN1_INTEGER *trailerField; /* Decoded hash algorithm from maskGenAlgorithm */ X509_ALGOR *maskHash; -} RSA_PSS_PARAMS; +}; DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsaerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsaerr.h index d5bc01c10..59b15e13e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsaerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/rsaerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_RSAERR_H # define HEADER_RSAERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif @@ -126,6 +130,7 @@ int ERR_load_RSA_strings(void); # define RSA_R_KEY_PRIME_NUM_INVALID 165 # define RSA_R_KEY_SIZE_TOO_SMALL 120 # define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MISSING_PRIVATE_KEY 179 # define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 # define RSA_R_MODULUS_TOO_LARGE 105 # define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl.h index 48e1152a2..fd0c5a999 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1364,24 +1364,24 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set1_chain_cert_store(ctx,st) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) -# define SSL_set0_chain(ctx,sk) \ - SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) -# define SSL_set1_chain(ctx,sk) \ - SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) -# define SSL_add0_chain_cert(ctx,x509) \ - SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) -# define SSL_add1_chain_cert(ctx,x509) \ - SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) -# define SSL_get0_chain_certs(ctx,px509) \ - SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) -# define SSL_clear_chain_certs(ctx) \ - SSL_set0_chain(ctx,NULL) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) # define SSL_build_cert_chain(s, flags) \ SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) -# define SSL_select_current_cert(ctx,x509) \ - SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) -# define SSL_set_current_cert(ctx,op) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) # define SSL_set0_verify_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_set1_verify_cert_store(s,st) \ @@ -1390,34 +1390,34 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_set1_chain_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) -# define SSL_get1_groups(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)(s)) +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) # define SSL_CTX_set1_groups_list(ctx, s) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) -# define SSL_set1_groups(ctx, glist, glistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) -# define SSL_set1_groups_list(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) # define SSL_get_shared_group(s, n) \ SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) -# define SSL_set1_sigalgs(ctx, slist, slistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) -# define SSL_set1_sigalgs_list(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) # define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) -# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)(slist)) -# define SSL_set1_client_sigalgs_list(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) # define SSL_get0_certificate_types(s, clist) \ SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) # define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ @@ -2139,7 +2139,7 @@ size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); # define SSL_cache_hit(s) SSL_session_reused(s) # endif -__owur int SSL_session_reused(SSL *s); +__owur int SSL_session_reused(const SSL *s); __owur int SSL_is_server(const SSL *s); __owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl3.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl3.h index 8d01fcc48..07effba28 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl3.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/ssl3.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -292,6 +292,9 @@ extern "C" { # define TLS1_FLAGS_STATELESS 0x0800 +/* Set if extended master secret extension required on renegotiation */ +# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/sslerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/sslerr.h index a50a075b4..701d61c6e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/sslerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_SSLERR_H # define HEADER_SSLERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif @@ -66,6 +70,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_FINAL_EMS 486 # define SSL_F_FINAL_KEY_SHARE 503 # define SSL_F_FINAL_MAXFRAGMENTLEN 557 +# define SSL_F_FINAL_PSK 639 # define SSL_F_FINAL_RENEGOTIATE 483 # define SSL_F_FINAL_SERVER_NAME 558 # define SSL_F_FINAL_SIG_ALGS 497 @@ -84,6 +89,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 # define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 # define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 640 # define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 # define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 @@ -587,6 +593,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 # define SSL_R_MISSING_FATAL 256 # define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310 # define SSL_R_MISSING_RSA_CERTIFICATE 168 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 @@ -628,6 +635,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 # define SSL_R_NULL_SSL_CTX 195 # define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OCSP_CALLBACK_FAILURE 294 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 # define SSL_R_OVERFLOW_ERROR 237 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/store.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/store.h index 7b43e8bd0..a40a7339e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/store.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -85,7 +85,7 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); /* - * Check if an error occured + * Check if an error occurred * Returns 1 if it did, 0 otherwise. */ int OSSL_STORE_error(OSSL_STORE_CTX *ctx); @@ -117,7 +117,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx); * Functions to generate OSSL_STORE_INFOs, one function for each type we * support having in them, as well as a generic constructor. * - * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO * and will therefore be freed when the OSSL_STORE_INFO is freed. */ OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/storeerr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/storeerr.h index 33d0ab790..190eab07f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/storeerr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/storeerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_OSSL_STOREERR_H # define HEADER_OSSL_STOREERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/tls1.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/tls1.h index e13b5dd4b..76d9fda46 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/tls1.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1222,7 +1222,7 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) /* * extended master secret */ -# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" # endif /* TLS Session Ticket extension struct */ diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/tserr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/tserr.h index 3e0492565..07f23339c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/tserr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/tserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_TSERR_H # define HEADER_TSERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # include # ifndef OPENSSL_NO_TS diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/uierr.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/uierr.h index 72fd9a9db..bd68864d0 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/uierr.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/uierr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_UIERR_H # define HEADER_UIERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509.h index 39ca0ba57..3ff86ec7b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -478,6 +478,7 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); @@ -679,6 +680,8 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); @@ -930,7 +933,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) int type, const unsigned char *bytes, int len); -void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509_vfy.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509_vfy.h index adb8bce7c..25c79f1be 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509_vfy.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509_vfy.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -184,6 +184,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ # define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ # define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 +# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 79 /* Certificate verify flags */ diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509err.h index b1d6a8709..cd08673f8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509err.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,8 @@ #ifndef HEADER_X509ERR_H # define HEADER_X509ERR_H +# include + # ifdef __cplusplus extern "C" # endif @@ -61,6 +63,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_OBJECT_NEW 150 # define X509_F_X509_PRINT_EX_FP 118 # define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET 161 # define X509_F_X509_PUBKEY_GET0 119 # define X509_F_X509_PUBKEY_SET 120 # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 @@ -93,6 +96,7 @@ int ERR_load_X509_strings(void); # define X509_R_CRL_ALREADY_DELTA 127 # define X509_R_CRL_VERIFY_FAILURE 131 # define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 # define X509_R_INVALID_DIRECTORY 113 # define X509_R_INVALID_FIELD_NAME 119 # define X509_R_INVALID_TRUST 123 diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3.h index fe1791c68..90fa3592c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -364,8 +364,9 @@ struct ISSUING_DIST_POINT_st { # define EXFLAG_INVALID_POLICY 0x800 # define EXFLAG_FRESHEST 0x1000 -/* Self signed */ -# define EXFLAG_SS 0x2000 +# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ + +# define EXFLAG_NO_FINGERPRINT 0x100000 # define KU_DIGITAL_SIGNATURE 0x0080 # define KU_NON_REPUDIATION 0x0040 @@ -497,10 +498,10 @@ DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); -void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, ASN1_OBJECT *oid, ASN1_TYPE *value); -int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, ASN1_OBJECT **poid, ASN1_TYPE **pvalue); char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, @@ -661,6 +662,8 @@ uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); int X509_PURPOSE_get_count(void); X509_PURPOSE *X509_PURPOSE_get0(int idx); diff --git a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3err.h b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3err.h index 6b3df12b6..3b9f7139d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3err.h +++ b/trunk/3rdparty/openssl-1.1-fit/include/openssl/x509v3err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,10 @@ #ifndef HEADER_X509V3ERR_H # define HEADER_X509V3ERR_H +# ifndef HEADER_SYMHACKS_H +# include +# endif + # ifdef __cplusplus extern "C" # endif @@ -34,6 +38,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_F_I2S_ASN1_IA5STRING 149 # define X509V3_F_I2S_ASN1_INTEGER 120 # define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_I2V_AUTHORITY_KEYID 173 # define X509V3_F_LEVEL_ADD_NODE 168 # define X509V3_F_NOTICE_SECTION 132 # define X509V3_F_NREF_NOS 133 @@ -74,6 +79,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_F_V2I_TLS_FEATURE 165 # define X509V3_F_V3_GENERIC_EXTENSION 116 # define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_LEN_VALUE 174 # define X509V3_F_X509V3_ADD_VALUE 105 # define X509V3_F_X509V3_EXT_ADD 104 # define X509V3_F_X509V3_EXT_ADD_ALIAS 106 diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c b/trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c index d1876d8b8..c4239345b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include #include "internal/bio.h" #include -#include "ssl_locl.h" +#include "ssl_local.h" static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written); static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes); @@ -284,6 +284,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ssl_free(b); if (!ssl_new(b)) return 0; + bs = BIO_get_data(b); } BIO_set_shutdown(b, num); ssl = (SSL *)ptr; @@ -450,6 +451,7 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx) goto err; return ret; err: + BIO_free(ssl); BIO_free(con); #endif return NULL; diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c index fcda32754..05b85c107 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include #include -#include "ssl_locl.h" +#include "ssl_local.h" static void get_current_time(struct timeval *t); static int dtls1_handshake_write(SSL *s); @@ -142,10 +142,11 @@ void dtls1_free(SSL *s) ssl3_free(s); - dtls1_clear_queues(s); - - pqueue_free(s->d1->buffered_messages); - pqueue_free(s->d1->sent_messages); + if (s->d1 != NULL) { + dtls1_clear_queues(s); + pqueue_free(s->d1->buffered_messages); + pqueue_free(s->d1->sent_messages); + } OPENSSL_free(s->d1); s->d1 = NULL; @@ -341,12 +342,11 @@ int dtls1_is_timer_expired(SSL *s) return 1; } -void dtls1_double_timeout(SSL *s) +static void dtls1_double_timeout(SSL *s) { s->d1->timeout_duration_us *= 2; if (s->d1->timeout_duration_us > 60000000) s->d1->timeout_duration_us = 60000000; - dtls1_start_timer(s); } void dtls1_stop_timer(SSL *s) diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c index 5906e88ca..8a31064ae 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written) @@ -52,8 +52,7 @@ int dtls1_dispatch_alert(SSL *s) s->s3->alert_dispatch = 1; /* fprintf( stderr, "not done with alert\n" ); */ } else { - if (s->s3->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); + (void)BIO_flush(s->wbio); if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c index ff8f0c571..c05a77e34 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c @@ -15,7 +15,7 @@ #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_SRTP diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/methods.c b/trunk/3rdparty/openssl-1.1-fit/ssl/methods.c index 348efe467..c5e889836 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/methods.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/methods.c @@ -9,7 +9,7 @@ #include #include -#include "ssl_locl.h" +#include "ssl_local.h" /*- * TLS/SSLv3 methods diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/packet.c b/trunk/3rdparty/openssl-1.1-fit/ssl/packet.c index 95031430e..1ddde969f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/packet.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/packet.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "packet_locl.h" +#include "packet_local.h" #include #define DEFAULT_BUF_SIZE 256 diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/packet_locl.h b/trunk/3rdparty/openssl-1.1-fit/ssl/packet_local.h similarity index 99% rename from trunk/3rdparty/openssl-1.1-fit/ssl/packet_locl.h rename to trunk/3rdparty/openssl-1.1-fit/ssl/packet_local.h index 860360b8b..1b6c2fb9b 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/packet_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/packet_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_PACKET_LOCL_H -# define HEADER_PACKET_LOCL_H +#ifndef OSSL_SSL_PACKET_LOCAL_H +# define OSSL_SSL_PACKET_LOCAL_H # include # include @@ -871,4 +871,4 @@ unsigned char *WPACKET_get_curr(WPACKET *pkt); /* Release resources in a WPACKET if a failure has occurred. */ void WPACKET_cleanup(WPACKET *pkt); -#endif /* HEADER_PACKET_LOCL_H */ +#endif /* OSSL_SSL_PACKET_LOCAL_H */ diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c b/trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c index 548a7a443..758440217 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" #include struct pqueue_st { diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/README b/trunk/3rdparty/openssl-1.1-fit/ssl/record/README index 987e9fd30..630fe8027 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/record/README +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/README @@ -12,7 +12,7 @@ of these components is defined by: 3) A set of accessor macros All struct definitions are in record.h. The functions and macros are either -defined in record.h or record_locl.h dependent on whether they are intended to +defined in record.h or record_local.h dependent on whether they are intended to be private to the record layer, or whether they form part of the API to the rest of libssl. @@ -55,7 +55,7 @@ Conceptually it looks like this: || rec_layer_d1.c || ||____________________|| |______________________| - record_locl.h ^ ^ ^ + record_local.h ^ ^ ^ _________________| | |_________________ | | | _____V_________ ______V________ _______V________ diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/dtls1_bitmap.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/dtls1_bitmap.c index 5923c5371..8167b4183 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/record/dtls1_bitmap.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/dtls1_bitmap.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl_locl.h" -#include "record_locl.h" +#include "../ssl_local.h" +#include "record_local.h" /* mod 128 saturating subtract of two 64-bit values in big-endian order */ static int satsub64be(const unsigned char *v1, const unsigned char *v2) diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_d1.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_d1.c index cb5d54ef5..78d29594c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_d1.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,11 +9,11 @@ #include #include -#include "../ssl_locl.h" +#include "../ssl_local.h" #include #include -#include "record_locl.h" -#include "../packet_locl.h" +#include "record_local.h" +#include "../packet_local.h" #include "internal/cryptlib.h" int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) @@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl) { + if (rl->d == NULL) + return; + DTLS_RECORD_LAYER_clear(rl); pqueue_free(rl->d->unprocessed_rcds.q); pqueue_free(rl->d->processed_rcds.q); @@ -808,8 +811,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, wb = &s->rlayer.wbuf[0]; /* - * first check if there is a SSL3_BUFFER still being written out. This - * will happen with non blocking IO + * DTLS writes whole datagrams, so there can't be anything left in + * the buffer. */ if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_s3.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_s3.c index b2f97ef90..8249b4ace 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_s3.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/rec_layer_s3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,15 +10,15 @@ #include #include #include -#include "../ssl_locl.h" +#include "../ssl_local.h" #include #include #include -#include "record_locl.h" -#include "../packet_locl.h" +#include "record_local.h" +#include "../packet_local.h" #if defined(OPENSSL_SMALL_FOOTPRINT) || \ - !( defined(AES_ASM) && ( \ + !( defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) \ ) @@ -172,9 +172,9 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase * packet by another n bytes. The packet will be in the sub-array of - * s->s3->rbuf.buf specified by s->packet and s->packet_length. (If - * s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus - * s->packet_length bytes if extend == 1].) + * s->rlayer.rbuf.buf specified by s->rlayer.packet and + * s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may + * be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].) * if clearold == 1, move the packet to the start of the buffer; if * clearold == 0 then leave any old packets where they were */ @@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, s->rlayer.wnum = 0; + /* + * If we are supposed to be sending a KeyUpdate then go into init unless we + * have writes pending - in which case we should finish doing that first. + */ + if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE) + ossl_statem_set_in_init(s, 1); + /* * When writing early data on the server side we could be "in_init" in * between receiving the EoED and the CF - but we don't want to handle those @@ -628,8 +635,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, */ s->s3->empty_fragment_done = 0; - if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS && - !SSL_IS_DTLS(s)) + if (tmpwrit == n + && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0 + && !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); *written = tot + tmpwrit; diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/record_locl.h b/trunk/3rdparty/openssl-1.1-fit/ssl/record/record_local.h similarity index 100% rename from trunk/3rdparty/openssl-1.1-fit/ssl/record/record_locl.h rename to trunk/3rdparty/openssl-1.1-fit/ssl/record/record_local.h diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_buffer.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_buffer.c index 53bd4cb19..b9ba25e0c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_buffer.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_buffer.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl_locl.h" -#include "record_locl.h" +#include "../ssl_local.h" +#include "record_local.h" void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n) { @@ -74,7 +74,6 @@ int ssl3_setup_read_buffer(SSL *s) b->len = len; } - RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0])); return 1; } @@ -94,7 +93,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); + align = SSL3_ALIGN_PAYLOAD - 1; #endif len = ssl_get_max_send_fragment(s) diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record.c index e59ac5a67..e6a8bbd71 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,10 +7,10 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl_locl.h" -#include "internal/constant_time_locl.h" +#include "../ssl_local.h" +#include "internal/constant_time.h" #include -#include "record_locl.h" +#include "record_local.h" #include "internal/cryptlib.h" static const unsigned char ssl3_pad_1[48] = { @@ -405,7 +405,7 @@ int ssl3_get_record(SSL *s) more = thisrr->length; } if (more > 0) { - /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ + /* now s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH */ rret = ssl3_read_n(s, more, more, 1, 0, &n); if (rret <= 0) @@ -416,9 +416,9 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER); /* - * At this point, s->packet_length == SSL3_RT_HEADER_LENGTH - * + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH - * + thisrr->length and we have that many bytes in s->packet + * At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH + * + thisrr->length, or s->rlayer.packet_length == SSL2_RT_HEADER_LENGTH + * + thisrr->length and we have that many bytes in s->rlayer.packet */ if (thisrr->rec_version == SSL2_VERSION) { thisrr->input = @@ -429,11 +429,11 @@ int ssl3_get_record(SSL *s) } /* - * ok, we can now read from 's->packet' data into 'thisrr' thisrr->input - * points at thisrr->length bytes, which need to be copied into - * thisrr->data by either the decryption or by the decompression When - * the data is 'copied' into the thisrr->data buffer, thisrr->input will - * be pointed at the new buffer + * ok, we can now read from 's->rlayer.packet' data into 'thisrr'. + * thisrr->input points at thisrr->length bytes, which need to be copied + * into thisrr->data by either the decryption or by the decompression. + * When the data is 'copied' into the thisrr->data buffer, + * thisrr->input will be updated to point at the new buffer */ /* @@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_reset_read_sequence(&s->rlayer); return 1; } - SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD, + SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); return -1; } @@ -837,7 +837,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) * SSLfatal() for internal errors, but not otherwise. * * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too + * 0: (in non-constant time) if the record is publicly invalid (i.e. too * short etc). * 1: if the record's padding is valid / the encryption was successful. * -1: if the record's padding is invalid or, if sending, an internal error @@ -928,7 +928,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending) * internal errors, but not otherwise. * * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too + * 0: (in non-constant time) if the record is publicly invalid (i.e. too * short etc). * 1: if the record's padding is valid / the encryption was successful. * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, @@ -1075,7 +1075,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) } else if ((bs != 1) && sending) { padnum = bs - (reclen[ctr] % bs); - /* Add weird padding of upto 256 bytes */ + /* Add weird padding of up to 256 bytes */ if (padnum > MAX_PADDING) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, @@ -1610,21 +1610,22 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) int imac_size; size_t mac_size; unsigned char md[EVP_MAX_MD_SIZE]; + size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH; rr = RECORD_LAYER_get_rrec(&s->rlayer); sess = s->session; /* - * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, - * and we have that many bytes in s->packet + * At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LNGTH + rr->length, + * and we have that many bytes in s->rlayer.packet */ rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]); /* - * ok, we can now read from 's->packet' data into 'rr' rr->input points - * at rr->length bytes, which need to be copied into rr->data by either - * the decryption or by the decompression When the data is 'copied' into - * the rr->data buffer, rr->input will be pointed at the new buffer + * ok, we can now read from 's->rlayer.packet' data into 'rr'. rr->input + * points at rr->length bytes, which need to be copied into rr->data by + * either the decryption or by the decompression. When the data is 'copied' + * into the rr->data buffer, rr->input will be pointed at the new buffer */ /* @@ -1669,7 +1670,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0); /*- * enc_err is: - * 0: (in non-constant time) if the record is publically invalid. + * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding is valid * -1: if the padding is invalid */ @@ -1782,7 +1783,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) } } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { + /* use current Max Fragment Length setting if applicable */ + if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) + max_plain_length = GET_MAX_FRAGMENT_LENGTH(s->session); + + /* send overflow if the plaintext is too long now it has passed MAC */ + if (rr->length > max_plain_length) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); return 0; @@ -1926,7 +1932,7 @@ int dtls1_get_record(SSL *s) /* If received packet overflows own-client Max Fragment Length setting */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { + && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) { /* record too long, silently discard it */ rr->length = 0; rr->read = 1; @@ -1941,7 +1947,7 @@ int dtls1_get_record(SSL *s) if (rr->length > RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { - /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ + /* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */ more = rr->length; rret = ssl3_read_n(s, more, more, 1, 1, &n); /* this packet contained a partial record, dump it */ @@ -1957,7 +1963,7 @@ int dtls1_get_record(SSL *s) } /* - * now n == rr->length, and s->packet_length == + * now n == rr->length, and s->rlayer.packet_length == * DTLS1_RT_HEADER_LENGTH + rr->length */ } diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record_tls13.c b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record_tls13.c index a11ed483e..ab50e3762 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record_tls13.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/record/ssl3_record_tls13.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl_locl.h" -#include "record_locl.h" +#include "../ssl_local.h" +#include "record_local.h" #include "internal/cryptlib.h" /*- @@ -16,7 +16,7 @@ * internal errors, but not otherwise. * * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too + * 0: (in non-constant time) if the record is publicly invalid (i.e. too * short etc). * 1: if the record encryption was successful. * -1: if the record's AEAD-authenticator is invalid or, if sending, diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c index 8377d7fe1..aa7d63f84 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "internal/constant_time_locl.h" -#include "ssl_locl.h" +#include "internal/constant_time.h" +#include "ssl_local.h" #include "internal/cryptlib.h" #include diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c index 2e185e9fb..8a89f512f 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c @@ -9,7 +9,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include "internal/cryptlib.h" diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c index 99ae48199..b256a4b93 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -12,7 +12,7 @@ #include #include #include "internal/nelem.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include @@ -3567,6 +3567,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_CHAIN_CERTS: *(STACK_OF(X509) **)parg = s->cert->key->chain; + ret = 1; break; case SSL_CTRL_SELECT_CURRENT_CERT: @@ -3601,8 +3602,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (!s->session) return 0; - clist = s->session->ext.supportedgroups; - clistlen = s->session->ext.supportedgroups_len; + clist = s->ext.peer_supportedgroups; + clistlen = s->ext.peer_supportedgroups_len; if (parg) { size_t i; int *cptr = parg; @@ -3716,13 +3717,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_EC_POINT_FORMATS: { - SSL_SESSION *sess = s->session; const unsigned char **pformat = parg; - if (sess == NULL || sess->ext.ecpointformats == NULL) + if (s->ext.peer_ecpointformats == NULL) return 0; - *pformat = sess->ext.ecpointformats; - return (int)sess->ext.ecpointformats_len; + *pformat = s->ext.peer_ecpointformats; + return (int)s->ext.peer_ecpointformats_len; } #endif @@ -4072,9 +4072,10 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id) const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) { - SSL_CIPHER *c = NULL, *tbl; - SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers}; - size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS}; + SSL_CIPHER *tbl; + SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs}; + size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, + SSL3_NUM_SCSVS}; /* this is not efficient, necessary to optimize this? */ for (j = 0; j < OSSL_NELEM(alltabs); j++) { @@ -4082,21 +4083,11 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) if (tbl->stdname == NULL) continue; if (strcmp(stdname, tbl->stdname) == 0) { - c = tbl; - break; + return tbl; } } } - if (c == NULL) { - tbl = ssl3_scsvs; - for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) { - if (strcmp(stdname, tbl->stdname) == 0) { - c = tbl; - break; - } - } - } - return c; + return NULL; } /* @@ -4638,8 +4629,9 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3->tmp.psk, psklen); s->s3->tmp.psk = NULL; + s->s3->tmp.psklen = 0; if (!s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,pskpms, pskpmslen, + s->session->master_key, pskpms, pskpmslen, &s->session->master_key_length)) { OPENSSL_clear_free(pskpms, pskpmslen); /* SSLfatal() already called */ @@ -4667,8 +4659,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, else OPENSSL_cleanse(pms, pmslen); } - if (s->server == 0) + if (s->server == 0) { s->s3->tmp.pms = NULL; + s->s3->tmp.pmslen = 0; + } return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c index 42382547f..707e962d7 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" int ssl3_do_change_cipher_spec(SSL *s) { @@ -48,6 +48,8 @@ int ssl3_send_alert(SSL *s, int level, int desc) * protocol_version alerts */ if (desc < 0) return -1; + if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY) + return -1; /* If a fatal one, remove from cache */ if ((level == SSL3_AL_FATAL) && (s->session != NULL)) SSL_CTX_remove_session(s->session_ctx, s->session); diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_asn1.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_asn1.c index b56c5e96c..799fee771 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_asn1.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_asn1.c @@ -10,7 +10,7 @@ #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c index 331450789..e7feda81d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -20,7 +20,7 @@ #include #include #include "internal/refcount.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include "ssl_cert_table.h" #include "internal/thread_once.h" @@ -154,8 +154,6 @@ CERT *ssl_cert_dup(CERT *cert) ret->client_sigalgslen = cert->client_sigalgslen; } else ret->client_sigalgs = NULL; - /* Shared sigalgs also NULL */ - ret->shared_sigalgs = NULL; /* Copy any custom client certificate types */ if (cert->ctype) { ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len); @@ -240,7 +238,6 @@ void ssl_cert_free(CERT *c) ssl_cert_clear_certs(c); OPENSSL_free(c->conf_sigalgs); OPENSSL_free(c->client_sigalgs); - OPENSSL_free(c->shared_sigalgs); OPENSSL_free(c->ctype); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); @@ -604,14 +601,6 @@ static unsigned long xname_hash(const X509_NAME *a) return X509_NAME_hash((X509_NAME *)a); } -/** - * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; - * it doesn't really have anything to do with clients (except that a common use - * for a stack of CAs is to send it to the client). Actually, it doesn't have - * much to do with CAs, either, since it will load any old cert. - * \param file the file containing one or more certs. - * \return a ::STACK containing the certs. - */ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) { BIO *in = BIO_new(BIO_s_file()); @@ -669,15 +658,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) return ret; } -/** - * Add a file of certs to a stack. - * \param stack the stack to add to. - * \param file the file to add from. All certs in this file that are not - * already in the stack will be added. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *file) { @@ -728,17 +708,6 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, return ret; } -/** - * Add a directory of certs to a stack. - * \param stack the stack to append to. - * \param dir the directory to append from. All files in this directory will be - * examined as potential certs. Any that are acceptable to - * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be - * included. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) { @@ -907,18 +876,36 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) return 1; } +int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp) +{ + int level; + static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 }; + + if (ctx != NULL) + level = SSL_CTX_get_security_level(ctx); + else + level = SSL_get_security_level(s); + + if (level > 5) + level = 5; + else if (level < 0) + level = 0; + + if (levelp != NULL) + *levelp = level; + + return minbits_table[level]; +} + static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) { int level, minbits; - static const int minbits_table[5] = { 80, 112, 128, 192, 256 }; - if (ctx) - level = SSL_CTX_get_security_level(ctx); - else - level = SSL_get_security_level(s); - if (level <= 0) { + minbits = ssl_get_security_level_bits(s, ctx, &level); + + if (level == 0) { /* * No EDH keys weaker than 1024-bits even at level 0, otherwise, * anything goes. @@ -927,9 +914,6 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, return 0; return 1; } - if (level > 5) - level = 5; - minbits = minbits_table[level - 1]; switch (op) { case SSL_SECOP_CIPHER_SUPPORTED: case SSL_SECOP_CIPHER_SHARED: diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c index b60d67aa0..735a483c6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c @@ -17,7 +17,7 @@ #include #include #include "internal/nelem.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include "internal/thread_once.h" #include "internal/cryptlib.h" @@ -92,7 +92,7 @@ static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT; /* * Constant SSL_MAX_DIGEST equal to size of digests array should be defined - * in the ssl_locl.h + * in the ssl_local.h */ #define SSL_MD_NUM_IDX SSL_MAX_DIGEST @@ -1377,24 +1377,25 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) { int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str); - if (ret && ctx->cipher_list != NULL) { - /* We already have a cipher_list, so we need to update it */ + if (ret && ctx->cipher_list != NULL) return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id, ctx->tls13_ciphersuites); - } return ret; } int SSL_set_ciphersuites(SSL *s, const char *str) { + STACK_OF(SSL_CIPHER) *cipher_list; int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); - if (ret && s->cipher_list != NULL) { - /* We already have a cipher_list, so we need to update it */ + if (s->cipher_list == NULL) { + if ((cipher_list = SSL_get_ciphers(s)) != NULL) + s->cipher_list = sk_SSL_CIPHER_dup(cipher_list); + } + if (ret && s->cipher_list != NULL) return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id, s->tls13_ciphersuites); - } return ret; } diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c index 9c202708d..0a3fef7c8 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include @@ -305,6 +305,13 @@ static int protocol_from_string(const char *value) const char *name; int version; }; + /* + * Note: To avoid breaking previously valid configurations, we must retain + * legacy entries in this table even if the underlying protocol is no + * longer supported. This also means that the constants SSL3_VERSION, ... + * need to be retained indefinitely. This table can only grow, never + * shrink. + */ static const struct protocol_versions versions[] = { {"None", 0}, {"SSLv3", SSL3_VERSION}, diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c index 4b12ed148..324f2ccbb 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -85,6 +85,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0), "final_maxfragmentlen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_PSK, 0), "final_psk"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"}, @@ -948,6 +949,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "missing ecdsa signing cert"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION), + "missing psk kex modes extension"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), @@ -1018,6 +1021,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), + "ocsp callback failure"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_init.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_init.c index f0969fa9b..d083d9597 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_init.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_init.c @@ -12,7 +12,7 @@ #include "internal/err.h" #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #include "internal/thread_once.h" static int stopped; diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c index 4440a9ffe..ffd0a0bc6 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -10,7 +10,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include @@ -628,6 +628,11 @@ int SSL_clear(SSL *s) /* Clear the verification result peername */ X509_VERIFY_PARAM_move_peername(s->param, NULL); + /* Clear any shared connection state */ + OPENSSL_free(s->shared_sigalgs); + s->shared_sigalgs = NULL; + s->shared_sigalgslen = 0; + /* * Check to see if we were changed into a different method, if so, revert * back. @@ -774,8 +779,10 @@ SSL *SSL_new(SSL_CTX *ctx) s->ext.ecpointformats = OPENSSL_memdup(ctx->ext.ecpointformats, ctx->ext.ecpointformats_len); - if (!s->ext.ecpointformats) + if (!s->ext.ecpointformats) { + s->ext.ecpointformats_len = 0; goto err; + } s->ext.ecpointformats_len = ctx->ext.ecpointformats_len; } @@ -784,8 +791,10 @@ SSL *SSL_new(SSL_CTX *ctx) OPENSSL_memdup(ctx->ext.supportedgroups, ctx->ext.supportedgroups_len * sizeof(*ctx->ext.supportedgroups)); - if (!s->ext.supportedgroups) + if (!s->ext.supportedgroups) { + s->ext.supportedgroups_len = 0; goto err; + } s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; } #endif @@ -795,8 +804,10 @@ SSL *SSL_new(SSL_CTX *ctx) if (s->ctx->ext.alpn) { s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); - if (s->ext.alpn == NULL) + if (s->ext.alpn == NULL) { + s->ext.alpn_len = 0; goto err; + } memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); s->ext.alpn_len = s->ctx->ext.alpn_len; } @@ -867,7 +878,7 @@ int SSL_up_ref(SSL *s) int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if (sid_ctx_len > sizeof(ctx->sid_ctx)) { + if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -1160,6 +1171,7 @@ void SSL_free(SSL *s) sk_SSL_CIPHER_free(s->cipher_list); sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->tls13_ciphersuites); + sk_SSL_CIPHER_free(s->peer_ciphers); /* Make the next call work :-) */ if (s->session != NULL) { @@ -1172,13 +1184,16 @@ void SSL_free(SSL *s) clear_ciphers(s); ssl_cert_free(s->cert); + OPENSSL_free(s->shared_sigalgs); /* Free up if allocated */ OPENSSL_free(s->ext.hostname); SSL_CTX_free(s->session_ctx); #ifndef OPENSSL_NO_EC OPENSSL_free(s->ext.ecpointformats); + OPENSSL_free(s->ext.peer_ecpointformats); OPENSSL_free(s->ext.supportedgroups); + OPENSSL_free(s->ext.peer_supportedgroups); #endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); #ifndef OPENSSL_NO_OCSP @@ -1191,6 +1206,8 @@ void SSL_free(SSL *s) OPENSSL_free(s->ext.ocsp.resp); OPENSSL_free(s->ext.alpn); OPENSSL_free(s->ext.tls13_cookie); + if (s->clienthello != NULL) + OPENSSL_free(s->clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst); @@ -2102,6 +2119,11 @@ int SSL_key_update(SSL *s, int updatetype) return 0; } + if (RECORD_LAYER_write_pending(&s->rlayer)) { + SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY); + return 0; + } + ossl_statem_set_in_init(s, 1); s->key_update = updatetype; return 1; @@ -2437,9 +2459,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) { - if ((s == NULL) || (s->session == NULL) || !s->server) + if ((s == NULL) || !s->server) return NULL; - return s->session->ciphers; + return s->peer_ciphers; } STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) @@ -2578,13 +2600,12 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) int i; if (!s->server - || s->session == NULL - || s->session->ciphers == NULL + || s->peer_ciphers == NULL || size < 2) return NULL; p = buf; - clntsk = s->session->ciphers; + clntsk = s->peer_ciphers; srvrsk = SSL_get_ciphers(s); if (clntsk == NULL || srvrsk == NULL) return NULL; @@ -2615,31 +2636,85 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) return buf; } -/** return a servername extension value if provided in Client Hello, or NULL. - * So far, only host_name types are defined (RFC 3546). +/** + * Return the requested servername (SNI) value. Note that the behaviour varies + * depending on: + * - whether this is called by the client or the server, + * - if we are before or during/after the handshake, + * - if a resumption or normal handshake is being attempted/has occurred + * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3 + * + * Note that only the host_name type is defined (RFC 3546). */ - const char *SSL_get_servername(const SSL *s, const int type) { + /* + * If we don't know if we are the client or the server yet then we assume + * client. + */ + int server = s->handshake_func == NULL ? 0 : s->server; if (type != TLSEXT_NAMETYPE_host_name) return NULL; - /* - * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an - * SNI value to return if we are resuming/resumed. N.B. that we still - * call the relevant callbacks for such resumption flows, and callbacks - * might error out if there is not a SNI value available. - */ - if (s->hit) - return s->session->ext.hostname; + if (server) { + /** + * Server side + * In TLSv1.3 on the server SNI is not associated with the session + * but in TLSv1.2 or below it is. + * + * Before the handshake: + * - return NULL + * + * During/after the handshake (TLSv1.2 or below resumption occurred): + * - If a servername was accepted by the server in the original + * handshake then it will return that servername, or NULL otherwise. + * + * During/after the handshake (TLSv1.2 or below resumption did not occur): + * - The function will return the servername requested by the client in + * this handshake or NULL if none was requested. + */ + if (s->hit && !SSL_IS_TLS13(s)) + return s->session->ext.hostname; + } else { + /** + * Client side + * + * Before the handshake: + * - If a servername has been set via a call to + * SSL_set_tlsext_host_name() then it will return that servername + * - If one has not been set, but a TLSv1.2 resumption is being + * attempted and the session from the original handshake had a + * servername accepted by the server then it will return that + * servername + * - Otherwise it returns NULL + * + * During/after the handshake (TLSv1.2 or below resumption occurred): + * - If the session from the original handshake had a servername accepted + * by the server then it will return that servername. + * - Otherwise it returns the servername set via + * SSL_set_tlsext_host_name() (or NULL if it was not called). + * + * During/after the handshake (TLSv1.2 or below resumption did not occur): + * - It will return the servername set via SSL_set_tlsext_host_name() + * (or NULL if it was not called). + */ + if (SSL_in_before(s)) { + if (s->ext.hostname == NULL + && s->session != NULL + && s->session->ssl_version != TLS1_3_VERSION) + return s->session->ext.hostname; + } else { + if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL) + return s->session->ext.hostname; + } + } + return s->ext.hostname; } int SSL_get_servername_type(const SSL *s) { - if (s->session - && (!s->ext.hostname ? s->session-> - ext.hostname : s->ext.hostname)) + if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL) return TLSEXT_NAMETYPE_host_name; return -1; } @@ -2759,6 +2834,19 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, } #endif +static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len) +{ + unsigned int idx; + + if (protos_len < 2 || protos == NULL) + return 0; + + for (idx = 0; idx < protos_len; idx += protos[idx] + 1) { + if (protos[idx] == 0) + return 0; + } + return idx == protos_len; +} /* * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit @@ -2767,12 +2855,25 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len) { - OPENSSL_free(ctx->ext.alpn); - ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); - if (ctx->ext.alpn == NULL) { + unsigned char *alpn; + + if (protos_len == 0 || protos == NULL) { + OPENSSL_free(ctx->ext.alpn); + ctx->ext.alpn = NULL; + ctx->ext.alpn_len = 0; + return 0; + } + /* Not valid per RFC */ + if (!alpn_value_ok(protos, protos_len)) + return 1; + + alpn = OPENSSL_memdup(protos, protos_len); + if (alpn == NULL) { SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } + OPENSSL_free(ctx->ext.alpn); + ctx->ext.alpn = alpn; ctx->ext.alpn_len = protos_len; return 0; @@ -2786,12 +2887,25 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned int protos_len) { - OPENSSL_free(ssl->ext.alpn); - ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); - if (ssl->ext.alpn == NULL) { + unsigned char *alpn; + + if (protos_len == 0 || protos == NULL) { + OPENSSL_free(ssl->ext.alpn); + ssl->ext.alpn = NULL; + ssl->ext.alpn_len = 0; + return 0; + } + /* Not valid per RFC */ + if (!alpn_value_ok(protos, protos_len)) + return 1; + + alpn = OPENSSL_memdup(protos, protos_len); + if (alpn == NULL) { SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } + OPENSSL_free(ssl->ext.alpn); + ssl->ext.alpn = alpn; ssl->ext.alpn_len = protos_len; return 0; @@ -2833,7 +2947,8 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen, int use_context) { - if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) + if (s->session == NULL + || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, @@ -3762,6 +3877,8 @@ SSL *SSL_dup(SSL *s) goto err; ret->version = s->version; ret->options = s->options; + ret->min_proto_version = s->min_proto_version; + ret->max_proto_version = s->max_proto_version; ret->mode = s->mode; SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); @@ -3777,21 +3894,6 @@ SSL *SSL_dup(SSL *s) if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; - /* setup rbio, and wbio */ - if (s->rbio != NULL) { - if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) - goto err; - } - if (s->wbio != NULL) { - if (s->wbio != s->rbio) { - if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) - goto err; - } else { - BIO_up_ref(ret->rbio); - ret->wbio = ret->rbio; - } - } - ret->server = s->server; if (s->handshake_func) { if (s->server) @@ -4460,8 +4562,11 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, } ctx = EVP_MD_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, + ERR_R_INTERNAL_ERROR); goto err; + } if (!EVP_MD_CTX_copy_ex(ctx, hdgst) || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { @@ -4478,7 +4583,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, return ret; } -int SSL_session_reused(SSL *s) +int SSL_session_reused(const SSL *s) { return s->hit; } @@ -5070,6 +5175,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) if (ext->present) num++; } + if (num == 0) { + *out = NULL; + *outlen = 0; + return 1; + } if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, ERR_R_MALLOC_FAILURE); diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_locl.h b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_local.h similarity index 99% rename from trunk/3rdparty/openssl-1.1-fit/ssl/ssl_locl.h rename to trunk/3rdparty/openssl-1.1-fit/ssl/ssl_local.h index f326399e0..f92472117 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -9,8 +9,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SSL_LOCL_H -# define HEADER_SSL_LOCL_H +#ifndef OSSL_SSL_LOCAL_H +# define OSSL_SSL_LOCAL_H # include "e_os.h" /* struct timeval for DTLS */ # include @@ -30,7 +30,7 @@ # include # include "record/record.h" # include "statem/statem.h" -# include "packet_locl.h" +# include "packet_local.h" # include "internal/dane.h" # include "internal/refcount.h" # include "internal/tsan_assist.h" @@ -537,7 +537,6 @@ struct ssl_session_st { int not_resumable; /* This is the cert and type for the other end. */ X509 *peer; - int peer_type; /* Certificate chain peer sent. */ STACK_OF(X509) *peer_chain; /* @@ -552,7 +551,6 @@ struct ssl_session_st { const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to * load the 'cipher' structure */ - STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */ CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to @@ -562,19 +560,12 @@ struct ssl_session_st { struct { char *hostname; -# ifndef OPENSSL_NO_EC - size_t ecpointformats_len; - unsigned char *ecpointformats; /* peer's list */ -# endif /* OPENSSL_NO_EC */ - size_t supportedgroups_len; - uint16_t *supportedgroups; /* peer's list */ - /* RFC4507 info */ + /* RFC4507 info */ unsigned char *tick; /* Session ticket */ size_t ticklen; /* Session ticket length */ /* Session lifetime hint in seconds */ unsigned long tick_lifetime_hint; uint32_t tick_age_add; - int tick_identity; /* Max number of bytes that can be sent as early data */ uint32_t max_early_data; /* The ALPN protocol selected for this session */ @@ -1138,6 +1129,7 @@ struct ssl_st { /* Per connection DANE state */ SSL_DANE dane; /* crypto */ + STACK_OF(SSL_CIPHER) *peer_ciphers; STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ @@ -1301,10 +1293,19 @@ struct ssl_st { size_t ecpointformats_len; /* our list */ unsigned char *ecpointformats; + + size_t peer_ecpointformats_len; + /* peer's list */ + unsigned char *peer_ecpointformats; # endif /* OPENSSL_NO_EC */ size_t supportedgroups_len; /* our list */ uint16_t *supportedgroups; + + size_t peer_supportedgroups_len; + /* peer's list */ + uint16_t *peer_supportedgroups; + /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *session_ticket; /* TLS Session Ticket extension callback */ @@ -1356,6 +1357,13 @@ struct ssl_st { * as this extension is optional on server side. */ uint8_t max_fragment_len_mode; + + /* + * On the client side the number of ticket identities we sent in the + * ClientHello. On the server side the identity of the ticket we + * selected. + */ + int tick_identity; } ext; /* @@ -1453,7 +1461,6 @@ struct ssl_st { size_t block_padding; CRYPTO_RWLOCK *lock; - RAND_DRBG *drbg; /* The number of TLS1.3 tickets to automatically send */ size_t num_tickets; @@ -1465,6 +1472,13 @@ struct ssl_st { /* Callback to determine if early_data is acceptable or not */ SSL_allow_early_data_cb_fn allow_early_data_cb; void *allow_early_data_cb_data; + + /* + * Signature algorithms shared by client and server: cached because these + * are used most often. + */ + const struct sigalg_lookup_st **shared_sigalgs; + size_t shared_sigalgslen; }; /* @@ -1509,7 +1523,7 @@ typedef struct cert_pkey_st CERT_PKEY; * CERT_PKEY entries */ typedef struct { - int nid; /* NID of pubic key algorithm */ + int nid; /* NID of public key algorithm */ uint32_t amask; /* authmask corresponding to key type */ } SSL_CERT_LOOKUP; @@ -1898,12 +1912,6 @@ typedef struct cert_st { uint16_t *client_sigalgs; /* Size of above array */ size_t client_sigalgslen; - /* - * Signature algorithms shared by client and server: cached because these - * are used most often. - */ - const SIGALG_LOOKUP **shared_sigalgs; - size_t shared_sigalgslen; /* * Certificate setup callback: if set is called whenever a certificate * may be required (client or server). the callback can then examine any @@ -2052,9 +2060,6 @@ typedef enum downgrade_en { #define TLSEXT_KEX_MODE_FLAG_KE 1 #define TLSEXT_KEX_MODE_FLAG_KE_DHE 2 -/* An invalid index into the TLSv1.3 PSK identities */ -#define TLSEXT_PSK_BAD_IDENTITY -1 - #define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \ s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) @@ -2237,8 +2242,8 @@ static ossl_inline int ssl_has_cert(const SSL *s, int idx) static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups, size_t *pgroupslen) { - *pgroups = s->session->ext.supportedgroups; - *pgroupslen = s->session->ext.supportedgroups_len; + *pgroups = s->ext.peer_supportedgroups; + *pgroupslen = s->ext.peer_supportedgroups_len; } # ifndef OPENSSL_UNIT_TEST @@ -2300,6 +2305,7 @@ __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); +int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp); __owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, @@ -2421,7 +2427,6 @@ __owur int dtls1_handle_timeout(SSL *s); void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); -void dtls1_double_timeout(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, size_t cookie_len); __owur size_t dtls1_min_mtu(SSL *s); @@ -2575,7 +2580,7 @@ __owur int tls_check_sigalg_curve(const SSL *s, int curve); # endif __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); __owur int ssl_set_client_disabled(SSL *s); -__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde); +__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, size_t *hashlen); diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_mcnf.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_mcnf.c index a0e265771..583df4166 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_mcnf.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_mcnf.c @@ -10,7 +10,7 @@ #include #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #include "internal/sslconf.h" /* SSL library configuration module. */ diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c index 172e15f92..6457c0c0e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,8 +8,8 @@ */ #include -#include "ssl_locl.h" -#include "packet_locl.h" +#include "ssl_local.h" +#include "packet_local.h" #include #include #include @@ -148,15 +148,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) EVP_PKEY_copy_parameters(pktmp, pkey); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA - /* - * Don't check the public/private key, this is mostly for smart - * cards. - */ - if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA - && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ; - else -#endif if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; @@ -342,16 +333,6 @@ static int ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA - /* - * Don't check the public/private key, this is mostly for smart - * cards. - */ - if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA - && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) & - RSA_METHOD_FLAG_NO_CHECK) ; - else -#endif /* OPENSSL_NO_RSA */ if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { /* * don't fail for a cert/key mismatch, just free current private @@ -1082,13 +1063,6 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr EVP_PKEY_copy_parameters(pubkey, privatekey); } /* else both have parameters */ - /* Copied from ssl_set_cert/pkey */ -#ifndef OPENSSL_NO_RSA - if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) && - ((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK))) - /* no-op */ ; - else -#endif /* check that key <-> cert match */ if (EVP_PKEY_cmp(pubkey, privatekey) != 1) { SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH); diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c index 5ad2792a1..cda6b7cc5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -13,8 +13,8 @@ #include #include "internal/refcount.h" #include "internal/cryptlib.h" -#include "ssl_locl.h" -#include "statem/statem_locl.h" +#include "ssl_local.h" +#include "statem/statem_local.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); @@ -107,7 +107,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) { SSL_SESSION *dest; - dest = OPENSSL_malloc(sizeof(*src)); + dest = OPENSSL_malloc(sizeof(*dest)); if (dest == NULL) { goto err; } @@ -121,12 +121,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->psk_identity_hint = NULL; dest->psk_identity = NULL; #endif - dest->ciphers = NULL; dest->ext.hostname = NULL; -#ifndef OPENSSL_NO_EC - dest->ext.ecpointformats = NULL; - dest->ext.supportedgroups = NULL; -#endif dest->ext.tick = NULL; dest->ext.alpn_selected = NULL; #ifndef OPENSSL_NO_SRP @@ -176,12 +171,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } #endif - if (src->ciphers != NULL) { - dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); - if (dest->ciphers == NULL) - goto err; - } - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, &dest->ex_data, &src->ex_data)) { goto err; @@ -193,23 +182,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } } -#ifndef OPENSSL_NO_EC - if (src->ext.ecpointformats) { - dest->ext.ecpointformats = - OPENSSL_memdup(src->ext.ecpointformats, - src->ext.ecpointformats_len); - if (dest->ext.ecpointformats == NULL) - goto err; - } - if (src->ext.supportedgroups) { - dest->ext.supportedgroups = - OPENSSL_memdup(src->ext.supportedgroups, - src->ext.supportedgroups_len - * sizeof(*src->ext.supportedgroups)); - if (dest->ext.supportedgroups == NULL) - goto err; - } -#endif if (ticket != 0 && src->ext.tick != NULL) { dest->ext.tick = @@ -790,17 +762,8 @@ void SSL_SESSION_free(SSL_SESSION *ss) OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); X509_free(ss->peer); sk_X509_pop_free(ss->peer_chain, X509_free); - sk_SSL_CIPHER_free(ss->ciphers); OPENSSL_free(ss->ext.hostname); OPENSSL_free(ss->ext.tick); -#ifndef OPENSSL_NO_EC - OPENSSL_free(ss->ext.ecpointformats); - ss->ext.ecpointformats = NULL; - ss->ext.ecpointformats_len = 0; - OPENSSL_free(ss->ext.supportedgroups); - ss->ext.supportedgroups = NULL; - ss->ext.supportedgroups_len = 0; -#endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK OPENSSL_free(ss->psk_identity_hint); OPENSSL_free(ss->psk_identity); diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_stat.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_stat.c index 179513b1a..ca51c0331 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_stat.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_stat.c @@ -9,7 +9,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" const char *SSL_state_string_long(const SSL *s) { diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c index cf6e4c3c0..457bc8b3c 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c @@ -10,7 +10,7 @@ #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_utst.c b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_utst.c index cea1bc270..487f56e53 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_utst.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/ssl_utst.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_UNIT_TEST diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/README b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/README index 145c69db8..86cc06637 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/README +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/README @@ -40,7 +40,7 @@ Conceptually the state machine component is designed as follows: | | | Core state machine code | |____________________________| - statem_locl.h ^ ^ + statem_local.h ^ ^ _________| |_______ | | _____________|____________ _____________|____________ diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions.c index c3d3441a1..0f39275ba 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,14 +10,15 @@ #include #include "internal/nelem.h" #include "internal/cryptlib.h" -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include "internal/cryptlib.h" static int final_renegotiate(SSL *s, unsigned int context, int sent); static int init_server_name(SSL *s, unsigned int context); static int final_server_name(SSL *s, unsigned int context, int sent); #ifndef OPENSSL_NO_EC +static int init_ec_point_formats(SSL *s, unsigned int context); static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); #endif static int init_session_ticket(SSL *s, unsigned int context); @@ -56,6 +57,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent); static int final_early_data(SSL *s, unsigned int context, int sent); static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); static int init_post_handshake_auth(SSL *s, unsigned int context); +static int final_psk(SSL *s, unsigned int context, int sent); /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -94,7 +96,7 @@ typedef struct extensions_definition_st { /* * Definitions of all built-in extensions. NOTE: Changes in the number or order * of these extensions should be mirrored with equivalent changes to the - * indexes ( TLSEXT_IDX_* ) defined in ssl_locl.h. + * indexes ( TLSEXT_IDX_* ) defined in ssl_local.h. * Each extension has an initialiser, a client and * server side parser and a finaliser. The initialiser is called (if the * extension is relevant to the given context) even if we did not see the @@ -158,7 +160,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { TLSEXT_TYPE_ec_point_formats, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, - NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, + init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, final_ec_pt_formats }, @@ -336,6 +338,8 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_key_share, tls_construct_ctos_key_share, final_key_share }, +#else + INVALID_EXTENSION, #endif { /* Must be after key_share */ @@ -387,7 +391,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, - tls_construct_ctos_psk, NULL + tls_construct_ctos_psk, final_psk } }; @@ -949,8 +953,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * was successful. */ if (s->server) { - /* TODO(OpenSSL1.2) revisit !sent case */ - if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) { + if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) { /* Only store the hostname in the session if we accepted it. */ OPENSSL_free(s->session->ext.hostname); s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); @@ -967,7 +970,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * context, to avoid the confusing situation of having sess_accept_good * exceed sess_accept (zero) for the new context. */ - if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) { + if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx + && s->hello_retry_request == SSL_HRR_NONE) { tsan_counter(&s->ctx->stats.sess_accept); tsan_decr(&s->session_ctx->stats.sess_accept); } @@ -989,7 +993,6 @@ static int final_server_name(SSL *s, unsigned int context, int sent) ss->ext.ticklen = 0; ss->ext.tick_lifetime_hint = 0; ss->ext.tick_age_add = 0; - ss->ext.tick_identity = 0; if (!ssl_generate_session_id(s, ss)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, ERR_R_INTERNAL_ERROR); @@ -1012,6 +1015,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent) /* TLSv1.3 doesn't have warning alerts so we suppress this */ if (!SSL_IS_TLS13(s)) ssl3_send_alert(s, SSL3_AL_WARNING, altmp); + s->servername_done = 0; return 1; case SSL_TLSEXT_ERR_NOACK: @@ -1024,6 +1028,15 @@ static int final_server_name(SSL *s, unsigned int context, int sent) } #ifndef OPENSSL_NO_EC +static int init_ec_point_formats(SSL *s, unsigned int context) +{ + OPENSSL_free(s->ext.peer_ecpointformats); + s->ext.peer_ecpointformats = NULL; + s->ext.peer_ecpointformats_len = 0; + + return 1; +} + static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) { unsigned long alg_k, alg_a; @@ -1041,18 +1054,18 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) */ if (s->ext.ecpointformats != NULL && s->ext.ecpointformats_len > 0 - && s->session->ext.ecpointformats != NULL - && s->session->ext.ecpointformats_len > 0 + && s->ext.peer_ecpointformats != NULL + && s->ext.peer_ecpointformats_len > 0 && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; - unsigned char *list = s->session->ext.ecpointformats; + unsigned char *list = s->ext.peer_ecpointformats; - for (i = 0; i < s->session->ext.ecpointformats_len; i++) { + for (i = 0; i < s->ext.peer_ecpointformats_len; i++) { if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed) break; } - if (i == s->session->ext.ecpointformats_len) { + if (i == s->ext.peer_ecpointformats_len) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); return 0; @@ -1137,6 +1150,7 @@ static int init_sig_algs(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; + s->s3->tmp.peer_sigalgslen = 0; return 1; } @@ -1146,6 +1160,7 @@ static int init_sig_algs_cert(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); s->s3->tmp.peer_cert_sigalgs = NULL; + s->s3->tmp.peer_cert_sigalgslen = 0; return 1; } @@ -1169,14 +1184,26 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - if (!s->server) + if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS; + } return 1; } static int final_ems(SSL *s, unsigned int context, int sent) { + /* + * Check extended master secret extension is not dropped on + * renegotiation. + */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) + && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } if (!s->server && s->hit) { /* * Check extended master secret extension is consistent with @@ -1449,8 +1476,13 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE]; unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE]; unsigned char *early_secret; +#ifdef CHARSET_EBCDIC + static const unsigned char resumption_label[] = { 0x72, 0x65, 0x73, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; + static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; +#else static const unsigned char resumption_label[] = "res binder"; static const unsigned char external_label[] = "ext binder"; +#endif const unsigned char *label; size_t bindersize, labelsize, hashsize; int hashsizei = EVP_MD_size(md); @@ -1646,13 +1678,12 @@ static int final_early_data(SSL *s, unsigned int context, int sent) if (s->max_early_data == 0 || !s->hit - || s->session->ext.tick_identity != 0 || s->early_data_state != SSL_EARLY_DATA_ACCEPTING || !s->ext.early_data_ok || s->hello_retry_request != SSL_HRR_NONE - || (s->ctx->allow_early_data_cb != NULL - && !s->ctx->allow_early_data_cb(s, - s->ctx->allow_early_data_cb_data))) { + || (s->allow_early_data_cb != NULL + && !s->allow_early_data_cb(s, + s->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; @@ -1698,3 +1729,19 @@ static int init_post_handshake_auth(SSL *s, unsigned int context) return 1; } + +/* + * If clients offer "pre_shared_key" without a "psk_key_exchange_modes" + * extension, servers MUST abort the handshake. + */ +static int final_psk(SSL *s, unsigned int context, int sent) +{ + if (s->server && sent && s->clienthello != NULL + && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { + SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK, + SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); + return 0; + } + + return 1; +} diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_clnt.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_clnt.c index ab4dbf671..ce8a75794 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_clnt.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,9 @@ */ #include -#include "../ssl_locl.h" +#include "../ssl_local.h" #include "internal/cryptlib.h" -#include "statem_locl.h" +#include "statem_local.h" EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, @@ -816,6 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, OPENSSL_free(s->psksession_id); s->psksession_id = OPENSSL_memdup(id, idlen); if (s->psksession_id == NULL) { + s->psksession_id_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -993,7 +994,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL; int dores = 0; - s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY; + s->ext.tick_identity = 0; /* * Note: At this stage of the code we only support adding a single @@ -1083,6 +1084,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, agems += s->session->ext.tick_age_add; reshashsize = EVP_MD_size(mdres); + s->ext.tick_identity++; dores = 1; } @@ -1142,6 +1144,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } + s->ext.tick_identity++; } if (!WPACKET_close(pkt) @@ -1180,11 +1183,6 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_FAIL; } - if (dores) - s->session->ext.tick_identity = 0; - if (s->psksession != NULL) - s->psksession->ext.tick_identity = (dores ? 1 : 0); - return EXT_RETURN_SENT; #else return EXT_RETURN_NOT_SENT; @@ -1374,19 +1372,20 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, return 0; } - s->session->ext.ecpointformats_len = 0; - OPENSSL_free(s->session->ext.ecpointformats); - s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len); - if (s->session->ext.ecpointformats == NULL) { + s->ext.peer_ecpointformats_len = 0; + OPENSSL_free(s->ext.peer_ecpointformats); + s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len); + if (s->ext.peer_ecpointformats == NULL) { + s->ext.peer_ecpointformats_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); return 0; } - s->session->ext.ecpointformats_len = ecpointformats_len; + s->ext.peer_ecpointformats_len = ecpointformats_len; if (!PACKET_copy_bytes(&ecptformatlist, - s->session->ext.ecpointformats, + s->ext.peer_ecpointformats, ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); @@ -1495,8 +1494,13 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->ext.scts_len = (uint16_t)size; if (size > 0) { s->ext.scts = OPENSSL_malloc(size); - if (s->ext.scts == NULL - || !PACKET_copy_bytes(pkt, s->ext.scts, size)) { + if (s->ext.scts == NULL) { + s->ext.scts_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, + ERR_R_MALLOC_FAILURE); + return 0; + } + if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, ERR_R_INTERNAL_ERROR); return 0; @@ -1595,6 +1599,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, OPENSSL_free(s->ext.npn); s->ext.npn = OPENSSL_malloc(selected_len); if (s->ext.npn == NULL) { + s->ext.npn_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN, ERR_R_INTERNAL_ERROR); return 0; @@ -1635,6 +1640,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(len); if (s->s3->alpn_selected == NULL) { + s->s3->alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -1666,6 +1672,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { + s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -1861,8 +1868,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - skey = ssl_generate_pkey(ckey); - if (skey == NULL) { + skey = EVP_PKEY_new(); + if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); return 0; @@ -1927,8 +1934,7 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, } if (!s->ext.early_data_ok - || !s->hit - || s->session->ext.tick_identity != 0) { + || !s->hit) { /* * If we get here then we didn't send early data, or we didn't resume * using the first identity, or the SNI/ALPN is not consistent so the @@ -1956,17 +1962,28 @@ int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - if (s->session->ext.tick_identity == (int)identity) { + if (identity >= (unsigned int)s->ext.tick_identity) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK, + SSL_R_BAD_PSK_IDENTITY); + return 0; + } + + /* + * Session resumption tickets are always sent before PSK tickets. If the + * ticket index is 0 then it must be for a session resumption ticket if we + * sent two tickets, or if we didn't send a PSK ticket. + */ + if (identity == 0 && (s->psksession == NULL || s->ext.tick_identity == 2)) { s->hit = 1; SSL_SESSION_free(s->psksession); s->psksession = NULL; return 1; } - if (s->psksession == NULL - || s->psksession->ext.tick_identity != (int)identity) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK, - SSL_R_BAD_PSK_IDENTITY); + if (s->psksession == NULL) { + /* Should never happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_PSK, + ERR_R_INTERNAL_ERROR); return 0; } @@ -1985,6 +2002,9 @@ int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->session = s->psksession; s->psksession = NULL; s->hit = 1; + /* Early data is only allowed if we used the first ticket */ + if (identity != 0) + s->ext.early_data_ok = 0; #endif return 1; diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_cust.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_cust.c index a4cdc81d6..a0ba18efa 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_cust.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_cust.c @@ -10,9 +10,9 @@ /* Custom extension utility functions */ #include -#include "../ssl_locl.h" +#include "../ssl_local.h" #include "internal/cryptlib.h" -#include "statem_locl.h" +#include "statem_local.h" typedef struct { void *add_arg; diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_srvr.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_srvr.c index 0f2b22392..04f64f810 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_srvr.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/extensions_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,8 +8,8 @@ */ #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include "internal/cryptlib.h" #define COOKIE_STATE_FORMAT_VERSION 0 @@ -127,6 +127,10 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, return 0; } + /* + * In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3 + * we always use the SNI value from the handshake. + */ if (!s->hit || SSL_IS_TLS13(s)) { if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) { SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, @@ -155,8 +159,12 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, } s->servername_done = 1; - } - if (s->hit) { + } else { + /* + * In TLSv1.2 and below we should check if the SNI is consistent between + * the initial handshake and the resumption. In TLSv1.3 SNI is not + * associated with the session. + */ /* * TODO(openssl-team): if the SNI doesn't match, we MUST * fall back to a full handshake. @@ -164,9 +172,6 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, s->servername_done = (s->session->ext.hostname != NULL) && PACKET_equal(&hostname, s->session->ext.hostname, strlen(s->session->ext.hostname)); - - if (!s->servername_done && s->session->ext.hostname != NULL) - s->ext.early_data_ok = 0; } return 1; @@ -254,8 +259,8 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, if (!s->hit) { if (!PACKET_memdup(&ec_point_format_list, - &s->session->ext.ecpointformats, - &s->session->ext.ecpointformats_len)) { + &s->ext.peer_ecpointformats, + &s->ext.peer_ecpointformats_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); return 0; @@ -962,12 +967,12 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, } if (!s->hit || SSL_IS_TLS13(s)) { - OPENSSL_free(s->session->ext.supportedgroups); - s->session->ext.supportedgroups = NULL; - s->session->ext.supportedgroups_len = 0; + OPENSSL_free(s->ext.peer_supportedgroups); + s->ext.peer_supportedgroups = NULL; + s->ext.peer_supportedgroups_len = 0; if (!tls1_save_u16(&supported_groups_list, - &s->session->ext.supportedgroups, - &s->session->ext.supportedgroups_len)) { + &s->ext.peer_supportedgroups, + &s->ext.peer_supportedgroups_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR); @@ -1146,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (sesstmp == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); - return 0; + goto err; } SSL_SESSION_free(sess); sess = sesstmp; @@ -1274,7 +1279,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, goto err; } - sess->ext.tick_identity = id; + s->ext.tick_identity = id; SSL_SESSION_free(s->session); s->session = sess; @@ -1330,8 +1335,14 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - if (s->hit || s->servername_done != 1 - || s->ext.hostname == NULL) + if (s->servername_done != 1) + return EXT_RETURN_NOT_SENT; + + /* + * Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming. + * We just use the servername from the initial handshake. + */ + if (s->hit && !SSL_IS_TLS13(s)) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) @@ -1376,7 +1387,7 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) - && (s->session->ext.ecpointformats != NULL); + && (s->ext.peer_ecpointformats != NULL); const unsigned char *plist; size_t plistlen; @@ -1487,6 +1498,10 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { + /* We don't currently support this extension inside a CertificateRequest */ + if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) + return EXT_RETURN_NOT_SENT; + if (!s->ext.status_expected) return EXT_RETURN_NOT_SENT; @@ -1699,6 +1714,13 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } return EXT_RETURN_NOT_SENT; } + if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) { + /* + * PSK ('hit') and explicitly not doing DHE (if the client sent the + * DHE option we always take it); don't send key share. + */ + return EXT_RETURN_NOT_SENT; + } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) || !WPACKET_start_sub_packet_u16(pkt) @@ -1948,7 +1970,7 @@ EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->session->ext.tick_identity) + || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_PSK, ERR_R_INTERNAL_ERROR); diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.c index e3c5ec003..20f5bd584 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem.c @@ -9,8 +9,8 @@ #include "internal/cryptlib.h" #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include /* diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_clnt.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_clnt.c index e56d24dff..d1a396981 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_clnt.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -12,8 +12,8 @@ #include #include #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include #include #include @@ -473,12 +473,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_CR_KEY_UPDATE: - if (s->key_update != SSL_KEY_UPDATE_NONE) { - st->hand_state = TLS_ST_CW_KEY_UPDATE; - return WRITE_TRAN_CONTINUE; - } - /* Fall through */ - case TLS_ST_CW_KEY_UPDATE: case TLS_ST_CR_SESSION_TICKET: case TLS_ST_CW_FINISHED: @@ -1007,7 +1001,8 @@ size_t ossl_statem_client_max_message_size(SSL *s) return CCS_MAX_LENGTH; case TLS_ST_CR_SESSION_TICKET: - return SSL3_RT_MAX_PLAIN_LENGTH; + return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13 + : SESSION_TICKET_MAX_LENGTH_TLS12; case TLS_ST_CR_FINISHED: return FINISHED_MAX_LENGTH; @@ -1613,10 +1608,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) * so the PAC-based session secret is always preserved. It'll be * overwritten if the server refuses resumption. */ - if (s->session->session_id_length > 0 - || (SSL_IS_TLS13(s) - && s->session->ext.tick_identity - != TLSEXT_PSK_BAD_IDENTITY)) { + if (s->session->session_id_length > 0) { tsan_counter(&s->session_ctx->stats.sess_miss); if (!ssl_get_new_session(s, 0)) { /* SSLfatal() already called */ @@ -1969,7 +1961,6 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) goto err; } } - s->session->peer_type = certidx; X509_free(s->session->peer); X509_up_ref(x); @@ -2154,17 +2145,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) } bnpub_key = NULL; - if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, - SSL_R_DH_KEY_TOO_SMALL); - goto err; - } - if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB); goto err; } + dh = NULL; + + if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp), + 0, peer_tmp)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_DH_KEY_TOO_SMALL); + goto err; + } s->s3->peer_tmp = peer_tmp; @@ -2470,6 +2463,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) s->s3->tmp.ctype_len = 0; OPENSSL_free(s->pha_context); s->pha_context = NULL; + s->pha_context_len = 0; if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { @@ -2779,16 +2773,17 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt) } s->ext.ocsp.resp = OPENSSL_malloc(resplen); if (s->ext.ocsp.resp == NULL) { + s->ext.ocsp.resp_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, ERR_R_MALLOC_FAILURE); return 0; } + s->ext.ocsp.resp_len = resplen; if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH); return 0; } - s->ext.ocsp.resp_len = resplen; return 1; } @@ -2839,7 +2834,7 @@ int tls_process_initial_server_flight(SSL *s) if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, - ERR_R_MALLOC_FAILURE); + SSL_R_OCSP_CALLBACK_FAILURE); return 0; } } @@ -2913,6 +2908,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); + psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ goto err; } else if (psklen == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, @@ -3358,9 +3354,11 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) err: OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); s->s3->tmp.pms = NULL; + s->s3->tmp.pmslen = 0; #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); s->s3->tmp.psk = NULL; + s->s3->tmp.psklen = 0; #endif return 0; } @@ -3435,6 +3433,7 @@ int tls_client_key_exchange_post_work(SSL *s) err: OPENSSL_clear_free(pms, pmslen); s->s3->tmp.pms = NULL; + s->s3->tmp.pmslen = 0; return 0; } diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_dtls.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_dtls.c index b016fa7cf..8e3fb686e 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_dtls.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_dtls.c @@ -10,8 +10,8 @@ #include #include #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include "internal/cryptlib.h" #include #include diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_lib.c index c0482b0a9..c3b6f8f45 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -11,8 +11,8 @@ #include #include #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include "internal/cryptlib.h" #include #include @@ -168,9 +168,19 @@ int tls_setup_handshake(SSL *s) static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, void **hdata, size_t *hdatalen) { - static const char *servercontext = "TLS 1.3, server CertificateVerify"; - static const char *clientcontext = "TLS 1.3, client CertificateVerify"; - +#ifdef CHARSET_EBCDIC + static const char servercontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, + 0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x00 }; + static const char clientcontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, + 0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x00 }; +#else + static const char servercontext[] = "TLS 1.3, server CertificateVerify"; + static const char clientcontext[] = "TLS 1.3, client CertificateVerify"; +#endif if (SSL_IS_TLS13(s)) { size_t hashlen; @@ -645,12 +655,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) /* * If we get a request for us to update our sending keys too then, we need * to additionally send a KeyUpdate message. However that message should - * not also request an update (otherwise we get into an infinite loop). We - * ignore a request for us to update our sending keys too if we already - * sent close_notify. + * not also request an update (otherwise we get into an infinite loop). */ - if (updatetype == SSL_KEY_UPDATE_REQUESTED - && (s->shutdown & SSL_SENT_SHUTDOWN) == 0) + if (updatetype == SSL_KEY_UPDATE_REQUESTED) s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED; if (!tls13_update_key(s, 0)) { @@ -837,9 +844,11 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } } else { + /* TLS 1.3 gets the secret size from the handshake md */ + size_t dummy; if (!s->method->ssl3_enc->generate_master_secret(s, s->master_secret, s->handshake_secret, 0, - &s->session->master_key_length)) { + &dummy)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } @@ -1026,14 +1035,25 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) int cleanuphand = s->statem.cleanuphand; if (clearbufs) { - if (!SSL_IS_DTLS(s)) { + if (!SSL_IS_DTLS(s) +#ifndef OPENSSL_NO_SCTP /* - * We don't do this in DTLS because we may still need the init_buf + * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS + * messages that require it. Therefore, DTLS procedures for retransmissions + * MUST NOT be used. + * Hence the init_buf can be cleared when DTLS over SCTP as transport is used. + */ + || BIO_dgram_is_sctp(SSL_get_wbio(s)) +#endif + ) { + /* + * We don't do this in DTLS over UDP because we may still need the init_buf * in case there are any unexpected retransmits */ BUF_MEM_free(s->init_buf); s->init_buf = NULL; } + if (!ssl_free_wbio_buffer(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE, ERR_R_INTERNAL_ERROR); @@ -1321,6 +1341,7 @@ int tls_get_message_body(SSL *s, size_t *len) static const X509ERR2ALERT x509table[] = { {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE}, {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, @@ -1483,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) /* * Only called by servers. Returns 1 if the server has a TLSv1.3 capable - * certificate type, or has PSK or a certificate callback configured. Otherwise - * returns 0. + * certificate type, or has PSK or a certificate callback configured, or has + * a servername callback configured. Otherwise returns 0. */ static int is_tls13_capable(const SSL *s) { @@ -1494,6 +1515,17 @@ static int is_tls13_capable(const SSL *s) EC_KEY *eckey; #endif + if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) + return 0; + + /* + * A servername callback can change the available certs, so if a servername + * cb is set then we just assume TLSv1.3 will be ok + */ + if (s->ctx->ext.servername_cb != NULL + || s->session_ctx->ext.servername_cb != NULL) + return 1; + #ifndef OPENSSL_NO_PSK if (s->psk_server_callback != NULL) return 1; @@ -1636,11 +1668,22 @@ int ssl_check_version_downgrade(SSL *s) */ int ssl_set_version_bound(int method_version, int version, int *bound) { + int valid_tls; + int valid_dtls; + if (version == 0) { *bound = version; return 1; } + valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION; + valid_dtls = + DTLS_VERSION_LE(version, DTLS_MAX_VERSION) && + DTLS_VERSION_GE(version, DTLS1_BAD_VER); + + if (!valid_tls && !valid_dtls) + return 0; + /*- * Restrict TLS methods to TLS protocol versions. * Restrict DTLS methods to DTLS protocol versions. @@ -1651,31 +1694,24 @@ int ssl_set_version_bound(int method_version, int version, int *bound) * configurations. If the MIN (supported) version ever rises, the user's * "floor" remains valid even if no longer available. We don't expect the * MAX ceiling to ever get lower, so making that variable makes sense. + * + * We ignore attempts to set bounds on version-inflexible methods, + * returning success. */ switch (method_version) { default: - /* - * XXX For fixed version methods, should we always fail and not set any - * bounds, always succeed and not set any bounds, or set the bounds and - * arrange to fail later if they are not met? At present fixed-version - * methods are not subject to controls that disable individual protocol - * versions. - */ - return 0; + break; case TLS_ANY_VERSION: - if (version < SSL3_VERSION || version > TLS_MAX_VERSION) - return 0; + if (valid_tls) + *bound = version; break; case DTLS_ANY_VERSION: - if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) || - DTLS_VERSION_LT(version, DTLS1_BAD_VER)) - return 0; + if (valid_dtls) + *bound = version; break; } - - *bound = version; return 1; } diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_locl.h b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_local.h similarity index 99% rename from trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_locl.h rename to trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_local.h index e27c0c13a..eae88053d 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_locl.h +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,6 +22,8 @@ #define SERVER_HELLO_MAX_LENGTH 20000 #define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 +#define SESSION_TICKET_MAX_LENGTH_TLS13 131338 +#define SESSION_TICKET_MAX_LENGTH_TLS12 65541 #define SERVER_KEY_EXCH_MAX_LENGTH 102400 #define SERVER_HELLO_DONE_MAX_LENGTH 0 #define KEY_UPDATE_MAX_LENGTH 1 diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_srvr.c b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_srvr.c index 6b8aae62c..d701c46b4 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_srvr.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -10,9 +10,9 @@ */ #include -#include "../ssl_locl.h" -#include "statem_locl.h" -#include "internal/constant_time_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" +#include "internal/constant_time.h" #include "internal/cryptlib.h" #include #include @@ -23,9 +23,24 @@ #include #include #include +#include #define TICKET_NONCE_SIZE 8 +typedef struct { + ASN1_TYPE *kxBlob; + ASN1_TYPE *opaqueBlob; +} GOST_KX_MESSAGE; + +DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE) + +ASN1_SEQUENCE(GOST_KX_MESSAGE) = { + ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY), + ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY), +} ASN1_SEQUENCE_END(GOST_KX_MESSAGE) + +IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE) + static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt); /* @@ -502,12 +517,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_SR_KEY_UPDATE: - if (s->key_update != SSL_KEY_UPDATE_NONE) { - st->hand_state = TLS_ST_SW_KEY_UPDATE; - return WRITE_TRAN_CONTINUE; - } - /* Fall through */ - case TLS_ST_SW_KEY_UPDATE: st->hand_state = TLS_ST_OK; return WRITE_TRAN_CONTINUE; @@ -734,7 +743,15 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_CHANGE: if (SSL_IS_TLS13(s)) break; - s->session->cipher = s->s3->tmp.new_cipher; + /* Writes to s->session are only safe for initial handshakes */ + if (s->session->cipher == NULL) { + s->session->cipher = s->s3->tmp.new_cipher; + } else if (s->session->cipher != s->s3->tmp.new_cipher) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_SERVER_PRE_WORK, + ERR_R_INTERNAL_ERROR); + return WORK_ERROR; + } if (!s->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ return WORK_ERROR; @@ -774,6 +791,10 @@ static ossl_inline int conn_is_closed(void) #if defined(ECONNRESET) case ECONNRESET: return 1; +#endif +#if defined(WSAECONNRESET) + case WSAECONNRESET: + return 1; #endif default: return 0; @@ -934,9 +955,11 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) } #endif if (SSL_IS_TLS13(s)) { + /* TLS 1.3 gets the secret size from the handshake md */ + size_t dummy; if (!s->method->ssl3_enc->generate_master_secret(s, s->master_secret, s->handshake_secret, 0, - &s->session->master_key_length) + &dummy) || !s->method->ssl3_enc->change_cipher_state(s, SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) /* SSLfatal() already called */ @@ -1923,14 +1946,14 @@ static int tls_early_post_process_client_hello(SSL *s) && master_key_length > 0) { s->session->master_key_length = master_key_length; s->hit = 1; - s->session->ciphers = ciphers; + s->peer_ciphers = ciphers; s->session->verify_result = X509_V_OK; ciphers = NULL; /* check if some cipher was preferred by call back */ if (pref_cipher == NULL) - pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, + pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); if (pref_cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, @@ -1941,9 +1964,9 @@ static int tls_early_post_process_client_hello(SSL *s) s->session->cipher = pref_cipher; sk_SSL_CIPHER_free(s->cipher_list); - s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); + s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers); sk_SSL_CIPHER_free(s->cipher_list_by_id); - s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); + s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers); } } @@ -2043,12 +2066,12 @@ static int tls_early_post_process_client_hello(SSL *s) #endif /* - * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher + * Given s->peer_ciphers and SSL_get_ciphers, we must pick a cipher */ if (!s->hit || SSL_IS_TLS13(s)) { - sk_SSL_CIPHER_free(s->session->ciphers); - s->session->ciphers = ciphers; + sk_SSL_CIPHER_free(s->peer_ciphers); + s->peer_ciphers = ciphers; if (ciphers == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, @@ -2064,6 +2087,10 @@ static int tls_early_post_process_client_hello(SSL *s) #else s->session->compress_meth = (comp == NULL) ? 0 : comp->id; #endif + if (!tls1_set_server_sigalgs(s)) { + /* SSLfatal() already called */ + goto err; + } } sk_SSL_CIPHER_free(ciphers); @@ -2151,6 +2178,7 @@ int tls_handle_alpn(SSL *s) OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); if (s->s3->alpn_selected == NULL) { + s->s3->alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -2231,31 +2259,25 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) if (wst == WORK_MORE_B) { if (!s->hit || SSL_IS_TLS13(s)) { /* Let cert callback update server certificates if required */ - if (!s->hit) { - if (s->cert->cert_cb != NULL) { - int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); - if (rv == 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, - SSL_R_CERT_CB_ERROR); - goto err; - } - if (rv < 0) { - s->rwstate = SSL_X509_LOOKUP; - return WORK_MORE_B; - } - s->rwstate = SSL_NOTHING; - } - if (!tls1_set_server_sigalgs(s)) { - /* SSLfatal already called */ + if (!s->hit && s->cert->cert_cb != NULL) { + int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); + if (rv == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, + SSL_R_CERT_CB_ERROR); goto err; } + if (rv < 0) { + s->rwstate = SSL_X509_LOOKUP; + return WORK_MORE_B; + } + s->rwstate = SSL_NOTHING; } /* In TLSv1.3 we selected the ciphersuite before resumption */ if (!SSL_IS_TLS13(s)) { cipher = - ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); + ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, @@ -2556,7 +2578,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); if (s->s3->tmp.pkey == NULL) { - /* SSLfatal() already called */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR); goto err; } @@ -2832,9 +2854,16 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { OPENSSL_free(s->pha_context); s->pha_context_len = 32; - if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL - || RAND_bytes(s->pha_context, s->pha_context_len) <= 0 - || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { + if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) { + s->pha_context_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0 + || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, + s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR); @@ -2948,6 +2977,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) OPENSSL_cleanse(psk, psklen); if (s->s3->tmp.psk == NULL) { + s->s3->tmp.psklen = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); return 0; @@ -3324,9 +3354,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) const unsigned char *start; size_t outlen = 32, inlen; unsigned long alg_a; - unsigned int asn1id, asn1len; + GOST_KX_MESSAGE *pKX = NULL; + const unsigned char *ptr; int ret = 0; - PACKET encdata; /* Get our certificate private key */ alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -3367,42 +3397,33 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0) ERR_clear_error(); } - /* Decrypt session key */ - if (!PACKET_get_1(pkt, &asn1id) - || asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) - || !PACKET_peek_1(pkt, &asn1len)) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (asn1len == 0x81) { - /* - * Long form length. Should only be one byte of length. Anything else - * isn't supported. - * We did a successful peek before so this shouldn't fail - */ - if (!PACKET_forward(pkt, 1)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, - SSL_R_DECRYPTION_FAILED); - goto err; - } - } else if (asn1len >= 0x80) { - /* - * Indefinite length, or more than one long form length bytes. We don't - * support it - */ - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, - SSL_R_DECRYPTION_FAILED); - goto err; - } /* else short form length */ - if (!PACKET_as_length_prefixed_1(pkt, &encdata)) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + ptr = PACKET_data(pkt); + /* Some implementations provide extra data in the opaqueBlob + * We have nothing to do with this blob so we just skip it */ + pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt)); + if (pKX == NULL + || pKX->kxBlob == NULL + || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); + goto err; + } + + if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED); goto err; } - inlen = PACKET_remaining(&encdata); - start = PACKET_data(&encdata); + + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); + goto err; + } + + inlen = pKX->kxBlob->value.sequence->length; + start = pKX->kxBlob->value.sequence->data; if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) { @@ -3424,6 +3445,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) ret = 1; err: EVP_PKEY_CTX_free(pkey_ctx); + GOST_KX_MESSAGE_free(pKX); return ret; #else /* Should never happen */ @@ -3495,6 +3517,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); s->s3->tmp.psk = NULL; + s->s3->tmp.psklen = 0; #endif return MSG_PROCESS_ERROR; } @@ -3730,6 +3753,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = sk; + sk = NULL; /* * Freeze the handshake buffer. For session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { + s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); @@ -4115,9 +4139,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) + tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); goto err; - + } /* * If we are using anti-replay protection then we behave as if * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c index 57fb17a66..c85c0b031 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c @@ -9,7 +9,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include @@ -466,7 +466,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, unsigned char hash[EVP_MAX_MD_SIZE * 2]; size_t hashlen; /* - * Digest cached records keeping record buffer (if present): this wont + * Digest cached records keeping record buffer (if present): this won't * affect client auth because we're freezing the buffer at the same * point (after client key exchange and before certificate verify) */ diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c index 68cb237ea..b1d3add18 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,9 +18,12 @@ #include #include #include "internal/nelem.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include +static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); +static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); + SSL3_ENC_METHOD const TLSv1_enc_data = { tls1_enc, tls1_mac, @@ -465,11 +468,11 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) * If point formats extension present check it, otherwise everything is * supported (see RFC4492). */ - if (s->session->ext.ecpointformats == NULL) + if (s->ext.peer_ecpointformats == NULL) return 1; - for (i = 0; i < s->session->ext.ecpointformats_len; i++) { - if (s->session->ext.ecpointformats[i] == comp_id) + for (i = 0; i < s->ext.peer_ecpointformats_len; i++) { + if (s->ext.peer_ecpointformats[i] == comp_id) return 1; } return 0; @@ -578,7 +581,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) if (check_ee_md && tls1_suiteb(s)) { int check_md; size_t i; - CERT *c = s->cert; /* Check to see we have necessary signing algorithm */ if (group_id == TLSEXT_curve_P_256) @@ -587,8 +589,8 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) check_md = NID_ecdsa_with_SHA384; else return 0; /* Should never happen */ - for (i = 0; i < c->shared_sigalgslen; i++) { - if (check_md == c->shared_sigalgs[i]->sigandhash) + for (i = 0; i < s->shared_sigalgslen; i++) { + if (check_md == s->shared_sigalgs[i]->sigandhash) return 1;; } return 0; @@ -848,8 +850,11 @@ static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu) } /* - * Return a signature algorithm for TLS < 1.2 where the signature type - * is fixed by the certificate type. + * Returns a signature algorithm when the peer did not send a list of supported + * signature algorithms. The signature algorithm is fixed for the certificate + * type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the + * certificate type from |s| will be used. + * Returns the signature algorithm to use, or NULL on error. */ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) { @@ -892,8 +897,12 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) if (!tls1_lookup_md(lu, NULL)) return NULL; + if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) + return NULL; return lu; } + if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, &legacy_rsa_sigalg)) + return NULL; return &legacy_rsa_sigalg; } /* Set peer sigalg based key type */ @@ -982,6 +991,31 @@ int tls_check_sigalg_curve(const SSL *s, int curve) } #endif +/* + * Return the number of security bits for the signature algorithm, or 0 on + * error. + */ +static int sigalg_security_bits(const SIGALG_LOOKUP *lu) +{ + const EVP_MD *md = NULL; + int secbits = 0; + + if (!tls1_lookup_md(lu, &md)) + return 0; + if (md != NULL) + { + /* Security bits: half digest bits */ + secbits = EVP_MD_size(md) * 4; + } else { + /* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */ + if (lu->sigalg == TLSEXT_SIGALG_ed25519) + secbits = 128; + else if (lu->sigalg == TLSEXT_SIGALG_ed448) + secbits = 224; + } + return secbits; +} + /* * Check signature algorithm is consistent with sent supported signature * algorithms and if so set relevant digest and signature scheme in @@ -995,6 +1029,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) size_t sent_sigslen, i, cidx; int pkeyid = EVP_PKEY_id(pkey); const SIGALG_LOOKUP *lu; + int secbits = 0; /* Should never happen */ if (pkeyid == -1) @@ -1096,20 +1131,20 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) SSL_R_UNKNOWN_DIGEST); return 0; } - if (md != NULL) { - /* - * Make sure security callback allows algorithm. For historical - * reasons we have to pass the sigalg as a two byte char array. - */ - sigalgstr[0] = (sig >> 8) & 0xff; - sigalgstr[1] = sig & 0xff; - if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK, - EVP_MD_size(md) * 4, EVP_MD_type(md), - (void *)sigalgstr)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, - SSL_R_WRONG_SIGNATURE_TYPE); - return 0; - } + /* + * Make sure security callback allows algorithm. For historical + * reasons we have to pass the sigalg as a two byte char array. + */ + sigalgstr[0] = (sig >> 8) & 0xff; + sigalgstr[1] = sig & 0xff; + secbits = sigalg_security_bits(lu); + if (secbits == 0 || + !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, + md != NULL ? EVP_MD_type(md) : NID_undef, + (void *)sigalgstr)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; } /* Store the sigalg the peer uses */ s->s3->tmp.peer_sigalg = lu; @@ -1175,7 +1210,7 @@ int ssl_set_client_disabled(SSL *s) * * Returns 1 when it's disabled, 0 when enabled. */ -int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe) +int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe) { if (c->algorithm_mkey & s->s3->tmp.mask_k || c->algorithm_auth & s->s3->tmp.mask_a) @@ -1215,9 +1250,9 @@ int tls1_set_server_sigalgs(SSL *s) size_t i; /* Clear any shared signature algorithms */ - OPENSSL_free(s->cert->shared_sigalgs); - s->cert->shared_sigalgs = NULL; - s->cert->shared_sigalgslen = 0; + OPENSSL_free(s->shared_sigalgs); + s->shared_sigalgs = NULL; + s->shared_sigalgslen = 0; /* Clear certificate validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) s->s3->tmp.valid_flags[i] = 0; @@ -1252,7 +1287,7 @@ int tls1_set_server_sigalgs(SSL *s) SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_INTERNAL_ERROR); return 0; } - if (s->cert->shared_sigalgs != NULL) + if (s->shared_sigalgs != NULL) return 1; /* Fatal error if no shared signature algorithms */ @@ -1555,7 +1590,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, } /* Check to see if a signature algorithm is allowed */ -static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) +static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) { unsigned char sigalgstr[2]; int secbits; @@ -1616,11 +1651,8 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) } } - if (lu->hash == NID_undef) - return 1; - /* Security bits: half digest bits */ - secbits = EVP_MD_size(ssl_md(lu->hash_idx)) * 4; /* Finally see if security callback allows it */ + secbits = sigalg_security_bits(lu); sigalgstr[0] = (lu->sigalg >> 8) & 0xff; sigalgstr[1] = lu->sigalg & 0xff; return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr); @@ -1724,9 +1756,9 @@ static int tls1_set_shared_sigalgs(SSL *s) CERT *c = s->cert; unsigned int is_suiteb = tls1_suiteb(s); - OPENSSL_free(c->shared_sigalgs); - c->shared_sigalgs = NULL; - c->shared_sigalgslen = 0; + OPENSSL_free(s->shared_sigalgs); + s->shared_sigalgs = NULL; + s->shared_sigalgslen = 0; /* If client use client signature algorithms if not NULL */ if (!s->server && c->client_sigalgs && !is_suiteb) { conf = c->client_sigalgs; @@ -1757,8 +1789,8 @@ static int tls1_set_shared_sigalgs(SSL *s) } else { salgs = NULL; } - c->shared_sigalgs = salgs; - c->shared_sigalgslen = nmatch; + s->shared_sigalgs = salgs; + s->shared_sigalgslen = nmatch; return 1; } @@ -1819,7 +1851,6 @@ int tls1_process_sigalgs(SSL *s) { size_t i; uint32_t *pvalid = s->s3->tmp.valid_flags; - CERT *c = s->cert; if (!tls1_set_shared_sigalgs(s)) return 0; @@ -1827,8 +1858,8 @@ int tls1_process_sigalgs(SSL *s) for (i = 0; i < SSL_PKEY_NUM; i++) pvalid[i] = 0; - for (i = 0; i < c->shared_sigalgslen; i++) { - const SIGALG_LOOKUP *sigptr = c->shared_sigalgs[i]; + for (i = 0; i < s->shared_sigalgslen; i++) { + const SIGALG_LOOKUP *sigptr = s->shared_sigalgs[i]; int idx = sigptr->sig_idx; /* Ignore PKCS1 based sig algs in TLSv1.3 */ @@ -1875,12 +1906,12 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, unsigned char *rsig, unsigned char *rhash) { const SIGALG_LOOKUP *shsigalgs; - if (s->cert->shared_sigalgs == NULL + if (s->shared_sigalgs == NULL || idx < 0 - || idx >= (int)s->cert->shared_sigalgslen - || s->cert->shared_sigalgslen > INT_MAX) + || idx >= (int)s->shared_sigalgslen + || s->shared_sigalgslen > INT_MAX) return 0; - shsigalgs = s->cert->shared_sigalgs[idx]; + shsigalgs = s->shared_sigalgs[idx]; if (phash != NULL) *phash = shsigalgs->hash; if (psign != NULL) @@ -1891,7 +1922,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, *rsig = (unsigned char)(shsigalgs->sigalg & 0xff); if (rhash != NULL) *rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff); - return (int)s->cert->shared_sigalgslen; + return (int)s->shared_sigalgslen; } /* Maximum possible number of unique entries in sigalgs array */ @@ -2072,18 +2103,36 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) return 0; } -static int tls1_check_sig_alg(CERT *c, X509 *x, int default_nid) +static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) { - int sig_nid; + int sig_nid, use_pc_sigalgs = 0; size_t i; + const SIGALG_LOOKUP *sigalg; + size_t sigalgslen; if (default_nid == -1) return 1; sig_nid = X509_get_signature_nid(x); if (default_nid) return sig_nid == default_nid ? 1 : 0; - for (i = 0; i < c->shared_sigalgslen; i++) - if (sig_nid == c->shared_sigalgs[i]->sigandhash) + + if (SSL_IS_TLS13(s) && s->s3->tmp.peer_cert_sigalgs != NULL) { + /* + * If we're in TLSv1.3 then we only get here if we're checking the + * chain. If the peer has specified peer_cert_sigalgs then we use them + * otherwise we default to normal sigalgs. + */ + sigalgslen = s->s3->tmp.peer_cert_sigalgslen; + use_pc_sigalgs = 1; + } else { + sigalgslen = s->shared_sigalgslen; + } + for (i = 0; i < sigalgslen; i++) { + sigalg = use_pc_sigalgs + ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]) + : s->shared_sigalgs[i]; + if (sigalg != NULL && sig_nid == sigalg->sigandhash) return 1; + } return 0; } @@ -2240,14 +2289,21 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, } } /* Check signature algorithm of each cert in chain */ - if (!tls1_check_sig_alg(c, x, default_nid)) { + if (SSL_IS_TLS13(s)) { + /* + * We only get here if the application has called SSL_check_chain(), + * so check_flags is always set. + */ + if (find_sig_alg(s, x, pk) != NULL) + rv |= CERT_PKEY_EE_SIGNATURE; + } else if (!tls1_check_sig_alg(s, x, default_nid)) { if (!check_flags) goto end; } else rv |= CERT_PKEY_EE_SIGNATURE; rv |= CERT_PKEY_CA_SIGNATURE; for (i = 0; i < sk_X509_num(chain); i++) { - if (!tls1_check_sig_alg(c, sk_X509_value(chain, i), default_nid)) { + if (!tls1_check_sig_alg(s, sk_X509_value(chain, i), default_nid)) { if (check_flags) { rv &= ~CERT_PKEY_CA_SIGNATURE; break; @@ -2383,46 +2439,55 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) #ifndef OPENSSL_NO_DH DH *ssl_get_auto_dh(SSL *s) { - int dh_secbits = 80; - if (s->cert->dh_tmp_auto == 2) - return DH_get_1024_160(); - if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { - if (s->s3->tmp.new_cipher->strength_bits == 256) - dh_secbits = 128; - else - dh_secbits = 80; - } else { - if (s->s3->tmp.cert == NULL) - return NULL; - dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + DH *dhp = NULL; + BIGNUM *p = NULL, *g = NULL; + int dh_secbits = 80, sec_level_bits; + + if (s->cert->dh_tmp_auto != 2) { + if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { + if (s->s3->tmp.new_cipher->strength_bits == 256) + dh_secbits = 128; + else + dh_secbits = 80; + } else { + if (s->s3->tmp.cert == NULL) + return NULL; + dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + } } - if (dh_secbits >= 128) { - DH *dhp = DH_new(); - BIGNUM *p, *g; - if (dhp == NULL) - return NULL; - g = BN_new(); - if (g == NULL || !BN_set_word(g, 2)) { - DH_free(dhp); - BN_free(g); - return NULL; - } - if (dh_secbits >= 192) - p = BN_get_rfc3526_prime_8192(NULL); - else - p = BN_get_rfc3526_prime_3072(NULL); - if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { - DH_free(dhp); - BN_free(p); - BN_free(g); - return NULL; - } - return dhp; + dhp = DH_new(); + if (dhp == NULL) + return NULL; + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) { + DH_free(dhp); + BN_free(g); + return NULL; } - if (dh_secbits >= 112) - return DH_get_2048_224(); - return DH_get_1024_160(); + + /* Do not pick a prime that is too weak for the current security level */ + sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL); + if (dh_secbits < sec_level_bits) + dh_secbits = sec_level_bits; + + if (dh_secbits >= 192) + p = BN_get_rfc3526_prime_8192(NULL); + else if (dh_secbits >= 152) + p = BN_get_rfc3526_prime_4096(NULL); + else if (dh_secbits >= 128) + p = BN_get_rfc3526_prime_3072(NULL); + else if (dh_secbits >= 112) + p = BN_get_rfc3526_prime_2048(NULL); + else + p = BN_get_rfc2409_prime_1024(NULL); + if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { + DH_free(dhp); + BN_free(p); + BN_free(g); + return NULL; + } + return dhp; } #endif @@ -2528,44 +2593,33 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) } /* - * Returns true if |s| has a usable certificate configured for use - * with signature scheme |sig|. - * "Usable" includes a check for presence as well as applying - * the signature_algorithm_cert restrictions sent by the peer (if any). - * Returns false if no usable certificate is found. + * Checks the given cert against signature_algorithm_cert restrictions sent by + * the peer (if any) as well as whether the hash from the sigalg is usable with + * the key. + * Returns true if the cert is usable and false otherwise. */ -static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) +static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, + EVP_PKEY *pkey) { const SIGALG_LOOKUP *lu; int mdnid, pknid, default_mdnid; - int mandatory_md = 0; size_t i; - /* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */ - if (idx == -1) - idx = sig->sig_idx; - if (!ssl_has_cert(s, idx)) - return 0; /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */ ERR_set_mark(); - switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey, - &default_mdnid)) { - case 2: - mandatory_md = 1; - break; - case 1: - break; - default: /* If it didn't report a mandatory NID, for whatever reasons, - * just clear the error and allow all hashes to be used. */ - ERR_pop_to_mark(); - } + if (EVP_PKEY_get_default_digest_nid(pkey, &default_mdnid) == 2 && + sig->hash != default_mdnid) + return 0; + + /* If it didn't report a mandatory NID, for whatever reasons, + * just clear the error and allow all hashes to be used. */ + ERR_pop_to_mark(); + if (s->s3->tmp.peer_cert_sigalgs != NULL) { for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); if (lu == NULL - || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid, - &pknid, NULL, NULL) - || (mandatory_md && mdnid != default_mdnid)) + || !X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL)) continue; /* * TODO this does not differentiate between the @@ -2578,7 +2632,104 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) } return 0; } - return !mandatory_md || sig->hash == default_mdnid; + return 1; +} + +/* + * Returns true if |s| has a usable certificate configured for use + * with signature scheme |sig|. + * "Usable" includes a check for presence as well as applying + * the signature_algorithm_cert restrictions sent by the peer (if any). + * Returns false if no usable certificate is found. + */ +static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) +{ + /* TLS 1.2 callers can override sig->sig_idx, but not TLS 1.3 callers. */ + if (idx == -1) + idx = sig->sig_idx; + if (!ssl_has_cert(s, idx)) + return 0; + + return check_cert_usable(s, sig, s->cert->pkeys[idx].x509, + s->cert->pkeys[idx].privatekey); +} + +/* + * Returns true if the supplied cert |x| and key |pkey| is usable with the + * specified signature scheme |sig|, or false otherwise. + */ +static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, + EVP_PKEY *pkey) +{ + size_t idx; + + if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL) + return 0; + + /* Check the key is consistent with the sig alg */ + if ((int)idx != sig->sig_idx) + return 0; + + return check_cert_usable(s, sig, x, pkey); +} + +/* + * Find a signature scheme that works with the supplied certificate |x| and key + * |pkey|. |x| and |pkey| may be NULL in which case we additionally look at our + * available certs/keys to find one that works. + */ +static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) +{ + const SIGALG_LOOKUP *lu = NULL; + size_t i; +#ifndef OPENSSL_NO_EC + int curve = -1; +#endif + EVP_PKEY *tmppkey; + + /* Look for a shared sigalgs matching possible certificates */ + for (i = 0; i < s->shared_sigalgslen; i++) { + lu = s->shared_sigalgs[i]; + + /* Skip SHA1, SHA224, DSA and RSA if not PSS */ + if (lu->hash == NID_sha1 + || lu->hash == NID_sha224 + || lu->sig == EVP_PKEY_DSA + || lu->sig == EVP_PKEY_RSA) + continue; + /* Check that we have a cert, and signature_algorithms_cert */ + if (!tls1_lookup_md(lu, NULL)) + continue; + if ((pkey == NULL && !has_usable_cert(s, lu, -1)) + || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) + continue; + + tmppkey = (pkey != NULL) ? pkey + : s->cert->pkeys[lu->sig_idx].privatekey; + + if (lu->sig == EVP_PKEY_EC) { +#ifndef OPENSSL_NO_EC + if (curve == -1) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmppkey); + curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + } + if (lu->curve != NID_undef && curve != lu->curve) + continue; +#else + continue; +#endif + } else if (lu->sig == EVP_PKEY_RSA_PSS) { + /* validate that key is large enough for the signature algorithm */ + if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(tmppkey), lu)) + continue; + } + break; + } + + if (i == s->shared_sigalgslen) + return NULL; + + return lu; } /* @@ -2601,48 +2752,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) s->s3->tmp.sigalg = NULL; if (SSL_IS_TLS13(s)) { - size_t i; -#ifndef OPENSSL_NO_EC - int curve = -1; -#endif - - /* Look for a certificate matching shared sigalgs */ - for (i = 0; i < s->cert->shared_sigalgslen; i++) { - lu = s->cert->shared_sigalgs[i]; - sig_idx = -1; - - /* Skip SHA1, SHA224, DSA and RSA if not PSS */ - if (lu->hash == NID_sha1 - || lu->hash == NID_sha224 - || lu->sig == EVP_PKEY_DSA - || lu->sig == EVP_PKEY_RSA) - continue; - /* Check that we have a cert, and signature_algorithms_cert */ - if (!tls1_lookup_md(lu, NULL) || !has_usable_cert(s, lu, -1)) - continue; - if (lu->sig == EVP_PKEY_EC) { -#ifndef OPENSSL_NO_EC - if (curve == -1) { - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey); - - curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - } - if (lu->curve != NID_undef && curve != lu->curve) - continue; -#else - continue; -#endif - } else if (lu->sig == EVP_PKEY_RSA_PSS) { - /* validate that key is large enough for the signature algorithm */ - EVP_PKEY *pkey; - - pkey = s->cert->pkeys[lu->sig_idx].privatekey; - if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu)) - continue; - } - break; - } - if (i == s->cert->shared_sigalgslen) { + lu = find_sig_alg(s, NULL, NULL); + if (lu == NULL) { if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CHOOSE_SIGALG, @@ -2675,8 +2786,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) * Find highest preference signature algorithm matching * cert type */ - for (i = 0; i < s->cert->shared_sigalgslen; i++) { - lu = s->cert->shared_sigalgs[i]; + for (i = 0; i < s->shared_sigalgslen; i++) { + lu = s->shared_sigalgs[i]; if (s->server) { if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1) @@ -2703,7 +2814,27 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) #endif break; } - if (i == s->cert->shared_sigalgslen) { +#ifndef OPENSSL_NO_GOST + /* + * Some Windows-based implementations do not send GOST algorithms indication + * in supported_algorithms extension, so when we have GOST-based ciphersuite, + * we have to assume GOST support. + */ + if (i == s->shared_sigalgslen && s->s3->tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) { + if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_CHOOSE_SIGALG, + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + return 0; + } else { + i = 0; + sig_idx = lu->sig_idx; + } + } +#endif + if (i == s->shared_sigalgslen) { if (!fatalerrs) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c index be3039af3..e2c397b75 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_SSL_TRACE @@ -656,7 +656,10 @@ static int ssl_print_random(BIO *bio, int indent, if (*pmsglen < 32) return 0; - tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + tm = ((unsigned int)p[0] << 24) + | ((unsigned int)p[1] << 16) + | ((unsigned int)p[2] << 8) + | (unsigned int)p[3]; p += 4; BIO_indent(bio, indent, 80); BIO_puts(bio, "Random:\n"); @@ -864,8 +867,10 @@ static int ssl_print_extension(BIO *bio, int indent, int server, break; if (extlen != 4) return 0; - max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) - | ext[3]; + max_early_data = ((unsigned int)ext[0] << 24) + | ((unsigned int)ext[1] << 16) + | ((unsigned int)ext[2] << 8) + | (unsigned int)ext[3]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "max_early_data=%u\n", max_early_data); break; @@ -1246,8 +1251,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, while (clen > 0) { if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) return 0; - if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE, - &msg, &clen)) + if (SSL_IS_TLS13(ssl) + && !ssl_print_extensions(bio, indent + 2, server, + SSL3_MT_CERTIFICATE, &msg, &clen)) return 0; } @@ -1355,7 +1361,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, } if (msglen < 4) return 0; - tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + tick_life = ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); @@ -1366,7 +1375,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, if (msglen < 4) return 0; ticket_age_add = - (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c b/trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c index 1f956e61e..b8fb07f21 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include "internal/cryptlib.h" #include #include @@ -30,7 +30,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, const unsigned char *data, size_t datalen, unsigned char *out, size_t outlen, int fatal) { +#ifdef CHARSET_EBCDIC + static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 }; +#else static const unsigned char label_prefix[] = "tls13 "; +#endif EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); int ret; size_t hkdflabellen; @@ -40,7 +44,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, * prefix and label + bytes for the label itself + 1 byte length of hash * + bytes for the hash itself */ - unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) + + unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN + 1 + EVP_MAX_MD_SIZE]; WPACKET pkt; @@ -112,7 +116,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, unsigned char *key, size_t keylen) { - static const unsigned char keylabel[] = "key"; +#ifdef CHARSET_EBCDIC + static const unsigned char keylabel[] ={ 0x6B, 0x65, 0x79, 0x00 }; +#else + static const unsigned char keylabel[] = "key"; +#endif return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1, NULL, 0, key, keylen, 1); @@ -125,7 +133,11 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, unsigned char *iv, size_t ivlen) { - static const unsigned char ivlabel[] = "iv"; +#ifdef CHARSET_EBCDIC + static const unsigned char ivlabel[] = { 0x69, 0x76, 0x00 }; +#else + static const unsigned char ivlabel[] = "iv"; +#endif return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1, NULL, 0, iv, ivlen, 1); @@ -135,7 +147,11 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, const unsigned char *secret, unsigned char *fin, size_t finlen) { - static const unsigned char finishedlabel[] = "finished"; +#ifdef CHARSET_EBCDIC + static const unsigned char finishedlabel[] = { 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64, 0x00 }; +#else + static const unsigned char finishedlabel[] = "finished"; +#endif return tls13_hkdf_expand(s, md, secret, finishedlabel, sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1); @@ -156,7 +172,11 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, int mdleni; int ret; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +#ifdef CHARSET_EBCDIC + static const char derived_secret_label[] = { 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00 }; +#else static const char derived_secret_label[] = "derived"; +#endif unsigned char preextractsec[EVP_MAX_MD_SIZE]; if (pctx == NULL) { @@ -370,11 +390,18 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, uint32_t algenc; ivlen = EVP_CCM_TLS_IV_LEN; - if (s->s3->tmp.new_cipher == NULL) { + if (s->s3->tmp.new_cipher != NULL) { + algenc = s->s3->tmp.new_cipher->algorithm_enc; + } else if (s->session->cipher != NULL) { /* We've not selected a cipher yet - we must be doing early data */ algenc = s->session->cipher->algorithm_enc; + } else if (s->psksession != NULL && s->psksession->cipher != NULL) { + /* We must be doing early data with out-of-band PSK */ + algenc = s->psksession->cipher->algorithm_enc; } else { - algenc = s->s3->tmp.new_cipher->algorithm_enc; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, + ERR_R_EVP_LIB); + goto err; } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; @@ -409,6 +436,16 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, int tls13_change_cipher_state(SSL *s, int which) { +#ifdef CHARSET_EBCDIC + static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; +#else static const unsigned char client_early_traffic[] = "c e traffic"; static const unsigned char client_handshake_traffic[] = "c hs traffic"; static const unsigned char client_application_traffic[] = "c ap traffic"; @@ -417,6 +454,7 @@ int tls13_change_cipher_state(SSL *s, int which) static const unsigned char exporter_master_secret[] = "exp master"; static const unsigned char resumption_master_secret[] = "res master"; static const unsigned char early_exporter_master_secret[] = "e exp master"; +#endif unsigned char *iv; unsigned char secret[EVP_MAX_MD_SIZE]; unsigned char hashval[EVP_MAX_MD_SIZE]; @@ -684,7 +722,11 @@ int tls13_change_cipher_state(SSL *s, int which) int tls13_update_key(SSL *s, int sending) { - static const unsigned char application_traffic[] = "traffic upd"; +#ifdef CHARSET_EBCDIC + static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00}; +#else + static const unsigned char application_traffic[] = "traffic upd"; +#endif const EVP_MD *md = ssl_handshake_md(s); size_t hashlen = EVP_MD_size(md); unsigned char *insecret, *iv; @@ -741,7 +783,11 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, size_t contextlen, int use_context) { unsigned char exportsecret[EVP_MAX_MD_SIZE]; +#ifdef CHARSET_EBCDIC + static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00}; +#else static const unsigned char exporterlabel[] = "exporter"; +#endif unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE]; const EVP_MD *md = ssl_handshake_md(s); EVP_MD_CTX *ctx = EVP_MD_CTX_new(); @@ -778,7 +824,11 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen) { - static const unsigned char exporterlabel[] = "exporter"; +#ifdef CHARSET_EBCDIC + static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00}; +#else + static const unsigned char exporterlabel[] = "exporter"; +#endif unsigned char exportsecret[EVP_MAX_MD_SIZE]; unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE]; const EVP_MD *md; diff --git a/trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c b/trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c index f94e46b4e..ede7427ff 100644 --- a/trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c +++ b/trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c @@ -14,7 +14,7 @@ #include #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_SRP # include diff --git a/trunk/3rdparty/openssl-1.1-fit/tools/c_rehash.in b/trunk/3rdparty/openssl-1.1-fit/tools/c_rehash.in index 421fd8920..fa7c6c9fe 100644 --- a/trunk/3rdparty/openssl-1.1-fit/tools/c_rehash.in +++ b/trunk/3rdparty/openssl-1.1-fit/tools/c_rehash.in @@ -1,7 +1,7 @@ #!{- $config{HASHBANGPERL} -} # {- join("\n# ", @autowarntext) -} -# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -161,7 +161,7 @@ sub check_file { sub link_hash_cert { my $fname = $_[0]; - $fname =~ s/'/'\\''/g; + $fname =~ s/\"/\\\"/g; my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; diff --git a/trunk/3rdparty/openssl-1.1-fit/util/cavs-to-evptest.pl b/trunk/3rdparty/openssl-1.1-fit/util/cavs-to-evptest.pl new file mode 100644 index 000000000..8df32943d --- /dev/null +++ b/trunk/3rdparty/openssl-1.1-fit/util/cavs-to-evptest.pl @@ -0,0 +1,121 @@ +#! /usr/bin/env perl +# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +#Convert CCM CAVS test vectors to a format suitable for evp_test + +use strict; +use warnings; + +my $alg; +my $mode; +my $keylen; +my $key = ""; +my $iv = ""; +my $aad = ""; +my $ct = ""; +my $pt = ""; +my $tag = ""; +my $aadlen = 0; +my $ptlen = 0; +my $taglen = 0; +my $res = ""; +my $intest = 0; +my $fixediv = 0; + +while () +{ + chomp; + + # Pull out the cipher mode from the comment at the beginning of the file + if(/^#\s*"([^-]+)-\w+" information/) { + $mode = lc($1); + # Pull out the key length from the comment at the beginning of the file + } elsif(/^#\s*(\w+) Keylen: (\d+)/) { + $alg = lc($1); + $keylen = $2; + # Some parameters common to many tests appear as a list in square brackets + # so parse these + } elsif(/\[(.*)\]/) { + my @pairs = split(/, /, $1); + foreach my $pair (@pairs) { + $pair =~ /(\w+)\s*=\s*(\d+)/; + # AAD Length + if ($1 eq "Alen") { + $aadlen = $2; + # Plaintext length + } elsif ($1 eq "Plen") { + $ptlen = $2; + # Tag length + } elsif ($1 eq "Tlen") { + $taglen = $2; + } + } + # Key/Value pair + } elsif (/^\s*(\w+)\s*=\s*(\S.*)\r/) { + if ($1 eq "Key") { + $key = $2; + } elsif ($1 eq "Nonce") { + $iv = $2; + if ($intest == 0) { + $fixediv = 1; + } else { + $fixediv = 0; + } + } elsif ($1 eq "Adata") { + $aad = $2; + } elsif ($1 eq "CT") { + $ct = substr($2, 0, length($2) - ($taglen * 2)); + $tag = substr($2, $taglen * -2); + } elsif ($1 eq "Payload") { + $pt = $2; + } elsif ($1 eq "Result") { + if ($2 =~ /Fail/) { + $res = "CIPHERUPDATE_ERROR"; + } + } elsif ($1 eq "Count") { + $intest = 1; + } elsif ($1 eq "Plen") { + $ptlen = $2; + } elsif ($1 eq "Tlen") { + $taglen = $2; + } elsif ($1 eq "Alen") { + $aadlen = $2; + } + # Something else - probably just a blank line + } elsif ($intest) { + print "Cipher = $alg-$keylen-$mode\n"; + print "Key = $key\n"; + print "IV = $iv\n"; + print "AAD ="; + if ($aadlen > 0) { + print " $aad"; + } + print "\nTag ="; + if ($taglen > 0) { + print " $tag"; + } + print "\nPlaintext ="; + if ($ptlen > 0) { + print " $pt"; + } + print "\nCiphertext = $ct\n"; + if ($res ne "") { + print "Operation = DECRYPT\n"; + print "Result = $res\n"; + } + print "\n"; + $res = ""; + if ($fixediv == 0) { + $iv = ""; + } + $aad = ""; + $tag = ""; + $pt = ""; + $intest = 0; + } +} diff --git a/trunk/3rdparty/openssl-1.1-fit/util/find-doc-nits b/trunk/3rdparty/openssl-1.1-fit/util/find-doc-nits index 860bb9958..f2fd85ce8 100755 --- a/trunk/3rdparty/openssl-1.1-fit/util/find-doc-nits +++ b/trunk/3rdparty/openssl-1.1-fit/util/find-doc-nits @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -35,7 +35,7 @@ Find small errors (nits) in documentation. Options: -l Print bogus links -n Print nits in POD pages -p Warn if non-public name documented (implies -n) - -u List undocumented functions + -u Count undocumented functions -h Print this help message -c List undocumented commands and options EOF @@ -137,6 +137,20 @@ sub name_synopsis() } } +# Check if SECTION ($3) is located before BEFORE ($4) +sub check_section_location() +{ + my $id = shift; + my $contents = shift; + my $section = shift; + my $before = shift; + + return + unless $contents =~ /=head1 $section/ and $contents =~ /=head1 $before/; + print "$id $section should be placed before $before section\n" + if $contents =~ /=head1 $before.*=head1 $section/ms; +} + sub check() { my $filename = shift; @@ -152,6 +166,13 @@ sub check() my $id = "${filename}:1:"; + # Check ordering of some sections in man3 + if ( $filename =~ m|man3/| ) { + &check_section_location($id, $contents, "RETURN VALUES", "EXAMPLES"); + &check_section_location($id, $contents, "SEE ALSO", "HISTORY"); + &check_section_location($id, $contents, "EXAMPLES", "SEE ALSO"); + } + &name_synopsis($id, $filename, $contents) unless $contents =~ /=for comment generic/ or $filename =~ m@man[157]/@; @@ -162,6 +183,10 @@ sub check() if $contents !~ /=cut\n$/; print "$id more than one cut line.\n" if $contents =~ /=cut.*=cut/ms; + print "$id EXAMPLE not EXAMPLES section.\n" + if $contents =~ /=head1 EXAMPLE[^S]/; + print "$id WARNING not WARNINGS section.\n" + if $contents =~ /=head1 WARNING[^S]/; print "$id missing copyright\n" if $contents !~ /Copyright .* The OpenSSL Project Authors/; print "$id copyright not last\n" @@ -269,6 +294,7 @@ my %docced; sub checkmacros() { my $count = 0; + my %seen; print "# Checking macros (approximate)\n"; foreach my $f ( glob('include/openssl/*.h') ) { @@ -280,7 +306,7 @@ sub checkmacros() while ( ) { next unless /^#\s*define\s*(\S+)\(/; my $macro = $1; - next if $docced{$macro}; + next if $docced{$macro} || defined $seen{$macro}; next if $macro =~ /i2d_/ || $macro =~ /d2i_/ || $macro =~ /DEPRECATEDIN/ @@ -288,6 +314,7 @@ sub checkmacros() || $macro =~ /DECLARE_/; print "$f:$macro\n" if $opt_d; $count++; + $seen{$macro} = 1; } close(IN); } @@ -299,15 +326,17 @@ sub printem() my $libname = shift; my $numfile = shift; my $count = 0; + my %seen; foreach my $func ( &parsenum($numfile) ) { - next if $docced{$func}; + next if $docced{$func} || defined $seen{$func}; # Skip ASN1 utilities next if $func =~ /^ASN1_/; print "$libname:$func\n" if $opt_d; $count++; + $seen{$func} = 1; } print "# Found $count missing from $numfile\n\n"; } diff --git a/trunk/3rdparty/openssl-1.1-fit/util/fix-includes b/trunk/3rdparty/openssl-1.1-fit/util/fix-includes new file mode 100755 index 000000000..c49163875 --- /dev/null +++ b/trunk/3rdparty/openssl-1.1-fit/util/fix-includes @@ -0,0 +1,19 @@ +#!/bin/sh +# +# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +find -name ossl_typ.h -o \( \ + -name '*.h' -o \ + -name '*.h.in' -o \ + -name '*.c' -o \ + -name '*.ec' -o \ + -name 'README*' -o \ + -name '*.pod' -o \ + -name '*.conf' \ + \) -exec sed -E -i \ + -f util/fix-includes.sed {} \; diff --git a/trunk/3rdparty/openssl-1.1-fit/util/fix-includes.sed b/trunk/3rdparty/openssl-1.1-fit/util/fix-includes.sed new file mode 100644 index 000000000..fb0d65287 --- /dev/null +++ b/trunk/3rdparty/openssl-1.1-fit/util/fix-includes.sed @@ -0,0 +1,5 @@ +s|internal/([a-z0-9_]+)_int\.h|crypto/\1.h|g ; +s@internal/(aria.h|async.h|bn_conf.h|bn_dh.h|bn_srp.h|chacha.h|ctype.h|__DECC_INCLUDE_EPILOGUE.H|__DECC_INCLUDE_PROLOGUE.H|dso_conf.h|engine.h|lhash.h|md32_common.h|objects.h|poly1305.h|sha.h|siphash.h|sm2err.h|sm2.h|sm3.h|sm4.h|store.h|foobar)@crypto/\1@g ; +s/constant_time_locl/constant_time/g ; +s/_lo?cl\.h/_local.h/g ; +s/_int\.h/_local.h/g ; diff --git a/trunk/3rdparty/openssl-1.1-fit/util/libcrypto.num b/trunk/3rdparty/openssl-1.1-fit/util/libcrypto.num index 32c64cb2c..436f799bc 100644 --- a/trunk/3rdparty/openssl-1.1-fit/util/libcrypto.num +++ b/trunk/3rdparty/openssl-1.1-fit/util/libcrypto.num @@ -4579,3 +4579,15 @@ EVP_PKEY_meth_set_digest_custom 4532 1_1_1 EXIST::FUNCTION: EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION: OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO +EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE +X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION: +X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION: +EVP_PKEY_meth_set_digestsign 4539 1_1_1e EXIST::FUNCTION: +EVP_PKEY_meth_set_digestverify 4540 1_1_1e EXIST::FUNCTION: +EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION: +EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION: +RSA_get0_pss_params 4543 1_1_1e EXIST::FUNCTION:RSA +X509_ALGOR_copy 4544 1_1_1h EXIST::FUNCTION: +X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION: +X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION: +EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl index bcbb47583..3ac79821b 100755 --- a/trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl +++ b/trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -360,7 +360,7 @@ sub do_defs # params: symbol, alias, platforms, kind # The reason to put this subroutine in a variable is that - # it will otherwise create it's own, unshared, version of + # it will otherwise create its own, unshared, version of # %tag and %variant... my $make_variant = sub { diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkdir-p.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkdir-p.pl index 328060243..b02db98f0 100755 --- a/trunk/3rdparty/openssl-1.1-fit/util/mkdir-p.pl +++ b/trunk/3rdparty/openssl-1.1-fit/util/mkdir-p.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -34,11 +34,12 @@ sub do_mkdir_p { } unless (mkdir($dir, 0777)) { + local($err) = $!; if (-d $dir) { # We raced against another instance doing the same thing. return; } - die "Cannot create directory $dir: $!\n"; + die "Cannot create directory $dir: $err\n"; } print "created directory `$dir'\n"; } diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl index 0ea02961a..df085fb3d 100755 --- a/trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl +++ b/trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -417,9 +417,7 @@ print STDERR "\n" if $debug; &phase("Writing files"); my $newstate = 0; foreach my $lib ( keys %errorfile ) { - if ( ! $fnew{$lib} && ! $rnew{$lib} ) { - next unless $rebuild; - } + next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild; next if scalar keys %modules > 0 && !$modules{$lib}; next if $nowrite; print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib}; @@ -455,6 +453,8 @@ foreach my $lib ( keys %errorfile ) { #ifndef HEADER_${lib}ERR_H # define HEADER_${lib}ERR_H +# include + EOF if ( $internal ) { # Declare the load function because the generate C file diff --git a/trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl b/trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl index 6762bc4a5..18bde4d01 100755 --- a/trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl +++ b/trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -46,7 +46,7 @@ if ( $filename =~ /openssl/i ) { $vft = "VFT_APP"; } -my $YEAR = [localtime()]->[5] + 1900; +my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900; print <<___; #include diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test.pm index 9564b2604..0df6ad0a5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test.pm +++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -65,6 +65,7 @@ use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir rel2abs/; use File::Path 2.00 qw/rmtree mkpath/; use File::Basename; +use Cwd qw/getcwd abs_path/; my $level = 0; @@ -164,13 +165,13 @@ C takes some additional options OPTS that affect the subdirectory: =item B 0|1> -When set to 1 (or any value that perl preceives as true), the subdirectory +When set to 1 (or any value that perl perceives as true), the subdirectory will be created if it doesn't already exist. This happens before BLOCK is executed. =item B 0|1> -When set to 1 (or any value that perl preceives as true), the subdirectory +When set to 1 (or any value that perl perceives as true), the subdirectory will be cleaned out and removed. This happens both before and after BLOCK is executed. @@ -869,8 +870,8 @@ failures will result in a C at the end of its run. sub __env { (my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i; - $directories{SRCTOP} = $ENV{SRCTOP} || $ENV{TOP}; - $directories{BLDTOP} = $ENV{BLDTOP} || $ENV{TOP}; + $directories{SRCTOP} = abs_path($ENV{SRCTOP} || $ENV{TOP}); + $directories{BLDTOP} = abs_path($ENV{BLDTOP} || $ENV{TOP}); $directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps"); $directories{SRCAPPS} = __srctop_dir("apps"); $directories{BLDFUZZ} = __bldtop_dir("fuzz"); @@ -903,26 +904,26 @@ sub __srctop_file { BAIL_OUT("Must run setup() first") if (! $test_name); my $f = pop; - return catfile($directories{SRCTOP},@_,$f); + return abs2rel(catfile($directories{SRCTOP},@_,$f),getcwd); } sub __srctop_dir { BAIL_OUT("Must run setup() first") if (! $test_name); - return catdir($directories{SRCTOP},@_); + return abs2rel(catdir($directories{SRCTOP},@_), getcwd); } sub __bldtop_file { BAIL_OUT("Must run setup() first") if (! $test_name); my $f = pop; - return catfile($directories{BLDTOP},@_,$f); + return abs2rel(catfile($directories{BLDTOP},@_,$f), getcwd); } sub __bldtop_dir { BAIL_OUT("Must run setup() first") if (! $test_name); - return catdir($directories{BLDTOP},@_); + return abs2rel(catdir($directories{BLDTOP},@_), getcwd); } # __exeext is a function that returns the platform dependent file extension diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateRequest.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateRequest.pm new file mode 100644 index 000000000..bc4105335 --- /dev/null +++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateRequest.pm @@ -0,0 +1,105 @@ +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +package TLSProxy::CertificateRequest; + +use vars '@ISA'; +push @ISA, 'TLSProxy::Message'; + +sub new +{ + my $class = shift; + my ($server, + $data, + $records, + $startoffset, + $message_frag_lens) = @_; + + my $self = $class->SUPER::new( + $server, + TLSProxy::Message::MT_CERTIFICATE_REQUEST, + $data, + $records, + $startoffset, + $message_frag_lens); + + $self->{extension_data} = ""; + + return $self; +} + +sub parse +{ + my $self = shift; + my $ptr = 1; + + if (TLSProxy::Proxy->is_tls13()) { + my $request_ctx_len = unpack('C', $self->data); + my $request_ctx = substr($self->data, $ptr, $request_ctx_len); + $ptr += $request_ctx_len; + + my $extensions_len = unpack('n', substr($self->data, $ptr)); + $ptr += 2; + my $extension_data = substr($self->data, $ptr); + if (length($extension_data) != $extensions_len) { + die "Invalid extension length\n"; + } + my %extensions = (); + while (length($extension_data) >= 4) { + my ($type, $size) = unpack("nn", $extension_data); + my $extdata = substr($extension_data, 4, $size); + $extension_data = substr($extension_data, 4 + $size); + $extensions{$type} = $extdata; + } + $self->extension_data(\%extensions); + + print " Extensions Len:".$extensions_len."\n"; + } + # else parse TLSv1.2 version - we don't support that at the moment +} + +#Reconstruct the on-the-wire message data following changes +sub set_message_contents +{ + my $self = shift; + my $data; + my $extensions = ""; + + foreach my $key (keys %{$self->extension_data}) { + my $extdata = ${$self->extension_data}{$key}; + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + } + + $data = pack('n', length($extensions)); + $data .= $extensions; + $self->data($data); +} + +#Read/write accessors +sub extension_data +{ + my $self = shift; + if (@_) { + $self->{extension_data} = shift; + } + return $self->{extension_data}; +} +sub set_extension +{ + my ($self, $ext_type, $ext_data) = @_; + $self->{extension_data}{$ext_type} = $ext_data; +} +sub delete_extension +{ + my ($self, $ext_type) = @_; + delete $self->{extension_data}{$ext_type}; +} +1; diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Message.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Message.pm index 5682ae3e1..c3c480669 100644 --- a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Message.pm +++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Message.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -129,6 +129,11 @@ use constant { CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302 }; +use constant { + CLIENT => 0, + SERVER => 1 +}; + my $payload = ""; my $messlen = -1; my $mt; @@ -338,6 +343,15 @@ sub create_message [@message_frag_lens] ); $message->parse(); + } elsif ($mt == MT_CERTIFICATE_REQUEST) { + $message = TLSProxy::CertificateRequest->new( + $server, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); } elsif ($mt == MT_CERTIFICATE_VERIFY) { $message = TLSProxy::CertificateVerify->new( $server, @@ -434,7 +448,7 @@ sub ciphersuite } #Update all the underlying records with the modified data from this message -#Note: Only supports re-encrypting for TLSv1.3 +#Note: Only supports TLSv1.3 and ETM encryption sub repack { my $self = shift; @@ -476,15 +490,38 @@ sub repack # (If a length override is ever needed to construct invalid packets, # use an explicit override field instead.) $rec->decrypt_len(length($rec->decrypt_data)); - $rec->len($rec->len + length($msgdata) - $old_length); - # Only support re-encryption for TLSv1.3. - if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) { - #Add content type (1 byte) and 16 tag bytes - $rec->data($rec->decrypt_data - .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + # Only support re-encryption for TLSv1.3 and ETM. + if ($rec->encrypted()) { + if (TLSProxy::Proxy->is_tls13()) { + #Add content type (1 byte) and 16 tag bytes + $rec->data($rec->decrypt_data + .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + } elsif ($rec->etm()) { + my $data = $rec->decrypt_data; + #Add padding + my $padval = length($data) % 16; + $padval = 15 - $padval; + for (0..$padval) { + $data .= pack("C", $padval); + } + + #Add MAC. Assumed to be 20 bytes + foreach my $macval (0..19) { + $data .= pack("C", $macval); + } + + if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) { + #Explicit IV + $data = ("\0"x16).$data; + } + $rec->data($data); + } else { + die "Unsupported encryption: No ETM"; + } } else { $rec->data($rec->decrypt_data); } + $rec->len(length($rec->data)); #Update the fragment len in case we changed it above ${$self->message_frag_lens}[0] = length($msgdata) diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Proxy.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Proxy.pm index f7bca02e5..6f983b328 100644 --- a/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Proxy.pm +++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Proxy.pm @@ -19,6 +19,7 @@ use TLSProxy::ClientHello; use TLSProxy::ServerHello; use TLSProxy::EncryptedExtensions; use TLSProxy::Certificate; +use TLSProxy::CertificateRequest; use TLSProxy::CertificateVerify; use TLSProxy::ServerKeyExchange; use TLSProxy::NewSessionTicket; @@ -451,7 +452,7 @@ sub clientstart } else { # It's a bit counter-intuitive spot to make next connection to # the s_server. Rationale is that established connection works - # as syncronization point, in sense that this way we know that + # as synchronization point, in sense that this way we know that # s_server is actually done with current session... $self->connect_to_server(); } diff --git a/trunk/3rdparty/openssl-1.1-fit/util/perl/checkhandshake.pm b/trunk/3rdparty/openssl-1.1-fit/util/perl/checkhandshake.pm index c53b96d5e..04441b561 100644 --- a/trunk/3rdparty/openssl-1.1-fit/util/perl/checkhandshake.pm +++ b/trunk/3rdparty/openssl-1.1-fit/util/perl/checkhandshake.pm @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -116,7 +116,8 @@ sub checkhandshake($$$$) && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS - && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); @@ -124,7 +125,7 @@ sub checkhandshake($$$$) my $extchnum = 1; my $extshnum = 1; for (my $extloop = 0; - $extensions[$extloop][2] != 0; + $extensions[$extloop][3] != 0; $extloop++) { $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO && TLSProxy::Proxy::is_tls13(); @@ -135,6 +136,7 @@ sub checkhandshake($$$$) next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); + next if ($message->server() != $extensions[$extloop][2]); $numtests++; } $numtests++; @@ -182,7 +184,8 @@ sub checkhandshake($$$$) && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS - && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); @@ -197,7 +200,7 @@ sub checkhandshake($$$$) my $msgexts = $message->extension_data(); my $extchnum = 1; my $extshnum = 1; - for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0; + for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0; $extloop++) { #In TLSv1.3 we can have two ClientHellos if there has been a #HelloRetryRequest, and they may have different extensions. Skip @@ -211,12 +214,13 @@ sub checkhandshake($$$$) next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); - ok (($extensions[$extloop][2] & $exttype) == 0 + next if ($message->server() != $extensions[$extloop][2]); + ok (($extensions[$extloop][3] & $exttype) == 0 || defined ($msgexts->{$extensions[$extloop][1]}), "Extension presence check (Message: ".$message->mt() - ." Extension: ".($extensions[$extloop][2] & $exttype).", " + ." Extension: ".($extensions[$extloop][3] & $exttype).", " .$extloop.")"); - $extcount++ if (($extensions[$extloop][2] & $exttype) != 0); + $extcount++ if (($extensions[$extloop][3] & $exttype) != 0); } ok($extcount == keys %$msgexts, "Extensions count mismatch (" .$extcount.", ".(keys %$msgexts) diff --git a/trunk/3rdparty/openssl-1.1-fit/util/private.num b/trunk/3rdparty/openssl-1.1-fit/util/private.num index a6ef44e4a..bc7d967b5 100644 --- a/trunk/3rdparty/openssl-1.1-fit/util/private.num +++ b/trunk/3rdparty/openssl-1.1-fit/util/private.num @@ -75,11 +75,15 @@ X509_STORE_CTX_lookup_crls_fn datatype X509_STORE_CTX_verify_cb datatype X509_STORE_CTX_verify_fn datatype X509_STORE_set_verify_cb_func datatype +X509_LOOKUP datatype +X509_LOOKUP_METHOD datatype +X509_LOOKUP_TYPE datatype X509_LOOKUP_get_by_alias_fn datatype X509_LOOKUP_get_by_subject_fn datatype X509_LOOKUP_get_by_fingerprint_fn datatype X509_LOOKUP_ctrl_fn datatype X509_LOOKUP_get_by_issuer_serial_fn datatype +X509_STORE datatype bio_info_cb datatype BIO_info_cb datatype custom_ext_add_cb datatype @@ -228,6 +232,8 @@ EVP_PKEY_CTX_set_dh_pad define EVP_PKEY_CTX_set_dh_rfc5114 define EVP_PKEY_CTX_set_dhx_rfc5114 define EVP_PKEY_CTX_set_dsa_paramgen_bits define +EVP_PKEY_CTX_set_dsa_paramgen_q_bits define +EVP_PKEY_CTX_set_dsa_paramgen_md define EVP_PKEY_CTX_set_ec_param_enc define EVP_PKEY_CTX_set_ec_paramgen_curve_nid define EVP_PKEY_CTX_set_ecdh_cofactor_mode define @@ -450,6 +456,8 @@ SSL_want_x509_lookup define SSLv23_client_method define SSLv23_method define SSLv23_server_method define +X509_LOOKUP_add_dir define +X509_LOOKUP_load_file define X509_STORE_set_lookup_crls_cb define X509_STORE_set_verify_func define EVP_PKEY_CTX_set1_id define