From aa144ced5d61b5c7fb74acaebb37d85bd08f0416 Mon Sep 17 00:00:00 2001 From: Jung-uk Kim Date: Tue, 17 Mar 2020 21:27:57 +0000 Subject: Import OpenSSL 1.1.1e. --- crypto/LPdir_unix.c | 5 +- crypto/aes/aes_core.c | 2 +- crypto/aes/aes_ecb.c | 2 +- crypto/aes/aes_ige.c | 2 +- crypto/aes/aes_local.h | 42 ++ crypto/aes/aes_locl.h | 42 -- crypto/aes/aes_misc.c | 2 +- crypto/aes/aes_x86core.c | 2 +- crypto/aes/asm/aes-armv4.pl | 4 +- crypto/aes/asm/aes-c64xplus.pl | 4 +- crypto/aes/asm/aes-mips.pl | 4 +- crypto/aes/asm/aes-parisc.pl | 4 +- crypto/aes/asm/aes-ppc.pl | 4 +- crypto/aes/asm/aes-s390x.pl | 8 +- crypto/aes/asm/aes-sparcv9.pl | 4 +- crypto/aes/asm/aesfx-sparcv9.pl | 4 +- crypto/aes/asm/aesni-mb-x86_64.pl | 6 +- crypto/aes/asm/aesni-sha1-x86_64.pl | 12 +- crypto/aes/asm/aesni-sha256-x86_64.pl | 66 +- crypto/aes/asm/aesni-x86.pl | 4 +- crypto/aes/asm/aesni-x86_64.pl | 30 +- crypto/aes/asm/aesp8-ppc.pl | 4 +- crypto/aes/asm/aest4-sparcv9.pl | 4 +- crypto/aes/asm/aesv8-armx.pl | 4 +- crypto/aes/asm/bsaes-armv7.pl | 4 +- crypto/aes/asm/vpaes-armv8.pl | 4 +- crypto/aes/asm/vpaes-ppc.pl | 4 +- crypto/aes/asm/vpaes-x86.pl | 4 +- crypto/aes/asm/vpaes-x86_64.pl | 4 +- crypto/aria/aria.c | 2 +- crypto/arm64cpuid.pl | 4 +- crypto/arm_arch.h | 4 +- crypto/armv4cpuid.pl | 4 +- crypto/asn1/a_bitstr.c | 2 +- crypto/asn1/a_d2i_fp.c | 2 +- crypto/asn1/a_gentm.c | 2 +- crypto/asn1/a_int.c | 2 +- crypto/asn1/a_mbstr.c | 2 +- crypto/asn1/a_object.c | 6 +- crypto/asn1/a_print.c | 2 +- crypto/asn1/a_sign.c | 4 +- crypto/asn1/a_strex.c | 2 +- crypto/asn1/a_time.c | 4 +- crypto/asn1/a_type.c | 2 +- crypto/asn1/a_utctm.c | 2 +- crypto/asn1/a_verify.c | 4 +- crypto/asn1/ameth_lib.c | 4 +- crypto/asn1/asn1_lib.c | 2 +- crypto/asn1/asn1_local.h | 83 +++ crypto/asn1/asn1_locl.h | 83 --- crypto/asn1/asn1_par.c | 38 +- crypto/asn1/asn_mime.c | 16 +- crypto/asn1/asn_moid.c | 6 +- crypto/asn1/charmap.h | 2 +- crypto/asn1/d2i_pr.c | 4 +- crypto/asn1/d2i_pu.c | 2 +- crypto/asn1/f_int.c | 2 +- crypto/asn1/f_string.c | 2 +- crypto/asn1/i2d_pr.c | 4 +- crypto/asn1/p8_pkey.c | 2 +- crypto/asn1/t_pkey.c | 2 +- crypto/asn1/tasn_dec.c | 2 +- crypto/asn1/tasn_enc.c | 4 +- crypto/asn1/tasn_fre.c | 2 +- crypto/asn1/tasn_new.c | 2 +- crypto/asn1/tasn_prn.c | 4 +- crypto/asn1/tasn_scn.c | 2 +- crypto/asn1/tasn_utl.c | 2 +- crypto/asn1/x_algor.c | 2 +- crypto/asn1/x_bignum.c | 6 +- crypto/asn1/x_int64.c | 2 +- crypto/asn1/x_sig.c | 2 +- crypto/async/arch/async_null.c | 2 +- crypto/async/arch/async_posix.c | 2 +- crypto/async/arch/async_posix.h | 6 +- crypto/async/async.c | 4 +- crypto/async/async_local.h | 77 +++ crypto/async/async_locl.h | 77 --- crypto/async/async_wait.c | 2 +- crypto/bf/asm/bf-586.pl | 4 +- crypto/bf/bf_cfb64.c | 2 +- crypto/bf/bf_ecb.c | 2 +- crypto/bf/bf_enc.c | 2 +- crypto/bf/bf_local.h | 84 +++ crypto/bf/bf_locl.h | 84 --- crypto/bf/bf_ofb64.c | 2 +- crypto/bf/bf_skey.c | 2 +- crypto/bio/b_addr.c | 8 +- crypto/bio/b_dump.c | 6 +- crypto/bio/b_print.c | 2 +- crypto/bio/b_sock.c | 2 +- crypto/bio/b_sock2.c | 2 +- crypto/bio/bf_buff.c | 2 +- crypto/bio/bf_lbuf.c | 2 +- crypto/bio/bf_nbio.c | 2 +- crypto/bio/bf_null.c | 2 +- crypto/bio/bio_cb.c | 2 +- crypto/bio/bio_lcl.h | 190 ------ crypto/bio/bio_lib.c | 2 +- crypto/bio/bio_local.h | 190 ++++++ crypto/bio/bio_meth.c | 2 +- crypto/bio/bss_acpt.c | 11 +- crypto/bio/bss_bio.c | 2 +- crypto/bio/bss_conn.c | 18 +- crypto/bio/bss_dgram.c | 2 +- crypto/bio/bss_fd.c | 9 +- crypto/bio/bss_file.c | 2 +- crypto/bio/bss_log.c | 2 +- crypto/bio/bss_mem.c | 2 +- crypto/bio/bss_null.c | 2 +- crypto/bio/bss_sock.c | 9 +- crypto/blake2/blake2_local.h | 90 +++ crypto/blake2/blake2_locl.h | 90 --- crypto/blake2/blake2b.c | 2 +- crypto/blake2/blake2s.c | 2 +- crypto/blake2/m_blake2b.c | 4 +- crypto/blake2/m_blake2s.c | 4 +- crypto/bn/README.pod | 2 +- crypto/bn/asm/armv4-gf2m.pl | 4 +- crypto/bn/asm/armv4-mont.pl | 4 +- crypto/bn/asm/armv8-mont.pl | 4 +- crypto/bn/asm/bn-586.pl | 4 +- crypto/bn/asm/c64xplus-gf2m.pl | 4 +- crypto/bn/asm/co-586.pl | 12 +- crypto/bn/asm/ia64-mont.pl | 4 +- crypto/bn/asm/mips-mont.pl | 4 +- crypto/bn/asm/mips.pl | 4 +- crypto/bn/asm/parisc-mont.pl | 4 +- crypto/bn/asm/ppc-mont.pl | 4 +- crypto/bn/asm/ppc.pl | 4 +- crypto/bn/asm/ppc64-mont.pl | 4 +- crypto/bn/asm/rsaz-avx2.pl | 6 +- crypto/bn/asm/rsaz-x86_64.pl | 403 ++++++------ crypto/bn/asm/s390x-gf2m.pl | 4 +- crypto/bn/asm/s390x-mont.pl | 12 +- crypto/bn/asm/s390x.S | 2 +- crypto/bn/asm/sparct4-mont.pl | 4 +- crypto/bn/asm/sparcv9-gf2m.pl | 4 +- crypto/bn/asm/sparcv9-mont.pl | 4 +- crypto/bn/asm/sparcv9a-mont.pl | 4 +- crypto/bn/asm/via-mont.pl | 4 +- crypto/bn/asm/vis3-mont.pl | 4 +- crypto/bn/asm/x86-gf2m.pl | 4 +- crypto/bn/asm/x86-mont.pl | 4 +- crypto/bn/asm/x86_64-gcc.c | 2 +- crypto/bn/asm/x86_64-gf2m.pl | 4 +- crypto/bn/asm/x86_64-mont.pl | 6 +- crypto/bn/asm/x86_64-mont5.pl | 24 +- crypto/bn/bn_add.c | 2 +- crypto/bn/bn_asm.c | 2 +- crypto/bn/bn_blind.c | 2 +- crypto/bn/bn_ctx.c | 2 +- crypto/bn/bn_depr.c | 2 +- crypto/bn/bn_dh.c | 4 +- crypto/bn/bn_div.c | 2 +- crypto/bn/bn_exp.c | 4 +- crypto/bn/bn_exp2.c | 2 +- crypto/bn/bn_gcd.c | 220 +++---- crypto/bn/bn_gf2m.c | 2 +- crypto/bn/bn_intern.c | 2 +- crypto/bn/bn_kron.c | 2 +- crypto/bn/bn_lcl.h | 671 -------------------- crypto/bn/bn_lib.c | 4 +- crypto/bn/bn_local.h | 671 ++++++++++++++++++++ crypto/bn/bn_mod.c | 2 +- crypto/bn/bn_mont.c | 2 +- crypto/bn/bn_mpi.c | 2 +- crypto/bn/bn_mul.c | 2 +- crypto/bn/bn_nist.c | 2 +- crypto/bn/bn_prime.c | 2 +- crypto/bn/bn_prime.h | 2 +- crypto/bn/bn_print.c | 4 +- crypto/bn/bn_rand.c | 2 +- crypto/bn/bn_recp.c | 2 +- crypto/bn/bn_shift.c | 73 +-- crypto/bn/bn_sqr.c | 2 +- crypto/bn/bn_sqrt.c | 2 +- crypto/bn/bn_srp.c | 4 +- crypto/bn/bn_word.c | 2 +- crypto/bn/bn_x931p.c | 2 +- crypto/bn/build.info | 1 - crypto/bn/rsaz_exp.h | 4 +- crypto/c64xpluscpuid.pl | 4 +- crypto/camellia/asm/cmll-x86.pl | 4 +- crypto/camellia/asm/cmll-x86_64.pl | 12 +- crypto/camellia/asm/cmllt4-sparcv9.pl | 4 +- crypto/camellia/camellia.c | 2 +- crypto/camellia/cmll_ecb.c | 2 +- crypto/camellia/cmll_local.h | 43 ++ crypto/camellia/cmll_locl.h | 43 -- crypto/camellia/cmll_misc.c | 2 +- crypto/cast/asm/cast-586.pl | 4 +- crypto/cast/c_cfb64.c | 2 +- crypto/cast/c_ecb.c | 2 +- crypto/cast/c_enc.c | 2 +- crypto/cast/c_ofb64.c | 2 +- crypto/cast/c_skey.c | 2 +- crypto/cast/cast_lcl.h | 188 ------ crypto/cast/cast_local.h | 188 ++++++ crypto/chacha/asm/chacha-armv4.pl | 4 +- crypto/chacha/asm/chacha-armv8.pl | 4 +- crypto/chacha/asm/chacha-c64xplus.pl | 4 +- crypto/chacha/asm/chacha-ppc.pl | 4 +- crypto/chacha/asm/chacha-s390x.pl | 4 +- crypto/chacha/asm/chacha-x86.pl | 6 +- crypto/chacha/asm/chacha-x86_64.pl | 6 +- crypto/chacha/chacha_enc.c | 19 +- crypto/cmac/cm_ameth.c | 2 +- crypto/cmac/cm_pmeth.c | 2 +- crypto/cms/cms_asn1.c | 2 +- crypto/cms/cms_att.c | 2 +- crypto/cms/cms_cd.c | 2 +- crypto/cms/cms_dd.c | 2 +- crypto/cms/cms_enc.c | 2 +- crypto/cms/cms_env.c | 6 +- crypto/cms/cms_ess.c | 2 +- crypto/cms/cms_io.c | 2 +- crypto/cms/cms_kari.c | 6 +- crypto/cms/cms_lcl.h | 438 ------------- crypto/cms/cms_lib.c | 2 +- crypto/cms/cms_local.h | 438 +++++++++++++ crypto/cms/cms_pwri.c | 4 +- crypto/cms/cms_sd.c | 6 +- crypto/cms/cms_smime.c | 4 +- crypto/comp/c_zlib.c | 26 +- crypto/comp/comp_lcl.h | 30 - crypto/comp/comp_lib.c | 2 +- crypto/comp/comp_local.h | 30 + crypto/conf/conf_def.c | 17 +- crypto/conf/conf_def.h | 2 +- crypto/conf/conf_lcl.h | 11 - crypto/conf/conf_lib.c | 2 +- crypto/conf/conf_local.h | 11 + crypto/conf/conf_mall.c | 2 +- crypto/conf/conf_ssl.c | 2 +- crypto/cryptlib.c | 4 +- crypto/ct/ct_b64.c | 2 +- crypto/ct/ct_local.h | 216 +++++++ crypto/ct/ct_locl.h | 216 ------- crypto/ct/ct_oct.c | 2 +- crypto/ct/ct_policy.c | 2 +- crypto/ct/ct_prn.c | 2 +- crypto/ct/ct_sct.c | 2 +- crypto/ct/ct_sct_ctx.c | 2 +- crypto/ct/ct_vfy.c | 2 +- crypto/ct/ct_x509v3.c | 2 +- crypto/ctype.c | 2 +- crypto/des/asm/crypt586.pl | 4 +- crypto/des/asm/des-586.pl | 4 +- crypto/des/asm/des_enc.m4 | 8 +- crypto/des/asm/dest4-sparcv9.pl | 4 +- crypto/des/cbc_cksm.c | 2 +- crypto/des/cfb64ede.c | 2 +- crypto/des/cfb64enc.c | 2 +- crypto/des/cfb_enc.c | 2 +- crypto/des/des_enc.c | 2 +- crypto/des/des_local.h | 226 +++++++ crypto/des/des_locl.h | 226 ------- crypto/des/ecb3_enc.c | 2 +- crypto/des/ecb_enc.c | 2 +- crypto/des/fcrypt.c | 2 +- crypto/des/fcrypt_b.c | 2 +- crypto/des/ncbc_enc.c | 2 +- crypto/des/ofb64ede.c | 2 +- crypto/des/ofb64enc.c | 2 +- crypto/des/ofb_enc.c | 2 +- crypto/des/pcbc_enc.c | 2 +- crypto/des/qud_cksm.c | 2 +- crypto/des/set_key.c | 2 +- crypto/des/str2key.c | 2 +- crypto/des/xcbc_enc.c | 2 +- crypto/dh/dh_ameth.c | 7 +- crypto/dh/dh_asn1.c | 2 +- crypto/dh/dh_check.c | 2 +- crypto/dh/dh_gen.c | 6 +- crypto/dh/dh_key.c | 4 +- crypto/dh/dh_lib.c | 2 +- crypto/dh/dh_local.h | 57 ++ crypto/dh/dh_locl.h | 57 -- crypto/dh/dh_meth.c | 2 +- crypto/dh/dh_pmeth.c | 4 +- crypto/dh/dh_rfc5114.c | 4 +- crypto/dh/dh_rfc7919.c | 4 +- crypto/dllmain.c | 2 +- crypto/dsa/dsa_ameth.c | 6 +- crypto/dsa/dsa_asn1.c | 2 +- crypto/dsa/dsa_gen.c | 2 +- crypto/dsa/dsa_key.c | 2 +- crypto/dsa/dsa_lib.c | 2 +- crypto/dsa/dsa_local.h | 77 +++ crypto/dsa/dsa_locl.h | 77 --- crypto/dsa/dsa_meth.c | 2 +- crypto/dsa/dsa_ossl.c | 4 +- crypto/dsa/dsa_pmeth.c | 12 +- crypto/dsa/dsa_sign.c | 2 +- crypto/dsa/dsa_vrf.c | 2 +- crypto/dso/dso_dl.c | 2 +- crypto/dso/dso_dlfcn.c | 2 +- crypto/dso/dso_lib.c | 2 +- crypto/dso/dso_local.h | 107 ++++ crypto/dso/dso_locl.h | 107 ---- crypto/dso/dso_openssl.c | 2 +- crypto/ec/asm/ecp_nistz256-armv4.pl | 83 +-- crypto/ec/asm/ecp_nistz256-armv8.pl | 69 +- crypto/ec/asm/ecp_nistz256-avx2.pl | 6 +- crypto/ec/asm/ecp_nistz256-ppc64.pl | 4 +- crypto/ec/asm/ecp_nistz256-sparcv9.pl | 4 +- crypto/ec/asm/ecp_nistz256-x86.pl | 80 ++- crypto/ec/asm/ecp_nistz256-x86_64.pl | 40 +- crypto/ec/asm/x25519-ppc64.pl | 4 +- crypto/ec/asm/x25519-x86_64.pl | 20 +- crypto/ec/curve25519.c | 2 +- crypto/ec/curve448/arch_32/arch_intrinsics.h | 8 +- crypto/ec/curve448/arch_32/f_impl.h | 6 +- crypto/ec/curve448/curve448.c | 2 +- crypto/ec/curve448/curve448_lcl.h | 38 -- crypto/ec/curve448/curve448_local.h | 38 ++ crypto/ec/curve448/curve448utils.h | 4 +- crypto/ec/curve448/ed448.h | 6 +- crypto/ec/curve448/eddsa.c | 11 +- crypto/ec/curve448/field.h | 8 +- crypto/ec/curve448/point_448.h | 6 +- crypto/ec/curve448/word.h | 6 +- crypto/ec/ec2_oct.c | 2 +- crypto/ec/ec2_smpl.c | 4 +- crypto/ec/ec_ameth.c | 6 +- crypto/ec/ec_asn1.c | 23 +- crypto/ec/ec_check.c | 2 +- crypto/ec/ec_curve.c | 2 +- crypto/ec/ec_cvt.c | 2 +- crypto/ec/ec_key.c | 2 +- crypto/ec/ec_kmeth.c | 2 +- crypto/ec/ec_lcl.h | 739 ---------------------- crypto/ec/ec_lib.c | 2 +- crypto/ec/ec_local.h | 739 ++++++++++++++++++++++ crypto/ec/ec_mult.c | 4 +- crypto/ec/ec_oct.c | 2 +- crypto/ec/ec_pmeth.c | 4 +- crypto/ec/ec_print.c | 6 +- crypto/ec/ecdh_kdf.c | 2 +- crypto/ec/ecdh_ossl.c | 2 +- crypto/ec/ecdsa_ossl.c | 6 +- crypto/ec/ecdsa_sign.c | 2 +- crypto/ec/ecdsa_vrf.c | 8 +- crypto/ec/ecp_mont.c | 2 +- crypto/ec/ecp_nist.c | 2 +- crypto/ec/ecp_nistp224.c | 39 +- crypto/ec/ecp_nistp256.c | 30 +- crypto/ec/ecp_nistp521.c | 24 +- crypto/ec/ecp_nistputil.c | 2 +- crypto/ec/ecp_nistz256.c | 55 +- crypto/ec/ecp_oct.c | 2 +- crypto/ec/ecp_smpl.c | 2 +- crypto/ec/ecx_meth.c | 10 +- crypto/engine/README | 2 +- crypto/engine/eng_all.c | 2 +- crypto/engine/eng_cnf.c | 2 +- crypto/engine/eng_ctrl.c | 2 +- crypto/engine/eng_devcrypto.c | 2 +- crypto/engine/eng_dyn.c | 2 +- crypto/engine/eng_fat.c | 2 +- crypto/engine/eng_init.c | 2 +- crypto/engine/eng_int.h | 171 ----- crypto/engine/eng_lib.c | 2 +- crypto/engine/eng_list.c | 2 +- crypto/engine/eng_local.h | 171 +++++ crypto/engine/eng_openssl.c | 6 +- crypto/engine/eng_pkey.c | 2 +- crypto/engine/eng_rdrand.c | 2 +- crypto/engine/eng_table.c | 6 +- crypto/engine/tb_asnmth.c | 7 +- crypto/engine/tb_cipher.c | 2 +- crypto/engine/tb_dh.c | 2 +- crypto/engine/tb_digest.c | 2 +- crypto/engine/tb_dsa.c | 2 +- crypto/engine/tb_eckey.c | 2 +- crypto/engine/tb_pkmeth.c | 2 +- crypto/engine/tb_rand.c | 2 +- crypto/engine/tb_rsa.c | 2 +- crypto/err/err.c | 8 +- crypto/err/err_all.c | 2 +- crypto/err/openssl.txt | 7 +- crypto/evp/bio_md.c | 4 +- crypto/evp/bio_ok.c | 2 +- crypto/evp/c_allc.c | 2 +- crypto/evp/c_alld.c | 2 +- crypto/evp/cmeth_lib.c | 4 +- crypto/evp/digest.c | 4 +- crypto/evp/e_aes.c | 14 +- crypto/evp/e_aes_cbc_hmac_sha1.c | 8 +- crypto/evp/e_aes_cbc_hmac_sha256.c | 10 +- crypto/evp/e_aria.c | 15 +- crypto/evp/e_bf.c | 2 +- crypto/evp/e_camellia.c | 4 +- crypto/evp/e_cast.c | 2 +- crypto/evp/e_chacha20_poly1305.c | 8 +- crypto/evp/e_des.c | 2 +- crypto/evp/e_des3.c | 4 +- crypto/evp/e_idea.c | 2 +- crypto/evp/e_null.c | 2 +- crypto/evp/e_rc2.c | 2 +- crypto/evp/e_rc4.c | 2 +- crypto/evp/e_rc4_hmac_md5.c | 2 +- crypto/evp/e_rc5.c | 4 +- crypto/evp/e_seed.c | 2 +- crypto/evp/e_sm4.c | 4 +- crypto/evp/e_xcbc_d.c | 2 +- crypto/evp/encode.c | 4 +- crypto/evp/evp_enc.c | 35 +- crypto/evp/evp_err.c | 3 +- crypto/evp/evp_lib.c | 4 +- crypto/evp/evp_local.h | 68 ++ crypto/evp/evp_locl.h | 68 -- crypto/evp/evp_pbe.c | 2 +- crypto/evp/evp_pkey.c | 6 +- crypto/evp/m_md2.c | 2 +- crypto/evp/m_md4.c | 2 +- crypto/evp/m_md5.c | 2 +- crypto/evp/m_md5_sha1.c | 2 +- crypto/evp/m_mdc2.c | 2 +- crypto/evp/m_null.c | 2 +- crypto/evp/m_ripemd.c | 2 +- crypto/evp/m_sha1.c | 4 +- crypto/evp/m_sha3.c | 4 +- crypto/evp/m_sigver.c | 4 +- crypto/evp/m_wp.c | 2 +- crypto/evp/names.c | 4 +- crypto/evp/p5_crpt.c | 26 +- crypto/evp/p5_crpt2.c | 2 +- crypto/evp/p_lib.c | 12 +- crypto/evp/p_sign.c | 2 +- crypto/evp/p_verify.c | 2 +- crypto/evp/pmeth_fn.c | 2 +- crypto/evp/pmeth_gn.c | 6 +- crypto/evp/pmeth_lib.c | 36 +- crypto/ex_data.c | 2 +- crypto/hmac/hm_ameth.c | 4 +- crypto/hmac/hm_pmeth.c | 2 +- crypto/hmac/hmac.c | 44 +- crypto/hmac/hmac_lcl.h | 25 - crypto/hmac/hmac_local.h | 23 + crypto/idea/i_cbc.c | 2 +- crypto/idea/i_cfb64.c | 2 +- crypto/idea/i_ecb.c | 2 +- crypto/idea/i_ofb64.c | 2 +- crypto/idea/i_skey.c | 2 +- crypto/idea/idea_lcl.h | 102 --- crypto/idea/idea_local.h | 102 +++ crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H | 16 - crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H | 20 - crypto/include/internal/aria.h | 50 -- crypto/include/internal/asn1_int.h | 113 ---- crypto/include/internal/async.h | 15 - crypto/include/internal/bn_conf.h.in | 27 - crypto/include/internal/bn_dh.h | 24 - crypto/include/internal/bn_int.h | 90 --- crypto/include/internal/bn_srp.h | 32 - crypto/include/internal/chacha.h | 42 -- crypto/include/internal/cryptlib_int.h | 35 - crypto/include/internal/ctype.h | 82 --- crypto/include/internal/dso_conf.h.in | 31 - crypto/include/internal/ec_int.h | 53 -- crypto/include/internal/engine.h | 20 - crypto/include/internal/err_int.h | 19 - crypto/include/internal/evp_int.h | 442 ------------- crypto/include/internal/lhash.h | 15 - crypto/include/internal/md32_common.h | 256 -------- crypto/include/internal/objects.h | 12 - crypto/include/internal/poly1305.h | 21 - crypto/include/internal/rand_int.h | 134 ---- crypto/include/internal/sha.h | 19 - crypto/include/internal/siphash.h | 25 - crypto/include/internal/sm2.h | 78 --- crypto/include/internal/sm2err.h | 65 -- crypto/include/internal/sm3.h | 39 -- crypto/include/internal/sm4.h | 37 -- crypto/include/internal/store.h | 10 - crypto/include/internal/store_int.h | 26 - crypto/include/internal/x509_int.h | 286 --------- crypto/init.c | 18 +- crypto/kdf/hkdf.c | 2 +- crypto/kdf/scrypt.c | 2 +- crypto/kdf/tls1_prf.c | 2 +- crypto/lhash/lh_stats.c | 2 +- crypto/lhash/lhash.c | 6 +- crypto/lhash/lhash_lcl.h | 44 -- crypto/lhash/lhash_local.h | 44 ++ crypto/md4/md4_dgst.c | 4 +- crypto/md4/md4_local.h | 60 ++ crypto/md4/md4_locl.h | 60 -- crypto/md5/asm/md5-586.pl | 4 +- crypto/md5/asm/md5-sparcv9.pl | 4 +- crypto/md5/asm/md5-x86_64.pl | 4 +- crypto/md5/md5_dgst.c | 4 +- crypto/md5/md5_local.h | 80 +++ crypto/md5/md5_locl.h | 80 --- crypto/mem.c | 2 +- crypto/mips_arch.h | 4 +- crypto/modes/asm/aesni-gcm-x86_64.pl | 14 +- crypto/modes/asm/ghash-armv4.pl | 4 +- crypto/modes/asm/ghash-c64xplus.pl | 4 +- crypto/modes/asm/ghash-ia64.pl | 4 +- crypto/modes/asm/ghash-parisc.pl | 4 +- crypto/modes/asm/ghash-s390x.pl | 4 +- crypto/modes/asm/ghash-sparcv9.pl | 4 +- crypto/modes/asm/ghash-x86.pl | 4 +- crypto/modes/asm/ghash-x86_64.pl | 6 +- crypto/modes/asm/ghashp8-ppc.pl | 4 +- crypto/modes/asm/ghashv8-armx.pl | 4 +- crypto/modes/cbc128.c | 2 +- crypto/modes/ccm128.c | 2 +- crypto/modes/cfb128.c | 2 +- crypto/modes/ctr128.c | 2 +- crypto/modes/cts128.c | 2 +- crypto/modes/gcm128.c | 2 +- crypto/modes/modes_lcl.h | 190 ------ crypto/modes/modes_local.h | 190 ++++++ crypto/modes/ocb128.c | 2 +- crypto/modes/ofb128.c | 2 +- crypto/modes/xts128.c | 2 +- crypto/objects/o_names.c | 4 +- crypto/objects/obj_dat.c | 8 +- crypto/objects/obj_dat.h | 10 +- crypto/objects/obj_lcl.h | 14 - crypto/objects/obj_lib.c | 2 +- crypto/objects/obj_local.h | 14 + crypto/objects/obj_xref.h | 2 +- crypto/objects/objects.txt | 4 +- crypto/ocsp/ocsp_asn.c | 2 +- crypto/ocsp/ocsp_cl.c | 2 +- crypto/ocsp/ocsp_ext.c | 2 +- crypto/ocsp/ocsp_ht.c | 2 +- crypto/ocsp/ocsp_lcl.h | 236 ------- crypto/ocsp/ocsp_lib.c | 2 +- crypto/ocsp/ocsp_local.h | 236 +++++++ crypto/ocsp/ocsp_prn.c | 2 +- crypto/ocsp/ocsp_srv.c | 2 +- crypto/ocsp/ocsp_vfy.c | 2 +- crypto/ocsp/v3_ocsp.c | 2 +- crypto/pariscid.pl | 4 +- crypto/pem/pem_all.c | 11 +- crypto/pem/pem_lib.c | 4 +- crypto/pem/pem_pkey.c | 4 +- crypto/pem/pvkfmt.c | 4 +- crypto/perlasm/README | 2 +- crypto/perlasm/arm-xlate.pl | 4 +- crypto/perlasm/ppc-xlate.pl | 4 +- crypto/perlasm/x86_64-xlate.pl | 4 +- crypto/pkcs12/p12_add.c | 2 +- crypto/pkcs12/p12_asn.c | 2 +- crypto/pkcs12/p12_attr.c | 2 +- crypto/pkcs12/p12_crt.c | 2 +- crypto/pkcs12/p12_init.c | 2 +- crypto/pkcs12/p12_lcl.h | 43 -- crypto/pkcs12/p12_local.h | 43 ++ crypto/pkcs12/p12_mutl.c | 2 +- crypto/pkcs12/p12_npas.c | 2 +- crypto/pkcs12/p12_p8e.c | 2 +- crypto/pkcs12/p12_sbag.c | 2 +- crypto/pkcs7/pk7_lib.c | 4 +- crypto/poly1305/asm/poly1305-armv4.pl | 4 +- crypto/poly1305/asm/poly1305-armv8.pl | 4 +- crypto/poly1305/asm/poly1305-mips.pl | 4 +- crypto/poly1305/asm/poly1305-ppc.pl | 4 +- crypto/poly1305/asm/poly1305-ppcfp.pl | 4 +- crypto/poly1305/asm/poly1305-s390x.pl | 4 +- crypto/poly1305/asm/poly1305-sparcv9.pl | 4 +- crypto/poly1305/asm/poly1305-x86.pl | 6 +- crypto/poly1305/asm/poly1305-x86_64.pl | 30 +- crypto/poly1305/poly1305.c | 4 +- crypto/poly1305/poly1305_ameth.c | 6 +- crypto/poly1305/poly1305_pmeth.c | 4 +- crypto/ppc_arch.h | 4 +- crypto/ppccap.c | 4 +- crypto/ppccpuid.pl | 4 +- crypto/rand/drbg_ctr.c | 2 +- crypto/rand/drbg_lib.c | 10 +- crypto/rand/rand_err.c | 5 +- crypto/rand/rand_lcl.h | 299 --------- crypto/rand/rand_lib.c | 32 +- crypto/rand/rand_local.h | 299 +++++++++ crypto/rand/rand_unix.c | 64 +- crypto/rc2/rc2_cbc.c | 2 +- crypto/rc2/rc2_ecb.c | 2 +- crypto/rc2/rc2_local.h | 134 ++++ crypto/rc2/rc2_locl.h | 134 ---- crypto/rc2/rc2_skey.c | 2 +- crypto/rc2/rc2cfb64.c | 2 +- crypto/rc2/rc2ofb64.c | 2 +- crypto/rc4/asm/rc4-586.pl | 4 +- crypto/rc4/asm/rc4-c64xplus.pl | 4 +- crypto/rc4/asm/rc4-md5-x86_64.pl | 6 +- crypto/rc4/asm/rc4-parisc.pl | 4 +- crypto/rc4/asm/rc4-s390x.pl | 12 +- crypto/rc4/asm/rc4-x86_64.pl | 13 +- crypto/rc4/rc4_enc.c | 2 +- crypto/rc4/rc4_local.h | 16 + crypto/rc4/rc4_locl.h | 16 - crypto/rc4/rc4_skey.c | 2 +- crypto/rc5/asm/rc5-586.pl | 4 +- crypto/rc5/rc5_ecb.c | 2 +- crypto/rc5/rc5_enc.c | 2 +- crypto/rc5/rc5_local.h | 186 ++++++ crypto/rc5/rc5_locl.h | 186 ------ crypto/rc5/rc5_skey.c | 2 +- crypto/rc5/rc5cfb64.c | 2 +- crypto/rc5/rc5ofb64.c | 2 +- crypto/ripemd/asm/rmd-586.pl | 4 +- crypto/ripemd/rmd_dgst.c | 4 +- crypto/ripemd/rmd_local.h | 87 +++ crypto/ripemd/rmd_locl.h | 87 --- crypto/rsa/rsa_ameth.c | 6 +- crypto/rsa/rsa_asn1.c | 2 +- crypto/rsa/rsa_chk.c | 2 +- crypto/rsa/rsa_crpt.c | 4 +- crypto/rsa/rsa_gen.c | 2 +- crypto/rsa/rsa_lib.c | 11 +- crypto/rsa/rsa_local.h | 132 ++++ crypto/rsa/rsa_locl.h | 132 ---- crypto/rsa/rsa_meth.c | 2 +- crypto/rsa/rsa_mp.c | 2 +- crypto/rsa/rsa_oaep.c | 4 +- crypto/rsa/rsa_ossl.c | 6 +- crypto/rsa/rsa_pk1.c | 24 +- crypto/rsa/rsa_pmeth.c | 6 +- crypto/rsa/rsa_pss.c | 2 +- crypto/rsa/rsa_sign.c | 4 +- crypto/rsa/rsa_ssl.c | 22 +- crypto/rsa/rsa_x931g.c | 2 +- crypto/s390x_arch.h | 4 +- crypto/s390xcpuid.pl | 4 +- crypto/seed/seed.c | 2 +- crypto/seed/seed_local.h | 112 ++++ crypto/seed/seed_locl.h | 112 ---- crypto/sha/asm/keccak1600-armv4.pl | 4 +- crypto/sha/asm/keccak1600-armv8.pl | 4 +- crypto/sha/asm/keccak1600-avx2.pl | 4 +- crypto/sha/asm/keccak1600-avx512.pl | 4 +- crypto/sha/asm/keccak1600-avx512vl.pl | 4 +- crypto/sha/asm/keccak1600-c64x.pl | 4 +- crypto/sha/asm/keccak1600-mmx.pl | 6 +- crypto/sha/asm/keccak1600-ppc64.pl | 4 +- crypto/sha/asm/keccak1600-s390x.pl | 4 +- crypto/sha/asm/keccak1600-x86_64.pl | 8 +- crypto/sha/asm/keccak1600p8-ppc.pl | 4 +- crypto/sha/asm/sha1-586.pl | 6 +- crypto/sha/asm/sha1-armv4-large.pl | 4 +- crypto/sha/asm/sha1-armv8.pl | 4 +- crypto/sha/asm/sha1-c64xplus.pl | 4 +- crypto/sha/asm/sha1-mb-x86_64.pl | 6 +- crypto/sha/asm/sha1-mips.pl | 4 +- crypto/sha/asm/sha1-parisc.pl | 4 +- crypto/sha/asm/sha1-ppc.pl | 4 +- crypto/sha/asm/sha1-s390x.pl | 4 +- crypto/sha/asm/sha1-sparcv9.pl | 4 +- crypto/sha/asm/sha1-sparcv9a.pl | 4 +- crypto/sha/asm/sha1-thumb.pl | 4 +- crypto/sha/asm/sha1-x86_64.pl | 8 +- crypto/sha/asm/sha256-586.pl | 6 +- crypto/sha/asm/sha256-armv4.pl | 4 +- crypto/sha/asm/sha256-c64xplus.pl | 4 +- crypto/sha/asm/sha256-mb-x86_64.pl | 6 +- crypto/sha/asm/sha512-586.pl | 4 +- crypto/sha/asm/sha512-armv4.pl | 4 +- crypto/sha/asm/sha512-armv8.pl | 4 +- crypto/sha/asm/sha512-c64xplus.pl | 4 +- crypto/sha/asm/sha512-mips.pl | 4 +- crypto/sha/asm/sha512-parisc.pl | 4 +- crypto/sha/asm/sha512-ppc.pl | 4 +- crypto/sha/asm/sha512-s390x.pl | 4 +- crypto/sha/asm/sha512-sparcv9.pl | 4 +- crypto/sha/asm/sha512-x86_64.pl | 86 ++- crypto/sha/asm/sha512p8-ppc.pl | 4 +- crypto/sha/sha1dgst.c | 2 +- crypto/sha/sha256.c | 2 +- crypto/sha/sha512.c | 2 +- crypto/sha/sha_local.h | 424 +++++++++++++ crypto/sha/sha_locl.h | 424 ------------- crypto/siphash/siphash.c | 2 +- crypto/siphash/siphash_ameth.c | 6 +- crypto/siphash/siphash_pmeth.c | 4 +- crypto/sm2/sm2_crypt.c | 6 +- crypto/sm2/sm2_err.c | 2 +- crypto/sm2/sm2_pmeth.c | 10 +- crypto/sm2/sm2_sign.c | 6 +- crypto/sm3/m_sm3.c | 4 +- crypto/sm3/sm3.c | 2 +- crypto/sm3/sm3_local.h | 79 +++ crypto/sm3/sm3_locl.h | 79 --- crypto/sm4/sm4.c | 2 +- crypto/sparc_arch.h | 6 +- crypto/sparcv9cap.c | 4 +- crypto/srp/srp_lib.c | 2 +- crypto/srp/srp_vfy.c | 2 +- crypto/store/loader_file.c | 8 +- crypto/store/store_init.c | 4 +- crypto/store/store_lib.c | 4 +- crypto/store/store_local.h | 132 ++++ crypto/store/store_locl.h | 132 ---- crypto/store/store_register.c | 4 +- crypto/threads_none.c | 2 +- crypto/ts/ts_asn1.c | 2 +- crypto/ts/ts_lcl.h | 211 ------ crypto/ts/ts_lib.c | 2 +- crypto/ts/ts_local.h | 211 ++++++ crypto/ts/ts_req_print.c | 2 +- crypto/ts/ts_req_utils.c | 2 +- crypto/ts/ts_rsp_print.c | 2 +- crypto/ts/ts_rsp_sign.c | 2 +- crypto/ts/ts_rsp_utils.c | 2 +- crypto/ts/ts_rsp_verify.c | 2 +- crypto/ts/ts_verify_ctx.c | 2 +- crypto/ui/ui_lib.c | 2 +- crypto/ui/ui_local.h | 109 ++++ crypto/ui/ui_locl.h | 109 ---- crypto/ui/ui_null.c | 2 +- crypto/ui/ui_openssl.c | 2 +- crypto/ui/ui_util.c | 5 +- crypto/whrlpool/asm/wp-mmx.pl | 10 +- crypto/whrlpool/asm/wp-x86_64.pl | 4 +- crypto/whrlpool/wp_block.c | 2 +- crypto/whrlpool/wp_dgst.c | 2 +- crypto/whrlpool/wp_local.h | 12 + crypto/whrlpool/wp_locl.h | 12 - crypto/x509/by_dir.c | 4 +- crypto/x509/by_file.c | 2 +- crypto/x509/t_x509.c | 2 +- crypto/x509/x509_att.c | 2 +- crypto/x509/x509_cmp.c | 2 +- crypto/x509/x509_ext.c | 2 +- crypto/x509/x509_lcl.h | 147 ----- crypto/x509/x509_local.h | 147 +++++ crypto/x509/x509_lu.c | 4 +- crypto/x509/x509_meth.c | 2 +- crypto/x509/x509_obj.c | 2 +- crypto/x509/x509_r2x.c | 2 +- crypto/x509/x509_req.c | 2 +- crypto/x509/x509_set.c | 6 +- crypto/x509/x509_trs.c | 2 +- crypto/x509/x509_v3.c | 2 +- crypto/x509/x509_vfy.c | 6 +- crypto/x509/x509_vpm.c | 4 +- crypto/x509/x509cset.c | 2 +- crypto/x509/x509name.c | 2 +- crypto/x509/x509rset.c | 2 +- crypto/x509/x_all.c | 2 +- crypto/x509/x_attrib.c | 2 +- crypto/x509/x_crl.c | 4 +- crypto/x509/x_exten.c | 2 +- crypto/x509/x_name.c | 8 +- crypto/x509/x_pubkey.c | 6 +- crypto/x509/x_req.c | 2 +- crypto/x509/x_x509.c | 2 +- crypto/x509/x_x509a.c | 2 +- crypto/x509v3/pcy_cache.c | 4 +- crypto/x509v3/pcy_data.c | 2 +- crypto/x509v3/pcy_int.h | 167 ----- crypto/x509v3/pcy_lib.c | 2 +- crypto/x509v3/pcy_local.h | 167 +++++ crypto/x509v3/pcy_map.c | 4 +- crypto/x509v3/pcy_node.c | 2 +- crypto/x509v3/pcy_tree.c | 2 +- crypto/x509v3/v3_addr.c | 2 +- crypto/x509v3/v3_admis.h | 4 +- crypto/x509v3/v3_alt.c | 17 +- crypto/x509v3/v3_asid.c | 28 +- crypto/x509v3/v3_conf.c | 4 +- crypto/x509v3/v3_cpols.c | 2 +- crypto/x509v3/v3_crld.c | 2 +- crypto/x509v3/v3_ncons.c | 4 +- crypto/x509v3/v3_purp.c | 2 +- crypto/x509v3/v3_skey.c | 2 +- crypto/x509v3/v3_utl.c | 4 +- crypto/x86_64cpuid.pl | 20 +- crypto/x86cpuid.pl | 4 +- 775 files changed, 8961 insertions(+), 10582 deletions(-) create mode 100644 crypto/aes/aes_local.h delete mode 100644 crypto/aes/aes_locl.h create mode 100644 crypto/asn1/asn1_local.h delete mode 100644 crypto/asn1/asn1_locl.h create mode 100644 crypto/async/async_local.h delete mode 100644 crypto/async/async_locl.h create mode 100644 crypto/bf/bf_local.h delete mode 100644 crypto/bf/bf_locl.h delete mode 100644 crypto/bio/bio_lcl.h create mode 100644 crypto/bio/bio_local.h create mode 100644 crypto/blake2/blake2_local.h delete mode 100644 crypto/blake2/blake2_locl.h delete mode 100644 crypto/bn/bn_lcl.h create mode 100644 crypto/bn/bn_local.h create mode 100644 crypto/camellia/cmll_local.h delete mode 100644 crypto/camellia/cmll_locl.h delete mode 100644 crypto/cast/cast_lcl.h create mode 100644 crypto/cast/cast_local.h delete mode 100644 crypto/cms/cms_lcl.h create mode 100644 crypto/cms/cms_local.h delete mode 100644 crypto/comp/comp_lcl.h create mode 100644 crypto/comp/comp_local.h delete mode 100644 crypto/conf/conf_lcl.h create mode 100644 crypto/conf/conf_local.h create mode 100644 crypto/ct/ct_local.h delete mode 100644 crypto/ct/ct_locl.h create mode 100644 crypto/des/des_local.h delete mode 100644 crypto/des/des_locl.h create mode 100644 crypto/dh/dh_local.h delete mode 100644 crypto/dh/dh_locl.h create mode 100644 crypto/dsa/dsa_local.h delete mode 100644 crypto/dsa/dsa_locl.h create mode 100644 crypto/dso/dso_local.h delete mode 100644 crypto/dso/dso_locl.h delete mode 100644 crypto/ec/curve448/curve448_lcl.h create mode 100644 crypto/ec/curve448/curve448_local.h delete mode 100644 crypto/ec/ec_lcl.h create mode 100644 crypto/ec/ec_local.h delete mode 100644 crypto/engine/eng_int.h create mode 100644 crypto/engine/eng_local.h create mode 100644 crypto/evp/evp_local.h delete mode 100644 crypto/evp/evp_locl.h delete mode 100644 crypto/hmac/hmac_lcl.h create mode 100644 crypto/hmac/hmac_local.h delete mode 100644 crypto/idea/idea_lcl.h create mode 100644 crypto/idea/idea_local.h delete mode 100644 crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H delete mode 100644 crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H delete mode 100644 crypto/include/internal/aria.h delete mode 100644 crypto/include/internal/asn1_int.h delete mode 100644 crypto/include/internal/async.h delete mode 100644 crypto/include/internal/bn_conf.h.in delete mode 100644 crypto/include/internal/bn_dh.h delete mode 100644 crypto/include/internal/bn_int.h delete mode 100644 crypto/include/internal/bn_srp.h delete mode 100644 crypto/include/internal/chacha.h delete mode 100644 crypto/include/internal/cryptlib_int.h delete mode 100644 crypto/include/internal/ctype.h delete mode 100644 crypto/include/internal/dso_conf.h.in delete mode 100644 crypto/include/internal/ec_int.h delete mode 100644 crypto/include/internal/engine.h delete mode 100644 crypto/include/internal/err_int.h delete mode 100644 crypto/include/internal/evp_int.h delete mode 100644 crypto/include/internal/lhash.h delete mode 100644 crypto/include/internal/md32_common.h delete mode 100644 crypto/include/internal/objects.h delete mode 100644 crypto/include/internal/poly1305.h delete mode 100644 crypto/include/internal/rand_int.h delete mode 100644 crypto/include/internal/sha.h delete mode 100644 crypto/include/internal/siphash.h delete mode 100644 crypto/include/internal/sm2.h delete mode 100644 crypto/include/internal/sm2err.h delete mode 100644 crypto/include/internal/sm3.h delete mode 100644 crypto/include/internal/sm4.h delete mode 100644 crypto/include/internal/store.h delete mode 100644 crypto/include/internal/store_int.h delete mode 100644 crypto/include/internal/x509_int.h delete mode 100644 crypto/lhash/lhash_lcl.h create mode 100644 crypto/lhash/lhash_local.h create mode 100644 crypto/md4/md4_local.h delete mode 100644 crypto/md4/md4_locl.h create mode 100644 crypto/md5/md5_local.h delete mode 100644 crypto/md5/md5_locl.h delete mode 100644 crypto/modes/modes_lcl.h create mode 100644 crypto/modes/modes_local.h delete mode 100644 crypto/objects/obj_lcl.h create mode 100644 crypto/objects/obj_local.h delete mode 100644 crypto/ocsp/ocsp_lcl.h create mode 100644 crypto/ocsp/ocsp_local.h delete mode 100644 crypto/pkcs12/p12_lcl.h create mode 100644 crypto/pkcs12/p12_local.h delete mode 100755 crypto/rand/rand_lcl.h create mode 100644 crypto/rand/rand_local.h create mode 100644 crypto/rc2/rc2_local.h delete mode 100644 crypto/rc2/rc2_locl.h create mode 100644 crypto/rc4/rc4_local.h delete mode 100644 crypto/rc4/rc4_locl.h create mode 100644 crypto/rc5/rc5_local.h delete mode 100644 crypto/rc5/rc5_locl.h create mode 100644 crypto/ripemd/rmd_local.h delete mode 100644 crypto/ripemd/rmd_locl.h create mode 100644 crypto/rsa/rsa_local.h delete mode 100644 crypto/rsa/rsa_locl.h create mode 100644 crypto/seed/seed_local.h delete mode 100644 crypto/seed/seed_locl.h create mode 100644 crypto/sha/sha_local.h delete mode 100644 crypto/sha/sha_locl.h create mode 100644 crypto/sm3/sm3_local.h delete mode 100644 crypto/sm3/sm3_locl.h create mode 100644 crypto/store/store_local.h delete mode 100644 crypto/store/store_locl.h delete mode 100644 crypto/ts/ts_lcl.h create mode 100644 crypto/ts/ts_local.h create mode 100644 crypto/ui/ui_local.h delete mode 100644 crypto/ui/ui_locl.h create mode 100644 crypto/whrlpool/wp_local.h delete mode 100644 crypto/whrlpool/wp_locl.h delete mode 100644 crypto/x509/x509_lcl.h create mode 100644 crypto/x509/x509_local.h delete mode 100644 crypto/x509v3/pcy_int.h create mode 100644 crypto/x509v3/pcy_local.h (limited to 'crypto') diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c index b1022895c855..bbbec0aee138 100644 --- a/crypto/LPdir_unix.c +++ b/crypto/LPdir_unix.c @@ -131,9 +131,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) return 0; } - strncpy((*ctx)->entry_name, direntry->d_name, - sizeof((*ctx)->entry_name) - 1); - (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; + OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name, + sizeof((*ctx)->entry_name)); #ifdef __VMS if ((*ctx)->expect_file_generations) { char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index f1f11fd8de7b..e3e688f528a5 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -41,7 +41,7 @@ #include #include #include -#include "aes_locl.h" +#include "aes_local.h" #ifndef AES_ASM /*- diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c index 29bfc1ad66f7..4fa360ca8b8d 100644 --- a/crypto/aes/aes_ecb.c +++ b/crypto/aes/aes_ecb.c @@ -10,7 +10,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key, const int enc) diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index 75f796cf3b8f..dce4ef11be4f 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include -#include "aes_locl.h" +#include "aes_local.h" #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) typedef struct { diff --git a/crypto/aes/aes_local.h b/crypto/aes/aes_local.h new file mode 100644 index 000000000000..cc8456861d92 --- /dev/null +++ b/crypto/aes/aes_local.h @@ -0,0 +1,42 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_AES_LOCAL_H +# define OSSL_CRYPTO_AES_LOCAL_H + +# include +# include +# include +# include + +# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +# define GETU32(p) SWAP(*((u32 *)(p))) +# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +# else +# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +# endif + +# ifdef AES_LONG +typedef unsigned long u32; +# else +typedef unsigned int u32; +# endif +typedef unsigned short u16; +typedef unsigned char u8; + +# define MAXKC (256/32) +# define MAXKB (256/8) +# define MAXNR 14 + +/* This controls loop-unrolling in aes_core.c */ +# undef FULL_UNROLL + +#endif /* !OSSL_CRYPTO_AES_LOCAL_H */ diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h deleted file mode 100644 index adee29df8d91..000000000000 --- a/crypto/aes/aes_locl.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_AES_LOCL_H -# define HEADER_AES_LOCL_H - -# include -# include -# include -# include - -# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -# else -# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -# endif - -# ifdef AES_LONG -typedef unsigned long u32; -# else -typedef unsigned int u32; -# endif -typedef unsigned short u16; -typedef unsigned char u8; - -# define MAXKC (256/32) -# define MAXKB (256/8) -# define MAXNR 14 - -/* This controls loop-unrolling in aes_core.c */ -# undef FULL_UNROLL - -#endif /* !HEADER_AES_LOCL_H */ diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c index 7403c84f82d2..e0edc72ba71c 100644 --- a/crypto/aes/aes_misc.c +++ b/crypto/aes/aes_misc.c @@ -9,7 +9,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" const char *AES_options(void) { diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index 1b660d716d6c..50b53abc1219 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -46,7 +46,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" /* * These two parameters control which table, 256-byte or 2KB, is diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl index 998158998e90..1112eef50c0b 100755 --- a/crypto/aes/asm/aes-armv4.pl +++ b/crypto/aes/asm/aes-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1242,4 +1242,4 @@ while() { close SELF; print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl index 19d2cc176fb2..cad3fcd06e36 100755 --- a/crypto/aes/asm/aes-c64xplus.pl +++ b/crypto/aes/asm/aes-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1379,4 +1379,4 @@ AES_Td4: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl index 716c3356ead9..b5601e90ea3f 100755 --- a/crypto/aes/asm/aes-mips.pl +++ b/crypto/aes/asm/aes-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2167,4 +2167,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl index e817c757f8c2..5b07fac3d004 100755 --- a/crypto/aes/asm/aes-parisc.pl +++ b/crypto/aes/asm/aes-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1035,4 +1035,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl index ca69df4c3e95..bb4ee84ae337 100755 --- a/crypto/aes/asm/aes-ppc.pl +++ b/crypto/aes/asm/aes-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1456,4 +1456,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 815fde8fcd7e..4cb8f4331742 100755 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1987,7 +1987,7 @@ $code.=<<___; .Lxts_enc_done: stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$twesk+8($sp) + stg $sp,$tweak+8($sp) lm${g} %r6,$ra,6*$SIZE_T($sp) br $ra .size AES_xts_encrypt,.-AES_xts_encrypt @@ -2267,7 +2267,7 @@ $code.=<<___; stg $sp,$tweak-16+8($sp) .Lxts_dec_done: stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$twesk+8($sp) + stg $sp,$tweak+8($sp) lm${g} %r6,$ra,6*$SIZE_T($sp) br $ra .size AES_xts_decrypt,.-AES_xts_decrypt @@ -2279,4 +2279,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/aes/asm/aes-sparcv9.pl b/crypto/aes/asm/aes-sparcv9.pl index 40d1f94ccd72..1b37a9203c27 100755 --- a/crypto/aes/asm/aes-sparcv9.pl +++ b/crypto/aes/asm/aes-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1189,4 +1189,4 @@ ___ $code =~ s/fmovs.*$//gm; print $code; -close STDOUT; # ensure flush +close STDOUT or die "error closing STDOUT: $!"; # ensure flush diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl index 9ddf0b4b00ec..1678c4f786f2 100755 --- a/crypto/aes/asm/aesfx-sparcv9.pl +++ b/crypto/aes/asm/aesfx-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1267,4 +1267,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl index 1f356d2d3fbb..be2434f12041 100755 --- a/crypto/aes/asm/aesni-mb-x86_64.pl +++ b/crypto/aes/asm/aesni-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1471,4 +1471,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; $code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl index b01a4c55c86a..42fe5d469ea6 100755 --- a/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -108,7 +108,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && `ml64 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); -$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); +$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); $shaext=1; ### set to zero if compiling for 1.0.1 @@ -133,6 +133,7 @@ $code.=<<___; .type aesni_cbc_sha1_enc,\@abi-omnipotent .align 32 aesni_cbc_sha1_enc: +.cfi_startproc # caller should check for SSSE3 and AES-NI bits mov OPENSSL_ia32cap_P+0(%rip),%r10d mov OPENSSL_ia32cap_P+4(%rip),%r11 @@ -151,6 +152,7 @@ ___ $code.=<<___; jmp aesni_cbc_sha1_enc_ssse3 ret +.cfi_endproc .size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc ___ @@ -840,6 +842,7 @@ $code.=<<___; .type aesni256_cbc_sha1_dec,\@abi-omnipotent .align 32 aesni256_cbc_sha1_dec: +.cfi_startproc # caller should check for SSSE3 and AES-NI bits mov OPENSSL_ia32cap_P+0(%rip),%r10d mov OPENSSL_ia32cap_P+4(%rip),%r11d @@ -854,6 +857,7 @@ ___ $code.=<<___; jmp aesni256_cbc_sha1_dec_ssse3 ret +.cfi_endproc .size aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec .type aesni256_cbc_sha1_dec_ssse3,\@function,6 @@ -1760,6 +1764,7 @@ $code.=<<___; .type aesni_cbc_sha1_enc_shaext,\@function,6 .align 32 aesni_cbc_sha1_enc_shaext: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument ___ $code.=<<___ if ($win64); @@ -1911,6 +1916,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext ___ }}} @@ -2137,4 +2143,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl index ef460237108e..f1b144eccbdd 100755 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -123,6 +123,7 @@ $code=<<___; .type $func,\@abi-omnipotent .align 16 $func: +.cfi_startproc ___ if ($avx) { $code.=<<___; @@ -162,6 +163,7 @@ $code.=<<___; ud2 .Lprobe: ret +.cfi_endproc .size $func,.-$func .align 64 @@ -1084,7 +1086,23 @@ $code.=<<___; vmovdqa $t0,0x00(%rsp) xor $a1,$a1 vmovdqa $t1,0x20(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rsi as frame pointer + mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rsi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; mov $B,$a3 vmovdqa $t2,0x00(%rsp) xor $C,$a3 # magic @@ -1106,7 +1124,17 @@ my @X = @_; my @insns = (&$body,&$body,&$body,&$body); # 96 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%2)==0); + if (($j%2)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } foreach (Xupdate_256_AVX()) { # 29 instructions eval; eval(shift(@insns)); @@ -1232,26 +1260,28 @@ $code.=<<___; jbe .Loop_avx2 lea (%rsp),$Tbl +# temporarily use $Tbl as index to $_rsp +# this avoids the need to save a secondary frame pointer at -8(%rsp) +.cfi_cfa_expression $Tbl+`16*$SZ+7*8`,deref,+8 .Ldone_avx2: - lea ($Tbl),%rsp - mov $_ivp,$ivp - mov $_rsp,%rsi + mov 16*$SZ+4*8($Tbl),$ivp + mov 16*$SZ+7*8($Tbl),%rsi .cfi_def_cfa %rsi,8 vmovdqu $iv,($ivp) # output IV vzeroall ___ $code.=<<___ if ($win64); - movaps `$framesz+16*0`(%rsp),%xmm6 - movaps `$framesz+16*1`(%rsp),%xmm7 - movaps `$framesz+16*2`(%rsp),%xmm8 - movaps `$framesz+16*3`(%rsp),%xmm9 - movaps `$framesz+16*4`(%rsp),%xmm10 - movaps `$framesz+16*5`(%rsp),%xmm11 - movaps `$framesz+16*6`(%rsp),%xmm12 - movaps `$framesz+16*7`(%rsp),%xmm13 - movaps `$framesz+16*8`(%rsp),%xmm14 - movaps `$framesz+16*9`(%rsp),%xmm15 + movaps `$framesz+16*0`($Tbl),%xmm6 + movaps `$framesz+16*1`($Tbl),%xmm7 + movaps `$framesz+16*2`($Tbl),%xmm8 + movaps `$framesz+16*3`($Tbl),%xmm9 + movaps `$framesz+16*4`($Tbl),%xmm10 + movaps `$framesz+16*5`($Tbl),%xmm11 + movaps `$framesz+16*6`($Tbl),%xmm12 + movaps `$framesz+16*7`($Tbl),%xmm13 + movaps `$framesz+16*8`($Tbl),%xmm14 + movaps `$framesz+16*9`($Tbl),%xmm15 ___ $code.=<<___; mov -48(%rsi),%r15 @@ -1339,6 +1369,7 @@ $code.=<<___; .type ${func}_shaext,\@function,6 .align 32 ${func}_shaext: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument ___ $code.=<<___ if ($win64); @@ -1555,6 +1586,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size ${func}_shaext,.-${func}_shaext ___ } @@ -1767,4 +1799,4 @@ sub rex { $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl index b351fca28e02..fe2b26542ab6 100755 --- a/crypto/aes/asm/aesni-x86.pl +++ b/crypto/aes/asm/aesni-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -3412,4 +3412,4 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl index b68c14da60ca..f8c2e2393438 100755 --- a/crypto/aes/asm/aesni-x86_64.pl +++ b/crypto/aes/asm/aesni-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,7 @@ # nothing one can do and the result appears optimal. CCM result is # identical to CBC, because CBC-MAC is essentially CBC encrypt without # saving output. CCM CTR "stays invisible," because it's neatly -# interleaved wih CBC-MAC. This provides ~30% improvement over +# interleaved with CBC-MAC. This provides ~30% improvement over # "straightforward" CCM implementation with CTR and CBC-MAC performed # disjointly. Parallelizable modes practically achieve the theoretical # limit. @@ -984,6 +984,7 @@ $code.=<<___; .type aesni_ccm64_encrypt_blocks,\@function,6 .align 16 aesni_ccm64_encrypt_blocks: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp @@ -1066,6 +1067,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks ___ ###################################################################### @@ -1074,6 +1076,7 @@ $code.=<<___; .type aesni_ccm64_decrypt_blocks,\@function,6 .align 16 aesni_ccm64_decrypt_blocks: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp @@ -1173,6 +1176,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks ___ } @@ -2339,7 +2343,7 @@ $code.=<<___; movdqu `16*0`($inp),$inout0 # load input movdqa $rndkey0,$twmask movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 # intput^=tweak^round[0] + pxor @tweak[0],$inout0 # input^=tweak^round[0] movdqu `16*2`($inp),$inout2 pxor @tweak[1],$inout1 aesdec $rndkey1,$inout0 @@ -3031,6 +3035,7 @@ $code.=<<___; .type __ocb_encrypt6,\@abi-omnipotent .align 32 __ocb_encrypt6: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3128,11 +3133,13 @@ __ocb_encrypt6: aesenclast @offset[4],$inout4 aesenclast @offset[5],$inout5 ret +.cfi_endproc .size __ocb_encrypt6,.-__ocb_encrypt6 .type __ocb_encrypt4,\@abi-omnipotent .align 32 __ocb_encrypt4: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3197,11 +3204,13 @@ __ocb_encrypt4: aesenclast @offset[2],$inout2 aesenclast @offset[3],$inout3 ret +.cfi_endproc .size __ocb_encrypt4,.-__ocb_encrypt4 .type __ocb_encrypt1,\@abi-omnipotent .align 32 __ocb_encrypt1: +.cfi_startproc pxor @offset[5],$inout5 # offset_i pxor $rndkey0l,$inout5 # offset_i ^ round[0] pxor $inout0,$checksum # accumulate checksum @@ -3232,6 +3241,7 @@ __ocb_encrypt1: aesenclast $inout5,$inout0 ret +.cfi_endproc .size __ocb_encrypt1,.-__ocb_encrypt1 .globl aesni_ocb_decrypt @@ -3513,6 +3523,7 @@ $code.=<<___; .type __ocb_decrypt6,\@abi-omnipotent .align 32 __ocb_decrypt6: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3604,11 +3615,13 @@ __ocb_decrypt6: aesdeclast @offset[4],$inout4 aesdeclast @offset[5],$inout5 ret +.cfi_endproc .size __ocb_decrypt6,.-__ocb_decrypt6 .type __ocb_decrypt4,\@abi-omnipotent .align 32 __ocb_decrypt4: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3669,11 +3682,13 @@ __ocb_decrypt4: aesdeclast @offset[2],$inout2 aesdeclast @offset[3],$inout3 ret +.cfi_endproc .size __ocb_decrypt4,.-__ocb_decrypt4 .type __ocb_decrypt1,\@abi-omnipotent .align 32 __ocb_decrypt1: +.cfi_startproc pxor @offset[5],$inout5 # offset_i pxor $rndkey0l,$inout5 # offset_i ^ round[0] pxor $inout5,$inout0 # input ^ round[0] ^ offset_i @@ -3703,6 +3718,7 @@ __ocb_decrypt1: aesdeclast $inout5,$inout0 ret +.cfi_endproc .size __ocb_decrypt1,.-__ocb_decrypt1 ___ } }} @@ -4637,7 +4653,6 @@ __aesni_set_encrypt_key: add \$8,%rsp .cfi_adjust_cfa_offset -8 ret -.cfi_endproc .LSEH_end_set_encrypt_key: .align 16 @@ -4708,6 +4723,7 @@ __aesni_set_encrypt_key: shufps \$0b10101010,%xmm1,%xmm1 # critical path xorps %xmm1,%xmm2 ret +.cfi_endproc .size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key ___ @@ -4812,7 +4828,7 @@ ctr_xts_se_handler: mov 56($disp),%r11 # disp->HandlerData mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue lable + lea (%rsi,%r10),%r10 # prologue label cmp %r10,%rbx # context->RipHandlerData mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue lable + lea (%rsi,%r10),%r10 # prologue label cmp %r10,%rbx # context->Rip -#include "internal/aria.h" +#include "crypto/aria.h" #include #include diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl index 06c8add7a075..319927e6c729 100755 --- a/crypto/arm64cpuid.pl +++ b/crypto/arm64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -144,4 +144,4 @@ CRYPTO_memcmp: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index f11b543df64f..8b7105571d78 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef __ARM_ARCH_H__ -# define __ARM_ARCH_H__ +#ifndef OSSL_CRYPTO_ARM_ARCH_H +# define OSSL_CRYPTO_ARM_ARCH_H # if !defined(__ARM_ARCH__) # if defined(__CC_ARM) diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl index ab007c19c3cd..d1b71f836f10 100755 --- a/crypto/armv4cpuid.pl +++ b/crypto/armv4cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -293,4 +293,4 @@ atomic_add_spinlock: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index bffbd160a233..f462dd107368 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) { diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index a1a17901b8f8..a452b3deba08 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -13,7 +13,7 @@ #include "internal/numbers.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #ifndef NO_OLD_ASN1 # ifndef OPENSSL_NO_STDIO diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index d3878d6e57fe..133bbb1581cb 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -15,7 +15,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" /* This is the primary function used to parse ASN1_GENERALIZEDTIME */ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 70a45cb3cc77..9c1a9f52b5e6 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -13,7 +13,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) { diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 949fe6c1611a..bdb697ab30c1 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 5e1424a806fb..d67a723c9611 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -9,14 +9,14 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) { diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 8a373d9da9f6..85a631a27aa7 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 146fdb962628..72381b665551 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -18,8 +18,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #ifndef NO_ASN1_OLD diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index ea4dd1c5b189..4879b33785e9 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include #include diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index c36dd9500169..54e0de1931c2 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -16,10 +16,10 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 732328e05049..4a96315df03b 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "asn1_locl.h" +#include "asn1_local.h" int ASN1_TYPE_get(const ASN1_TYPE *a) { diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index b224991aa3df..0ff37b16c51f 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" /* This is the primary function used to parse ASN1_UTCTIME */ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index cdaf17c3cbc1..4b5f54234fa5 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -18,8 +18,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #ifndef NO_ASN1_OLD diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index d7d270dbb581..5e8c3ed1d5b0 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include "standard_methods.h" diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 88c4b5391802..a7d32ae5e2c3 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, long max); diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h new file mode 100644 index 000000000000..cec141721b34 --- /dev/null +++ b/crypto/asn1/asn1_local.h @@ -0,0 +1,83 @@ +/* + * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal ASN1 structures and functions: not for application use */ + +int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d); +int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); +int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); + +/* ASN1 scan context structure */ + +struct asn1_sctx_st { + /* The ASN1_ITEM associated with this field */ + const ASN1_ITEM *it; + /* If ASN1_TEMPLATE associated with this field */ + const ASN1_TEMPLATE *tt; + /* Various flags associated with field and context */ + unsigned long flags; + /* If SEQUENCE OF or SET OF, field index */ + int skidx; + /* ASN1 depth of field */ + int depth; + /* Structure and field name */ + const char *sname, *fname; + /* If a primitive type the type of underlying field */ + int prim_type; + /* The field value itself */ + ASN1_VALUE **field; + /* Callback to pass information to */ + int (*scan_cb) (ASN1_SCTX *ctx); + /* Context specific application data */ + void *app_data; +} /* ASN1_SCTX */ ; + +typedef struct mime_param_st MIME_PARAM; +DEFINE_STACK_OF(MIME_PARAM) +typedef struct mime_header_st MIME_HEADER; +DEFINE_STACK_OF(MIME_HEADER) + +void asn1_string_embed_free(ASN1_STRING *a, int embed); + +int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_set_choice_selector(ASN1_VALUE **pval, int value, + const ASN1_ITEM *it); + +ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + +const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + int nullerr); + +int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); + +void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); +void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, + const ASN1_ITEM *it); +int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, + const ASN1_ITEM *it); + +void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); +void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); +void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + +ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); +int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); +ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + const unsigned char **pp, long length); +int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); + +/* Internal functions used by x_int64.c */ +int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len); +int i2c_uint64_int(unsigned char *p, uint64_t r, int neg); + +ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h deleted file mode 100644 index cec141721b34..000000000000 --- a/crypto/asn1/asn1_locl.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Internal ASN1 structures and functions: not for application use */ - -int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d); -int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); -int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); - -/* ASN1 scan context structure */ - -struct asn1_sctx_st { - /* The ASN1_ITEM associated with this field */ - const ASN1_ITEM *it; - /* If ASN1_TEMPLATE associated with this field */ - const ASN1_TEMPLATE *tt; - /* Various flags associated with field and context */ - unsigned long flags; - /* If SEQUENCE OF or SET OF, field index */ - int skidx; - /* ASN1 depth of field */ - int depth; - /* Structure and field name */ - const char *sname, *fname; - /* If a primitive type the type of underlying field */ - int prim_type; - /* The field value itself */ - ASN1_VALUE **field; - /* Callback to pass information to */ - int (*scan_cb) (ASN1_SCTX *ctx); - /* Context specific application data */ - void *app_data; -} /* ASN1_SCTX */ ; - -typedef struct mime_param_st MIME_PARAM; -DEFINE_STACK_OF(MIME_PARAM) -typedef struct mime_header_st MIME_HEADER; -DEFINE_STACK_OF(MIME_HEADER) - -void asn1_string_embed_free(ASN1_STRING *a, int embed); - -int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_set_choice_selector(ASN1_VALUE **pval, int value, - const ASN1_ITEM *it); - -ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - int nullerr); - -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); - -void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); -void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, - const ASN1_ITEM *it); -int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it); - -void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); -void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); -void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - -ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length); -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long length); -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); - -/* Internal functions used by x_int64.c */ -int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len); -int i2c_uint64_int(unsigned char *p, uint64_t r, int neg); - -ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 4b60c615de76..3f10c7cb94c5 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,6 +75,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int nl, hl, j, r; ASN1_OBJECT *o = NULL; ASN1_OCTET_STRING *os = NULL; + ASN1_INTEGER *ai = NULL; + ASN1_ENUMERATED *ae = NULL; /* ASN1_BMPSTRING *bmp=NULL; */ int dump_indent, dump_cont = 0; @@ -250,22 +252,21 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ASN1_OCTET_STRING_free(os); os = NULL; } else if (tag == V_ASN1_INTEGER) { - ASN1_INTEGER *bs; int i; opp = op; - bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); - if (bs != NULL) { + ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl); + if (ai != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; - if (bs->type == V_ASN1_NEG_INTEGER) + if (ai->type == V_ASN1_NEG_INTEGER) if (BIO_write(bp, "-", 1) <= 0) goto end; - for (i = 0; i < bs->length; i++) { - if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) + for (i = 0; i < ai->length; i++) { + if (BIO_printf(bp, "%02X", ai->data[i]) <= 0) goto end; } - if (bs->length == 0) { + if (ai->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } @@ -274,24 +275,24 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; dump_cont = 1; } - ASN1_INTEGER_free(bs); + ASN1_INTEGER_free(ai); + ai = NULL; } else if (tag == V_ASN1_ENUMERATED) { - ASN1_ENUMERATED *bs; int i; opp = op; - bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); - if (bs != NULL) { + ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); + if (ae != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; - if (bs->type == V_ASN1_NEG_ENUMERATED) + if (ae->type == V_ASN1_NEG_ENUMERATED) if (BIO_write(bp, "-", 1) <= 0) goto end; - for (i = 0; i < bs->length; i++) { - if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) + for (i = 0; i < ae->length; i++) { + if (BIO_printf(bp, "%02X", ae->data[i]) <= 0) goto end; } - if (bs->length == 0) { + if (ae->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } @@ -300,7 +301,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; dump_cont = 1; } - ASN1_ENUMERATED_free(bs); + ASN1_ENUMERATED_free(ae); + ae = NULL; } else if (len > 0 && dump) { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) @@ -341,6 +343,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, end: ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); + ASN1_INTEGER_free(ai); + ASN1_ENUMERATED_free(ae); *pp = p; return ret; } diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index dfd5be634754..38735cd86f3e 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,15 +8,15 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include "internal/bio.h" -#include "asn1_locl.h" +#include "asn1_local.h" /* * Generalised MIME like utilities for streaming ASN1. Although many have a @@ -198,6 +198,14 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) BIO_puts(out, "gostr3411-94"); goto err; + case NID_id_GostR3411_2012_256: + BIO_puts(out, "gostr3411-2012-256"); + goto err; + + case NID_id_GostR3411_2012_512: + BIO_puts(out, "gostr3411-2012-512"); + goto err; + default: if (have_unknown) write_comma = 0; diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 68a01f31179e..732ce972aa29 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -8,13 +8,13 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/objects.h" +#include "crypto/asn1.h" +#include "crypto/objects.h" /* Simple ASN1 OID module: add all objects in a given section */ diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index f15d72d73661..cac354c6bf33 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index aa0d6ad6aed0..6ec010738049 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -15,8 +15,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 7bc16c7bceb4..8327ac16ca9c 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -17,7 +17,7 @@ #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 6d6bddc651cc..3a18381173d4 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c index f893489a6719..53dfec71b5d4 100644 --- a/crypto/asn1/f_string.c +++ b/crypto/asn1/f_string.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c index 445b0c84251f..0374c0bfbdc0 100644 --- a/crypto/asn1/i2d_pr.c +++ b/crypto/asn1/i2d_pr.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) { diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index dbee827e0d37..ab509b1ac976 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* Minor tweak to operation: zero private key data */ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 3b2c9df8917f..651622aedc8f 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/bn_int.h" +#include "crypto/bn.h" /* Number of octets per line */ #define ASN1_BUF_PRINT_WIDTH 15 diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index c2a521ed5180..2332b204edc1 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -15,7 +15,7 @@ #include #include #include "internal/numbers.h" -#include "asn1_locl.h" +#include "asn1_local.h" /* diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 30be314ff982..d600c7a53804 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index bbce489fe003..2916bef7863a 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -11,7 +11,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* Free up an ASN1 structure */ diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 6b8ea8ddd74d..287f2af33b58 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -13,7 +13,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 1fb66f1062ba..56d5ea0f39e3 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -15,8 +15,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" /* * Print routines. diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c index e1df2cfcae04..f0f218ae8bbe 100644 --- a/crypto/asn1/tasn_scn.c +++ b/crypto/asn1/tasn_scn.c @@ -15,7 +15,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* * General ASN1 structure recursive scanner: iterate through all fields diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index 7ceecffce758..a448685e19a9 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -15,7 +15,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* Utility functions for manipulating fields and offsets */ diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 853d45b8bc8a..4c4a718850ee 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -11,7 +11,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" ASN1_SEQUENCE(X509_ALGOR) = { ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index 6c93ea7510da..c6b3accd3a10 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -82,7 +82,7 @@ static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if (!*pval) + if (*pval == NULL) return; if (it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); @@ -96,7 +96,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, { BIGNUM *bn; int pad; - if (!*pval) + if (*pval == NULL) return -1; bn = (BIGNUM *)*pval; /* If MSB set in an octet we need a padding byte */ @@ -133,7 +133,7 @@ static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int ret; BIGNUM *bn; - if (!*pval && !bn_secure_new(pval, it)) + if (*pval == NULL && !bn_secure_new(pval, it)) return 0; ret = bn_c2i(pval, cont, len, utype, free_cont, it); diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c index 0ee552cf0a48..96c1a259e1fe 100644 --- a/crypto/asn1/x_int64.c +++ b/crypto/asn1/x_int64.c @@ -12,7 +12,7 @@ #include "internal/numbers.h" #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t. diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c index e465cf2d4d10..fb24e240cba8 100644 --- a/crypto/asn1/x_sig.c +++ b/crypto/asn1/x_sig.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" ASN1_SEQUENCE(X509_SIG) = { ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), diff --git a/crypto/async/arch/async_null.c b/crypto/async/arch/async_null.c index 3eaf170f2e50..26801f873130 100644 --- a/crypto/async/arch/async_null.c +++ b/crypto/async/arch/async_null.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "../async_locl.h" +#include "../async_local.h" #ifdef ASYNC_NULL int ASYNC_is_capable(void) diff --git a/crypto/async/arch/async_posix.c b/crypto/async/arch/async_posix.c index 02c342d3dfa9..95678d4fa686 100644 --- a/crypto/async/arch/async_posix.c +++ b/crypto/async/arch/async_posix.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "../async_locl.h" +#include "../async_local.h" #ifdef ASYNC_POSIX diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h index 62449fe60e04..873c0316ddf3 100644 --- a/crypto/async/arch/async_posix.h +++ b/crypto/async/arch/async_posix.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H -#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H +#ifndef OSSL_CRYPTO_ASYNC_POSIX_H +#define OSSL_CRYPTO_ASYNC_POSIX_H #include #if defined(OPENSSL_SYS_UNIX) \ @@ -55,4 +55,4 @@ void async_fibre_free(async_fibre *fibre); # endif #endif -#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */ +#endif /* OSSL_CRYPTO_ASYNC_POSIX_H */ diff --git a/crypto/async/async.c b/crypto/async/async.c index 1d83e4576f81..326015c605e9 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -16,10 +16,10 @@ #undef _FORTIFY_SOURCE /* This must be the first #include file */ -#include "async_locl.h" +#include "async_local.h" #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #define ASYNC_JOB_RUNNING 0 diff --git a/crypto/async/async_local.h b/crypto/async/async_local.h new file mode 100644 index 000000000000..dd1a85e02684 --- /dev/null +++ b/crypto/async/async_local.h @@ -0,0 +1,77 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Must do this before including any header files, because on MacOS/X + * includes which includes + */ +#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE) +# define _XOPEN_SOURCE /* Otherwise incomplete ucontext_t structure */ +# pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + +#if defined(_WIN32) +# include +#endif + +#include "crypto/async.h" +#include + +typedef struct async_ctx_st async_ctx; +typedef struct async_pool_st async_pool; + +#include "arch/async_win.h" +#include "arch/async_posix.h" +#include "arch/async_null.h" + +struct async_ctx_st { + async_fibre dispatcher; + ASYNC_JOB *currjob; + unsigned int blocked; +}; + +struct async_job_st { + async_fibre fibrectx; + int (*func) (void *); + void *funcargs; + int ret; + int status; + ASYNC_WAIT_CTX *waitctx; +}; + +struct fd_lookup_st { + const void *key; + OSSL_ASYNC_FD fd; + void *custom_data; + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *); + int add; + int del; + struct fd_lookup_st *next; +}; + +struct async_wait_ctx_st { + struct fd_lookup_st *fds; + size_t numadd; + size_t numdel; +}; + +DEFINE_STACK_OF(ASYNC_JOB) + +struct async_pool_st { + STACK_OF(ASYNC_JOB) *jobs; + size_t curr_size; + size_t max_size; +}; + +void async_local_cleanup(void); +void async_start_func(void); +async_ctx *async_get_ctx(void); + +void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx); + diff --git a/crypto/async/async_locl.h b/crypto/async/async_locl.h deleted file mode 100644 index d7790293f74f..000000000000 --- a/crypto/async/async_locl.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Must do this before including any header files, because on MacOS/X - * includes which includes - */ -#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE) -# define _XOPEN_SOURCE /* Otherwise incomplete ucontext_t structure */ -# pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif - -#if defined(_WIN32) -# include -#endif - -#include "internal/async.h" -#include - -typedef struct async_ctx_st async_ctx; -typedef struct async_pool_st async_pool; - -#include "arch/async_win.h" -#include "arch/async_posix.h" -#include "arch/async_null.h" - -struct async_ctx_st { - async_fibre dispatcher; - ASYNC_JOB *currjob; - unsigned int blocked; -}; - -struct async_job_st { - async_fibre fibrectx; - int (*func) (void *); - void *funcargs; - int ret; - int status; - ASYNC_WAIT_CTX *waitctx; -}; - -struct fd_lookup_st { - const void *key; - OSSL_ASYNC_FD fd; - void *custom_data; - void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *); - int add; - int del; - struct fd_lookup_st *next; -}; - -struct async_wait_ctx_st { - struct fd_lookup_st *fds; - size_t numadd; - size_t numdel; -}; - -DEFINE_STACK_OF(ASYNC_JOB) - -struct async_pool_st { - STACK_OF(ASYNC_JOB) *jobs; - size_t curr_size; - size_t max_size; -}; - -void async_local_cleanup(void); -void async_start_func(void); -async_ctx *async_get_ctx(void); - -void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx); - diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c index b23e43e8c862..7723f949a67e 100644 --- a/crypto/async/async_wait.c +++ b/crypto/async/async_wait.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "async_locl.h" +#include "async_local.h" #include diff --git a/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl index 4e913aecf42d..cddc17bddafa 100644 --- a/crypto/bf/asm/bf-586.pl +++ b/crypto/bf/asm/bf-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ $tmp4="edx"; &cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub BF_encrypt { diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c index ce6e13b5a4cc..12332c540d66 100644 --- a/crypto/bf/bf_cfb64.c +++ b/crypto/bf/bf_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c index dc1becdbe4ed..38e784cc2dad 100644 --- a/crypto/bf/bf_ecb.c +++ b/crypto/bf/bf_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" #include /* diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c index 67c0d78aec5c..423a4697a51e 100644 --- a/crypto/bf/bf_enc.c +++ b/crypto/bf/bf_enc.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From diff --git a/crypto/bf/bf_local.h b/crypto/bf/bf_local.h new file mode 100644 index 000000000000..8c76976fa4d9 --- /dev/null +++ b/crypto/bf/bf_local.h @@ -0,0 +1,84 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BF_LOCAL_H +# define OSSL_CRYPTO_BF_LOCAL_H +# include + +/* NOTE - c is not incremented as per n2l */ +# define n2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ + case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +# define l2nn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ + case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ + case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ + case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ + case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ + case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ + case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ + case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + } \ + } + +# undef n2l +# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))) + +# undef l2n +# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* + * This is actually a big endian algorithm, the most significant byte is used + * to lookup array 0 + */ + +# define BF_ENC(LL,R,S,P) ( \ + LL^=P, \ + LL^=((( S[ ((R>>24)&0xff)] + \ + S[0x0100+((R>>16)&0xff)])^ \ + S[0x0200+((R>> 8)&0xff)])+ \ + S[0x0300+((R )&0xff)])&0xffffffffU \ + ) + +#endif diff --git a/crypto/bf/bf_locl.h b/crypto/bf/bf_locl.h deleted file mode 100644 index b1a415e5132c..000000000000 --- a/crypto/bf/bf_locl.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_BF_LOCL_H -# define HEADER_BF_LOCL_H -# include - -/* NOTE - c is not incremented as per n2l */ -# define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -# define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -# undef n2l -# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -# undef l2n -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* - * This is actually a big endian algorithm, the most significant byte is used - * to lookup array 0 - */ - -# define BF_ENC(LL,R,S,P) ( \ - LL^=P, \ - LL^=((( S[ ((R>>24)&0xff)] + \ - S[0x0100+((R>>16)&0xff)])^ \ - S[0x0200+((R>> 8)&0xff)])+ \ - S[0x0300+((R )&0xff)])&0xffffffffU \ - ) - -#endif diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c index 6418217b307d..5d75401fcca5 100644 --- a/crypto/bf/bf_ofb64.c +++ b/crypto/bf/bf_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c index a4903a2a71de..ed29cf9153a4 100644 --- a/crypto/bf/bf_skey.c +++ b/crypto/bf/bf_skey.c @@ -10,7 +10,7 @@ #include #include #include -#include "bf_locl.h" +#include "bf_local.h" #include "bf_pi.h" void BF_set_key(BF_KEY *key, int len, const unsigned char *data) diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index dd5008e636a4..d11268b6dc59 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include #ifndef OPENSSL_NO_SOCK @@ -22,7 +22,7 @@ CRYPTO_RWLOCK *bio_lookup_lock; static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; /* - * Throughout this file and bio_lcl.h, the existence of the macro + * Throughout this file and bio_local.h, the existence of the macro * AI_PASSIVE is used to detect the availability of struct addrinfo, * getnameinfo() and getaddrinfo(). If that macro doesn't exist, * we use our own implementation instead, using gethostbyname, @@ -694,9 +694,11 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, hints.ai_flags |= AI_PASSIVE; /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to - * macro magic in bio_lcl.h + * macro magic in bio_local.h */ +# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) retry: +# endif switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { # ifdef EAI_SYSTEM case EAI_SYSTEM: diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 0d06414e7d91..f175e244b233 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -12,7 +12,7 @@ */ #include -#include "bio_lcl.h" +#include "bio_local.h" #define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4)) @@ -36,8 +36,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if (indent < 0) indent = 0; - else if (indent > 128) - indent = 128; + else if (indent > 64) + indent = 64; dump_width = DUMP_WIDTH_LESS_INDENT(indent); rows = len / dump_width; diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 9e907fcaa778..8ef90ac1d4f8 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/numbers.h" #include diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e7a24d02cbe5..df431e6d523d 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK # define SOCKET_PROTOCOL IPPROTO_TCP # ifdef SO_MAXCONN diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c index 5d82ab22dc30..335dfabc6180 100644 --- a/crypto/bio/b_sock2.c +++ b/crypto/bio/b_sock2.c @@ -11,7 +11,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 8e87a629b8b5..51ae1f918d87 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int buffer_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index 194c7b8af713..72f9901813ea 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index 4bc84eeba659..dd7011ab669f 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c index 613fb2e0583d..48c6be692a5d 100644 --- a/crypto/bio/bf_null.c +++ b/crypto/bio/bf_null.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" /* diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 1154c233afd8..a153100a8825 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/crypto/bio/bio_lcl.h b/crypto/bio/bio_lcl.h deleted file mode 100644 index e2c05a20de6c..000000000000 --- a/crypto/bio/bio_lcl.h +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "internal/sockets.h" -#include "internal/refcount.h" - -/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */ - -#ifndef OPENSSL_NO_SOCK -/* - * Throughout this file and b_addr.c, the existence of the macro - * AI_PASSIVE is used to detect the availability of struct addrinfo, - * getnameinfo() and getaddrinfo(). If that macro doesn't exist, - * we use our own implementation instead. - */ - -/* - * It's imperative that these macros get defined before openssl/bio.h gets - * included. Otherwise, the AI_PASSIVE hack will not work properly. - * For clarity, we check for internal/cryptlib.h since it's a common header - * that also includes bio.h. - */ -# ifdef HEADER_CRYPTLIB_H -# error internal/cryptlib.h included before bio_lcl.h -# endif -# ifdef HEADER_BIO_H -# error openssl/bio.h included before bio_lcl.h -# endif - -/* - * Undefine AF_UNIX on systems that define it but don't support it. - */ -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) -# undef AF_UNIX -# endif - -# ifdef AI_PASSIVE - -/* - * There's a bug in VMS C header file netdb.h, where struct addrinfo - * always is the P32 variant, but the functions that handle that structure, - * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer - * size. The easiest workaround is to force struct addrinfo to be the - * 64-bit variant when compiling in P64 mode. - */ -# if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64 -# define addrinfo __addrinfo64 -# endif - -# define bio_addrinfo_st addrinfo -# define bai_family ai_family -# define bai_socktype ai_socktype -# define bai_protocol ai_protocol -# define bai_addrlen ai_addrlen -# define bai_addr ai_addr -# define bai_next ai_next -# else -struct bio_addrinfo_st { - int bai_family; - int bai_socktype; - int bai_protocol; - size_t bai_addrlen; - struct sockaddr *bai_addr; - struct bio_addrinfo_st *bai_next; -}; -# endif - -union bio_addr_st { - struct sockaddr sa; -# ifdef AF_INET6 - struct sockaddr_in6 s_in6; -# endif - struct sockaddr_in s_in; -# ifdef AF_UNIX - struct sockaddr_un s_un; -# endif -}; -#endif - -/* END BIO_ADDRINFO/BIO_ADDR stuff. */ - -#include "internal/cryptlib.h" -#include "internal/bio.h" - -typedef struct bio_f_buffer_ctx_struct { - /*- - * Buffers are setup like this: - * - * <---------------------- size -----------------------> - * +---------------------------------------------------+ - * | consumed | remaining | free space | - * +---------------------------------------------------+ - * <-- off --><------- len -------> - */ - /*- BIO *bio; *//* - * this is now in the BIO struct - */ - int ibuf_size; /* how big is the input buffer */ - int obuf_size; /* how big is the output buffer */ - char *ibuf; /* the char array */ - int ibuf_len; /* how many bytes are in it */ - int ibuf_off; /* write/read offset */ - char *obuf; /* the char array */ - int obuf_len; /* how many bytes are in it */ - int obuf_off; /* write/read offset */ -} BIO_F_BUFFER_CTX; - -struct bio_st { - const BIO_METHOD *method; - /* bio, mode, argp, argi, argl, ret */ - BIO_callback_fn callback; - BIO_callback_fn_ex callback_ex; - char *cb_arg; /* first argument for the callback */ - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ - CRYPTO_REF_COUNT references; - uint64_t num_read; - uint64_t num_write; - CRYPTO_EX_DATA ex_data; - CRYPTO_RWLOCK *lock; -}; - -#ifndef OPENSSL_NO_SOCK -# ifdef OPENSSL_SYS_VMS -typedef unsigned int socklen_t; -# endif - -extern CRYPTO_RWLOCK *bio_lookup_lock; - -int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa); -const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap); -struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap); -socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap); -socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai); -const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai); -#endif - -extern CRYPTO_RWLOCK *bio_type_lock; - -void bio_sock_cleanup_int(void); - -#if BIO_FLAGS_UPLINK==0 -/* Shortcut UPLINK calls on most platforms... */ -# define UP_stdin stdin -# define UP_stdout stdout -# define UP_stderr stderr -# define UP_fprintf fprintf -# define UP_fgets fgets -# define UP_fread fread -# define UP_fwrite fwrite -# undef UP_fsetmod -# define UP_feof feof -# define UP_fclose fclose - -# define UP_fopen fopen -# define UP_fseek fseek -# define UP_ftell ftell -# define UP_fflush fflush -# define UP_ferror ferror -# ifdef _WIN32 -# define UP_fileno _fileno -# define UP_open _open -# define UP_read _read -# define UP_write _write -# define UP_lseek _lseek -# define UP_close _close -# else -# define UP_fileno fileno -# define UP_open open -# define UP_read read -# define UP_write write -# define UP_lseek lseek -# define UP_close close -# endif - -#endif - diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index ca375b911ae8..d2202e537b30 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h new file mode 100644 index 000000000000..8b2122129396 --- /dev/null +++ b/crypto/bio/bio_local.h @@ -0,0 +1,190 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "e_os.h" +#include "internal/sockets.h" +#include "internal/refcount.h" + +/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */ + +#ifndef OPENSSL_NO_SOCK +/* + * Throughout this file and b_addr.c, the existence of the macro + * AI_PASSIVE is used to detect the availability of struct addrinfo, + * getnameinfo() and getaddrinfo(). If that macro doesn't exist, + * we use our own implementation instead. + */ + +/* + * It's imperative that these macros get defined before openssl/bio.h gets + * included. Otherwise, the AI_PASSIVE hack will not work properly. + * For clarity, we check for internal/cryptlib.h since it's a common header + * that also includes bio.h. + */ +# ifdef OSSL_INTERNAL_CRYPTLIB_H +# error internal/cryptlib.h included before bio_local.h +# endif +# ifdef HEADER_BIO_H +# error openssl/bio.h included before bio_local.h +# endif + +/* + * Undefine AF_UNIX on systems that define it but don't support it. + */ +# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) +# undef AF_UNIX +# endif + +# ifdef AI_PASSIVE + +/* + * There's a bug in VMS C header file netdb.h, where struct addrinfo + * always is the P32 variant, but the functions that handle that structure, + * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer + * size. The easiest workaround is to force struct addrinfo to be the + * 64-bit variant when compiling in P64 mode. + */ +# if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64 +# define addrinfo __addrinfo64 +# endif + +# define bio_addrinfo_st addrinfo +# define bai_family ai_family +# define bai_socktype ai_socktype +# define bai_protocol ai_protocol +# define bai_addrlen ai_addrlen +# define bai_addr ai_addr +# define bai_next ai_next +# else +struct bio_addrinfo_st { + int bai_family; + int bai_socktype; + int bai_protocol; + size_t bai_addrlen; + struct sockaddr *bai_addr; + struct bio_addrinfo_st *bai_next; +}; +# endif + +union bio_addr_st { + struct sockaddr sa; +# ifdef AF_INET6 + struct sockaddr_in6 s_in6; +# endif + struct sockaddr_in s_in; +# ifdef AF_UNIX + struct sockaddr_un s_un; +# endif +}; +#endif + +/* END BIO_ADDRINFO/BIO_ADDR stuff. */ + +#include "internal/cryptlib.h" +#include "internal/bio.h" + +typedef struct bio_f_buffer_ctx_struct { + /*- + * Buffers are setup like this: + * + * <---------------------- size -----------------------> + * +---------------------------------------------------+ + * | consumed | remaining | free space | + * +---------------------------------------------------+ + * <-- off --><------- len -------> + */ + /*- BIO *bio; *//* + * this is now in the BIO struct + */ + int ibuf_size; /* how big is the input buffer */ + int obuf_size; /* how big is the output buffer */ + char *ibuf; /* the char array */ + int ibuf_len; /* how many bytes are in it */ + int ibuf_off; /* write/read offset */ + char *obuf; /* the char array */ + int obuf_len; /* how many bytes are in it */ + int obuf_off; /* write/read offset */ +} BIO_F_BUFFER_CTX; + +struct bio_st { + const BIO_METHOD *method; + /* bio, mode, argp, argi, argl, ret */ + BIO_callback_fn callback; + BIO_callback_fn_ex callback_ex; + char *cb_arg; /* first argument for the callback */ + int init; + int shutdown; + int flags; /* extra storage */ + int retry_reason; + int num; + void *ptr; + struct bio_st *next_bio; /* used by filter BIOs */ + struct bio_st *prev_bio; /* used by filter BIOs */ + CRYPTO_REF_COUNT references; + uint64_t num_read; + uint64_t num_write; + CRYPTO_EX_DATA ex_data; + CRYPTO_RWLOCK *lock; +}; + +#ifndef OPENSSL_NO_SOCK +# ifdef OPENSSL_SYS_VMS +typedef unsigned int socklen_t; +# endif + +extern CRYPTO_RWLOCK *bio_lookup_lock; + +int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa); +const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap); +struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap); +socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap); +socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai); +const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai); +#endif + +extern CRYPTO_RWLOCK *bio_type_lock; + +void bio_sock_cleanup_int(void); + +#if BIO_FLAGS_UPLINK==0 +/* Shortcut UPLINK calls on most platforms... */ +# define UP_stdin stdin +# define UP_stdout stdout +# define UP_stderr stderr +# define UP_fprintf fprintf +# define UP_fgets fgets +# define UP_fread fread +# define UP_fwrite fwrite +# undef UP_fsetmod +# define UP_feof feof +# define UP_fclose fclose + +# define UP_fopen fopen +# define UP_fseek fseek +# define UP_ftell ftell +# define UP_fflush fflush +# define UP_ferror ferror +# ifdef _WIN32 +# define UP_fileno _fileno +# define UP_open _open +# define UP_read _read +# define UP_write _write +# define UP_lseek _lseek +# define UP_close _close +# else +# define UP_fileno fileno +# define UP_open open +# define UP_read read +# define UP_write write +# define UP_lseek lseek +# define UP_close close +# endif + +#endif + diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c index 493ff63a9012..da116461922e 100644 --- a/crypto/bio/bio_meth.c +++ b/crypto/bio/bio_meth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/thread_once.h" CRYPTO_RWLOCK *bio_type_lock = NULL; diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 993e5903a04f..b38e47a592f4 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK @@ -527,7 +527,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_DUP: break; - + case BIO_CTRL_EOF: + if (b->next_bio == NULL) + ret = 0; + else + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; default: ret = 0; break; diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index e34382c55781..c97349e43282 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -21,7 +21,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include #include diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index e9673fe78336..dd43a406018c 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK @@ -54,6 +54,7 @@ void BIO_CONNECT_free(BIO_CONNECT *a); #define BIO_CONN_S_CONNECT 4 #define BIO_CONN_S_OK 5 #define BIO_CONN_S_BLOCKED_CONNECT 6 +#define BIO_CONN_S_CONNECT_ERROR 7 static const BIO_METHOD methods_connectp = { BIO_TYPE_CONNECT, @@ -174,7 +175,8 @@ static int conn_state(BIO *b, BIO_CONNECT *c) ERR_add_error_data(4, "hostname=", c->param_hostname, " service=", c->param_service); - BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); + c->state = BIO_CONN_S_CONNECT_ERROR; + break; } goto exit_loop; } else { @@ -197,6 +199,11 @@ static int conn_state(BIO *b, BIO_CONNECT *c) c->state = BIO_CONN_S_OK; break; + case BIO_CONN_S_CONNECT_ERROR: + BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); + ret = 0; + goto exit_loop; + case BIO_CONN_S_OK: ret = 1; goto exit_loop; @@ -309,6 +316,8 @@ static int conn_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -488,6 +497,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) *fptr = data->info_callback; } break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 551821609f73..942fd8b514be 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_DGRAM # ifndef OPENSSL_NO_SCTP diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c index 5bc539c90b96..ccbe1626baf2 100644 --- a/crypto/bio/bss_fd.c +++ b/crypto/bio/bss_fd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #if defined(OPENSSL_NO_POSIX_IO) /* @@ -123,6 +123,8 @@ static int fd_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_fd_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -186,6 +188,9 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: ret = 1; break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index a21020559760..1a70ce799404 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -27,7 +27,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include #if !defined(OPENSSL_NO_STDIO) diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index e9ab932ec295..b9579faaa2a5 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -19,7 +19,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #if defined(OPENSSL_SYS_WINCE) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 2d536e9db05f..7cb4a57813fd 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int mem_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c index 08f1d2bc98a3..e73ce7841d41 100644 --- a/crypto/bio/bss_null.c +++ b/crypto/bio/bss_null.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int null_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index ad38453201f1..6251f3d46a17 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #ifndef OPENSSL_NO_SOCK @@ -101,6 +101,8 @@ static int sock_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -151,6 +153,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: ret = 1; break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/crypto/blake2/blake2_local.h b/crypto/blake2/blake2_local.h new file mode 100644 index 000000000000..926bae944c17 --- /dev/null +++ b/crypto/blake2/blake2_local.h @@ -0,0 +1,90 @@ +/* + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Derived from the BLAKE2 reference implementation written by Samuel Neves. + * Copyright 2012, Samuel Neves + * More information about the BLAKE2 hash function and its implementations + * can be found at https://blake2.net. + */ + +#include + +#define BLAKE2S_BLOCKBYTES 64 +#define BLAKE2S_OUTBYTES 32 +#define BLAKE2S_KEYBYTES 32 +#define BLAKE2S_SALTBYTES 8 +#define BLAKE2S_PERSONALBYTES 8 + +#define BLAKE2B_BLOCKBYTES 128 +#define BLAKE2B_OUTBYTES 64 +#define BLAKE2B_KEYBYTES 64 +#define BLAKE2B_SALTBYTES 16 +#define BLAKE2B_PERSONALBYTES 16 + +struct blake2s_param_st { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint8_t leaf_length[4];/* 8 */ + uint8_t node_offset[6];/* 14 */ + uint8_t node_depth; /* 15 */ + uint8_t inner_length; /* 16 */ + uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */ + uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */ +}; + +typedef struct blake2s_param_st BLAKE2S_PARAM; + +struct blake2s_ctx_st { + uint32_t h[8]; + uint32_t t[2]; + uint32_t f[2]; + uint8_t buf[BLAKE2S_BLOCKBYTES]; + size_t buflen; +}; + +struct blake2b_param_st { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint8_t leaf_length[4];/* 8 */ + uint8_t node_offset[8];/* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ +}; + +typedef struct blake2b_param_st BLAKE2B_PARAM; + +struct blake2b_ctx_st { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[BLAKE2B_BLOCKBYTES]; + size_t buflen; +}; + +#define BLAKE2B_DIGEST_LENGTH 64 +#define BLAKE2S_DIGEST_LENGTH 32 + +typedef struct blake2s_ctx_st BLAKE2S_CTX; +typedef struct blake2b_ctx_st BLAKE2B_CTX; + +int BLAKE2b_Init(BLAKE2B_CTX *c); +int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen); +int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c); + +int BLAKE2s_Init(BLAKE2S_CTX *c); +int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen); +int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c); diff --git a/crypto/blake2/blake2_locl.h b/crypto/blake2/blake2_locl.h deleted file mode 100644 index 926bae944c17..000000000000 --- a/crypto/blake2/blake2_locl.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Derived from the BLAKE2 reference implementation written by Samuel Neves. - * Copyright 2012, Samuel Neves - * More information about the BLAKE2 hash function and its implementations - * can be found at https://blake2.net. - */ - -#include - -#define BLAKE2S_BLOCKBYTES 64 -#define BLAKE2S_OUTBYTES 32 -#define BLAKE2S_KEYBYTES 32 -#define BLAKE2S_SALTBYTES 8 -#define BLAKE2S_PERSONALBYTES 8 - -#define BLAKE2B_BLOCKBYTES 128 -#define BLAKE2B_OUTBYTES 64 -#define BLAKE2B_KEYBYTES 64 -#define BLAKE2B_SALTBYTES 16 -#define BLAKE2B_PERSONALBYTES 16 - -struct blake2s_param_st { - uint8_t digest_length; /* 1 */ - uint8_t key_length; /* 2 */ - uint8_t fanout; /* 3 */ - uint8_t depth; /* 4 */ - uint8_t leaf_length[4];/* 8 */ - uint8_t node_offset[6];/* 14 */ - uint8_t node_depth; /* 15 */ - uint8_t inner_length; /* 16 */ - uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */ - uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */ -}; - -typedef struct blake2s_param_st BLAKE2S_PARAM; - -struct blake2s_ctx_st { - uint32_t h[8]; - uint32_t t[2]; - uint32_t f[2]; - uint8_t buf[BLAKE2S_BLOCKBYTES]; - size_t buflen; -}; - -struct blake2b_param_st { - uint8_t digest_length; /* 1 */ - uint8_t key_length; /* 2 */ - uint8_t fanout; /* 3 */ - uint8_t depth; /* 4 */ - uint8_t leaf_length[4];/* 8 */ - uint8_t node_offset[8];/* 16 */ - uint8_t node_depth; /* 17 */ - uint8_t inner_length; /* 18 */ - uint8_t reserved[14]; /* 32 */ - uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ - uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ -}; - -typedef struct blake2b_param_st BLAKE2B_PARAM; - -struct blake2b_ctx_st { - uint64_t h[8]; - uint64_t t[2]; - uint64_t f[2]; - uint8_t buf[BLAKE2B_BLOCKBYTES]; - size_t buflen; -}; - -#define BLAKE2B_DIGEST_LENGTH 64 -#define BLAKE2S_DIGEST_LENGTH 32 - -typedef struct blake2s_ctx_st BLAKE2S_CTX; -typedef struct blake2b_ctx_st BLAKE2B_CTX; - -int BLAKE2b_Init(BLAKE2B_CTX *c); -int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen); -int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c); - -int BLAKE2s_Init(BLAKE2S_CTX *c); -int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen); -int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c); diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c index 4b353dd498bb..fc6e5f1a3f3c 100644 --- a/crypto/blake2/blake2b.c +++ b/crypto/blake2/blake2b.c @@ -18,7 +18,7 @@ #include #include -#include "blake2_locl.h" +#include "blake2_local.h" #include "blake2_impl.h" static const uint64_t blake2b_IV[8] = diff --git a/crypto/blake2/blake2s.c b/crypto/blake2/blake2s.c index 8211374d123f..d072e05ca364 100644 --- a/crypto/blake2/blake2s.c +++ b/crypto/blake2/blake2s.c @@ -18,7 +18,7 @@ #include #include -#include "blake2_locl.h" +#include "blake2_local.h" #include "blake2_impl.h" static const uint32_t blake2s_IV[8] = diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c index c493648c3cd0..ce4d8f95652f 100644 --- a/crypto/blake2/m_blake2b.c +++ b/crypto/blake2/m_blake2b.c @@ -20,8 +20,8 @@ # include # include -# include "blake2_locl.h" -# include "internal/evp_int.h" +# include "blake2_local.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/blake2/m_blake2s.c b/crypto/blake2/m_blake2s.c index 83b2811e4432..b8fb048b30bf 100644 --- a/crypto/blake2/m_blake2s.c +++ b/crypto/blake2/m_blake2s.c @@ -20,8 +20,8 @@ # include # include -# include "blake2_locl.h" -# include "internal/evp_int.h" +# include "blake2_local.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/bn/README.pod b/crypto/bn/README.pod index 706a140342cd..5d5c4fa99fa1 100644 --- a/crypto/bn/README.pod +++ b/crypto/bn/README.pod @@ -188,7 +188,7 @@ B and the 2*B word arrays B and B. The implementations use the following macros which, depending on the architecture, may use "long long" C operations or inline assembler. -They are defined in C. +They are defined in C. mul(B, B, B, B) computes B*B+B and places the low word of the result in B and the high word in B. diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index 7a0cdb2e8a00..3a83cb855007 100755 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -329,4 +329,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 6bedc62ba62d..eadc8bbf6322 100755 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -754,4 +754,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl index d8347bf93249..bc9a18dc4ce6 100755 --- a/crypto/bn/asm/armv8-mont.pl +++ b/crypto/bn/asm/armv8-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1511,4 +1511,4 @@ ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl index 58effc8808dd..e0422405d5f3 100644 --- a/crypto/bn/asm/bn-586.pl +++ b/crypto/bn/asm/bn-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub bn_mul_add_words { diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl index 9c46da3af8d1..3bb8d120e96a 100755 --- a/crypto/bn/asm/c64xplus-gf2m.pl +++ b/crypto/bn/asm/c64xplus-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -157,4 +157,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl index 97f5e3a19fc4..3c34fa885c30 100644 --- a/crypto/bn/asm/co-586.pl +++ b/crypto/bn/asm/co-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,7 @@ open STDOUT,">$output"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub mul_add_c { @@ -39,17 +39,17 @@ sub mul_add_c &mul("edx"); &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a + &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a &mov("eax",&wparam(0)) if $pos > 0; # load r[] ### &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b + &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # load next b + &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # load next b ### &adc($c2,0); # is pos > 1, it means it is the last loop &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a + &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next a } sub sqr_add_c diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl index ec486f77792b..7a4e74d71942 100755 --- a/crypto/bn/asm/ia64-mont.pl +++ b/crypto/bn/asm/ia64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -857,4 +857,4 @@ ___ open STDOUT,">$output" if $output; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl index fbe5d04f716c..3b79a4b186d7 100755 --- a/crypto/bn/asm/mips-mont.pl +++ b/crypto/bn/asm/mips-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -430,4 +430,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index a205189eb684..8ad715bda4d4 100755 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2260,4 +2260,4 @@ $code.=<<___; .end bn_sqr_comba4 ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index aa9f626ed267..6a7c714a156e 100755 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1003,4 +1003,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl index ec7e019a4380..278314c57bd6 100755 --- a/crypto/bn/asm/ppc-mont.pl +++ b/crypto/bn/asm/ppc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1987,4 +1987,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl index d6d4e66f92e9..a8d3f14e9b8e 100644 --- a/crypto/bn/asm/ppc.pl +++ b/crypto/bn/asm/ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2009,4 +2009,4 @@ Lppcasm_maw_adios: EOF $data =~ s/\`([^\`]*)\`/eval $1/gem; print $data; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index c41b620bc23e..b55fd46c824f 100755 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1649,4 +1649,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index 85cd73c668bd..9b54f9d9ed3c 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -1979,4 +1979,4 @@ rsaz_1024_gather5_avx2: ___ }}} -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl index b1797b649f00..8172dace74ee 100755 --- a/crypto/bn/asm/rsaz-x86_64.pl +++ b/crypto/bn/asm/rsaz-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -116,7 +116,7 @@ rsaz_512_sqr: # 25-29% faster than rsaz_512_mul subq \$128+24, %rsp .cfi_adjust_cfa_offset 128+24 .Lsqr_body: - movq $mod, %rbp # common argument + movq $mod, %xmm1 # common off-load movq ($inp), %rdx movq 8($inp), %rax movq $n0, 128(%rsp) @@ -134,7 +134,8 @@ $code.=<<___; .Loop_sqr: movl $times,128+8(%rsp) #first iteration - movq %rdx, %rbx + movq %rdx, %rbx # 0($inp) + mov %rax, %rbp # 8($inp) mulq %rdx movq %rax, %r8 movq 16($inp), %rax @@ -173,31 +174,29 @@ $code.=<<___; mulq %rbx addq %rax, %r14 movq %rbx, %rax - movq %rdx, %r15 - adcq \$0, %r15 + adcq \$0, %rdx - addq %r8, %r8 #shlq \$1, %r8 - movq %r9, %rcx - adcq %r9, %r9 #shld \$1, %r8, %r9 + xorq %rcx,%rcx # rcx:r8 = r8 << 1 + addq %r8, %r8 + movq %rdx, %r15 + adcq \$0, %rcx mulq %rax - movq %rax, (%rsp) - addq %rdx, %r8 - adcq \$0, %r9 + addq %r8, %rdx + adcq \$0, %rcx - movq %r8, 8(%rsp) - shrq \$63, %rcx + movq %rax, (%rsp) + movq %rdx, 8(%rsp) #second iteration - movq 8($inp), %r8 movq 16($inp), %rax - mulq %r8 + mulq %rbp addq %rax, %r10 movq 24($inp), %rax movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r11 movq 32($inp), %rax adcq \$0, %rdx @@ -205,7 +204,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r12 movq 40($inp), %rax adcq \$0, %rdx @@ -213,7 +212,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r13 movq 48($inp), %rax adcq \$0, %rdx @@ -221,7 +220,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r14 movq 56($inp), %rax adcq \$0, %rdx @@ -229,39 +228,39 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r15 - movq %r8, %rax + movq %rbp, %rax adcq \$0, %rdx addq %rbx, %r15 - movq %rdx, %r8 - movq %r10, %rdx - adcq \$0, %r8 + adcq \$0, %rdx - add %rdx, %rdx - lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - movq %r11, %rbx - adcq %r11, %r11 #shld \$1, %r10, %r11 + xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 + addq %r9, %r9 + movq %rdx, %r8 + adcq %r10, %r10 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax + movq 16($inp), %rbp addq %rax, %r9 + movq 24($inp), %rax adcq %rdx, %r10 - adcq \$0, %r11 + adcq \$0, %rbx movq %r9, 16(%rsp) movq %r10, 24(%rsp) - shrq \$63, %rbx #third iteration - movq 16($inp), %r9 - movq 24($inp), %rax - mulq %r9 + mulq %rbp addq %rax, %r12 movq 32($inp), %rax movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 + mulq %rbp addq %rax, %r13 movq 40($inp), %rax adcq \$0, %rdx @@ -269,7 +268,7 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 + mulq %rbp addq %rax, %r14 movq 48($inp), %rax adcq \$0, %rdx @@ -277,9 +276,7 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 - movq %r12, %r10 - lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 + mulq %rbp addq %rax, %r15 movq 56($inp), %rax adcq \$0, %rdx @@ -287,36 +284,40 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 - shrq \$63, %r10 + mulq %rbp addq %rax, %r8 - movq %r9, %rax + movq %rbp, %rax adcq \$0, %rdx addq %rcx, %r8 - movq %rdx, %r9 - adcq \$0, %r9 + adcq \$0, %rdx - movq %r13, %rcx - leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 + xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 + addq %r11, %r11 + movq %rdx, %r9 + adcq %r12, %r12 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax + movq 24($inp), %r10 addq %rax, %r11 + movq 32($inp), %rax adcq %rdx, %r12 - adcq \$0, %r13 + adcq \$0, %rcx movq %r11, 32(%rsp) movq %r12, 40(%rsp) - shrq \$63, %rcx #fourth iteration - movq 24($inp), %r10 - movq 32($inp), %rax + mov %rax, %r11 # 32($inp) mulq %r10 addq %rax, %r14 movq 40($inp), %rax movq %rdx, %rbx adcq \$0, %rbx + mov %rax, %r12 # 40($inp) mulq %r10 addq %rax, %r15 movq 48($inp), %rax @@ -325,9 +326,8 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx + mov %rax, %rbp # 48($inp) mulq %r10 - movq %r14, %r12 - leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 addq %rax, %r8 movq 56($inp), %rax adcq \$0, %rdx @@ -336,32 +336,33 @@ $code.=<<___; adcq \$0, %rbx mulq %r10 - shrq \$63, %r12 addq %rax, %r9 movq %r10, %rax adcq \$0, %rdx addq %rbx, %r9 - movq %rdx, %r10 - adcq \$0, %r10 + adcq \$0, %rdx - movq %r15, %rbx - leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 + xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 + addq %r13, %r13 + movq %rdx, %r10 + adcq %r14, %r14 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax addq %rax, %r13 + movq %r12, %rax # 40($inp) adcq %rdx, %r14 - adcq \$0, %r15 + adcq \$0, %rbx movq %r13, 48(%rsp) movq %r14, 56(%rsp) - shrq \$63, %rbx #fifth iteration - movq 32($inp), %r11 - movq 40($inp), %rax mulq %r11 addq %rax, %r8 - movq 48($inp), %rax + movq %rbp, %rax # 48($inp) movq %rdx, %rcx adcq \$0, %rcx @@ -369,97 +370,99 @@ $code.=<<___; addq %rax, %r9 movq 56($inp), %rax adcq \$0, %rdx - movq %r8, %r12 - leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 addq %rcx, %r9 movq %rdx, %rcx adcq \$0, %rcx + mov %rax, %r14 # 56($inp) mulq %r11 - shrq \$63, %r12 addq %rax, %r10 movq %r11, %rax adcq \$0, %rdx addq %rcx, %r10 - movq %rdx, %r11 - adcq \$0, %r11 + adcq \$0, %rdx - movq %r9, %rcx - leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 + xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 + addq %r15, %r15 + movq %rdx, %r11 + adcq %r8, %r8 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax addq %rax, %r15 + movq %rbp, %rax # 48($inp) adcq %rdx, %r8 - adcq \$0, %r9 + adcq \$0, %rcx movq %r15, 64(%rsp) movq %r8, 72(%rsp) - shrq \$63, %rcx #sixth iteration - movq 40($inp), %r12 - movq 48($inp), %rax mulq %r12 addq %rax, %r10 - movq 56($inp), %rax + movq %r14, %rax # 56($inp) movq %rdx, %rbx adcq \$0, %rbx mulq %r12 addq %rax, %r11 movq %r12, %rax - movq %r10, %r15 - leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 adcq \$0, %rdx - shrq \$63, %r15 addq %rbx, %r11 - movq %rdx, %r12 - adcq \$0, %r12 + adcq \$0, %rdx - movq %r11, %rbx - leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 + xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 + addq %r9, %r9 + movq %rdx, %r12 + adcq %r10, %r10 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax addq %rax, %r9 + movq %r14, %rax # 56($inp) adcq %rdx, %r10 - adcq \$0, %r11 + adcq \$0, %rbx movq %r9, 80(%rsp) movq %r10, 88(%rsp) #seventh iteration - movq 48($inp), %r13 - movq 56($inp), %rax - mulq %r13 + mulq %rbp addq %rax, %r12 - movq %r13, %rax - movq %rdx, %r13 - adcq \$0, %r13 + movq %rbp, %rax + adcq \$0, %rdx - xorq %r14, %r14 - shlq \$1, %rbx - adcq %r12, %r12 #shld \$1, %rbx, %r12 - adcq %r13, %r13 #shld \$1, %r12, %r13 - adcq %r14, %r14 #shld \$1, %r13, %r14 + xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 + addq %r11, %r11 + movq %rdx, %r13 + adcq %r12, %r12 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax addq %rax, %r11 + movq %r14, %rax # 56($inp) adcq %rdx, %r12 - adcq \$0, %r13 + adcq \$0, %rcx movq %r11, 96(%rsp) movq %r12, 104(%rsp) #eighth iteration - movq 56($inp), %rax - mulq %rax - addq %rax, %r13 - adcq \$0, %rdx - - addq %rdx, %r14 + xorq %rbx, %rbx # rbx:r13 = r13 << 1 + addq %r13, %r13 + adcq \$0, %rbx - movq %r13, 112(%rsp) - movq %r14, 120(%rsp) + mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax + addq %r13, %rax + adcq %rbx, %rdx movq (%rsp), %r8 movq 8(%rsp), %r9 @@ -469,6 +472,10 @@ $code.=<<___; movq 40(%rsp), %r13 movq 48(%rsp), %r14 movq 56(%rsp), %r15 + movq %xmm1, %rbp + + movq %rax, 112(%rsp) + movq %rdx, 120(%rsp) call __rsaz_512_reduce @@ -500,9 +507,9 @@ $code.=<<___; .Loop_sqrx: movl $times,128+8(%rsp) movq $out, %xmm0 # off-load - movq %rbp, %xmm1 # off-load #first iteration mulx %rax, %r8, %r9 + mov %rax, %rbx mulx 16($inp), %rcx, %r10 xor %rbp, %rbp # cf=0, of=0 @@ -510,40 +517,39 @@ $code.=<<___; mulx 24($inp), %rax, %r11 adcx %rcx, %r9 - mulx 32($inp), %rcx, %r12 + .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 adcx %rax, %r10 - mulx 40($inp), %rax, %r13 + .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 adcx %rcx, %r11 - .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 + mulx 48($inp), %rcx, %r14 adcx %rax, %r12 adcx %rcx, %r13 - .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 + mulx 56($inp), %rax, %r15 adcx %rax, %r14 adcx %rbp, %r15 # %rbp is 0 - mov %r9, %rcx - shld \$1, %r8, %r9 - shl \$1, %r8 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rdx, %r8 - mov 8($inp), %rdx - adcx %rbp, %r9 + mulx %rdx, %rax, $out + mov %rbx, %rdx # 8($inp) + xor %rcx, %rcx + adox %r8, %r8 + adcx $out, %r8 + adox %rbp, %rcx + adcx %rbp, %rcx mov %rax, (%rsp) mov %r8, 8(%rsp) #second iteration - mulx 16($inp), %rax, %rbx + .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx adox %rax, %r10 adcx %rbx, %r11 - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 + mulx 24($inp), $out, %r8 adox $out, %r11 + .byte 0x66 adcx %r8, %r12 mulx 32($inp), %rax, %rbx @@ -561,24 +567,25 @@ $code.=<<___; .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 adox $out, %r15 adcx %rbp, %r8 + mulx %rdx, %rax, $out adox %rbp, %r8 + .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx - mov %r11, %rbx - shld \$1, %r10, %r11 - shld \$1, %rcx, %r10 - - xor %ebp,%ebp - mulx %rdx, %rax, %rcx - mov 16($inp), %rdx + xor %rbx, %rbx + adox %r9, %r9 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r10, %r10 adcx %rax, %r9 - adcx %rcx, %r10 - adcx %rbp, %r11 + adox %rbp, %rbx + adcx $out, %r10 + adcx %rbp, %rbx mov %r9, 16(%rsp) .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) #third iteration - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 + mulx 24($inp), $out, %r9 adox $out, %r12 adcx %r9, %r13 @@ -586,7 +593,7 @@ $code.=<<___; adox %rax, %r13 adcx %rcx, %r14 - mulx 40($inp), $out, %r9 + .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 adox $out, %r14 adcx %r9, %r15 @@ -594,27 +601,28 @@ $code.=<<___; adox %rax, %r15 adcx %rcx, %r8 - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 + mulx 56($inp), $out, %r9 adox $out, %r8 adcx %rbp, %r9 + mulx %rdx, %rax, $out adox %rbp, %r9 + mov 24($inp), %rdx - mov %r13, %rcx - shld \$1, %r12, %r13 - shld \$1, %rbx, %r12 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx + xor %rcx, %rcx + adox %r11, %r11 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r12, %r12 adcx %rax, %r11 - adcx %rdx, %r12 - mov 24($inp), %rdx - adcx %rbp, %r13 + adox %rbp, %rcx + adcx $out, %r12 + adcx %rbp, %rcx mov %r11, 32(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) + mov %r12, 40(%rsp) #fourth iteration - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx + mulx 32($inp), %rax, %rbx adox %rax, %r14 adcx %rbx, %r15 @@ -629,25 +637,25 @@ $code.=<<___; mulx 56($inp), $out, %r10 adox $out, %r9 adcx %rbp, %r10 + mulx %rdx, %rax, $out adox %rbp, %r10 + mov 32($inp), %rdx - .byte 0x66 - mov %r15, %rbx - shld \$1, %r14, %r15 - shld \$1, %rcx, %r14 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx + xor %rbx, %rbx + adox %r13, %r13 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r14, %r14 adcx %rax, %r13 - adcx %rdx, %r14 - mov 32($inp), %rdx - adcx %rbp, %r15 + adox %rbp, %rbx + adcx $out, %r14 + adcx %rbp, %rbx mov %r13, 48(%rsp) mov %r14, 56(%rsp) #fifth iteration - .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 + mulx 40($inp), $out, %r11 adox $out, %r8 adcx %r11, %r9 @@ -658,18 +666,19 @@ $code.=<<___; mulx 56($inp), $out, %r11 adox $out, %r10 adcx %rbp, %r11 + mulx %rdx, %rax, $out + mov 40($inp), %rdx adox %rbp, %r11 - mov %r9, %rcx - shld \$1, %r8, %r9 - shld \$1, %rbx, %r8 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx + xor %rcx, %rcx + adox %r15, %r15 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r8, %r8 adcx %rax, %r15 - adcx %rdx, %r8 - mov 40($inp), %rdx - adcx %rbp, %r9 + adox %rbp, %rcx + adcx $out, %r8 + adcx %rbp, %rcx mov %r15, 64(%rsp) mov %r8, 72(%rsp) @@ -682,18 +691,19 @@ $code.=<<___; .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 adox $out, %r11 adcx %rbp, %r12 + mulx %rdx, %rax, $out adox %rbp, %r12 + mov 48($inp), %rdx - mov %r11, %rbx - shld \$1, %r10, %r11 - shld \$1, %rcx, %r10 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx + xor %rbx, %rbx + adox %r9, %r9 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r10, %r10 adcx %rax, %r9 - adcx %rdx, %r10 - mov 48($inp), %rdx - adcx %rbp, %r11 + adcx $out, %r10 + adox %rbp, %rbx + adcx %rbp, %rbx mov %r9, 80(%rsp) mov %r10, 88(%rsp) @@ -703,31 +713,31 @@ $code.=<<___; adox %rax, %r12 adox %rbp, %r13 - xor %r14, %r14 - shld \$1, %r13, %r14 - shld \$1, %r12, %r13 - shld \$1, %rbx, %r12 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r11 - adcx %rdx, %r12 + mulx %rdx, %rax, $out + xor %rcx, %rcx mov 56($inp), %rdx - adcx %rbp, %r13 + adox %r11, %r11 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r12, %r12 + adcx %rax, %r11 + adox %rbp, %rcx + adcx $out, %r12 + adcx %rbp, %rcx .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) #eighth iteration mulx %rdx, %rax, %rdx - adox %rax, %r13 - adox %rbp, %rdx + xor %rbx, %rbx + adox %r13, %r13 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %rbp, %rbx + adcx %r13, %rax + adcx %rdx, %rbx - .byte 0x66 - add %rdx, %r14 - - movq %r13, 112(%rsp) - movq %r14, 120(%rsp) movq %xmm0, $out movq %xmm1, %rbp @@ -741,6 +751,9 @@ $code.=<<___; movq 48(%rsp), %r14 movq 56(%rsp), %r15 + movq %rax, 112(%rsp) + movq %rbx, 120(%rsp) + call __rsaz_512_reducex addq 64(%rsp), %r8 @@ -1606,6 +1619,7 @@ $code.=<<___; .type __rsaz_512_reduce,\@abi-omnipotent .align 32 __rsaz_512_reduce: +.cfi_startproc movq %r8, %rbx imulq 128+8(%rsp), %rbx movq 0(%rbp), %rax @@ -1685,6 +1699,7 @@ __rsaz_512_reduce: jne .Lreduction_loop ret +.cfi_endproc .size __rsaz_512_reduce,.-__rsaz_512_reduce ___ } @@ -1698,6 +1713,7 @@ $code.=<<___; .type __rsaz_512_reducex,\@abi-omnipotent .align 32 __rsaz_512_reducex: +.cfi_startproc #movq 128+8(%rsp), %rdx # pull $n0 imulq %r8, %rdx xorq %rsi, %rsi # cf=0,of=0 @@ -1750,6 +1766,7 @@ __rsaz_512_reducex: jne .Lreduction_loopx ret +.cfi_endproc .size __rsaz_512_reducex,.-__rsaz_512_reducex ___ } @@ -1761,6 +1778,7 @@ $code.=<<___; .type __rsaz_512_subtract,\@abi-omnipotent .align 32 __rsaz_512_subtract: +.cfi_startproc movq %r8, ($out) movq %r9, 8($out) movq %r10, 16($out) @@ -1814,6 +1832,7 @@ __rsaz_512_subtract: movq %r15, 56($out) ret +.cfi_endproc .size __rsaz_512_subtract,.-__rsaz_512_subtract ___ } @@ -1827,6 +1846,7 @@ $code.=<<___; .type __rsaz_512_mul,\@abi-omnipotent .align 32 __rsaz_512_mul: +.cfi_startproc leaq 8(%rsp), %rdi movq ($ap), %rax @@ -1965,6 +1985,7 @@ __rsaz_512_mul: movq %r15, 56(%rdi) ret +.cfi_endproc .size __rsaz_512_mul,.-__rsaz_512_mul ___ } @@ -1979,6 +2000,7 @@ $code.=<<___; .type __rsaz_512_mulx,\@abi-omnipotent .align 32 __rsaz_512_mulx: +.cfi_startproc mulx ($ap), %rbx, %r8 # initial %rdx preloaded by caller mov \$-6, %rcx @@ -2095,6 +2117,7 @@ __rsaz_512_mulx: mov %r15, 8+64+56(%rsp) ret +.cfi_endproc .size __rsaz_512_mulx,.-__rsaz_512_mulx ___ } @@ -2105,6 +2128,7 @@ $code.=<<___; .type rsaz_512_scatter4,\@abi-omnipotent .align 16 rsaz_512_scatter4: +.cfi_startproc leaq ($out,$power,8), $out movl \$8, %r9d jmp .Loop_scatter @@ -2117,12 +2141,14 @@ rsaz_512_scatter4: decl %r9d jnz .Loop_scatter ret +.cfi_endproc .size rsaz_512_scatter4,.-rsaz_512_scatter4 .globl rsaz_512_gather4 .type rsaz_512_gather4,\@abi-omnipotent .align 16 rsaz_512_gather4: +.cfi_startproc ___ $code.=<<___ if ($win64); .LSEH_begin_rsaz_512_gather4: @@ -2217,6 +2243,7 @@ ___ $code.=<<___; ret .LSEH_end_rsaz_512_gather4: +.cfi_endproc .size rsaz_512_gather4,.-rsaz_512_gather4 .align 64 @@ -2401,4 +2428,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl index 06181bf9b95f..a7e4b8a97d30 100755 --- a/crypto/bn/asm/s390x-gf2m.pl +++ b/crypto/bn/asm/s390x-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -225,4 +225,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl index c2fc5adffe0d..bc8c8951e060 100755 --- a/crypto/bn/asm/s390x-mont.pl +++ b/crypto/bn/asm/s390x-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -145,7 +145,7 @@ $code.=<<___; lghi $NHI,0 alcgr $NHI,$nhi - la $j,8(%r0) # j=1 + la $j,8 # j=1 lr $count,$num .align 16 @@ -197,7 +197,7 @@ $code.=<<___; lghi $NHI,0 alcgr $NHI,$nhi - la $j,8(%r0) # j=1 + la $j,8 # j=1 lr $count,$num .align 16 @@ -241,7 +241,7 @@ $code.=<<___; la $ap,$stdframe($sp) ahi $num,1 # restore $num, incidentally clears "borrow" - la $j,0(%r0) + la $j,0 lr $count,$num .Lsub: lg $alo,0($j,$ap) lg $nlo,0($j,$np) @@ -255,7 +255,7 @@ $code.=<<___; lghi $NHI,-1 xgr $NHI,$AHI - la $j,0(%r0) + la $j,0 lgr $count,$num .Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy lg $alo,0($j,$rp) @@ -281,4 +281,4 @@ foreach (split("\n",$code)) { s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e; print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S index 292a7a9998bd..b666c41a88a4 100755 --- a/crypto/bn/asm/s390x.S +++ b/crypto/bn/asm/s390x.S @@ -511,7 +511,7 @@ bn_mul_comba4: lghi zero,0 mul_add_c(0,0,c1,c2,c3); - stg c1,0*8(%r3) + stg c1,0*8(%r2) lghi c1,0 mul_add_c(0,1,c2,c3,c1); diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl index fcae9cfc5b44..62e297a01692 100755 --- a/crypto/bn/asm/sparct4-mont.pl +++ b/crypto/bn/asm/sparct4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1225,4 +1225,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl index dcf11a87a18e..238a93dca56c 100755 --- a/crypto/bn/asm/sparcv9-gf2m.pl +++ b/crypto/bn/asm/sparcv9-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -197,4 +197,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index b41903af985f..d1a3c2bc4343 100755 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -617,4 +617,4 @@ $code.=<<___; ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv9a-mont.pl b/crypto/bn/asm/sparcv9a-mont.pl index c8f759df9fbd..7a1fca1263a9 100755 --- a/crypto/bn/asm/sparcv9a-mont.pl +++ b/crypto/bn/asm/sparcv9a-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -884,4 +884,4 @@ $code =~ s/fzeros\s+%f([0-9]+)/ print $code; # flush -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl index 9cf717e84102..9dbc8d458792 100755 --- a/crypto/bn/asm/via-mont.pl +++ b/crypto/bn/asm/via-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -248,4 +248,4 @@ $sp=&DWP(28,"esp"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index 04833a0c876d..d797af8745dc 100755 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -381,4 +381,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl index d03efcc75023..436d90b11ea4 100755 --- a/crypto/bn/asm/x86-gf2m.pl +++ b/crypto/bn/asm/x86-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -322,4 +322,4 @@ if ($sse2) { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl index 7ba2133ac9c3..2103f806b65a 100755 --- a/crypto/bn/asm/x86-mont.pl +++ b/crypto/bn/asm/x86-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -628,4 +628,4 @@ $sbit=$num; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 31839ba060fa..e6fdaadf0e91 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "../bn_lcl.h" +#include "../bn_local.h" #if !(defined(__GNUC__) && __GNUC__>=2) # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ #else diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl index 0fd6e985d7b0..655f13c89ee8 100755 --- a/crypto/bn/asm/x86_64-gf2m.pl +++ b/crypto/bn/asm/x86_64-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -421,4 +421,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index c051135e30dd..e00cac448b89 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -1589,4 +1589,4 @@ ___ } print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index f43e13d11643..887770b30db1 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -60,7 +60,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -580,6 +580,7 @@ $code.=<<___; .type mul4x_internal,\@abi-omnipotent .align 32 mul4x_internal: +.cfi_startproc shl \$5,$num # $num was in bytes movd `($win64?56:8)`(%rax),%xmm5 # load 7th argument, index lea .Linc(%rip),%rax @@ -1074,6 +1075,7 @@ $code.=<<___ ___ } $code.=<<___; +.cfi_endproc .size mul4x_internal,.-mul4x_internal ___ }}} @@ -1239,6 +1241,7 @@ $code.=<<___; .align 32 bn_sqr8x_internal: __bn_sqr8x_internal: +.cfi_startproc ############################################################## # Squaring part: # @@ -2030,6 +2033,7 @@ __bn_sqr8x_reduction: cmp %rdx,$tptr # end of t[]? jb .L8x_reduction_loop ret +.cfi_endproc .size bn_sqr8x_internal,.-bn_sqr8x_internal ___ } @@ -2042,6 +2046,7 @@ $code.=<<___; .type __bn_post4x_internal,\@abi-omnipotent .align 32 __bn_post4x_internal: +.cfi_startproc mov 8*0($nptr),%r12 lea (%rdi,$num),$tptr # %rdi was $tptr above mov $num,%rcx @@ -2092,6 +2097,7 @@ __bn_post4x_internal: mov $num,%r10 # prepare for back-to-back call neg $num # restore $num ret +.cfi_endproc .size __bn_post4x_internal,.-__bn_post4x_internal ___ } @@ -2101,10 +2107,12 @@ $code.=<<___; .type bn_from_montgomery,\@abi-omnipotent .align 32 bn_from_montgomery: +.cfi_startproc testl \$7,`($win64?"48(%rsp)":"%r9d")` jz bn_from_mont8x xor %eax,%eax ret +.cfi_endproc .size bn_from_montgomery,.-bn_from_montgomery .type bn_from_mont8x,\@function,6 @@ -2400,6 +2408,7 @@ bn_mulx4x_mont_gather5: .type mulx4x_internal,\@abi-omnipotent .align 32 mulx4x_internal: +.cfi_startproc mov $num,8(%rsp) # save -$num (it was in bytes) mov $num,%r10 neg $num # restore $num @@ -2750,6 +2759,7 @@ $code.=<<___; mov 8*2(%rbp),%r14 mov 8*3(%rbp),%r15 jmp .Lsqrx4x_sub_entry # common post-condition +.cfi_endproc .size mulx4x_internal,.-mulx4x_internal ___ } { @@ -3555,6 +3565,7 @@ my ($rptr,$nptr)=("%rdx","%rbp"); $code.=<<___; .align 32 __bn_postx4x_internal: +.cfi_startproc mov 8*0($nptr),%r12 mov %rcx,%r10 # -$num mov %rcx,%r9 # -$num @@ -3602,6 +3613,7 @@ __bn_postx4x_internal: neg %r9 # restore $num ret +.cfi_endproc .size __bn_postx4x_internal,.-__bn_postx4x_internal ___ } @@ -3618,6 +3630,7 @@ $code.=<<___; .type bn_get_bits5,\@abi-omnipotent .align 16 bn_get_bits5: +.cfi_startproc lea 0($inp),%r10 lea 1($inp),%r11 mov $num,%ecx @@ -3631,12 +3644,14 @@ bn_get_bits5: shrl %cl,%eax and \$31,%eax ret +.cfi_endproc .size bn_get_bits5,.-bn_get_bits5 .globl bn_scatter5 .type bn_scatter5,\@abi-omnipotent .align 16 bn_scatter5: +.cfi_startproc cmp \$0, $num jz .Lscatter_epilogue lea ($tbl,$idx,8),$tbl @@ -3649,6 +3664,7 @@ bn_scatter5: jnz .Lscatter .Lscatter_epilogue: ret +.cfi_endproc .size bn_scatter5,.-bn_scatter5 .globl bn_gather5 @@ -3656,6 +3672,7 @@ bn_scatter5: .align 32 bn_gather5: .LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases +.cfi_startproc # I can't trust assembler to use specific encoding:-( .byte 0x4c,0x8d,0x14,0x24 #lea (%rsp),%r10 .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 #sub $0x108,%rsp @@ -3740,6 +3757,7 @@ $code.=<<___; lea (%r10),%rsp ret .LSEH_end_bn_gather5: +.cfi_endproc .size bn_gather5,.-bn_gather5 ___ } @@ -3942,4 +3960,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index f2736b8f6d41..8ffe49618a8b 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* signed add of b to a. */ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c index 729b2480acd1..4d83a8cf1115 100644 --- a/crypto/bn/bn_asm.c +++ b/crypto/bn/bn_asm.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 450cdfb34866..76fc7ebcffc0 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define BN_BLINDING_COUNTER 32 diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 90cecea2aa5d..042cb247d37f 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /*- * TODO list diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 58bcf197a490..b60269cd57a6 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -20,7 +20,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "internal/cryptlib.h" -# include "bn_lcl.h" +# include "bn_local.h" BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c index 38acdee234d0..58c44f0b179e 100644 --- a/crypto/bn/bn_dh.c +++ b/crypto/bn/bn_dh.c @@ -7,12 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/nelem.h" #ifndef OPENSSL_NO_DH #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" /* DH parameters from RFC5114 */ # if BN_BITS2 == 64 diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 7fc0132830a1..286d69c895fd 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* The old slow way */ #if 0 diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 88f2baf0e553..9531acfc3c94 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -8,8 +8,8 @@ */ #include "internal/cryptlib.h" -#include "internal/constant_time_locl.h" -#include "bn_lcl.h" +#include "internal/constant_time.h" +#include "bn_local.h" #include #ifdef _WIN32 diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index 082c9286a0f4..e542abe46fa1 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define TABLE_SIZE 32 diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 0091ea4e08a6..ef81acb77ba6 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -8,113 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" - -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); - -int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) -{ - BIGNUM *a, *b, *t; - int ret = 0; - - bn_check_top(in_a); - bn_check_top(in_b); - - BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (b == NULL) - goto err; - - if (BN_copy(a, in_a) == NULL) - goto err; - if (BN_copy(b, in_b) == NULL) - goto err; - a->neg = 0; - b->neg = 0; - - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - t = euclid(a, b); - if (t == NULL) - goto err; - - if (BN_copy(r, t) == NULL) - goto err; - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(r); - return ret; -} - -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) -{ - BIGNUM *t; - int shifts = 0; - - bn_check_top(a); - bn_check_top(b); - - /* 0 <= b <= a */ - while (!BN_is_zero(b)) { - /* 0 < b <= a */ - - if (BN_is_odd(a)) { - if (BN_is_odd(b)) { - if (!BN_sub(a, a, b)) - goto err; - if (!BN_rshift1(a, a)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } else { /* a odd - b even */ - - if (!BN_rshift1(b, b)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } - } else { /* a is even */ - - if (BN_is_odd(b)) { - if (!BN_rshift1(a, a)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } else { /* a even - b even */ - - if (!BN_rshift1(a, a)) - goto err; - if (!BN_rshift1(b, b)) - goto err; - shifts++; - } - } - /* 0 <= b <= a */ - } - - if (shifts) { - if (!BN_lshift(a, a, shifts)) - goto err; - } - bn_check_top(a); - return a; - err: - return NULL; -} +#include "bn_local.h" /* solves ax == 1 (mod n) */ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, @@ -621,3 +515,115 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, bn_check_top(ret); return ret; } + +/*- + * This function is based on the constant-time GCD work by Bernstein and Yang: + * https://eprint.iacr.org/2019/266 + * Generalized fast GCD function to allow even inputs. + * The algorithm first finds the shared powers of 2 between + * the inputs, and removes them, reducing at least one of the + * inputs to an odd value. Then it proceeds to calculate the GCD. + * Before returning the resulting GCD, we take care of adding + * back the powers of two removed at the beginning. + * Note 1: we assume the bit length of both inputs is public information, + * since access to top potentially leaks this information. + */ +int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) +{ + BIGNUM *g, *temp = NULL; + BN_ULONG mask = 0; + int i, j, top, rlen, glen, m, bit = 1, delta = 1, cond = 0, shifts = 0, ret = 0; + + /* Note 2: zero input corner cases are not constant-time since they are + * handled immediately. An attacker can run an attack under this + * assumption without the need of side-channel information. */ + if (BN_is_zero(in_b)) { + ret = BN_copy(r, in_a) != NULL; + r->neg = 0; + return ret; + } + if (BN_is_zero(in_a)) { + ret = BN_copy(r, in_b) != NULL; + r->neg = 0; + return ret; + } + + bn_check_top(in_a); + bn_check_top(in_b); + + BN_CTX_start(ctx); + temp = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + + /* make r != 0, g != 0 even, so BN_rshift is not a potential nop */ + if (g == NULL + || !BN_lshift1(g, in_b) + || !BN_lshift1(r, in_a)) + goto err; + + /* find shared powers of two, i.e. "shifts" >= 1 */ + for (i = 0; i < r->dmax && i < g->dmax; i++) { + mask = ~(r->d[i] | g->d[i]); + for (j = 0; j < BN_BITS2; j++) { + bit &= mask; + shifts += bit; + mask >>= 1; + } + } + + /* subtract shared powers of two; shifts >= 1 */ + if (!BN_rshift(r, r, shifts) + || !BN_rshift(g, g, shifts)) + goto err; + + /* expand to biggest nword, with room for a possible extra word */ + top = 1 + ((r->top >= g->top) ? r->top : g->top); + if (bn_wexpand(r, top) == NULL + || bn_wexpand(g, top) == NULL + || bn_wexpand(temp, top) == NULL) + goto err; + + /* re arrange inputs s.t. r is odd */ + BN_consttime_swap((~r->d[0]) & 1, r, g, top); + + /* compute the number of iterations */ + rlen = BN_num_bits(r); + glen = BN_num_bits(g); + m = 4 + 3 * ((rlen >= glen) ? rlen : glen); + + for (i = 0; i < m; i++) { + /* conditionally flip signs if delta is positive and g is odd */ + cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ + & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + delta = (-cond & -delta) | ((cond - 1) & delta); + r->neg ^= cond; + /* swap */ + BN_consttime_swap(cond, r, g, top); + + /* elimination step */ + delta++; + if (!BN_add(temp, g, r)) + goto err; + BN_consttime_swap(g->d[0] & 1 /* g is odd */ + /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ + & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + g, temp, top); + if (!BN_rshift1(g, g)) + goto err; + } + + /* remove possible negative sign */ + r->neg = 0; + /* add powers of 2 removed, then correct the artificial shift */ + if (!BN_lshift(r, r, shifts) + || !BN_rshift1(r, r)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + bn_check_top(r); + return ret; +} diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 34d8b69c1ec9..a2ea86755182 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -12,7 +12,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #ifndef OPENSSL_NO_EC2M diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index 46bc97575dfe..147b4fa022cf 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c index b9bc6cca27fe..c1e09d272120 100644 --- a/crypto/bn/bn_kron.c +++ b/crypto/bn/bn_kron.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* least significant word */ #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h deleted file mode 100644 index 7f823a6178a5..000000000000 --- a/crypto/bn/bn_lcl.h +++ /dev/null @@ -1,671 +0,0 @@ -/* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_BN_LCL_H -# define HEADER_BN_LCL_H - -/* - * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or - * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our - * Configure script and needs to support both 32-bit and 64-bit. - */ -# include - -# if !defined(OPENSSL_SYS_UEFI) -# include "internal/bn_conf.h" -# endif - -# include "internal/bn_int.h" - -/* - * These preprocessor symbols control various aspects of the bignum headers - * and library code. They're not defined by any "normal" configuration, as - * they are intended for development and testing purposes. NB: defining all - * three can be useful for debugging application code as well as openssl - * itself. BN_DEBUG - turn on various debugging alterations to the bignum - * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up - * mismanagement of bignum internals. You must also define BN_DEBUG. - */ -/* #define BN_DEBUG */ -/* #define BN_DEBUG_RAND */ - -# ifndef OPENSSL_SMALL_FOOTPRINT -# define BN_MUL_COMBA -# define BN_SQR_COMBA -# define BN_RECURSION -# endif - -/* - * This next option uses the C libraries (2 word)/(1 word) function. If it is - * not defined, I use my C version (which is slower). The reason for this - * flag is that when the particular C compiler library routine is used, and - * the library is linked with a different compiler, the library is missing. - * This mostly happens when the library is built with gcc and then linked - * using normal cc. This would be a common occurrence because gcc normally - * produces code that is 2 times faster than system compilers for the big - * number stuff. For machines with only one compiler (or shared libraries), - * this should be on. Again this in only really a problem on machines using - * "long long's", are 32bit, and are not using my assembler code. - */ -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) -# define BN_DIV2W -# endif - -/* - * 64-bit processor with LP64 ABI - */ -# ifdef SIXTY_FOUR_BIT_LONG -# define BN_ULLONG unsigned long long -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000L) -# define BN_MASK2h1 (0xffffffff80000000L) -# define BN_DEC_CONV (10000000000000000000UL) -# define BN_DEC_NUM 19 -# define BN_DEC_FMT1 "%lu" -# define BN_DEC_FMT2 "%019lu" -# endif - -/* - * 64-bit processor other than LP64 ABI - */ -# ifdef SIXTY_FOUR_BIT -# undef BN_LLONG -# undef BN_ULLONG -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffLL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000LL) -# define BN_MASK2h1 (0xffffffff80000000LL) -# define BN_DEC_CONV (10000000000000000000ULL) -# define BN_DEC_NUM 19 -# define BN_DEC_FMT1 "%llu" -# define BN_DEC_FMT2 "%019llu" -# endif - -# ifdef THIRTY_TWO_BIT -# ifdef BN_LLONG -# if defined(_WIN32) && !defined(__GNUC__) -# define BN_ULLONG unsigned __int64 -# else -# define BN_ULLONG unsigned long long -# endif -# endif -# define BN_BITS4 16 -# define BN_MASK2 (0xffffffffL) -# define BN_MASK2l (0xffff) -# define BN_MASK2h1 (0xffff8000L) -# define BN_MASK2h (0xffff0000L) -# define BN_DEC_CONV (1000000000L) -# define BN_DEC_NUM 9 -# define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%09u" -# endif - - -/*- - * Bignum consistency macros - * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from - * bignum data after direct manipulations on the data. There is also an - * "internal" macro, bn_check_top(), for verifying that there are no leading - * zeroes. Unfortunately, some auditing is required due to the fact that - * bn_fix_top() has become an overabused duct-tape because bignum data is - * occasionally passed around in an inconsistent state. So the following - * changes have been made to sort this out; - * - bn_fix_top()s implementation has been moved to bn_correct_top() - * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and - * bn_check_top() is as before. - * - if BN_DEBUG *is* defined; - * - bn_check_top() tries to pollute unused words even if the bignum 'top' is - * consistent. (ed: only if BN_DEBUG_RAND is defined) - * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. - * The idea is to have debug builds flag up inconsistent bignums when they - * occur. If that occurs in a bn_fix_top(), we examine the code in question; if - * the use of bn_fix_top() was appropriate (ie. it follows directly after code - * that manipulates the bignum) it is converted to bn_correct_top(), and if it - * was not appropriate, we convert it permanently to bn_check_top() and track - * down the cause of the bug. Eventually, no internal code should be using the - * bn_fix_top() macro. External applications and libraries should try this with - * their own code too, both in terms of building against the openssl headers - * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it - * defined. This not only improves external code, it provides more test - * coverage for openssl's own code. - */ - -# ifdef BN_DEBUG -/* - * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with - * bn_correct_top, in other words such vectors are permitted to have zeros - * in most significant limbs. Such vectors are used internally to achieve - * execution time invariance for critical operations with private keys. - * It's BN_DEBUG-only flag, because user application is not supposed to - * observe it anyway. Moreover, optimizing compiler would actually remove - * all operations manipulating the bit in question in non-BN_DEBUG build. - */ -# define BN_FLG_FIXED_TOP 0x10000 -# ifdef BN_DEBUG_RAND -# define bn_pollute(a) \ - do { \ - const BIGNUM *_bnum1 = (a); \ - if (_bnum1->top < _bnum1->dmax) { \ - unsigned char _tmp_char; \ - /* We cast away const without the compiler knowing, any \ - * *genuinely* constant variables that aren't mutable \ - * wouldn't be constructed with top!=dmax. */ \ - BN_ULONG *_not_const; \ - memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ - RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ - memset(_not_const + _bnum1->top, _tmp_char, \ - sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ - } \ - } while(0) -# else -# define bn_pollute(a) -# endif -# define bn_check_top(a) \ - do { \ - const BIGNUM *_bnum2 = (a); \ - if (_bnum2 != NULL) { \ - int _top = _bnum2->top; \ - (void)ossl_assert((_top == 0 && !_bnum2->neg) || \ - (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ - || _bnum2->d[_top - 1] != 0))); \ - bn_pollute(_bnum2); \ - } \ - } while(0) - -# define bn_fix_top(a) bn_check_top(a) - -# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -# define bn_wcheck_size(bn, words) \ - do { \ - const BIGNUM *_bnum2 = (bn); \ - assert((words) <= (_bnum2)->dmax && \ - (words) >= (_bnum2)->top); \ - /* avoid unused variable warning with NDEBUG */ \ - (void)(_bnum2); \ - } while(0) - -# else /* !BN_DEBUG */ - -# define BN_FLG_FIXED_TOP 0 -# define bn_pollute(a) -# define bn_check_top(a) -# define bn_fix_top(a) bn_correct_top(a) -# define bn_check_size(bn, bits) -# define bn_wcheck_size(bn, words) - -# endif - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w); -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); -BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); - -struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; -}; - -/* Used for montgomery multiplication */ -struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form, - possibly zero-padded */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only - * stored for bignum algorithm) */ - BN_ULONG n0[2]; /* least significant word(s) of Ni; (type - * changed with 0.9.9, was "BN_ULONG n0;" - * before) */ - int flags; -}; - -/* - * Used for reciprocal division/mod functions It cannot be shared between - * threads - */ -struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -}; - -/* Used for slow "generation" functions. */ -struct bn_gencb_st { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ - union { - /* if (ver==1) - handles old style callbacks */ - void (*cb_1) (int, int, void *); - /* if (ver==2) - new callback style */ - int (*cb_2) (int, int, BN_GENCB *); - } cb; -}; - -/*- - * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions - * - * - * For window size 'w' (w >= 2) and a random 'b' bits exponent, - * the number of multiplications is a constant plus on average - * - * 2^(w-1) + (b-w)/(w+1); - * - * here 2^(w-1) is for precomputing the table (we actually need - * entries only for windows that have the lowest bit set), and - * (b-w)/(w+1) is an approximation for the expected number of - * w-bit windows, not counting the first one. - * - * Thus we should use - * - * w >= 6 if b > 671 - * w = 5 if 671 > b > 239 - * w = 4 if 239 > b > 79 - * w = 3 if 79 > b > 23 - * w <= 2 if 23 > b - * - * (with draws in between). Very small exponents are often selected - * with low Hamming weight, so we use w = 1 for b <= 23. - */ -# define BN_window_bits_for_exponent_size(b) \ - ((b) > 671 ? 6 : \ - (b) > 239 ? 5 : \ - (b) > 79 ? 4 : \ - (b) > 23 ? 3 : 1) - -/* - * BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache - * line width of the target processor is at least the following value. - */ -# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) -# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) - -/* - * Window sizes optimized for fixed window size modular exponentiation - * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of - * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed - * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are - * defined for cache line sizes of 32 and 64, cache line sizes where - * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be - * used on processors that have a 128 byte or greater cache line size. - */ -# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 - -# define BN_window_bits_for_ctime_exponent_size(b) \ - ((b) > 937 ? 6 : \ - (b) > 306 ? 5 : \ - (b) > 89 ? 4 : \ - (b) > 22 ? 3 : 1) -# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) - -# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 - -# define BN_window_bits_for_ctime_exponent_size(b) \ - ((b) > 306 ? 5 : \ - (b) > 89 ? 4 : \ - (b) > 22 ? 3 : 1) -# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) - -# endif - -/* Pentium pro 16,16,16,32,64 */ -/* Alpha 16,16,16,16.64 */ -# define BN_MULL_SIZE_NORMAL (16)/* 32 */ -# define BN_MUL_RECURSIVE_SIZE_NORMAL (16)/* 32 less than */ -# define BN_SQR_RECURSIVE_SIZE_NORMAL (16)/* 32 */ -# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */ -# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */ - -/* - * 2011-02-22 SMS. In various places, a size_t variable or a type cast to - * size_t was used to perform integer-only operations on pointers. This - * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t - * is still only 32 bits. What's needed in these cases is an integer type - * with the same size as a pointer, which size_t is not certain to be. The - * only fix here is VMS-specific. - */ -# if defined(OPENSSL_SYS_VMS) -# if __INITIAL_POINTER_SIZE == 64 -# define PTR_SIZE_INT long long -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define PTR_SIZE_INT int -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ -# elif !defined(PTR_SIZE_INT) /* defined(OPENSSL_SYS_VMS) */ -# define PTR_SIZE_INT size_t -# endif /* defined(OPENSSL_SYS_VMS) [else] */ - -# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -/* - * BN_UMULT_HIGH section. - * If the compiler doesn't support 2*N integer type, then you have to - * replace every N*N multiplication with 4 (N/2)*(N/2) accompanied by some - * shifts and additions which unavoidably results in severe performance - * penalties. Of course provided that the hardware is capable of producing - * 2*N result... That's when you normally start considering assembler - * implementation. However! It should be pointed out that some CPUs (e.g., - * PowerPC, Alpha, and IA-64) provide *separate* instruction calculating - * the upper half of the product placing the result into a general - * purpose register. Now *if* the compiler supports inline assembler, - * then it's not impossible to implement the "bignum" routines (and have - * the compiler optimize 'em) exhibiting "native" performance in C. That's - * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do - * support 2*64 integer type, which is also used here. - */ -# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \ - (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) -# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) -# define BN_UMULT_LOHI(low,high,a,b) ({ \ - __uint128_t ret=(__uint128_t)(a)*(b); \ - (high)=ret>>64; (low)=ret; }) -# elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__DECC) -# include -# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) -# elif defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("umulh %1,%2,%0" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("mulhdu %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif (defined(__x86_64) || defined(__x86_64__)) && \ - (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret,discard; \ - asm ("mulq %3" \ - : "=a"(discard),"=d"(ret) \ - : "a"(a), "g"(b) \ - : "cc"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(a),"g"(b) \ - : "cc"); -# endif -# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) -# if defined(_MSC_VER) && _MSC_VER>=1400 -unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b); -unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, - unsigned __int64 *h); -# pragma intrinsic(__umulh,_umul128) -# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) -# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) -# endif -# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("dmultu %1,%2" \ - : "=h"(ret) \ - : "r"(a), "r"(b) : "l"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ - asm ("dmultu %2,%3" \ - : "=l"(low),"=h"(high) \ - : "r"(a), "r"(b)); -# endif -# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("umulh %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif -# endif /* cpu */ -# endif /* OPENSSL_NO_ASM */ - -# ifdef BN_DEBUG_RAND -# define bn_clear_top2max(a) \ - { \ - int ind = (a)->dmax - (a)->top; \ - BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ - for (; ind != 0; ind--) \ - *(++ftl) = 0x0; \ - } -# else -# define bn_clear_top2max(a) -# endif - -# ifdef BN_LLONG -/******************************************************************* - * Using the long long type, has to be twice as wide as BN_ULONG... - */ -# define Lw(t) (((BN_ULONG)(t))&BN_MASK2) -# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) - -# define mul_add(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (r) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -# define mul(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -# define sqr(r0,r1,a) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)(a)*(a); \ - (r0)=Lw(t); \ - (r1)=Hw(t); \ - } - -# elif defined(BN_UMULT_LOHI) -# define mul_add(r,a,w,c) { \ - BN_ULONG high,low,ret,tmp=(a); \ - ret = (r); \ - BN_UMULT_LOHI(low,high,w,tmp); \ - ret += (c); \ - (c) = (ret<(c))?1:0; \ - (c) += high; \ - ret += low; \ - (c) += (ret>BN_BITS4)&BN_MASK2l) -# define L2HBITS(a) (((a)<>BN_BITS2)&BN_MASKl) -# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<>(BN_BITS4-1); \ - m =(m&BN_MASK2l)<<(BN_BITS4+1); \ - l=(l+m)&BN_MASK2; if (l < m) h++; \ - (lo)=l; \ - (ho)=h; \ - } - -# define mul_add(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ - (c)=(r); \ - l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ - (c)=h&BN_MASK2; \ - (r)=l; \ - } - -# define mul(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l+=(c); if ((l&BN_MASK2) < (c)) h++; \ - (c)=h&BN_MASK2; \ - (r)=l&BN_MASK2; \ - } -# endif /* !BN_LLONG */ - -void BN_RECP_CTX_init(BN_RECP_CTX *recp); -void BN_MONT_CTX_init(BN_MONT_CTX *ctx); - -void bn_init(BIGNUM *a); -void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); -void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); -void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); -void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); -void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a); -void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a); -int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n); -int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); -void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t); -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, - int n, int tna, int tnb, BN_ULONG *t); -void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t); -void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); -void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t); -BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - -BIGNUM *int_bn_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, - int *noinv); - -int bn_probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); - -static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) -{ - if (bits > (INT_MAX - BN_BITS2 + 1)) - return NULL; - - if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) - return a; - - return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); -} - -#endif diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 254069ff3819..86d4956c8a8c 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -10,9 +10,9 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #include -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" /* This stuff appears to be completely unused, so is deprecated */ #if OPENSSL_API_COMPAT < 0x00908000L diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h new file mode 100644 index 000000000000..37228104c640 --- /dev/null +++ b/crypto/bn/bn_local.h @@ -0,0 +1,671 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BN_LOCAL_H +# define OSSL_CRYPTO_BN_LOCAL_H + +/* + * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or + * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our + * Configure script and needs to support both 32-bit and 64-bit. + */ +# include + +# if !defined(OPENSSL_SYS_UEFI) +# include "crypto/bn_conf.h" +# endif + +# include "crypto/bn.h" + +/* + * These preprocessor symbols control various aspects of the bignum headers + * and library code. They're not defined by any "normal" configuration, as + * they are intended for development and testing purposes. NB: defining all + * three can be useful for debugging application code as well as openssl + * itself. BN_DEBUG - turn on various debugging alterations to the bignum + * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ + +# ifndef OPENSSL_SMALL_FOOTPRINT +# define BN_MUL_COMBA +# define BN_SQR_COMBA +# define BN_RECURSION +# endif + +/* + * This next option uses the C libraries (2 word)/(1 word) function. If it is + * not defined, I use my C version (which is slower). The reason for this + * flag is that when the particular C compiler library routine is used, and + * the library is linked with a different compiler, the library is missing. + * This mostly happens when the library is built with gcc and then linked + * using normal cc. This would be a common occurrence because gcc normally + * produces code that is 2 times faster than system compilers for the big + * number stuff. For machines with only one compiler (or shared libraries), + * this should be on. Again this in only really a problem on machines using + * "long long's", are 32bit, and are not using my assembler code. + */ +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ + defined(OPENSSL_SYS_WIN32) || defined(linux) +# define BN_DIV2W +# endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULLONG unsigned long long +# define BN_BITS4 32 +# define BN_MASK2 (0xffffffffffffffffL) +# define BN_MASK2l (0xffffffffL) +# define BN_MASK2h (0xffffffff00000000L) +# define BN_MASK2h1 (0xffffffff80000000L) +# define BN_DEC_CONV (10000000000000000000UL) +# define BN_DEC_NUM 19 +# define BN_DEC_FMT1 "%lu" +# define BN_DEC_FMT2 "%019lu" +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# undef BN_LLONG +# undef BN_ULLONG +# define BN_BITS4 32 +# define BN_MASK2 (0xffffffffffffffffLL) +# define BN_MASK2l (0xffffffffL) +# define BN_MASK2h (0xffffffff00000000LL) +# define BN_MASK2h1 (0xffffffff80000000LL) +# define BN_DEC_CONV (10000000000000000000ULL) +# define BN_DEC_NUM 19 +# define BN_DEC_FMT1 "%llu" +# define BN_DEC_FMT2 "%019llu" +# endif + +# ifdef THIRTY_TWO_BIT +# ifdef BN_LLONG +# if defined(_WIN32) && !defined(__GNUC__) +# define BN_ULLONG unsigned __int64 +# else +# define BN_ULLONG unsigned long long +# endif +# endif +# define BN_BITS4 16 +# define BN_MASK2 (0xffffffffL) +# define BN_MASK2l (0xffff) +# define BN_MASK2h1 (0xffff8000L) +# define BN_MASK2h (0xffff0000L) +# define BN_DEC_CONV (1000000000L) +# define BN_DEC_NUM 9 +# define BN_DEC_FMT1 "%u" +# define BN_DEC_FMT2 "%09u" +# endif + + +/*- + * Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +# ifdef BN_DEBUG +/* + * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with + * bn_correct_top, in other words such vectors are permitted to have zeros + * in most significant limbs. Such vectors are used internally to achieve + * execution time invariance for critical operations with private keys. + * It's BN_DEBUG-only flag, because user application is not supposed to + * observe it anyway. Moreover, optimizing compiler would actually remove + * all operations manipulating the bit in question in non-BN_DEBUG build. + */ +# define BN_FLG_FIXED_TOP 0x10000 +# ifdef BN_DEBUG_RAND +# define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if (_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ + RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ + memset(_not_const + _bnum1->top, _tmp_char, \ + sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ + } \ + } while(0) +# else +# define bn_pollute(a) +# endif +# define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + int _top = _bnum2->top; \ + (void)ossl_assert((_top == 0 && !_bnum2->neg) || \ + (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ + || _bnum2->d[_top - 1] != 0))); \ + bn_pollute(_bnum2); \ + } \ + } while(0) + +# define bn_fix_top(a) bn_check_top(a) + +# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +# define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert((words) <= (_bnum2)->dmax && \ + (words) >= (_bnum2)->top); \ + /* avoid unused variable warning with NDEBUG */ \ + (void)(_bnum2); \ + } while(0) + +# else /* !BN_DEBUG */ + +# define BN_FLG_FIXED_TOP 0 +# define bn_pollute(a) +# define bn_check_top(a) +# define bn_fix_top(a) bn_correct_top(a) +# define bn_check_size(bn, bits) +# define bn_wcheck_size(bn, words) + +# endif + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, + BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + int num); + +struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit + * chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; +}; + +/* Used for montgomery multiplication */ +struct bn_mont_ctx_st { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form, + possibly zero-padded */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only + * stored for bignum algorithm) */ + BN_ULONG n0[2]; /* least significant word(s) of Ni; (type + * changed with 0.9.9, was "BN_ULONG n0;" + * before) */ + int flags; +}; + +/* + * Used for reciprocal division/mod functions It cannot be shared between + * threads + */ +struct bn_recp_ctx_st { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; +}; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union { + /* if (ver==1) - handles old style callbacks */ + void (*cb_1) (int, int, void *); + /* if (ver==2) - new callback style */ + int (*cb_2) (int, int, BN_GENCB *); + } cb; +}; + +/*- + * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions + * + * + * For window size 'w' (w >= 2) and a random 'b' bits exponent, + * the number of multiplications is a constant plus on average + * + * 2^(w-1) + (b-w)/(w+1); + * + * here 2^(w-1) is for precomputing the table (we actually need + * entries only for windows that have the lowest bit set), and + * (b-w)/(w+1) is an approximation for the expected number of + * w-bit windows, not counting the first one. + * + * Thus we should use + * + * w >= 6 if b > 671 + * w = 5 if 671 > b > 239 + * w = 4 if 239 > b > 79 + * w = 3 if 79 > b > 23 + * w <= 2 if 23 > b + * + * (with draws in between). Very small exponents are often selected + * with low Hamming weight, so we use w = 1 for b <= 23. + */ +# define BN_window_bits_for_exponent_size(b) \ + ((b) > 671 ? 6 : \ + (b) > 239 ? 5 : \ + (b) > 79 ? 4 : \ + (b) > 23 ? 3 : 1) + +/* + * BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache + * line width of the target processor is at least the following value. + */ +# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) +# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) + +/* + * Window sizes optimized for fixed window size modular exponentiation + * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of + * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed + * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are + * defined for cache line sizes of 32 and 64, cache line sizes where + * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be + * used on processors that have a 128 byte or greater cache line size. + */ +# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 + +# define BN_window_bits_for_ctime_exponent_size(b) \ + ((b) > 937 ? 6 : \ + (b) > 306 ? 5 : \ + (b) > 89 ? 4 : \ + (b) > 22 ? 3 : 1) +# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) + +# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 + +# define BN_window_bits_for_ctime_exponent_size(b) \ + ((b) > 306 ? 5 : \ + (b) > 89 ? 4 : \ + (b) > 22 ? 3 : 1) +# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) + +# endif + +/* Pentium pro 16,16,16,32,64 */ +/* Alpha 16,16,16,16.64 */ +# define BN_MULL_SIZE_NORMAL (16)/* 32 */ +# define BN_MUL_RECURSIVE_SIZE_NORMAL (16)/* 32 less than */ +# define BN_SQR_RECURSIVE_SIZE_NORMAL (16)/* 32 */ +# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */ +# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */ + +/* + * 2011-02-22 SMS. In various places, a size_t variable or a type cast to + * size_t was used to perform integer-only operations on pointers. This + * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t + * is still only 32 bits. What's needed in these cases is an integer type + * with the same size as a pointer, which size_t is not certain to be. The + * only fix here is VMS-specific. + */ +# if defined(OPENSSL_SYS_VMS) +# if __INITIAL_POINTER_SIZE == 64 +# define PTR_SIZE_INT long long +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define PTR_SIZE_INT int +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +# elif !defined(PTR_SIZE_INT) /* defined(OPENSSL_SYS_VMS) */ +# define PTR_SIZE_INT size_t +# endif /* defined(OPENSSL_SYS_VMS) [else] */ + +# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +/* + * BN_UMULT_HIGH section. + * If the compiler doesn't support 2*N integer type, then you have to + * replace every N*N multiplication with 4 (N/2)*(N/2) accompanied by some + * shifts and additions which unavoidably results in severe performance + * penalties. Of course provided that the hardware is capable of producing + * 2*N result... That's when you normally start considering assembler + * implementation. However! It should be pointed out that some CPUs (e.g., + * PowerPC, Alpha, and IA-64) provide *separate* instruction calculating + * the upper half of the product placing the result into a general + * purpose register. Now *if* the compiler supports inline assembler, + * then it's not impossible to implement the "bignum" routines (and have + * the compiler optimize 'em) exhibiting "native" performance in C. That's + * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do + * support 2*64 integer type, which is also used here. + */ +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \ + (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) +# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) +# define BN_UMULT_LOHI(low,high,a,b) ({ \ + __uint128_t ret=(__uint128_t)(a)*(b); \ + (high)=ret>>64; (low)=ret; }) +# elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) +# if defined(__DECC) +# include +# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) +# elif defined(__GNUC__) && __GNUC__>=2 +# define BN_UMULT_HIGH(a,b) ({ \ + register BN_ULONG ret; \ + asm ("umulh %1,%2,%0" \ + : "=r"(ret) \ + : "r"(a), "r"(b)); \ + ret; }) +# endif /* compiler */ +# elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG) +# if defined(__GNUC__) && __GNUC__>=2 +# define BN_UMULT_HIGH(a,b) ({ \ + register BN_ULONG ret; \ + asm ("mulhdu %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a), "r"(b)); \ + ret; }) +# endif /* compiler */ +# elif (defined(__x86_64) || defined(__x86_64__)) && \ + (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) +# if defined(__GNUC__) && __GNUC__>=2 +# define BN_UMULT_HIGH(a,b) ({ \ + register BN_ULONG ret,discard; \ + asm ("mulq %3" \ + : "=a"(discard),"=d"(ret) \ + : "a"(a), "g"(b) \ + : "cc"); \ + ret; }) +# define BN_UMULT_LOHI(low,high,a,b) \ + asm ("mulq %3" \ + : "=a"(low),"=d"(high) \ + : "a"(a),"g"(b) \ + : "cc"); +# endif +# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) +# if defined(_MSC_VER) && _MSC_VER>=1400 +unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b); +unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, + unsigned __int64 *h); +# pragma intrinsic(__umulh,_umul128) +# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) +# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) +# endif +# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) +# if defined(__GNUC__) && __GNUC__>=2 +# define BN_UMULT_HIGH(a,b) ({ \ + register BN_ULONG ret; \ + asm ("dmultu %1,%2" \ + : "=h"(ret) \ + : "r"(a), "r"(b) : "l"); \ + ret; }) +# define BN_UMULT_LOHI(low,high,a,b) \ + asm ("dmultu %2,%3" \ + : "=l"(low),"=h"(high) \ + : "r"(a), "r"(b)); +# endif +# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) +# if defined(__GNUC__) && __GNUC__>=2 +# define BN_UMULT_HIGH(a,b) ({ \ + register BN_ULONG ret; \ + asm ("umulh %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a), "r"(b)); \ + ret; }) +# endif +# endif /* cpu */ +# endif /* OPENSSL_NO_ASM */ + +# ifdef BN_DEBUG_RAND +# define bn_clear_top2max(a) \ + { \ + int ind = (a)->dmax - (a)->top; \ + BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ + for (; ind != 0; ind--) \ + *(++ftl) = 0x0; \ + } +# else +# define bn_clear_top2max(a) +# endif + +# ifdef BN_LLONG +/******************************************************************* + * Using the long long type, has to be twice as wide as BN_ULONG... + */ +# define Lw(t) (((BN_ULONG)(t))&BN_MASK2) +# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) + +# define mul_add(r,a,w,c) { \ + BN_ULLONG t; \ + t=(BN_ULLONG)w * (a) + (r) + (c); \ + (r)= Lw(t); \ + (c)= Hw(t); \ + } + +# define mul(r,a,w,c) { \ + BN_ULLONG t; \ + t=(BN_ULLONG)w * (a) + (c); \ + (r)= Lw(t); \ + (c)= Hw(t); \ + } + +# define sqr(r0,r1,a) { \ + BN_ULLONG t; \ + t=(BN_ULLONG)(a)*(a); \ + (r0)=Lw(t); \ + (r1)=Hw(t); \ + } + +# elif defined(BN_UMULT_LOHI) +# define mul_add(r,a,w,c) { \ + BN_ULONG high,low,ret,tmp=(a); \ + ret = (r); \ + BN_UMULT_LOHI(low,high,w,tmp); \ + ret += (c); \ + (c) = (ret<(c))?1:0; \ + (c) += high; \ + ret += low; \ + (c) += (ret>BN_BITS4)&BN_MASK2l) +# define L2HBITS(a) (((a)<>BN_BITS2)&BN_MASKl) +# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<>(BN_BITS4-1); \ + m =(m&BN_MASK2l)<<(BN_BITS4+1); \ + l=(l+m)&BN_MASK2; if (l < m) h++; \ + (lo)=l; \ + (ho)=h; \ + } + +# define mul_add(r,a,bl,bh,c) { \ + BN_ULONG l,h; \ + \ + h= (a); \ + l=LBITS(h); \ + h=HBITS(h); \ + mul64(l,h,(bl),(bh)); \ + \ + /* non-multiply part */ \ + l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ + (c)=(r); \ + l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ + (c)=h&BN_MASK2; \ + (r)=l; \ + } + +# define mul(r,a,bl,bh,c) { \ + BN_ULONG l,h; \ + \ + h= (a); \ + l=LBITS(h); \ + h=HBITS(h); \ + mul64(l,h,(bl),(bh)); \ + \ + /* non-multiply part */ \ + l+=(c); if ((l&BN_MASK2) < (c)) h++; \ + (c)=h&BN_MASK2; \ + (r)=l&BN_MASK2; \ + } +# endif /* !BN_LLONG */ + +void BN_RECP_CTX_init(BN_RECP_CTX *recp); +void BN_MONT_CTX_init(BN_MONT_CTX *ctx); + +void bn_init(BIGNUM *a); +void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); +void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); +void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); +void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); +void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a); +void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a); +int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n); +int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); +void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + int dna, int dnb, BN_ULONG *t); +void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, + int n, int tna, int tnb, BN_ULONG *t); +void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t); +void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); +void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + BN_ULONG *t); +BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, + int cl, int dl); +int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); + +BIGNUM *int_bn_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, + int *noinv); + +int bn_probable_prime_dh(BIGNUM *rnd, int bits, + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); + +static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) +{ + if (bits > (INT_MAX - BN_BITS2 + 1)) + return NULL; + + if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) + return a; + + return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); +} + +#endif diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index 712fc8ac145b..f7d2e2650ed8 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) { diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 393d27c392c7..1e5045a010bb 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -15,7 +15,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define MONT_WORD /* use the faster word-based algorithm */ diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 043e21d26a38..bdbe822415c7 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_bn2mpi(const BIGNUM *a, unsigned char *d) { diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 5eda65cfbb04..6743e7be8166 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) /* diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index dcdd321c6688..325dc228490a 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/cryptlib.h" #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 19b081f38eb7..6d74da26d3c7 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* * The quick sieve algorithm approach to weeding out primes is Philip diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index 2eb7b52f76f9..ba48244534b0 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 1853269d903d..69749a9fa7dc 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -8,11 +8,11 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include -#include "bn_lcl.h" +#include "bn_local.h" static const char Hex[] = "0123456789ABCDEF"; diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 051f29e34305..6b4b50a068f1 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #include #include diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 9ab767f42fe9..e82231334123 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" void BN_RECP_CTX_init(BN_RECP_CTX *recp) { diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index b7a1e0ff9ae3..210a83f586d2 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_lshift1(BIGNUM *r, const BIGNUM *a) { @@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) for (i = 0; i < a->top; i++) { t = *(ap++); *(rp++) = ((t << 1) | c) & BN_MASK2; - c = (t & BN_TBIT) ? 1 : 0; - } - if (c) { - *rp = 1; - r->top++; + c = t >> (BN_BITS2 - 1); } + *rp = c; + r->top += c; bn_check_top(r); return 1; } @@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) int BN_rshift1(BIGNUM *r, const BIGNUM *a) { BN_ULONG *ap, *rp, t, c; - int i, j; + int i; bn_check_top(r); bn_check_top(a); @@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) } i = a->top; ap = a->d; - j = i - (ap[i - 1] == 1); if (a != r) { - if (bn_wexpand(r, j) == NULL) + if (bn_wexpand(r, i) == NULL) return 0; r->neg = a->neg; } rp = r->d; + r->top = i; t = ap[--i]; - c = (t & 1) ? BN_TBIT : 0; - if (t >>= 1) - rp[i] = t; + rp[i] = t >> 1; + c = t << (BN_BITS2 - 1); + r->top -= (t == 1); while (i > 0) { t = ap[--i]; rp[i] = ((t >> 1) & BN_MASK2) | c; - c = (t & 1) ? BN_TBIT : 0; + c = t << (BN_BITS2 - 1); } - r->top = j; if (!r->top) r->neg = 0; /* don't allow negative zero */ bn_check_top(r); @@ -152,57 +149,19 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) { - int i, j, nw, lb, rb; - BN_ULONG *t, *f; - BN_ULONG l, tmp; - - bn_check_top(r); - bn_check_top(a); + int ret = 0; if (n < 0) { BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); return 0; } - nw = n / BN_BITS2; - rb = n % BN_BITS2; - lb = BN_BITS2 - rb; - if (nw >= a->top || a->top == 0) { - BN_zero(r); - return 1; - } - i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; - if (r != a) { - if (bn_wexpand(r, i) == NULL) - return 0; - r->neg = a->neg; - } else { - if (n == 0) - return 1; /* or the copying loop will go berserk */ - } - - f = &(a->d[nw]); - t = r->d; - j = a->top - nw; - r->top = i; + ret = bn_rshift_fixed_top(r, a, n); - if (rb == 0) { - for (i = j; i != 0; i--) - *(t++) = *(f++); - } else { - l = *(f++); - for (i = j - 1; i != 0; i--) { - tmp = (l >> rb) & BN_MASK2; - l = *(f++); - *(t++) = (tmp | (l << lb)) & BN_MASK2; - } - if ((l = (l >> rb) & BN_MASK2)) - *(t) = l; - } - if (!r->top) - r->neg = 0; /* don't allow negative zero */ + bn_correct_top(r); bn_check_top(r); - return 1; + + return ret; } /* diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 0c0a590f0c6a..7f3a179177b6 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* r must not be a */ /* diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index c3e66b033bde..1723d5ded5a8 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c index 27b6ebe518ea..820757be60e3 100644 --- a/crypto/bn/bn_srp.c +++ b/crypto/bn/bn_srp.c @@ -7,13 +7,13 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/nelem.h" #ifndef OPENSSL_NO_SRP #include -#include "internal/bn_srp.h" +#include "crypto/bn_srp.h" # if (BN_BYTES == 8) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index 262d7668fcd4..18fb3030a8f4 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) { diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index 9eb8384fdeb2..009950259d41 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -9,7 +9,7 @@ #include #include -#include "bn_lcl.h" +#include "bn_local.h" /* X9.31 routines for prime derivation */ diff --git a/crypto/bn/build.info b/crypto/bn/build.info index a463eddabbbb..b9ed5322fa68 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -6,7 +6,6 @@ SOURCE[../../libcrypto]=\ {- $target{bn_asm_src} -} \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c -INCLUDE[../../libcrypto]=../../crypto/include INCLUDE[bn_exp.o]=.. diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h index c5864f8aaa8c..88f65a4bae46 100644 --- a/crypto/bn/rsaz_exp.h +++ b/crypto/bn/rsaz_exp.h @@ -12,8 +12,8 @@ * (2) University of Haifa, Israel */ -#ifndef RSAZ_EXP_H -# define RSAZ_EXP_H +#ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H +# define OSSL_CRYPTO_BN_RSAZ_EXP_H # undef RSAZ_ENABLED # if defined(OPENSSL_BN_ASM_MONT) && \ diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl index b7b11d50316b..9aeee574ebf8 100755 --- a/crypto/c64xpluscpuid.pl +++ b/crypto/c64xpluscpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -284,4 +284,4 @@ bus_loop2_done?: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl index 55af9b4e3d01..cd514acfae4a 100755 --- a/crypto/camellia/asm/cmll-x86.pl +++ b/crypto/camellia/asm/cmll-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1147,4 +1147,4 @@ my ($s0,$s1,$s2,$s3) = @T; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl index 02c52c3efe47..59e1840160ff 100755 --- a/crypto/camellia/asm/cmll-x86_64.pl +++ b/crypto/camellia/asm/cmll-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -125,11 +125,13 @@ $code=<<___; .type Camellia_EncryptBlock,\@abi-omnipotent .align 16 Camellia_EncryptBlock: +.cfi_startproc movl \$128,%eax subl $arg0d,%eax movl \$3,$arg0d adcl \$0,$arg0d # keyBitLength==128?3:4 jmp .Lenc_rounds +.cfi_endproc .size Camellia_EncryptBlock,.-Camellia_EncryptBlock # V2 .globl Camellia_EncryptBlock_Rounds @@ -198,6 +200,7 @@ Camellia_EncryptBlock_Rounds: .type _x86_64_Camellia_encrypt,\@abi-omnipotent .align 16 _x86_64_Camellia_encrypt: +.cfi_startproc xor 0($key),@S[1] xor 4($key),@S[0] # ^=key[0-3] xor 8($key),@S[3] @@ -241,6 +244,7 @@ $code.=<<___; mov $t3,@S[3] .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt # V1.x API @@ -248,11 +252,13 @@ $code.=<<___; .type Camellia_DecryptBlock,\@abi-omnipotent .align 16 Camellia_DecryptBlock: +.cfi_startproc movl \$128,%eax subl $arg0d,%eax movl \$3,$arg0d adcl \$0,$arg0d # keyBitLength==128?3:4 jmp .Ldec_rounds +.cfi_endproc .size Camellia_DecryptBlock,.-Camellia_DecryptBlock # V2 .globl Camellia_DecryptBlock_Rounds @@ -321,6 +327,7 @@ Camellia_DecryptBlock_Rounds: .type _x86_64_Camellia_decrypt,\@abi-omnipotent .align 16 _x86_64_Camellia_decrypt: +.cfi_startproc xor 0($key),@S[1] xor 4($key),@S[0] # ^=key[0-3] xor 8($key),@S[3] @@ -365,6 +372,7 @@ $code.=<<___; mov $t1,@S[3] .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt ___ @@ -1142,4 +1150,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl index 6396679a5af4..71a40f6af90c 100755 --- a/crypto/camellia/asm/cmllt4-sparcv9.pl +++ b/crypto/camellia/asm/cmllt4-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -936,4 +936,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c index c200b823041b..f623864bc413 100644 --- a/crypto/camellia/camellia.c +++ b/crypto/camellia/camellia.c @@ -40,7 +40,7 @@ */ #include -#include "cmll_locl.h" +#include "cmll_local.h" #include #include diff --git a/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c index d932f1b37517..5760d1ed35fc 100644 --- a/crypto/camellia/cmll_ecb.c +++ b/crypto/camellia/cmll_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "cmll_locl.h" +#include "cmll_local.h" void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key, const int enc) diff --git a/crypto/camellia/cmll_local.h b/crypto/camellia/cmll_local.h new file mode 100644 index 000000000000..d16baa55facc --- /dev/null +++ b/crypto/camellia/cmll_local.h @@ -0,0 +1,43 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . + * ALL RIGHTS RESERVED. + * + * Intellectual Property information for Camellia: + * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html + * + * News Release for Announcement of Camellia open source: + * http://www.ntt.co.jp/news/news06e/0604/060413a.html + * + * The Camellia Code included herein is developed by + * NTT (Nippon Telegraph and Telephone Corporation), and is contributed + * to the OpenSSL project. + */ + +#ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H +# define OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H + +typedef unsigned int u32; +typedef unsigned char u8; + +int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, + KEY_TABLE_TYPE keyTable); +void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, + u8 ciphertext[]); +void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, + u8 plaintext[]); +void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); +#endif /* #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H */ diff --git a/crypto/camellia/cmll_locl.h b/crypto/camellia/cmll_locl.h deleted file mode 100644 index 6403b390d82d..000000000000 --- a/crypto/camellia/cmll_locl.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* ==================================================================== - * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . - * ALL RIGHTS RESERVED. - * - * Intellectual Property information for Camellia: - * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html - * - * News Release for Announcement of Camellia open source: - * http://www.ntt.co.jp/news/news06e/0604/060413a.html - * - * The Camellia Code included herein is developed by - * NTT (Nippon Telegraph and Telephone Corporation), and is contributed - * to the OpenSSL project. - */ - -#ifndef HEADER_CAMELLIA_LOCL_H -# define HEADER_CAMELLIA_LOCL_H - -typedef unsigned int u32; -typedef unsigned char u8; - -int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, - KEY_TABLE_TYPE keyTable); -void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, - u8 ciphertext[]); -void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, - u8 plaintext[]); -void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); -void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, u8 plaintext[]); -#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c index e5f014b79cbc..d8fc3738c404 100644 --- a/crypto/camellia/cmll_misc.c +++ b/crypto/camellia/cmll_misc.c @@ -9,7 +9,7 @@ #include #include -#include "cmll_locl.h" +#include "cmll_local.h" int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key) diff --git a/crypto/cast/asm/cast-586.pl b/crypto/cast/asm/cast-586.pl index d5d38965cf76..04710819380a 100644 --- a/crypto/cast/asm/cast-586.pl +++ b/crypto/cast/asm/cast-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -46,7 +46,7 @@ $S4="CAST_S_table3"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub CAST_encrypt { local($name,$enc)=@_; diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c index bd7cb2f46843..72221595382b 100644 --- a/crypto/cast/c_cfb64.c +++ b/crypto/cast/c_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c index da4179438f1d..6fe093f75b1b 100644 --- a/crypto/cast/c_ecb.c +++ b/crypto/cast/c_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" #include void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c index 700b6d162a9f..d27d1fc0a54f 100644 --- a/crypto/cast/c_enc.c +++ b/crypto/cast/c_enc.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) { diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c index dffb074762c2..49c0cfade577 100644 --- a/crypto/cast/c_ofb64.c +++ b/crypto/cast/c_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c index 962d2a60b4c5..0311482d20dd 100644 --- a/crypto/cast/c_skey.c +++ b/crypto/cast/c_skey.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" #include "cast_s.h" #define CAST_exp(l,A,a,n) \ diff --git a/crypto/cast/cast_lcl.h b/crypto/cast/cast_lcl.h deleted file mode 100644 index 35e89930a8c0..000000000000 --- a/crypto/cast/cast_lcl.h +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef OPENSSL_SYS_WIN32 -# include -#endif - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) -# define ROTL(a,n) (_lrotl(a,n)) -#else -# define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31))) -#endif - -#define C_M 0x3fc -#define C_0 22L -#define C_1 14L -#define C_2 6L -#define C_3 2L /* left shift */ - -/* The rotate has an extra 16 added to it to help the x86 asm */ -#if defined(CAST_PTR) -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - int i; \ - t=(key[n*2] OP1 R)&0xffffffffL; \ - i=key[n*2+1]; \ - t=ROTL(t,i); \ - L^= (((((*(CAST_LONG *)((unsigned char *) \ - CAST_S_table0+((t>>C_2)&C_M)) OP2 \ - *(CAST_LONG *)((unsigned char *) \ - CAST_S_table1+((t<>C_0)&C_M)))&0xffffffffL) OP1 \ - *(CAST_LONG *)((unsigned char *) \ - CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \ - } -#elif defined(CAST_PTR2) -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - int i; \ - CAST_LONG u,v,w; \ - w=(key[n*2] OP1 R)&0xffffffffL; \ - i=key[n*2+1]; \ - w=ROTL(w,i); \ - u=w>>C_2; \ - v=w<>C_0; \ - t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\ - v=w>>C_1; \ - u&=C_M; \ - v&=C_M; \ - t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\ - t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\ - L^=(t&0xffffffff); \ - } -#else -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - CAST_LONG a,b,c,d; \ - t=(key[n*2] OP1 R)&0xffffffff; \ - t=ROTL(t,(key[n*2+1])); \ - a=CAST_S_table0[(t>> 8)&0xff]; \ - b=CAST_S_table1[(t )&0xff]; \ - c=CAST_S_table2[(t>>24)&0xff]; \ - d=CAST_S_table3[(t>>16)&0xff]; \ - L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \ - } -#endif - -extern const CAST_LONG CAST_S_table0[256]; -extern const CAST_LONG CAST_S_table1[256]; -extern const CAST_LONG CAST_S_table2[256]; -extern const CAST_LONG CAST_S_table3[256]; -extern const CAST_LONG CAST_S_table4[256]; -extern const CAST_LONG CAST_S_table5[256]; -extern const CAST_LONG CAST_S_table6[256]; -extern const CAST_LONG CAST_S_table7[256]; diff --git a/crypto/cast/cast_local.h b/crypto/cast/cast_local.h new file mode 100644 index 000000000000..35e89930a8c0 --- /dev/null +++ b/crypto/cast/cast_local.h @@ -0,0 +1,188 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifdef OPENSSL_SYS_WIN32 +# include +#endif + +#undef c2l +#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<<24L) + +/* NOTE - c is not incremented as per c2l */ +#undef c2ln +#define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ + case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ + case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +#undef l2c +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + +/* NOTE - c is not incremented as per l2c */ +#undef l2cn +#define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +/* NOTE - c is not incremented as per n2l */ +#define n2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ + case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +#define l2nn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ + case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ + case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ + case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ + case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ + case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ + case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ + case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + } \ + } + +#undef n2l +#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))) + +#undef l2n +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) +# define ROTL(a,n) (_lrotl(a,n)) +#else +# define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31))) +#endif + +#define C_M 0x3fc +#define C_0 22L +#define C_1 14L +#define C_2 6L +#define C_3 2L /* left shift */ + +/* The rotate has an extra 16 added to it to help the x86 asm */ +#if defined(CAST_PTR) +# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ + { \ + int i; \ + t=(key[n*2] OP1 R)&0xffffffffL; \ + i=key[n*2+1]; \ + t=ROTL(t,i); \ + L^= (((((*(CAST_LONG *)((unsigned char *) \ + CAST_S_table0+((t>>C_2)&C_M)) OP2 \ + *(CAST_LONG *)((unsigned char *) \ + CAST_S_table1+((t<>C_0)&C_M)))&0xffffffffL) OP1 \ + *(CAST_LONG *)((unsigned char *) \ + CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \ + } +#elif defined(CAST_PTR2) +# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ + { \ + int i; \ + CAST_LONG u,v,w; \ + w=(key[n*2] OP1 R)&0xffffffffL; \ + i=key[n*2+1]; \ + w=ROTL(w,i); \ + u=w>>C_2; \ + v=w<>C_0; \ + t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\ + v=w>>C_1; \ + u&=C_M; \ + v&=C_M; \ + t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\ + t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\ + L^=(t&0xffffffff); \ + } +#else +# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ + { \ + CAST_LONG a,b,c,d; \ + t=(key[n*2] OP1 R)&0xffffffff; \ + t=ROTL(t,(key[n*2+1])); \ + a=CAST_S_table0[(t>> 8)&0xff]; \ + b=CAST_S_table1[(t )&0xff]; \ + c=CAST_S_table2[(t>>24)&0xff]; \ + d=CAST_S_table3[(t>>16)&0xff]; \ + L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \ + } +#endif + +extern const CAST_LONG CAST_S_table0[256]; +extern const CAST_LONG CAST_S_table1[256]; +extern const CAST_LONG CAST_S_table2[256]; +extern const CAST_LONG CAST_S_table3[256]; +extern const CAST_LONG CAST_S_table4[256]; +extern const CAST_LONG CAST_S_table5[256]; +extern const CAST_LONG CAST_S_table6[256]; +extern const CAST_LONG CAST_S_table7[256]; diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl index d3fadcc63d33..81c616add313 100755 --- a/crypto/chacha/asm/chacha-armv4.pl +++ b/crypto/chacha/asm/chacha-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1157,4 +1157,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl index e90be6d0e5bd..22655747295e 100755 --- a/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/chacha/asm/chacha-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1141,4 +1141,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # flush +close STDOUT or die "error closing STDOUT: $!"; # flush diff --git a/crypto/chacha/asm/chacha-c64xplus.pl b/crypto/chacha/asm/chacha-c64xplus.pl index 266401eb1644..4bd18a4f8f95 100755 --- a/crypto/chacha/asm/chacha-c64xplus.pl +++ b/crypto/chacha/asm/chacha-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -923,4 +923,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl index f4f8610bf3bf..3073deac17ee 100755 --- a/crypto/chacha/asm/chacha-ppc.pl +++ b/crypto/chacha/asm/chacha-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1345,4 +1345,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl index c31526473dba..dd66a9c60309 100755 --- a/crypto/chacha/asm/chacha-s390x.pl +++ b/crypto/chacha/asm/chacha-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -323,4 +323,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl index 13c217dcf1f2..a1f5694b691e 100755 --- a/crypto/chacha/asm/chacha-x86.pl +++ b/crypto/chacha/asm/chacha-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -62,7 +62,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && $1>=10); # first version supporting AVX $ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && + `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $a="eax"; @@ -1152,4 +1152,4 @@ sub XOPROUND { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl index b54f3b1525bc..647d2537ceae 100755 --- a/crypto/chacha/asm/chacha-x86_64.pl +++ b/crypto/chacha/asm/chacha-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -85,7 +85,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -4002,4 +4002,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c index 239f68ab825e..18251eac08de 100644 --- a/crypto/chacha/chacha_enc.c +++ b/crypto/chacha/chacha_enc.c @@ -11,7 +11,8 @@ #include -#include "internal/chacha.h" +#include "crypto/chacha.h" +#include "crypto/ctype.h" typedef unsigned int u32; typedef unsigned char u8; @@ -78,10 +79,18 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t todo, i; /* sigma constant "expand 32-byte k" in little-endian encoding */ - input[0] = ((u32)'e') | ((u32)'x'<<8) | ((u32)'p'<<16) | ((u32)'a'<<24); - input[1] = ((u32)'n') | ((u32)'d'<<8) | ((u32)' '<<16) | ((u32)'3'<<24); - input[2] = ((u32)'2') | ((u32)'-'<<8) | ((u32)'b'<<16) | ((u32)'y'<<24); - input[3] = ((u32)'t') | ((u32)'e'<<8) | ((u32)' '<<16) | ((u32)'k'<<24); + input[0] = ((u32)ossl_toascii('e')) | ((u32)ossl_toascii('x') << 8) + | ((u32)ossl_toascii('p') << 16) + | ((u32)ossl_toascii('a') << 24); + input[1] = ((u32)ossl_toascii('n')) | ((u32)ossl_toascii('d') << 8) + | ((u32)ossl_toascii(' ') << 16) + | ((u32)ossl_toascii('3') << 24); + input[2] = ((u32)ossl_toascii('2')) | ((u32)ossl_toascii('-') << 8) + | ((u32)ossl_toascii('b') << 16) + | ((u32)ossl_toascii('y') << 24); + input[3] = ((u32)ossl_toascii('t')) | ((u32)ossl_toascii('e') << 8) + | ((u32)ossl_toascii(' ') << 16) + | ((u32)ossl_toascii('k') << 24); input[4] = key[0]; input[5] = key[1]; diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index a58454a089c6..82adf18c8019 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" /* * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 10748f148859..5574f25be868 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* The context structure and "key" is simply a CMAC_CTX */ diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 993ea6b219ab..08069d72a29e 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -11,7 +11,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c index 0566019753bd..4f716619193a 100644 --- a/crypto/cms/cms_att.c +++ b/crypto/cms/cms_att.c @@ -12,7 +12,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" #include "internal/nelem.h" /*- diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c index f05e308418f8..45365b8ba247 100644 --- a/crypto/cms/cms_cd.c +++ b/crypto/cms/cms_cd.c @@ -15,7 +15,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" #ifdef ZLIB diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 5da6802fcd5e..0df2e698c237 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -13,7 +13,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" /* CMS DigestedData Utilities */ diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index a1719830e8d4..fc490303d4c6 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" /* CMS EncryptedData Utilities */ diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 26fb81f79ab1..04940146fd25 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -14,9 +14,9 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* CMS EnvelopedData Utilities */ diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 4780231c22bb..a21c443ae85e 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c index d18f980a9732..b37e485f5a28 100644 --- a/crypto/cms/cms_io.c +++ b/crypto/cms/cms_io.c @@ -12,7 +12,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) { diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 5e83814d0fcf..cafc3040ac70 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -14,8 +14,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" /* Key Agreement Recipient Info (KARI) routines */ @@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) if (!pk) return 1; pctx = EVP_PKEY_CTX_new(pk, NULL); - if (!pctx || !EVP_PKEY_derive_init(pctx)) + if (!pctx || EVP_PKEY_derive_init(pctx) <= 0) goto err; kari->pctx = pctx; return 1; diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h deleted file mode 100644 index 68aa01271bc2..000000000000 --- a/crypto/cms/cms_lcl.h +++ /dev/null @@ -1,438 +0,0 @@ -/* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_CMS_LCL_H -# define HEADER_CMS_LCL_H - -# include - -/* - * Cryptographic message syntax (CMS) structures: taken from RFC3852 - */ - -/* Forward references */ - -typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; -typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; -typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; -typedef struct CMS_SignedData_st CMS_SignedData; -typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; -typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; -typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; -typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; -typedef struct CMS_DigestedData_st CMS_DigestedData; -typedef struct CMS_EncryptedData_st CMS_EncryptedData; -typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; -typedef struct CMS_CompressedData_st CMS_CompressedData; -typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; -typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; -typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; -typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; -typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; -typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - CMS_KeyAgreeRecipientIdentifier; -typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; -typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; -typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; -typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; -typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; - -struct CMS_ContentInfo_st { - ASN1_OBJECT *contentType; - union { - ASN1_OCTET_STRING *data; - CMS_SignedData *signedData; - CMS_EnvelopedData *envelopedData; - CMS_DigestedData *digestedData; - CMS_EncryptedData *encryptedData; - CMS_AuthenticatedData *authenticatedData; - CMS_CompressedData *compressedData; - ASN1_TYPE *other; - /* Other types ... */ - void *otherData; - } d; -}; - -DEFINE_STACK_OF(CMS_CertificateChoices) - -struct CMS_SignedData_st { - int32_t version; - STACK_OF(X509_ALGOR) *digestAlgorithms; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; - STACK_OF(CMS_SignerInfo) *signerInfos; -}; - -struct CMS_EncapsulatedContentInfo_st { - ASN1_OBJECT *eContentType; - ASN1_OCTET_STRING *eContent; - /* Set to 1 if incomplete structure only part set up */ - int partial; -}; - -struct CMS_SignerInfo_st { - int32_t version; - CMS_SignerIdentifier *sid; - X509_ALGOR *digestAlgorithm; - STACK_OF(X509_ATTRIBUTE) *signedAttrs; - X509_ALGOR *signatureAlgorithm; - ASN1_OCTET_STRING *signature; - STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; - /* Signing certificate and key */ - X509 *signer; - EVP_PKEY *pkey; - /* Digest and public key context for alternative parameters */ - EVP_MD_CTX *mctx; - EVP_PKEY_CTX *pctx; -}; - -struct CMS_SignerIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - } d; -}; - -struct CMS_EnvelopedData_st { - int32_t version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_OriginatorInfo_st { - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; -}; - -struct CMS_EncryptedContentInfo_st { - ASN1_OBJECT *contentType; - X509_ALGOR *contentEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedContent; - /* Content encryption algorithm and key */ - const EVP_CIPHER *cipher; - unsigned char *key; - size_t keylen; - /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ - int debug; - /* Set to 1 if we have no cert and need extra safety measures for MMA */ - int havenocert; -}; - -struct CMS_RecipientInfo_st { - int type; - union { - CMS_KeyTransRecipientInfo *ktri; - CMS_KeyAgreeRecipientInfo *kari; - CMS_KEKRecipientInfo *kekri; - CMS_PasswordRecipientInfo *pwri; - CMS_OtherRecipientInfo *ori; - } d; -}; - -typedef CMS_SignerIdentifier CMS_RecipientIdentifier; - -struct CMS_KeyTransRecipientInfo_st { - int32_t version; - CMS_RecipientIdentifier *rid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Recipient Key and cert */ - X509 *recip; - EVP_PKEY *pkey; - /* Public key context for this operation */ - EVP_PKEY_CTX *pctx; -}; - -struct CMS_KeyAgreeRecipientInfo_st { - int32_t version; - CMS_OriginatorIdentifierOrKey *originator; - ASN1_OCTET_STRING *ukm; - X509_ALGOR *keyEncryptionAlgorithm; - STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; - /* Public key context associated with current operation */ - EVP_PKEY_CTX *pctx; - /* Cipher context for CEK wrapping */ - EVP_CIPHER_CTX *ctx; -}; - -struct CMS_OriginatorIdentifierOrKey_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - CMS_OriginatorPublicKey *originatorKey; - } d; -}; - -struct CMS_OriginatorPublicKey_st { - X509_ALGOR *algorithm; - ASN1_BIT_STRING *publicKey; -}; - -struct CMS_RecipientEncryptedKey_st { - CMS_KeyAgreeRecipientIdentifier *rid; - ASN1_OCTET_STRING *encryptedKey; - /* Public key associated with this recipient */ - EVP_PKEY *pkey; -}; - -struct CMS_KeyAgreeRecipientIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - CMS_RecipientKeyIdentifier *rKeyId; - } d; -}; - -struct CMS_RecipientKeyIdentifier_st { - ASN1_OCTET_STRING *subjectKeyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; -}; - -struct CMS_KEKRecipientInfo_st { - int32_t version; - CMS_KEKIdentifier *kekid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: symmetric key to use */ - unsigned char *key; - size_t keylen; -}; - -struct CMS_KEKIdentifier_st { - ASN1_OCTET_STRING *keyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; -}; - -struct CMS_PasswordRecipientInfo_st { - int32_t version; - X509_ALGOR *keyDerivationAlgorithm; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: password to use */ - unsigned char *pass; - size_t passlen; -}; - -struct CMS_OtherRecipientInfo_st { - ASN1_OBJECT *oriType; - ASN1_TYPE *oriValue; -}; - -struct CMS_DigestedData_st { - int32_t version; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - ASN1_OCTET_STRING *digest; -}; - -struct CMS_EncryptedData_st { - int32_t version; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_AuthenticatedData_st { - int32_t version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - X509_ALGOR *macAlgorithm; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(X509_ATTRIBUTE) *authAttrs; - ASN1_OCTET_STRING *mac; - STACK_OF(X509_ATTRIBUTE) *unauthAttrs; -}; - -struct CMS_CompressedData_st { - int32_t version; - X509_ALGOR *compressionAlgorithm; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncapsulatedContentInfo *encapContentInfo; -}; - -struct CMS_RevocationInfoChoice_st { - int type; - union { - X509_CRL *crl; - CMS_OtherRevocationInfoFormat *other; - } d; -}; - -# define CMS_REVCHOICE_CRL 0 -# define CMS_REVCHOICE_OTHER 1 - -struct CMS_OtherRevocationInfoFormat_st { - ASN1_OBJECT *otherRevInfoFormat; - ASN1_TYPE *otherRevInfo; -}; - -struct CMS_CertificateChoices { - int type; - union { - X509 *certificate; - ASN1_STRING *extendedCertificate; /* Obsolete */ - ASN1_STRING *v1AttrCert; /* Left encoded for now */ - ASN1_STRING *v2AttrCert; /* Left encoded for now */ - CMS_OtherCertificateFormat *other; - } d; -}; - -# define CMS_CERTCHOICE_CERT 0 -# define CMS_CERTCHOICE_EXCERT 1 -# define CMS_CERTCHOICE_V1ACERT 2 -# define CMS_CERTCHOICE_V2ACERT 3 -# define CMS_CERTCHOICE_OTHER 4 - -struct CMS_OtherCertificateFormat_st { - ASN1_OBJECT *otherCertFormat; - ASN1_TYPE *otherCert; -}; - -/* - * This is also defined in pkcs7.h but we duplicate it to allow the CMS code - * to be independent of PKCS#7 - */ - -struct CMS_IssuerAndSerialNumber_st { - X509_NAME *issuer; - ASN1_INTEGER *serialNumber; -}; - -struct CMS_OtherKeyAttribute_st { - ASN1_OBJECT *keyAttrId; - ASN1_TYPE *keyAttr; -}; - -/* ESS structures */ - -struct CMS_ReceiptRequest_st { - ASN1_OCTET_STRING *signedContentIdentifier; - CMS_ReceiptsFrom *receiptsFrom; - STACK_OF(GENERAL_NAMES) *receiptsTo; -}; - -struct CMS_ReceiptsFrom_st { - int type; - union { - int32_t allOrFirstTier; - STACK_OF(GENERAL_NAMES) *receiptList; - } d; -}; - -struct CMS_Receipt_st { - int32_t version; - ASN1_OBJECT *contentType; - ASN1_OCTET_STRING *signedContentIdentifier; - ASN1_OCTET_STRING *originatorSignatureValue; -}; - -DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) -DECLARE_ASN1_ITEM(CMS_SignerInfo) -DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) -DECLARE_ASN1_ITEM(CMS_Attributes_Sign) -DECLARE_ASN1_ITEM(CMS_Attributes_Verify) -DECLARE_ASN1_ITEM(CMS_RecipientInfo) -DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) -DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) - -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 - -# define CMS_RECIPINFO_ISSUER_SERIAL 0 -# define CMS_RECIPINFO_KEYIDENTIFIER 1 - -# define CMS_REK_ISSUER_SERIAL 0 -# define CMS_REK_KEYIDENTIFIER 1 - -# define CMS_OIK_ISSUER_SERIAL 0 -# define CMS_OIK_KEYIDENTIFIER 1 -# define CMS_OIK_PUBKEY 2 - -BIO *cms_content_bio(CMS_ContentInfo *cms); - -CMS_ContentInfo *cms_Data_create(void); - -CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); -BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); -int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); - -BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); -int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); -int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type); -int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); -int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); - -CMS_ContentInfo *cms_CompressedData_create(int comp_nid); -BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); - -BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); -int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg); - -int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); -int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); -int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); -int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); - -BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); -BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); -int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen); - -int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); -int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); -ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); - -BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); -CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); -int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); -int cms_pkey_get_ri_type(EVP_PKEY *pk); -/* KARI routines */ -int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *pk, unsigned int flags); -int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri); - -/* PWRI routines */ -int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, - int en_de); -/* SignerInfo routines */ -int CMS_si_check_attributes(const CMS_SignerInfo *si); - -DECLARE_ASN1_ITEM(CMS_CertificateChoices) -DECLARE_ASN1_ITEM(CMS_DigestedData) -DECLARE_ASN1_ITEM(CMS_EncryptedData) -DECLARE_ASN1_ITEM(CMS_EnvelopedData) -DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) -DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) -DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) -DECLARE_ASN1_ITEM(CMS_Receipt) -DECLARE_ASN1_ITEM(CMS_ReceiptRequest) -DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) -DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) -DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) -DECLARE_ASN1_ITEM(CMS_SignedData) -DECLARE_ASN1_ITEM(CMS_CompressedData) - -#endif diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index c2cac260109d..57afba436115 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h new file mode 100644 index 000000000000..a0ce4448f603 --- /dev/null +++ b/crypto/cms/cms_local.h @@ -0,0 +1,438 @@ +/* + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CMS_LOCAL_H +# define OSSL_CRYPTO_CMS_LOCAL_H + +# include + +/* + * Cryptographic message syntax (CMS) structures: taken from RFC3852 + */ + +/* Forward references */ + +typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; +typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; +typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; +typedef struct CMS_SignedData_st CMS_SignedData; +typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; +typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; +typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; +typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; +typedef struct CMS_DigestedData_st CMS_DigestedData; +typedef struct CMS_EncryptedData_st CMS_EncryptedData; +typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; +typedef struct CMS_CompressedData_st CMS_CompressedData; +typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; +typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; +typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; +typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; +typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; +typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; +typedef struct CMS_KeyAgreeRecipientIdentifier_st + CMS_KeyAgreeRecipientIdentifier; +typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; +typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; +typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; +typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; +typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; + +struct CMS_ContentInfo_st { + ASN1_OBJECT *contentType; + union { + ASN1_OCTET_STRING *data; + CMS_SignedData *signedData; + CMS_EnvelopedData *envelopedData; + CMS_DigestedData *digestedData; + CMS_EncryptedData *encryptedData; + CMS_AuthenticatedData *authenticatedData; + CMS_CompressedData *compressedData; + ASN1_TYPE *other; + /* Other types ... */ + void *otherData; + } d; +}; + +DEFINE_STACK_OF(CMS_CertificateChoices) + +struct CMS_SignedData_st { + int32_t version; + STACK_OF(X509_ALGOR) *digestAlgorithms; + CMS_EncapsulatedContentInfo *encapContentInfo; + STACK_OF(CMS_CertificateChoices) *certificates; + STACK_OF(CMS_RevocationInfoChoice) *crls; + STACK_OF(CMS_SignerInfo) *signerInfos; +}; + +struct CMS_EncapsulatedContentInfo_st { + ASN1_OBJECT *eContentType; + ASN1_OCTET_STRING *eContent; + /* Set to 1 if incomplete structure only part set up */ + int partial; +}; + +struct CMS_SignerInfo_st { + int32_t version; + CMS_SignerIdentifier *sid; + X509_ALGOR *digestAlgorithm; + STACK_OF(X509_ATTRIBUTE) *signedAttrs; + X509_ALGOR *signatureAlgorithm; + ASN1_OCTET_STRING *signature; + STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; + /* Signing certificate and key */ + X509 *signer; + EVP_PKEY *pkey; + /* Digest and public key context for alternative parameters */ + EVP_MD_CTX *mctx; + EVP_PKEY_CTX *pctx; +}; + +struct CMS_SignerIdentifier_st { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + ASN1_OCTET_STRING *subjectKeyIdentifier; + } d; +}; + +struct CMS_EnvelopedData_st { + int32_t version; + CMS_OriginatorInfo *originatorInfo; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + CMS_EncryptedContentInfo *encryptedContentInfo; + STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; +}; + +struct CMS_OriginatorInfo_st { + STACK_OF(CMS_CertificateChoices) *certificates; + STACK_OF(CMS_RevocationInfoChoice) *crls; +}; + +struct CMS_EncryptedContentInfo_st { + ASN1_OBJECT *contentType; + X509_ALGOR *contentEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedContent; + /* Content encryption algorithm and key */ + const EVP_CIPHER *cipher; + unsigned char *key; + size_t keylen; + /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ + int debug; + /* Set to 1 if we have no cert and need extra safety measures for MMA */ + int havenocert; +}; + +struct CMS_RecipientInfo_st { + int type; + union { + CMS_KeyTransRecipientInfo *ktri; + CMS_KeyAgreeRecipientInfo *kari; + CMS_KEKRecipientInfo *kekri; + CMS_PasswordRecipientInfo *pwri; + CMS_OtherRecipientInfo *ori; + } d; +}; + +typedef CMS_SignerIdentifier CMS_RecipientIdentifier; + +struct CMS_KeyTransRecipientInfo_st { + int32_t version; + CMS_RecipientIdentifier *rid; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + /* Recipient Key and cert */ + X509 *recip; + EVP_PKEY *pkey; + /* Public key context for this operation */ + EVP_PKEY_CTX *pctx; +}; + +struct CMS_KeyAgreeRecipientInfo_st { + int32_t version; + CMS_OriginatorIdentifierOrKey *originator; + ASN1_OCTET_STRING *ukm; + X509_ALGOR *keyEncryptionAlgorithm; + STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; + /* Public key context associated with current operation */ + EVP_PKEY_CTX *pctx; + /* Cipher context for CEK wrapping */ + EVP_CIPHER_CTX *ctx; +}; + +struct CMS_OriginatorIdentifierOrKey_st { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + ASN1_OCTET_STRING *subjectKeyIdentifier; + CMS_OriginatorPublicKey *originatorKey; + } d; +}; + +struct CMS_OriginatorPublicKey_st { + X509_ALGOR *algorithm; + ASN1_BIT_STRING *publicKey; +}; + +struct CMS_RecipientEncryptedKey_st { + CMS_KeyAgreeRecipientIdentifier *rid; + ASN1_OCTET_STRING *encryptedKey; + /* Public key associated with this recipient */ + EVP_PKEY *pkey; +}; + +struct CMS_KeyAgreeRecipientIdentifier_st { + int type; + union { + CMS_IssuerAndSerialNumber *issuerAndSerialNumber; + CMS_RecipientKeyIdentifier *rKeyId; + } d; +}; + +struct CMS_RecipientKeyIdentifier_st { + ASN1_OCTET_STRING *subjectKeyIdentifier; + ASN1_GENERALIZEDTIME *date; + CMS_OtherKeyAttribute *other; +}; + +struct CMS_KEKRecipientInfo_st { + int32_t version; + CMS_KEKIdentifier *kekid; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + /* Extra info: symmetric key to use */ + unsigned char *key; + size_t keylen; +}; + +struct CMS_KEKIdentifier_st { + ASN1_OCTET_STRING *keyIdentifier; + ASN1_GENERALIZEDTIME *date; + CMS_OtherKeyAttribute *other; +}; + +struct CMS_PasswordRecipientInfo_st { + int32_t version; + X509_ALGOR *keyDerivationAlgorithm; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + /* Extra info: password to use */ + unsigned char *pass; + size_t passlen; +}; + +struct CMS_OtherRecipientInfo_st { + ASN1_OBJECT *oriType; + ASN1_TYPE *oriValue; +}; + +struct CMS_DigestedData_st { + int32_t version; + X509_ALGOR *digestAlgorithm; + CMS_EncapsulatedContentInfo *encapContentInfo; + ASN1_OCTET_STRING *digest; +}; + +struct CMS_EncryptedData_st { + int32_t version; + CMS_EncryptedContentInfo *encryptedContentInfo; + STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; +}; + +struct CMS_AuthenticatedData_st { + int32_t version; + CMS_OriginatorInfo *originatorInfo; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + X509_ALGOR *macAlgorithm; + X509_ALGOR *digestAlgorithm; + CMS_EncapsulatedContentInfo *encapContentInfo; + STACK_OF(X509_ATTRIBUTE) *authAttrs; + ASN1_OCTET_STRING *mac; + STACK_OF(X509_ATTRIBUTE) *unauthAttrs; +}; + +struct CMS_CompressedData_st { + int32_t version; + X509_ALGOR *compressionAlgorithm; + STACK_OF(CMS_RecipientInfo) *recipientInfos; + CMS_EncapsulatedContentInfo *encapContentInfo; +}; + +struct CMS_RevocationInfoChoice_st { + int type; + union { + X509_CRL *crl; + CMS_OtherRevocationInfoFormat *other; + } d; +}; + +# define CMS_REVCHOICE_CRL 0 +# define CMS_REVCHOICE_OTHER 1 + +struct CMS_OtherRevocationInfoFormat_st { + ASN1_OBJECT *otherRevInfoFormat; + ASN1_TYPE *otherRevInfo; +}; + +struct CMS_CertificateChoices { + int type; + union { + X509 *certificate; + ASN1_STRING *extendedCertificate; /* Obsolete */ + ASN1_STRING *v1AttrCert; /* Left encoded for now */ + ASN1_STRING *v2AttrCert; /* Left encoded for now */ + CMS_OtherCertificateFormat *other; + } d; +}; + +# define CMS_CERTCHOICE_CERT 0 +# define CMS_CERTCHOICE_EXCERT 1 +# define CMS_CERTCHOICE_V1ACERT 2 +# define CMS_CERTCHOICE_V2ACERT 3 +# define CMS_CERTCHOICE_OTHER 4 + +struct CMS_OtherCertificateFormat_st { + ASN1_OBJECT *otherCertFormat; + ASN1_TYPE *otherCert; +}; + +/* + * This is also defined in pkcs7.h but we duplicate it to allow the CMS code + * to be independent of PKCS#7 + */ + +struct CMS_IssuerAndSerialNumber_st { + X509_NAME *issuer; + ASN1_INTEGER *serialNumber; +}; + +struct CMS_OtherKeyAttribute_st { + ASN1_OBJECT *keyAttrId; + ASN1_TYPE *keyAttr; +}; + +/* ESS structures */ + +struct CMS_ReceiptRequest_st { + ASN1_OCTET_STRING *signedContentIdentifier; + CMS_ReceiptsFrom *receiptsFrom; + STACK_OF(GENERAL_NAMES) *receiptsTo; +}; + +struct CMS_ReceiptsFrom_st { + int type; + union { + int32_t allOrFirstTier; + STACK_OF(GENERAL_NAMES) *receiptList; + } d; +}; + +struct CMS_Receipt_st { + int32_t version; + ASN1_OBJECT *contentType; + ASN1_OCTET_STRING *signedContentIdentifier; + ASN1_OCTET_STRING *originatorSignatureValue; +}; + +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_ITEM(CMS_SignerInfo) +DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) +DECLARE_ASN1_ITEM(CMS_Attributes_Sign) +DECLARE_ASN1_ITEM(CMS_Attributes_Verify) +DECLARE_ASN1_ITEM(CMS_RecipientInfo) +DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) +DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_ISSUER_SERIAL 0 +# define CMS_RECIPINFO_KEYIDENTIFIER 1 + +# define CMS_REK_ISSUER_SERIAL 0 +# define CMS_REK_KEYIDENTIFIER 1 + +# define CMS_OIK_ISSUER_SERIAL 0 +# define CMS_OIK_KEYIDENTIFIER 1 +# define CMS_OIK_PUBKEY 2 + +BIO *cms_content_bio(CMS_ContentInfo *cms); + +CMS_ContentInfo *cms_Data_create(void); + +CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); +BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); +int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); + +BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); +int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); +int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, + int type); +int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); +int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); + +CMS_ContentInfo *cms_CompressedData_create(int comp_nid); +BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); + +BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); +int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, + X509_ALGOR *mdalg); + +int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); +int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); +int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); +int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); + +BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); +BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); +int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen); + +int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); +int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); +ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); + +BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); +CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); +int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); +int cms_pkey_get_ri_type(EVP_PKEY *pk); +/* KARI routines */ +int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, + EVP_PKEY *pk, unsigned int flags); +int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri); + +/* PWRI routines */ +int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, + int en_de); +/* SignerInfo routines */ +int CMS_si_check_attributes(const CMS_SignerInfo *si); + +DECLARE_ASN1_ITEM(CMS_CertificateChoices) +DECLARE_ASN1_ITEM(CMS_DigestedData) +DECLARE_ASN1_ITEM(CMS_EncryptedData) +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) +DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) +DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) +DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) +DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) +DECLARE_ASN1_ITEM(CMS_Receipt) +DECLARE_ASN1_ITEM(CMS_ReceiptRequest) +DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) +DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) +DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) +DECLARE_ASN1_ITEM(CMS_SignedData) +DECLARE_ASN1_ITEM(CMS_CompressedData) + +#endif diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 26e3bdcf9e41..d7414883396c 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -15,8 +15,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, ossl_ssize_t passlen) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 3841513f8bd2..29ba4c1b1334 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -14,9 +14,9 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* CMS SignedData Utilities */ diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 10815639f811..652e97b2e877 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -13,8 +13,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" static BIO *cms_get_text_bio(BIO *out, unsigned int flags) { diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index d688deee5f23..b81933791312 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -13,9 +13,9 @@ #include #include "internal/comp.h" #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/bio.h" -#include "comp_lcl.h" +#include "comp_local.h" COMP_METHOD *COMP_zlib(void); @@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_copy_next_retry(b); break; + case BIO_CTRL_WPENDING: + if (ctx->obuf == NULL) + return 0; + + if (ctx->odone) { + ret = ctx->ocount; + } else { + ret = ctx->ocount; + if (ret == 0) + /* Unknown amount pending but we are not finished */ + ret = 1; + } + if (ret == 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + + case BIO_CTRL_PENDING: + ret = ctx->zin.avail_in; + if (ret == 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + default: ret = BIO_ctrl(next, cmd, num, ptr); break; diff --git a/crypto/comp/comp_lcl.h b/crypto/comp/comp_lcl.h deleted file mode 100644 index aa45fca238da..000000000000 --- a/crypto/comp/comp_lcl.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -struct comp_method_st { - int type; /* NID for compression library */ - const char *name; /* A text string to identify the library */ - int (*init) (COMP_CTX *ctx); - void (*finish) (COMP_CTX *ctx); - int (*compress) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - int (*expand) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); -}; - -struct comp_ctx_st { - struct comp_method_st *meth; - unsigned long compress_in; - unsigned long compress_out; - unsigned long expand_in; - unsigned long expand_out; - void* data; -}; diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index 6ae2114496b0..56920e1cca51 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -13,7 +13,7 @@ #include #include #include -#include "comp_lcl.h" +#include "comp_local.h" COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) { diff --git a/crypto/comp/comp_local.h b/crypto/comp/comp_local.h new file mode 100644 index 000000000000..aa45fca238da --- /dev/null +++ b/crypto/comp/comp_local.h @@ -0,0 +1,30 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +struct comp_method_st { + int type; /* NID for compression library */ + const char *name; /* A text string to identify the library */ + int (*init) (COMP_CTX *ctx); + void (*finish) (COMP_CTX *ctx); + int (*compress) (COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand) (COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); +}; + +struct comp_ctx_st { + struct comp_method_st *meth; + unsigned long compress_in; + unsigned long compress_out; + unsigned long expand_in; + unsigned long expand_out; + void* data; +}; diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 8e3f42a0caca..ca76fa3679b8 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -703,7 +703,9 @@ static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) { const char *filename; + size_t pathlen; + pathlen = strlen(path); while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) { size_t namelen; @@ -716,7 +718,7 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) char *newpath; BIO *bio; - newlen = strlen(path) + namelen + 2; + newlen = pathlen + namelen + 2; newpath = OPENSSL_zalloc(newlen); if (newpath == NULL) { CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE); @@ -727,14 +729,11 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) * If the given path isn't clear VMS syntax, * we treat it as on Unix. */ - { - size_t pathlen = strlen(path); - - if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>' - || path[pathlen - 1] == ':') { - /* Clear VMS directory syntax, just copy as is */ - OPENSSL_strlcpy(newpath, path, newlen); - } + if (path[pathlen - 1] == ']' + || path[pathlen - 1] == '>' + || path[pathlen - 1] == ':') { + /* Clear VMS directory syntax, just copy as is */ + OPENSSL_strlcpy(newpath, path, newlen); } #endif if (newpath[0] == '\0') { diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index 2016d31b8929..2ced300e40d6 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/conf/conf_lcl.h b/crypto/conf/conf_lcl.h deleted file mode 100644 index 6e1f7fe00d70..000000000000 --- a/crypto/conf/conf_lcl.h +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -void conf_add_ssl_module(void); - diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 2d40ac97ec27..0b7dd26d63b0 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -11,7 +11,7 @@ #include #include #include "internal/conf.h" -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include diff --git a/crypto/conf/conf_local.h b/crypto/conf/conf_local.h new file mode 100644 index 000000000000..6e1f7fe00d70 --- /dev/null +++ b/crypto/conf/conf_local.h @@ -0,0 +1,11 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +void conf_add_ssl_module(void); + diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 7e86948e89e9..d7eaa8509b2f 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -14,7 +14,7 @@ #include #include #include -#include "conf_lcl.h" +#include "conf_local.h" /* Load all OpenSSL builtin modules */ diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c index 387f2cf46c31..4bd8117d365c 100644 --- a/crypto/conf/conf_ssl.c +++ b/crypto/conf/conf_ssl.c @@ -12,7 +12,7 @@ #include #include #include "internal/sslconf.h" -#include "conf_lcl.h" +#include "conf_local.h" /* * SSL library configuration module placeholder. We load it here but defer diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 7b761a3adced..1f36b20c86ed 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -9,7 +9,7 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ @@ -49,7 +49,7 @@ typedef char variant_char; # define ossl_getenv getenv # endif -# include "internal/ctype.h" +# include "crypto/ctype.h" static int todigit(variant_char c) { diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c index 109ffcdcf24a..4abe11ca298b 100644 --- a/crypto/ct/ct_b64.c +++ b/crypto/ct/ct_b64.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" /* * Decodes the base64 string |in| into |out|. diff --git a/crypto/ct/ct_local.h b/crypto/ct/ct_local.h new file mode 100644 index 000000000000..9f983c91beae --- /dev/null +++ b/crypto/ct/ct_local.h @@ -0,0 +1,216 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include + +/* + * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT + * sct_list <1..2^16-1>; } SignedCertificateTimestampList; + */ +# define MAX_SCT_SIZE 65535 +# define MAX_SCT_LIST_SIZE MAX_SCT_SIZE + +/* + * Macros to read and write integers in network-byte order. + */ + +#define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ + (((unsigned int)((c)[1])) )),c+=2) + +#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ + c[1]=(unsigned char)(((s) )&0xff)),c+=2) + +#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ + c[1]=(unsigned char)(((l)>> 8)&0xff), \ + c[2]=(unsigned char)(((l) )&0xff)),c+=3) + +#define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ + l|=((uint64_t)(*((c)++)))<<48, \ + l|=((uint64_t)(*((c)++)))<<40, \ + l|=((uint64_t)(*((c)++)))<<32, \ + l|=((uint64_t)(*((c)++)))<<24, \ + l|=((uint64_t)(*((c)++)))<<16, \ + l|=((uint64_t)(*((c)++)))<< 8, \ + l|=((uint64_t)(*((c)++)))) + +#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ + *((c)++)=(unsigned char)(((l)>>48)&0xff), \ + *((c)++)=(unsigned char)(((l)>>40)&0xff), \ + *((c)++)=(unsigned char)(((l)>>32)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* Signed Certificate Timestamp */ +struct sct_st { + sct_version_t version; + /* If version is not SCT_VERSION_V1, this contains the encoded SCT */ + unsigned char *sct; + size_t sct_len; + /* If version is SCT_VERSION_V1, fields below contain components of the SCT */ + unsigned char *log_id; + size_t log_id_len; + /* + * Note, we cannot distinguish between an unset timestamp, and one + * that is set to 0. However since CT didn't exist in 1970, no real + * SCT should ever be set as such. + */ + uint64_t timestamp; + unsigned char *ext; + size_t ext_len; + unsigned char hash_alg; + unsigned char sig_alg; + unsigned char *sig; + size_t sig_len; + /* Log entry type */ + ct_log_entry_type_t entry_type; + /* Where this SCT was found, e.g. certificate, OCSP response, etc. */ + sct_source_t source; + /* The result of the last attempt to validate this SCT. */ + sct_validation_status_t validation_status; +}; + +/* Miscellaneous data that is useful when verifying an SCT */ +struct sct_ctx_st { + /* Public key */ + EVP_PKEY *pkey; + /* Hash of public key */ + unsigned char *pkeyhash; + size_t pkeyhashlen; + /* For pre-certificate: issuer public key hash */ + unsigned char *ihash; + size_t ihashlen; + /* certificate encoding */ + unsigned char *certder; + size_t certderlen; + /* pre-certificate encoding */ + unsigned char *preder; + size_t prederlen; + /* milliseconds since epoch (to check that the SCT isn't from the future) */ + uint64_t epoch_time_in_ms; +}; + +/* Context when evaluating whether a Certificate Transparency policy is met */ +struct ct_policy_eval_ctx_st { + X509 *cert; + X509 *issuer; + CTLOG_STORE *log_store; + /* milliseconds since epoch (to check that SCTs aren't from the future) */ + uint64_t epoch_time_in_ms; +}; + +/* + * Creates a new context for verifying an SCT. + */ +SCT_CTX *SCT_CTX_new(void); +/* + * Deletes an SCT verification context. + */ +void SCT_CTX_free(SCT_CTX *sctx); + +/* + * Sets the certificate that the SCT was created for. + * If *cert does not have a poison extension, presigner must be NULL. + * If *cert does not have a poison extension, it may have a single SCT + * (NID_ct_precert_scts) extension. + * If either *cert or *presigner have an AKID (NID_authority_key_identifier) + * extension, both must have one. + * Returns 1 on success, 0 on failure. + */ +__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner); + +/* + * Sets the issuer of the certificate that the SCT was created for. + * This is just a convenience method to save extracting the public key and + * calling SCT_CTX_set1_issuer_pubkey(). + * Issuer must not be NULL. + * Returns 1 on success, 0 on failure. + */ +__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer); + +/* + * Sets the public key of the issuer of the certificate that the SCT was created + * for. + * The public key must not be NULL. + * Returns 1 on success, 0 on failure. + */ +__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); + +/* + * Sets the public key of the CT log that the SCT is from. + * Returns 1 on success, 0 on failure. + */ +__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); + +/* + * Sets the time to evaluate the SCT against, in milliseconds since the Unix + * epoch. If the SCT's timestamp is after this time, it will be interpreted as + * having been issued in the future. RFC6962 states that "TLS clients MUST + * reject SCTs whose timestamp is in the future", so an SCT will not validate + * in this case. + */ +void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms); + +/* + * Verifies an SCT with the given context. + * Returns 1 if the SCT verifies successfully; any other value indicates + * failure. See EVP_DigestVerifyFinal() for the meaning of those values. + */ +__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct); + +/* + * Does this SCT have the minimum fields populated to be usable? + * Returns 1 if so, 0 otherwise. + */ +__owur int SCT_is_complete(const SCT *sct); + +/* + * Does this SCT have the signature-related fields populated? + * Returns 1 if so, 0 otherwise. + * This checks that the signature and hash algorithms are set to supported + * values and that the signature field is set. + */ +__owur int SCT_signature_is_complete(const SCT *sct); + +/* + * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature + * and o2i_SCT_signature conform to the i2d/d2i conventions. + */ + +/* +* Serialize (to TLS format) an |sct| signature and write it to |out|. +* If |out| is null, no signature will be output but the length will be returned. +* If |out| points to a null pointer, a string will be allocated to hold the +* TLS-format signature. It is the responsibility of the caller to free it. +* If |out| points to an allocated string, the signature will be written to it. +* The length of the signature in TLS format will be returned. +*/ +__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out); + +/* +* Parses an SCT signature in TLS format and populates the |sct| with it. +* |in| should be a pointer to a string containing the TLS-format signature. +* |in| will be advanced to the end of the signature if parsing succeeds. +* |len| should be the length of the signature in |in|. +* Returns the number of bytes parsed, or a negative integer if an error occurs. +* If an error occurs, the SCT's signature NID may be updated whilst the +* signature field itself remains unset. +*/ +__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len); + +/* + * Handlers for Certificate Transparency X509v3/OCSP extensions + */ +extern const X509V3_EXT_METHOD v3_ct_scts[3]; diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h deleted file mode 100644 index 9f983c91beae..000000000000 --- a/crypto/ct/ct_locl.h +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include - -/* - * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT - * sct_list <1..2^16-1>; } SignedCertificateTimestampList; - */ -# define MAX_SCT_SIZE 65535 -# define MAX_SCT_LIST_SIZE MAX_SCT_SIZE - -/* - * Macros to read and write integers in network-byte order. - */ - -#define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ - (((unsigned int)((c)[1])) )),c+=2) - -#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ - c[1]=(unsigned char)(((s) )&0xff)),c+=2) - -#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ - c[1]=(unsigned char)(((l)>> 8)&0xff), \ - c[2]=(unsigned char)(((l) )&0xff)),c+=3) - -#define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ - l|=((uint64_t)(*((c)++)))<<48, \ - l|=((uint64_t)(*((c)++)))<<40, \ - l|=((uint64_t)(*((c)++)))<<32, \ - l|=((uint64_t)(*((c)++)))<<24, \ - l|=((uint64_t)(*((c)++)))<<16, \ - l|=((uint64_t)(*((c)++)))<< 8, \ - l|=((uint64_t)(*((c)++)))) - -#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* Signed Certificate Timestamp */ -struct sct_st { - sct_version_t version; - /* If version is not SCT_VERSION_V1, this contains the encoded SCT */ - unsigned char *sct; - size_t sct_len; - /* If version is SCT_VERSION_V1, fields below contain components of the SCT */ - unsigned char *log_id; - size_t log_id_len; - /* - * Note, we cannot distinguish between an unset timestamp, and one - * that is set to 0. However since CT didn't exist in 1970, no real - * SCT should ever be set as such. - */ - uint64_t timestamp; - unsigned char *ext; - size_t ext_len; - unsigned char hash_alg; - unsigned char sig_alg; - unsigned char *sig; - size_t sig_len; - /* Log entry type */ - ct_log_entry_type_t entry_type; - /* Where this SCT was found, e.g. certificate, OCSP response, etc. */ - sct_source_t source; - /* The result of the last attempt to validate this SCT. */ - sct_validation_status_t validation_status; -}; - -/* Miscellaneous data that is useful when verifying an SCT */ -struct sct_ctx_st { - /* Public key */ - EVP_PKEY *pkey; - /* Hash of public key */ - unsigned char *pkeyhash; - size_t pkeyhashlen; - /* For pre-certificate: issuer public key hash */ - unsigned char *ihash; - size_t ihashlen; - /* certificate encoding */ - unsigned char *certder; - size_t certderlen; - /* pre-certificate encoding */ - unsigned char *preder; - size_t prederlen; - /* milliseconds since epoch (to check that the SCT isn't from the future) */ - uint64_t epoch_time_in_ms; -}; - -/* Context when evaluating whether a Certificate Transparency policy is met */ -struct ct_policy_eval_ctx_st { - X509 *cert; - X509 *issuer; - CTLOG_STORE *log_store; - /* milliseconds since epoch (to check that SCTs aren't from the future) */ - uint64_t epoch_time_in_ms; -}; - -/* - * Creates a new context for verifying an SCT. - */ -SCT_CTX *SCT_CTX_new(void); -/* - * Deletes an SCT verification context. - */ -void SCT_CTX_free(SCT_CTX *sctx); - -/* - * Sets the certificate that the SCT was created for. - * If *cert does not have a poison extension, presigner must be NULL. - * If *cert does not have a poison extension, it may have a single SCT - * (NID_ct_precert_scts) extension. - * If either *cert or *presigner have an AKID (NID_authority_key_identifier) - * extension, both must have one. - * Returns 1 on success, 0 on failure. - */ -__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner); - -/* - * Sets the issuer of the certificate that the SCT was created for. - * This is just a convenience method to save extracting the public key and - * calling SCT_CTX_set1_issuer_pubkey(). - * Issuer must not be NULL. - * Returns 1 on success, 0 on failure. - */ -__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer); - -/* - * Sets the public key of the issuer of the certificate that the SCT was created - * for. - * The public key must not be NULL. - * Returns 1 on success, 0 on failure. - */ -__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); - -/* - * Sets the public key of the CT log that the SCT is from. - * Returns 1 on success, 0 on failure. - */ -__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); - -/* - * Sets the time to evaluate the SCT against, in milliseconds since the Unix - * epoch. If the SCT's timestamp is after this time, it will be interpreted as - * having been issued in the future. RFC6962 states that "TLS clients MUST - * reject SCTs whose timestamp is in the future", so an SCT will not validate - * in this case. - */ -void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms); - -/* - * Verifies an SCT with the given context. - * Returns 1 if the SCT verifies successfully; any other value indicates - * failure. See EVP_DigestVerifyFinal() for the meaning of those values. - */ -__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct); - -/* - * Does this SCT have the minimum fields populated to be usable? - * Returns 1 if so, 0 otherwise. - */ -__owur int SCT_is_complete(const SCT *sct); - -/* - * Does this SCT have the signature-related fields populated? - * Returns 1 if so, 0 otherwise. - * This checks that the signature and hash algorithms are set to supported - * values and that the signature field is set. - */ -__owur int SCT_signature_is_complete(const SCT *sct); - -/* - * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature - * and o2i_SCT_signature conform to the i2d/d2i conventions. - */ - -/* -* Serialize (to TLS format) an |sct| signature and write it to |out|. -* If |out| is null, no signature will be output but the length will be returned. -* If |out| points to a null pointer, a string will be allocated to hold the -* TLS-format signature. It is the responsibility of the caller to free it. -* If |out| points to an allocated string, the signature will be written to it. -* The length of the signature in TLS format will be returned. -*/ -__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out); - -/* -* Parses an SCT signature in TLS format and populates the |sct| with it. -* |in| should be a pointer to a string containing the TLS-format signature. -* |in| will be advanced to the end of the signature if parsing succeeds. -* |len| should be the length of the signature in |in|. -* Returns the number of bytes parsed, or a negative integer if an error occurs. -* If an error occurs, the SCT's signature NID may be updated whilst the -* signature field itself remains unset. -*/ -__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len); - -/* - * Handlers for Certificate Transparency X509v3/OCSP extensions - */ -extern const X509V3_EXT_METHOD v3_ct_scts[3]; diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c index 0dd691c0f711..d4b6645af48d 100644 --- a/crypto/ct/ct_oct.c +++ b/crypto/ct/ct_oct.c @@ -19,7 +19,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) { diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c index 0d7b3463877d..df66e8a494d0 100644 --- a/crypto/ct/ct_policy.c +++ b/crypto/ct/ct_policy.c @@ -15,7 +15,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" /* * Number of seconds in the future that an SCT timestamp can be, by default, diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c index 376e04523e57..e6584b57f391 100644 --- a/crypto/ct/ct_prn.c +++ b/crypto/ct/ct_prn.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" static void SCT_signature_algorithms_print(const SCT *sct, BIO *out) { diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c index 1dc16857ba50..4ff36e2fbd49 100644 --- a/crypto/ct/ct_sct.c +++ b/crypto/ct/ct_sct.c @@ -17,7 +17,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" SCT *SCT_new(void) { diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c index 75a5027df0e8..841e768033e5 100644 --- a/crypto/ct/ct_sct_ctx.c +++ b/crypto/ct/ct_sct_ctx.c @@ -18,7 +18,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" SCT_CTX *SCT_CTX_new(void) { diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c index cabcf5782aa4..74fd34f4154e 100644 --- a/crypto/ct/ct_vfy.c +++ b/crypto/ct/ct_vfy.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" typedef enum sct_signature_type_t { SIGNATURE_TYPE_NOT_SET = -1, diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c index ec186d1f5b83..19c2a852d24a 100644 --- a/crypto/ct/ct_x509v3.c +++ b/crypto/ct/ct_x509v3.c @@ -11,7 +11,7 @@ # error "CT is disabled" #endif -#include "ct_locl.h" +#include "ct_local.h" static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val) { diff --git a/crypto/ctype.c b/crypto/ctype.c index e05f84cd4086..b7f1183f9ccf 100644 --- a/crypto/ctype.c +++ b/crypto/ctype.c @@ -9,7 +9,7 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "openssl/ebcdic.h" /* diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl index a02d18063149..d14b9f89b6b6 100644 --- a/crypto/des/asm/crypt586.pl +++ b/crypto/des/asm/crypt586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ $R="esi"; &fcrypt_body("fcrypt_body"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub fcrypt_body { diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl index 2bcc54ef2f25..07d9d87ac735 100644 --- a/crypto/des/asm/des-586.pl +++ b/crypto/des/asm/des-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,7 @@ $small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV)); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub DES_encrypt_internal() { diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4 index 4ada97b175d9..ebb5e7cd1d75 100644 --- a/crypto/des/asm/des_enc.m4 +++ b/crypto/des/asm/des_enc.m4 @@ -106,15 +106,15 @@ changequote({,}) ! technique. ! ! The macro also loads address sbox 1 to 5 to global 1 to 5, address -! sbox 6 to local6, and addres sbox 8 to out3. +! sbox 6 to local6, and address sbox 8 to out3. ! -! Rotates the halfs 3 left to bring the sbox bits in convenient positions. +! Rotates the halves 3 left to bring the sbox bits in convenient positions. ! ! Loads key first round from address in parameter 5 to out0, out1. ! ! After the original LibDES initial permutation, the resulting left ! is in the variable initially used for right and vice versa. The macro -! implements the possibility to keep the halfs in the original registers. +! implements the possibility to keep the halves in the original registers. ! ! parameter 1 left ! parameter 2 right @@ -1184,7 +1184,7 @@ DES_encrypt2: add %o7,global1,global1 sub global1,.PIC.DES_SPtrans-.des_and,out2 - ! Set sbox address 1 to 6 and rotate halfs 3 left + ! Set sbox address 1 to 6 and rotate halves 3 left ! Errors caught by destest? Yes. Still? *NO* !sethi %hi(DES_SPtrans), global1 ! address sbox 1 diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl index fe1fdc7025cf..5c92a52b7957 100755 --- a/crypto/des/asm/dest4-sparcv9.pl +++ b/crypto/des/asm/dest4-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -624,4 +624,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c index 5a1f72f82db8..c5e2e017b84e 100644 --- a/crypto/des/cbc_cksm.c +++ b/crypto/des/cbc_cksm.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, long length, DES_key_schedule *schedule, diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c index 21943f6143ea..490d925f46f4 100644 --- a/crypto/des/cfb64ede.c +++ b/crypto/des/cfb64ede.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c index 96de51b055ec..ca0e82164803 100644 --- a/crypto/des/cfb64enc.c +++ b/crypto/des/cfb64enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c index 544392e405c2..17018420e6cc 100644 --- a/crypto/des/cfb_enc.c +++ b/crypto/des/cfb_enc.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "des_locl.h" +#include "des_local.h" #include /* diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c index ed134ace8c32..45eec615d8b0 100644 --- a/crypto/des/des_enc.c +++ b/crypto/des/des_enc.c @@ -8,7 +8,7 @@ */ #include -#include "des_locl.h" +#include "des_local.h" #include "spr.h" void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) diff --git a/crypto/des/des_local.h b/crypto/des/des_local.h new file mode 100644 index 000000000000..0f58a1c9ae2e --- /dev/null +++ b/crypto/des/des_local.h @@ -0,0 +1,226 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DES_LOCAL_H +# define OSSL_CRYPTO_DES_LOCAL_H + +# include + +# include +# include +# include + +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +# define ITERATIONS 16 +# define HALF_ITERATIONS 8 + +# define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ + l|=((DES_LONG)(*((c)++)))<< 8L, \ + l|=((DES_LONG)(*((c)++)))<<16L, \ + l|=((DES_LONG)(*((c)++)))<<24L) + +/* NOTE - c is not incremented as per c2l */ +# define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ + /* fall thru */ \ + case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ + /* fall thru */ \ + case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ + /* fall thru */ \ + case 5: l2|=((DES_LONG)(*(--(c)))); \ + /* fall thru */ \ + case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ + /* fall thru */ \ + case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ + /* fall thru */ \ + case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ + /* fall thru */ \ + case 1: l1|=((DES_LONG)(*(--(c)))); \ + } \ + } + +# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + +/* + * replacements for htonl and ntohl since I have no idea what to do when + * faced with machines with 8 byte longs. + */ + +# define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ + l|=((DES_LONG)(*((c)++)))<<16L, \ + l|=((DES_LONG)(*((c)++)))<< 8L, \ + l|=((DES_LONG)(*((c)++)))) + +# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* NOTE - c is not incremented as per l2c */ +# define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ + /* fall thru */ \ + case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ + /* fall thru */ \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ + /* fall thru */ \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ + case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ + /* fall thru */ \ + case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ + /* fall thru */ \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ + /* fall thru */ \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +# if defined(_MSC_VER) +# define ROTATE(a,n) (_lrotr(a,n)) +# elif defined(__ICC) +# define ROTATE(a,n) (_rotr(a,n)) +# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ("rorl %1,%0" \ + : "=r"(ret) \ + : "I"(n),"0"(a) \ + : "cc"); \ + ret; \ + }) +# endif +# endif +# ifndef ROTATE +# define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) +# endif + +/* + * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add + * it's little bit to the front + */ + +# ifdef DES_FCRYPT + +# define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ + { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } + +# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ + t=R^(R>>16L); \ + u=t&E0; t&=E1; \ + tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ + tmp=(t<<16); t^=R^s[S+1]; t^=tmp +# else +# define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) +# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ + u=R^s[S ]; \ + t=R^s[S+1] +# endif + +/* + * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason + * to not xor all the sub items together. This potentially saves a register + * since things can be xored directly into L + */ + +# define D_ENCRYPT(LL,R,S) { \ + LOAD_DATA_tmp(R,S,u,t,E0,E1); \ + t=ROTATE(t,4); \ + LL^= \ + DES_SPtrans[0][(u>> 2L)&0x3f]^ \ + DES_SPtrans[2][(u>>10L)&0x3f]^ \ + DES_SPtrans[4][(u>>18L)&0x3f]^ \ + DES_SPtrans[6][(u>>26L)&0x3f]^ \ + DES_SPtrans[1][(t>> 2L)&0x3f]^ \ + DES_SPtrans[3][(t>>10L)&0x3f]^ \ + DES_SPtrans[5][(t>>18L)&0x3f]^ \ + DES_SPtrans[7][(t>>26L)&0x3f]; } + + /*- + * IP and FP + * The problem is more of a geometric problem that random bit fiddling. + 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 + 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 + 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 + 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 + + 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 + 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 + 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 + 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 + + The output has been subject to swaps of the form + 0 1 -> 3 1 but the odd and even bits have been put into + 2 3 2 0 + different words. The main trick is to remember that + t=((l>>size)^r)&(mask); + r^=t; + l^=(t<>(n))^(b))&(m)),\ + (b)^=(t),\ + (a)^=((t)<<(n))) + +# define IP(l,r) \ + { \ + register DES_LONG tt; \ + PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ + PERM_OP(l,r,tt,16,0x0000ffffL); \ + PERM_OP(r,l,tt, 2,0x33333333L); \ + PERM_OP(l,r,tt, 8,0x00ff00ffL); \ + PERM_OP(r,l,tt, 1,0x55555555L); \ + } + +# define FP(l,r) \ + { \ + register DES_LONG tt; \ + PERM_OP(l,r,tt, 1,0x55555555L); \ + PERM_OP(r,l,tt, 8,0x00ff00ffL); \ + PERM_OP(l,r,tt, 2,0x33333333L); \ + PERM_OP(r,l,tt,16,0x0000ffffL); \ + PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ + } + +extern const DES_LONG DES_SPtrans[8][64]; + +void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, + DES_LONG Eswap0, DES_LONG Eswap1); + +#endif diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h deleted file mode 100644 index f401e6f3ebe8..000000000000 --- a/crypto/des/des_locl.h +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_DES_LOCL_H -# define HEADER_DES_LOCL_H - -# include - -# include -# include -# include - -# include - -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif - -# define ITERATIONS 16 -# define HALF_ITERATIONS 8 - -# define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -# define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((DES_LONG)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((DES_LONG)(*(--(c)))); \ - } \ - } - -# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* - * replacements for htonl and ntohl since I have no idea what to do when - * faced with machines with 8 byte longs. - */ - -# define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))) - -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* NOTE - c is not incremented as per l2c */ -# define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -# if defined(_MSC_VER) -# define ROTATE(a,n) (_lrotr(a,n)) -# elif defined(__ICC) -# define ROTATE(a,n) (_rotr(a,n)) -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ("rorl %1,%0" \ - : "=r"(ret) \ - : "I"(n),"0"(a) \ - : "cc"); \ - ret; \ - }) -# endif -# endif -# ifndef ROTATE -# define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) -# endif - -/* - * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add - * it's little bit to the front - */ - -# ifdef DES_FCRYPT - -# define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ - { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } - -# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ - t=R^(R>>16L); \ - u=t&E0; t&=E1; \ - tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ - tmp=(t<<16); t^=R^s[S+1]; t^=tmp -# else -# define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) -# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ - u=R^s[S ]; \ - t=R^s[S+1] -# endif - -/* - * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason - * to not xor all the sub items together. This potentially saves a register - * since things can be xored directly into L - */ - -# define D_ENCRYPT(LL,R,S) { \ - LOAD_DATA_tmp(R,S,u,t,E0,E1); \ - t=ROTATE(t,4); \ - LL^= \ - DES_SPtrans[0][(u>> 2L)&0x3f]^ \ - DES_SPtrans[2][(u>>10L)&0x3f]^ \ - DES_SPtrans[4][(u>>18L)&0x3f]^ \ - DES_SPtrans[6][(u>>26L)&0x3f]^ \ - DES_SPtrans[1][(t>> 2L)&0x3f]^ \ - DES_SPtrans[3][(t>>10L)&0x3f]^ \ - DES_SPtrans[5][(t>>18L)&0x3f]^ \ - DES_SPtrans[7][(t>>26L)&0x3f]; } - - /*- - * IP and FP - * The problem is more of a geometric problem that random bit fiddling. - 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 - 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 - 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 - 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 - - 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 - 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 - 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 - 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 - - The output has been subject to swaps of the form - 0 1 -> 3 1 but the odd and even bits have been put into - 2 3 2 0 - different words. The main trick is to remember that - t=((l>>size)^r)&(mask); - r^=t; - l^=(t<>(n))^(b))&(m)),\ - (b)^=(t),\ - (a)^=((t)<<(n))) - -# define IP(l,r) \ - { \ - register DES_LONG tt; \ - PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ - PERM_OP(l,r,tt,16,0x0000ffffL); \ - PERM_OP(r,l,tt, 2,0x33333333L); \ - PERM_OP(l,r,tt, 8,0x00ff00ffL); \ - PERM_OP(r,l,tt, 1,0x55555555L); \ - } - -# define FP(l,r) \ - { \ - register DES_LONG tt; \ - PERM_OP(l,r,tt, 1,0x55555555L); \ - PERM_OP(r,l,tt, 8,0x00ff00ffL); \ - PERM_OP(l,r,tt, 2,0x33333333L); \ - PERM_OP(r,l,tt,16,0x0000ffffL); \ - PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ - } - -extern const DES_LONG DES_SPtrans[8][64]; - -void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); - -#endif diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c index 6ac89d4e78bb..7afa8eaadde7 100644 --- a/crypto/des/ecb3_enc.c +++ b/crypto/des/ecb3_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c index 5ed079d15fdc..513c65e116cd 100644 --- a/crypto/des/ecb_enc.c +++ b/crypto/des/ecb_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" #include #include diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c index aaee4bf236a5..e83cf76b615c 100644 --- a/crypto/des/fcrypt.c +++ b/crypto/des/fcrypt.c @@ -19,7 +19,7 @@ #endif #include -#include "des_locl.h" +#include "des_local.h" /* * Added more values to handle illegal salt values the way normal crypt() diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c index fe2369a93526..22f967b8c6d3 100644 --- a/crypto/des/fcrypt_b.c +++ b/crypto/des/fcrypt_b.c @@ -10,7 +10,7 @@ #include #define DES_FCRYPT -#include "des_locl.h" +#include "des_local.h" #undef DES_FCRYPT #undef PERM_OP diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c index 244f15ca2a96..cd4b071a3d73 100644 --- a/crypto/des/ncbc_enc.c +++ b/crypto/des/ncbc_enc.c @@ -13,7 +13,7 @@ * des_enc.c (DES_ncbc_encrypt) */ -#include "des_locl.h" +#include "des_local.h" #ifdef CBC_ENC_C__DONT_UPDATE_IV void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c index a551a07e0eb4..68cf2dc557c6 100644 --- a/crypto/des/ofb64ede.c +++ b/crypto/des/ofb64ede.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c index 30976c871daa..5796980c1865 100644 --- a/crypto/des/ofb64enc.c +++ b/crypto/des/ofb64enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c index 65a9b8604d80..2b0498994b51 100644 --- a/crypto/des/ofb_enc.c +++ b/crypto/des/ofb_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output are loaded in multiples of 8 bits. What this means is diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c index 0fa058f03f07..3490592741c6 100644 --- a/crypto/des/pcbc_enc.c +++ b/crypto/des/pcbc_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c index 81e6be8226aa..10b6abf69ea5 100644 --- a/crypto/des/qud_cksm.c +++ b/crypto/des/qud_cksm.c @@ -13,7 +13,7 @@ * only based on the code in this paper and is almost definitely not the same * as the MIT implementation. */ -#include "des_locl.h" +#include "des_local.h" #define Q_B0(a) (((DES_LONG)(a))) #define Q_B1(a) (((DES_LONG)(a))<<8) diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index adbad72362f5..cbcb616cb2ad 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -16,7 +16,7 @@ * 1.0 First working version */ #include -#include "des_locl.h" +#include "des_local.h" /* defaults to false */ OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c index e18d726522ba..61db60512567 100644 --- a/crypto/des/str2key.c +++ b/crypto/des/str2key.c @@ -8,7 +8,7 @@ */ #include -#include "des_locl.h" +#include "des_local.h" void DES_string_to_key(const char *str, DES_cblock *key) { diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c index c4e455d9b912..fb3fd5292cb6 100644 --- a/crypto/des/xcbc_enc.c +++ b/crypto/des/xcbc_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* RSA's DESX */ diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 05a1d4227ee3..d53004080d5e 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -11,10 +11,10 @@ #include "internal/cryptlib.h" #include #include -#include "dh_locl.h" +#include "dh_local.h" #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include /* @@ -901,6 +901,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) err: OPENSSL_free(penc); X509_ALGOR_free(wrap_alg); + OPENSSL_free(dukm); return rv; } diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 1a40633b4806..e37f0904e560 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" #include #include diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index d13d8206ce50..4ac169e75c23 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" # define DH_NUMBER_ITERATIONS_FOR_PRIME 64 diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index d293835eb22b..ab82ab58bd2a 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); @@ -54,7 +54,7 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, * for 3, p mod 12 == 11 * for 5, p mod 60 == 59 * - * However for compatibilty with previous versions we use: + * However for compatibility with previous versions we use: * for 2, p mod 24 == 11 * for 5, p mod 60 == 23 */ diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 718aa422d935..daffdf74dd37 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -9,8 +9,8 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" -#include "internal/bn_int.h" +#include "dh_local.h" +#include "crypto/bn.h" static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index e7e7ef08e9e3..04b79d355ca4 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "dh_locl.h" +#include "dh_local.h" #include int DH_set_method(DH *dh, const DH_METHOD *meth) diff --git a/crypto/dh/dh_local.h b/crypto/dh/dh_local.h new file mode 100644 index 000000000000..0a8391a6c004 --- /dev/null +++ b/crypto/dh/dh_local.h @@ -0,0 +1,57 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/refcount.h" + +struct dh_st { + /* + * This first argument is used to pick up errors when a DH is passed + * instead of a EVP_PKEY + */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + int32_t length; /* optional */ + BIGNUM *pub_key; /* g^x % p */ + BIGNUM *priv_key; /* x */ + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + CRYPTO_REF_COUNT references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; + CRYPTO_RWLOCK *lock; +}; + +struct dh_method { + char *name; + /* Methods here */ + int (*generate_key) (DH *dh); + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); + + /* Can be null */ + int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + int (*init) (DH *dh); + int (*finish) (DH *dh); + int flags; + char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params) (DH *dh, int prime_len, int generator, + BN_GENCB *cb); +}; diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h deleted file mode 100644 index 0a8391a6c004..000000000000 --- a/crypto/dh/dh_locl.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/refcount.h" - -struct dh_st { - /* - * This first argument is used to pick up errors when a DH is passed - * instead of a EVP_PKEY - */ - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - int32_t length; /* optional */ - BIGNUM *pub_key; /* g^x % p */ - BIGNUM *priv_key; /* x */ - int flags; - BN_MONT_CTX *method_mont_p; - /* Place holders if we want to do X9.42 DH */ - BIGNUM *q; - BIGNUM *j; - unsigned char *seed; - int seedlen; - BIGNUM *counter; - CRYPTO_REF_COUNT references; - CRYPTO_EX_DATA ex_data; - const DH_METHOD *meth; - ENGINE *engine; - CRYPTO_RWLOCK *lock; -}; - -struct dh_method { - char *name; - /* Methods here */ - int (*generate_key) (DH *dh); - int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); - - /* Can be null */ - int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); - int (*init) (DH *dh); - int (*finish) (DH *dh); - int flags; - char *app_data; - /* If this is non-NULL, it will be used to generate parameters */ - int (*generate_params) (DH *dh, int prime_len, int generator, - BN_GENCB *cb); -}; diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c index 59c4d7e96782..8a54a8108fc3 100644 --- a/crypto/dh/dh_meth.c +++ b/crypto/dh/dh_meth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dh_locl.h" +#include "dh_local.h" #include #include diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 568831f1c2a7..1fd94deb4731 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -12,11 +12,11 @@ #include #include #include -#include "dh_locl.h" +#include "dh_local.h" #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* DH pkey context structure */ diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c index c4a219590e9e..e3603a05a322 100644 --- a/crypto/dh/dh_rfc5114.c +++ b/crypto/dh/dh_rfc5114.c @@ -9,9 +9,9 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" +#include "dh_local.h" #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" /* * Macro to make a DH structure from BIGNUM data. NB: although just copying diff --git a/crypto/dh/dh_rfc7919.c b/crypto/dh/dh_rfc7919.c index a54b468e552c..03d30a1f5d59 100644 --- a/crypto/dh/dh_rfc7919.c +++ b/crypto/dh/dh_rfc7919.c @@ -9,10 +9,10 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" +#include "dh_local.h" #include #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" static DH *dh_param_init(const BIGNUM *p, int32_t nbits) { diff --git a/crypto/dllmain.c b/crypto/dllmain.c index 0838c55e4897..e8217893b9ed 100644 --- a/crypto/dllmain.c +++ b/crypto/dllmain.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #if defined(_WIN32) || defined(__CYGWIN__) # ifdef __CYGWIN__ diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 49aa1ae23bab..2dcaa0815fd6 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -11,11 +11,11 @@ #include "internal/cryptlib.h" #include #include -#include "dsa_locl.h" +#include "dsa_local.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 6499e87ef318..9cafd5ca8a90 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" #include #include #include diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index af59a582b53e..5d066a06c546 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -21,7 +21,7 @@ #include #include #include -#include "dsa_locl.h" +#include "dsa_local.h" int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index a48af5849291..bdeddd4f61df 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "dsa_locl.h" +#include "dsa_local.h" static int dsa_builtin_keygen(DSA *dsa); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 1048601bebde..f98af5853dc1 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "dsa_locl.h" +#include "dsa_local.h" #include #include #include diff --git a/crypto/dsa/dsa_local.h b/crypto/dsa/dsa_local.h new file mode 100644 index 000000000000..a81a4b49788d --- /dev/null +++ b/crypto/dsa/dsa_local.h @@ -0,0 +1,77 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/refcount.h" + +struct dsa_st { + /* + * This first variable is used to pick up errors where a DSA is passed + * instead of of a EVP_PKEY + */ + int pad; + int32_t version; + BIGNUM *p; + BIGNUM *q; /* == 20 */ + BIGNUM *g; + BIGNUM *pub_key; /* y public key */ + BIGNUM *priv_key; /* x private key */ + int flags; + /* Normally used to cache montgomery values */ + BN_MONT_CTX *method_mont_p; + CRYPTO_REF_COUNT references; + CRYPTO_EX_DATA ex_data; + const DSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + CRYPTO_RWLOCK *lock; +}; + +struct DSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +}; + +struct dsa_method { + char *name; + DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); + int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1, + const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); + /* Can be null */ + int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*init) (DSA *dsa); + int (*finish) (DSA *dsa); + int flags; + void *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen) (DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen) (DSA *dsa); +}; + +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, + size_t seed_len, unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + +int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, + const EVP_MD *evpmd, const unsigned char *seed_in, + size_t seed_len, int idx, unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h deleted file mode 100644 index a81a4b49788d..000000000000 --- a/crypto/dsa/dsa_locl.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/refcount.h" - -struct dsa_st { - /* - * This first variable is used to pick up errors where a DSA is passed - * instead of of a EVP_PKEY - */ - int pad; - int32_t version; - BIGNUM *p; - BIGNUM *q; /* == 20 */ - BIGNUM *g; - BIGNUM *pub_key; /* y public key */ - BIGNUM *priv_key; /* x private key */ - int flags; - /* Normally used to cache montgomery values */ - BN_MONT_CTX *method_mont_p; - CRYPTO_REF_COUNT references; - CRYPTO_EX_DATA ex_data; - const DSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; - CRYPTO_RWLOCK *lock; -}; - -struct DSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -}; - -struct dsa_method { - char *name; - DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); - int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1, - const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); - /* Can be null */ - int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - int (*init) (DSA *dsa); - int (*finish) (DSA *dsa); - int flags; - void *app_data; - /* If this is non-NULL, it is used to generate DSA parameters */ - int (*dsa_paramgen) (DSA *dsa, int bits, - const unsigned char *seed, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb); - /* If this is non-NULL, it is used to generate DSA keys */ - int (*dsa_keygen) (DSA *dsa); -}; - -int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, - const EVP_MD *evpmd, const unsigned char *seed_in, - size_t seed_len, unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb); - -int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, - const EVP_MD *evpmd, const unsigned char *seed_in, - size_t seed_len, int idx, unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb); diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c index ff4fae44a7c3..1e6ee2f4ed3b 100644 --- a/crypto/dsa/dsa_meth.c +++ b/crypto/dsa/dsa_meth.c @@ -15,7 +15,7 @@ * or in the file LICENSE in the source distribution. */ -#include "dsa_locl.h" +#include "dsa_local.h" #include #include diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 16161dcadf22..a983def64e76 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -9,10 +9,10 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include #include -#include "dsa_locl.h" +#include "dsa_local.h" #include static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 1dd2fef9beb9..4ca3747a4646 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "dsa_locl.h" +#include "crypto/evp.h" +#include "dsa_local.h" /* DSA pkey context structure */ @@ -178,9 +178,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, } if (strcmp(type, "dsa_paramgen_q_bits") == 0) { int qbits = atoi(value); - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, - NULL); + return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits); } if (strcmp(type, "dsa_paramgen_md") == 0) { const EVP_MD *md = EVP_get_digestbyname(value); @@ -189,9 +187,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); return 0; } - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, - (void *)md); + return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md); } return -2; } diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index e9466b29f1d7..51c7754b93e4 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" #include DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 21f98cd94e5c..6f80a4aab7a5 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 290d73cf3575..3bbb10e5ca98 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #ifdef DSO_DL diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index ba3b55fcbffa..4719e8f4f337 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -16,7 +16,7 @@ # define _GNU_SOURCE /* make sure dladdr is declared */ #endif -#include "dso_locl.h" +#include "dso_local.h" #include "e_os.h" #ifdef DSO_DLFCN diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 2e75021d39ea..50a39bb7d5d8 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #include "internal/refcount.h" static DSO_METHOD *default_DSO_meth = NULL; diff --git a/crypto/dso/dso_local.h b/crypto/dso/dso_local.h new file mode 100644 index 000000000000..43b7df9d7832 --- /dev/null +++ b/crypto/dso/dso_local.h @@ -0,0 +1,107 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include "internal/dso.h" +#include "crypto/dso_conf.h" +#include "internal/refcount.h" + +/**********************************************************************/ +/* The low-level handle type used to refer to a loaded shared library */ + +struct dso_st { + DSO_METHOD *meth; + /* + * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use + * anything but will need to cache the filename for use in the dso_bind + * handler. All in all, let each method control its own destiny. + * "Handles" and such go in a STACK. + */ + STACK_OF(void) *meth_data; + CRYPTO_REF_COUNT references; + int flags; + /* + * For use by applications etc ... use this for your bits'n'pieces, don't + * touch meth_data! + */ + CRYPTO_EX_DATA ex_data; + /* + * If this callback function pointer is set to non-NULL, then it will be + * used in DSO_load() in place of meth->dso_name_converter. NB: This + * should normally set using DSO_set_name_converter(). + */ + DSO_NAME_CONVERTER_FUNC name_converter; + /* + * If this callback function pointer is set to non-NULL, then it will be + * used in DSO_load() in place of meth->dso_merger. NB: This should + * normally set using DSO_set_merger(). + */ + DSO_MERGER_FUNC merger; + /* + * This is populated with (a copy of) the platform-independent filename + * used for this DSO. + */ + char *filename; + /* + * This is populated with (a copy of) the translated filename by which + * the DSO was actually loaded. It is NULL iff the DSO is not currently + * loaded. NB: This is here because the filename translation process may + * involve a callback being invoked more than once not only to convert to + * a platform-specific form, but also to try different filenames in the + * process of trying to perform a load. As such, this variable can be + * used to indicate (a) whether this DSO structure corresponds to a + * loaded library or not, and (b) the filename with which it was actually + * loaded. + */ + char *loaded_filename; + CRYPTO_RWLOCK *lock; +}; + +struct dso_meth_st { + const char *name; + /* + * Loads a shared library, NB: new DSO_METHODs must ensure that a + * successful load populates the loaded_filename field, and likewise a + * successful unload OPENSSL_frees and NULLs it out. + */ + int (*dso_load) (DSO *dso); + /* Unloads a shared library */ + int (*dso_unload) (DSO *dso); + /* + * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should + * be cast to the real function prototype by the caller. Platforms that + * don't have compatible representations for different prototypes (this + * is possible within ANSI C) are highly unlikely to have shared + * libraries at all, let alone a DSO_METHOD implemented for them. + */ + DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); + /* + * The generic (yuck) "ctrl()" function. NB: Negative return values + * (rather than zero) indicate errors. + */ + long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); + /* + * The default DSO_METHOD-specific function for converting filenames to a + * canonical native form. + */ + DSO_NAME_CONVERTER_FUNC dso_name_converter; + /* + * The default DSO_METHOD-specific function for converting filenames to a + * canonical native form. + */ + DSO_MERGER_FUNC dso_merger; + /* [De]Initialisation handlers. */ + int (*init) (DSO *dso); + int (*finish) (DSO *dso); + /* Return pathname of the module containing location */ + int (*pathbyaddr) (void *addr, char *path, int sz); + /* Perform global symbol lookup, i.e. among *all* modules */ + void *(*globallookup) (const char *symname); +}; diff --git a/crypto/dso/dso_locl.h b/crypto/dso/dso_locl.h deleted file mode 100644 index 14a0ccb7c012..000000000000 --- a/crypto/dso/dso_locl.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/dso.h" -#include "internal/dso_conf.h" -#include "internal/refcount.h" - -/**********************************************************************/ -/* The low-level handle type used to refer to a loaded shared library */ - -struct dso_st { - DSO_METHOD *meth; - /* - * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use - * anything but will need to cache the filename for use in the dso_bind - * handler. All in all, let each method control its own destiny. - * "Handles" and such go in a STACK. - */ - STACK_OF(void) *meth_data; - CRYPTO_REF_COUNT references; - int flags; - /* - * For use by applications etc ... use this for your bits'n'pieces, don't - * touch meth_data! - */ - CRYPTO_EX_DATA ex_data; - /* - * If this callback function pointer is set to non-NULL, then it will be - * used in DSO_load() in place of meth->dso_name_converter. NB: This - * should normally set using DSO_set_name_converter(). - */ - DSO_NAME_CONVERTER_FUNC name_converter; - /* - * If this callback function pointer is set to non-NULL, then it will be - * used in DSO_load() in place of meth->dso_merger. NB: This should - * normally set using DSO_set_merger(). - */ - DSO_MERGER_FUNC merger; - /* - * This is populated with (a copy of) the platform-independent filename - * used for this DSO. - */ - char *filename; - /* - * This is populated with (a copy of) the translated filename by which - * the DSO was actually loaded. It is NULL iff the DSO is not currently - * loaded. NB: This is here because the filename translation process may - * involve a callback being invoked more than once not only to convert to - * a platform-specific form, but also to try different filenames in the - * process of trying to perform a load. As such, this variable can be - * used to indicate (a) whether this DSO structure corresponds to a - * loaded library or not, and (b) the filename with which it was actually - * loaded. - */ - char *loaded_filename; - CRYPTO_RWLOCK *lock; -}; - -struct dso_meth_st { - const char *name; - /* - * Loads a shared library, NB: new DSO_METHODs must ensure that a - * successful load populates the loaded_filename field, and likewise a - * successful unload OPENSSL_frees and NULLs it out. - */ - int (*dso_load) (DSO *dso); - /* Unloads a shared library */ - int (*dso_unload) (DSO *dso); - /* - * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should - * be cast to the real function prototype by the caller. Platforms that - * don't have compatible representations for different prototypes (this - * is possible within ANSI C) are highly unlikely to have shared - * libraries at all, let alone a DSO_METHOD implemented for them. - */ - DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); - /* - * The generic (yuck) "ctrl()" function. NB: Negative return values - * (rather than zero) indicate errors. - */ - long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); - /* - * The default DSO_METHOD-specific function for converting filenames to a - * canonical native form. - */ - DSO_NAME_CONVERTER_FUNC dso_name_converter; - /* - * The default DSO_METHOD-specific function for converting filenames to a - * canonical native form. - */ - DSO_MERGER_FUNC dso_merger; - /* [De]Initialisation handlers. */ - int (*init) (DSO *dso); - int (*finish) (DSO *dso); - /* Return pathname of the module containing location */ - int (*pathbyaddr) (void *addr, char *path, int sz); - /* Perform global symbol lookup, i.e. among *all* modules */ - void *(*globallookup) (const char *symname); -}; diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c index f0dd38ace259..c76a04db23f9 100644 --- a/crypto/dso/dso_openssl.c +++ b/crypto/dso/dso_openssl.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #ifdef DSO_NONE diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl index 83abbdd89578..ea538c0698d5 100755 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1394,7 +1394,7 @@ my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); # 256-bit vectors on top. Then note that we push # starting from r0, which means that we have copy of # input arguments just below these temporary vectors. -# We use three of them for !in1infty, !in2intfy and +# We use three of them for ~in1infty, ~in2infty and # result of check for zero. $code.=<<___; @@ -1424,7 +1424,7 @@ ecp_nistz256_point_add: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*18+8] @ !in2infty + str r12,[sp,#32*18+8] @ ~in2infty ldmia $a_ptr!,{r4-r11} @ copy in1_x add r3,sp,#$in1_x @@ -1445,7 +1445,7 @@ ecp_nistz256_point_add: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*18+4] @ !in1infty + str r12,[sp,#32*18+4] @ ~in1infty add $a_ptr,sp,#$in2_z add $b_ptr,sp,#$in2_z @@ -1510,33 +1510,20 @@ ecp_nistz256_point_add: orr $a0,$a0,$a2 orr $a4,$a4,$a6 orr $a0,$a0,$a7 - orrs $a0,$a0,$a4 + orr $a0,$a0,$a4 @ ~is_equal(U1,U2) - bne .Ladd_proceed @ is_equal(U1,U2)? + ldr $t0,[sp,#32*18+4] @ ~in1infty + ldr $t1,[sp,#32*18+8] @ ~in2infty + ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2) + mvn $t0,$t0 @ -1/0 -> 0/-1 + mvn $t1,$t1 @ -1/0 -> 0/-1 + orr $a0,$t0 + orr $a0,$t1 + orrs $a0,$t2 @ set flags - ldr $t0,[sp,#32*18+4] - ldr $t1,[sp,#32*18+8] - ldr $t2,[sp,#32*18+12] - tst $t0,$t1 - beq .Ladd_proceed @ (in1infty || in2infty)? - tst $t2,$t2 - beq .Ladd_double @ is_equal(S1,S2)? + @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) + bne .Ladd_proceed - ldr $r_ptr,[sp,#32*18+16] - eor r4,r4,r4 - eor r5,r5,r5 - eor r6,r6,r6 - eor r7,r7,r7 - eor r8,r8,r8 - eor r9,r9,r9 - eor r10,r10,r10 - eor r11,r11,r11 - stmia $r_ptr!,{r4-r11} - stmia $r_ptr!,{r4-r11} - stmia $r_ptr!,{r4-r11} - b .Ladd_done - -.align 4 .Ladd_double: ldr $a_ptr,[sp,#32*18+20] add sp,sp,#32*(18-5)+16 @ difference in frame sizes @@ -1601,15 +1588,15 @@ ecp_nistz256_point_add: add $b_ptr,sp,#$S2 bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); - ldr r11,[sp,#32*18+4] @ !in1intfy - ldr r12,[sp,#32*18+8] @ !in2intfy + ldr r11,[sp,#32*18+4] @ ~in1infty + ldr r12,[sp,#32*18+8] @ ~in2infty add r1,sp,#$res_x add r2,sp,#$in2_x - and r10,r11,r12 + and r10,r11,r12 @ ~in1infty & ~in2infty mvn r11,r11 add r3,sp,#$in1_x - and r11,r11,r12 - mvn r12,r12 + and r11,r11,r12 @ in1infty & ~in2infty + mvn r12,r12 @ in2infty ldr $r_ptr,[sp,#32*18+16] ___ for($i=0;$i<96;$i+=8) { # conditional moves @@ -1617,11 +1604,11 @@ $code.=<<___; ldmia r1!,{r4-r5} @ res_x ldmia r2!,{r6-r7} @ in2_x ldmia r3!,{r8-r9} @ in1_x - and r4,r4,r10 + and r4,r4,r10 @ ~in1infty & ~in2infty and r5,r5,r10 - and r6,r6,r11 + and r6,r6,r11 @ in1infty & ~in2infty and r7,r7,r11 - and r8,r8,r12 + and r8,r8,r12 @ in2infty and r9,r9,r12 orr r4,r4,r6 orr r5,r5,r7 @@ -1656,7 +1643,7 @@ my $Z1sqr = $S2; # 256-bit vectors on top. Then note that we push # starting from r0, which means that we have copy of # input arguments just below these temporary vectors. -# We use two of them for !in1infty, !in2intfy. +# We use two of them for ~in1infty, ~in2infty. my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); @@ -1687,7 +1674,7 @@ ecp_nistz256_point_add_affine: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*15+4] @ !in1infty + str r12,[sp,#32*15+4] @ ~in1infty ldmia $b_ptr!,{r4-r11} @ copy in2_x add r3,sp,#$in2_x @@ -1714,7 +1701,7 @@ ecp_nistz256_point_add_affine: it ne #endif movne r12,#-1 - str r12,[sp,#32*15+8] @ !in2infty + str r12,[sp,#32*15+8] @ ~in2infty add $a_ptr,sp,#$in1_z add $b_ptr,sp,#$in1_z @@ -1796,15 +1783,15 @@ ecp_nistz256_point_add_affine: add $b_ptr,sp,#$S2 bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); - ldr r11,[sp,#32*15+4] @ !in1intfy - ldr r12,[sp,#32*15+8] @ !in2intfy + ldr r11,[sp,#32*15+4] @ ~in1infty + ldr r12,[sp,#32*15+8] @ ~in2infty add r1,sp,#$res_x add r2,sp,#$in2_x - and r10,r11,r12 + and r10,r11,r12 @ ~in1infty & ~in2infty mvn r11,r11 add r3,sp,#$in1_x - and r11,r11,r12 - mvn r12,r12 + and r11,r11,r12 @ in1infty & ~in2infty + mvn r12,r12 @ in2infty ldr $r_ptr,[sp,#32*15] ___ for($i=0;$i<64;$i+=8) { # conditional moves @@ -1812,11 +1799,11 @@ $code.=<<___; ldmia r1!,{r4-r5} @ res_x ldmia r2!,{r6-r7} @ in2_x ldmia r3!,{r8-r9} @ in1_x - and r4,r4,r10 + and r4,r4,r10 @ ~in1infty & ~in2infty and r5,r5,r10 - and r6,r6,r11 + and r6,r6,r11 @ in1infty & ~in2infty and r7,r7,r11 - and r8,r8,r12 + and r8,r8,r12 @ in2infty and r9,r9,r12 orr r4,r4,r6 orr r5,r5,r7 @@ -1862,4 +1849,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl index 887ddfb1ea9b..e93e18f29f19 100755 --- a/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -722,7 +722,7 @@ $code.=<<___; .align 5 ecp_nistz256_point_double: .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! + stp x29,x30,[sp,#-96]! add x29,sp,#0 stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] @@ -855,7 +855,7 @@ ecp_nistz256_point_double: add sp,x29,#0 // destroy frame ldp x19,x20,[x29,#16] ldp x21,x22,[x29,#32] - ldp x29,x30,[sp],#80 + ldp x29,x30,[sp],#96 .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_double,.-ecp_nistz256_point_double @@ -872,7 +872,7 @@ my ($res_x,$res_y,$res_z, my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); # above map() describes stack layout with 12 temporary # 256-bit vectors on top. -my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26)); +my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp0,$temp1,$temp2)=map("x$_",(21..28)); $code.=<<___; .globl ecp_nistz256_point_add @@ -880,12 +880,13 @@ $code.=<<___; .align 5 ecp_nistz256_point_add: .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! + stp x29,x30,[sp,#-96]! add x29,sp,#0 stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] stp x23,x24,[sp,#48] stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] sub sp,sp,#32*12 ldp $a0,$a1,[$bp,#64] // in2_z @@ -899,7 +900,7 @@ ecp_nistz256_point_add: orr $t2,$a2,$a3 orr $in2infty,$t0,$t2 cmp $in2infty,#0 - csetm $in2infty,ne // !in2infty + csetm $in2infty,ne // ~in2infty add $rp,sp,#$Z2sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z2sqr, in2_z); @@ -909,7 +910,7 @@ ecp_nistz256_point_add: orr $t2,$a2,$a3 orr $in1infty,$t0,$t2 cmp $in1infty,#0 - csetm $in1infty,ne // !in1infty + csetm $in1infty,ne // ~in1infty add $rp,sp,#$Z1sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); @@ -950,7 +951,7 @@ ecp_nistz256_point_add: orr $acc0,$acc0,$acc1 // see if result is zero orr $acc2,$acc2,$acc3 - orr $temp,$acc0,$acc2 + orr $temp0,$acc0,$acc2 // ~is_equal(S1,S2) add $bp,sp,#$Z2sqr add $rp,sp,#$U1 @@ -971,32 +972,21 @@ ecp_nistz256_point_add: orr $acc0,$acc0,$acc1 // see if result is zero orr $acc2,$acc2,$acc3 - orr $acc0,$acc0,$acc2 - tst $acc0,$acc0 - b.ne .Ladd_proceed // is_equal(U1,U2)? + orr $acc0,$acc0,$acc2 // ~is_equal(U1,U2) - tst $in1infty,$in2infty - b.eq .Ladd_proceed // (in1infty || in2infty)? + mvn $temp1,$in1infty // -1/0 -> 0/-1 + mvn $temp2,$in2infty // -1/0 -> 0/-1 + orr $acc0,$acc0,$temp1 + orr $acc0,$acc0,$temp2 + orr $acc0,$acc0,$temp0 + cbnz $acc0,.Ladd_proceed // if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) - tst $temp,$temp - b.eq .Ladd_double // is_equal(S1,S2)? - - eor $a0,$a0,$a0 - eor $a1,$a1,$a1 - stp $a0,$a1,[$rp_real] - stp $a0,$a1,[$rp_real,#16] - stp $a0,$a1,[$rp_real,#32] - stp $a0,$a1,[$rp_real,#48] - stp $a0,$a1,[$rp_real,#64] - stp $a0,$a1,[$rp_real,#80] - b .Ladd_done - -.align 4 .Ladd_double: mov $ap,$ap_real mov $rp,$rp_real ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] add sp,sp,#32*(12-4) // difference in stack frames b .Ldouble_shortcut @@ -1081,14 +1071,14 @@ ___ for($i=0;$i<64;$i+=32) { # conditional moves $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne ldp $a0,$a1,[sp,#$res_x+$i+32] // res csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? ldp $a2,$a3,[sp,#$res_x+$i+48] csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne @@ -1102,13 +1092,13 @@ ___ } $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne csel $acc2,$t2,$acc2,ne @@ -1122,7 +1112,8 @@ $code.=<<___; ldp x21,x22,[x29,#32] ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] - ldp x29,x30,[sp],#80 + ldp x27,x28,[x29,#80] + ldp x29,x30,[sp],#96 .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_add,.-ecp_nistz256_point_add @@ -1166,7 +1157,7 @@ ecp_nistz256_point_add_affine: orr $t2,$a2,$a3 orr $in1infty,$t0,$t2 cmp $in1infty,#0 - csetm $in1infty,ne // !in1infty + csetm $in1infty,ne // ~in1infty ldp $acc0,$acc1,[$bp] // in2_x ldp $acc2,$acc3,[$bp,#16] @@ -1180,7 +1171,7 @@ ecp_nistz256_point_add_affine: orr $t0,$t0,$t2 orr $in2infty,$acc0,$t0 cmp $in2infty,#0 - csetm $in2infty,ne // !in2infty + csetm $in2infty,ne // ~in2infty add $rp,sp,#$Z1sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); @@ -1290,14 +1281,14 @@ ___ for($i=0;$i<64;$i+=32) { # conditional moves $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne ldp $a0,$a1,[sp,#$res_x+$i+32] // res csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? ldp $a2,$a3,[sp,#$res_x+$i+48] csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne @@ -1314,13 +1305,13 @@ ___ } $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne csel $acc2,$t2,$acc2,ne @@ -1880,4 +1871,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl index 794e56a082fc..5071d09ac2ec 100755 --- a/crypto/ec/asm/ecp_nistz256-avx2.pl +++ b/crypto/ec/asm/ecp_nistz256-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2014, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -47,7 +47,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -2077,4 +2077,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-ppc64.pl b/crypto/ec/asm/ecp_nistz256-ppc64.pl index 984c7f205056..2bf54e2aa544 100755 --- a/crypto/ec/asm/ecp_nistz256-ppc64.pl +++ b/crypto/ec/asm/ecp_nistz256-ppc64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2379,4 +2379,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl index 4383bea4a7be..042e122718b7 100755 --- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -3057,4 +3057,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl index 0c6fc665bf46..e926d69b020b 100755 --- a/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/crypto/ec/asm/ecp_nistz256-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1388,7 +1388,7 @@ for ($i=0;$i<7;$i++) { # above map() describes stack layout with 18 temporary # 256-bit vectors on top, then we take extra words for - # !in1infty, !in2infty, result of check for zero and + # ~in1infty, ~in2infty, result of check for zero and # OPENSSL_ia32cap_P copy. [one unused word for padding] &stack_push(8*18+5); if ($sse2) { @@ -1419,7 +1419,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*18+4,"esp"),"ebp"); # !in2infty + &mov (&DWP(32*18+4,"esp"),"ebp"); # ~in2infty &lea ("edi",&DWP($in1_x,"esp")); for($i=0;$i<96;$i+=16) { @@ -1441,7 +1441,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*18+0,"esp"),"ebp"); # !in1infty + &mov (&DWP(32*18+0,"esp"),"ebp"); # ~in1infty &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy &lea ("esi",&DWP($in2_z,"esp")); @@ -1516,23 +1516,19 @@ for ($i=0;$i<7;$i++) { &or ("eax",&DWP(0,"edi")); &or ("eax",&DWP(4,"edi")); &or ("eax",&DWP(8,"edi")); - &or ("eax",&DWP(12,"edi")); + &or ("eax",&DWP(12,"edi")); # ~is_equal(U1,U2) - &data_byte(0x3e); # predict taken - &jnz (&label("add_proceed")); # is_equal(U1,U2)? - - &mov ("eax",&DWP(32*18+0,"esp")); - &and ("eax",&DWP(32*18+4,"esp")); - &mov ("ebx",&DWP(32*18+8,"esp")); - &jz (&label("add_proceed")); # (in1infty || in2infty)? - &test ("ebx","ebx"); - &jz (&label("add_double")); # is_equal(S1,S2)? + &mov ("ebx",&DWP(32*18+0,"esp")); # ~in1infty + ¬ ("ebx"); # -1/0 -> 0/-1 + &or ("eax","ebx"); + &mov ("ebx",&DWP(32*18+4,"esp")); # ~in2infty + ¬ ("ebx"); # -1/0 -> 0/-1 + &or ("eax","ebx"); + &or ("eax",&DWP(32*18+8,"esp")); # ~is_equal(S1,S2) - &mov ("edi",&wparam(0)); - &xor ("eax","eax"); - &mov ("ecx",96/4); - &data_byte(0xfc,0xf3,0xab); # cld; stosd - &jmp (&label("add_done")); + # if (~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) + &data_byte(0x3e); # predict taken + &jnz (&label("add_proceed")); &set_label("add_double",16); &mov ("esi",&wparam(1)); @@ -1614,34 +1610,34 @@ for ($i=0;$i<7;$i++) { &lea ("edi",&DWP($res_y,"esp")); &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - &mov ("ebp",&DWP(32*18+0,"esp")); # !in1infty - &mov ("esi",&DWP(32*18+4,"esp")); # !in2infty + &mov ("ebp",&DWP(32*18+0,"esp")); # ~in1infty + &mov ("esi",&DWP(32*18+4,"esp")); # ~in2infty &mov ("edi",&wparam(0)); &mov ("edx","ebp"); ¬ ("ebp"); - &and ("edx","esi"); - &and ("ebp","esi"); - ¬ ("esi"); + &and ("edx","esi"); # ~in1infty & ~in2infty + &and ("ebp","esi"); # in1infty & ~in2infty + ¬ ("esi"); # in2infty ######################################## # conditional moves for($i=64;$i<96;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); &mov (&DWP($i,"edi"),"eax"); } for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); @@ -1668,7 +1664,7 @@ for ($i=0;$i<7;$i++) { # above map() describes stack layout with 15 temporary # 256-bit vectors on top, then we take extra words for - # !in1infty, !in2infty, and OPENSSL_ia32cap_P copy. + # ~in1infty, ~in2infty, and OPENSSL_ia32cap_P copy. &stack_push(8*15+3); if ($sse2) { &call ("_picup_eax"); @@ -1698,7 +1694,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*15+0,"esp"),"ebp"); # !in1infty + &mov (&DWP(32*15+0,"esp"),"ebp"); # ~in1infty &lea ("edi",&DWP($in2_x,"esp")); for($i=0;$i<64;$i+=16) { @@ -1724,7 +1720,7 @@ for ($i=0;$i<7;$i++) { &lea ("ebp",&DWP($in1_z,"esp")); &sar ("ebx",31); &lea ("edi",&DWP($Z1sqr,"esp")); - &mov (&DWP(32*15+4,"esp"),"ebx"); # !in2infty + &mov (&DWP(32*15+4,"esp"),"ebx"); # ~in2infty &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); @@ -1823,14 +1819,14 @@ for ($i=0;$i<7;$i++) { &lea ("edi",&DWP($res_y,"esp")); &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - &mov ("ebp",&DWP(32*15+0,"esp")); # !in1infty - &mov ("esi",&DWP(32*15+4,"esp")); # !in2infty + &mov ("ebp",&DWP(32*15+0,"esp")); # ~in1infty + &mov ("esi",&DWP(32*15+4,"esp")); # ~in2infty &mov ("edi",&wparam(0)); &mov ("edx","ebp"); ¬ ("ebp"); - &and ("edx","esi"); - &and ("ebp","esi"); - ¬ ("esi"); + &and ("edx","esi"); # ~in1infty & ~in2infty + &and ("ebp","esi"); # in1infty & ~in2infty + ¬ ("esi"); # in2infty ######################################## # conditional moves @@ -1848,11 +1844,11 @@ for ($i=0;$i<7;$i++) { &mov (&DWP($i,"edi"),"eax"); } for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); @@ -1863,4 +1859,4 @@ for ($i=0;$i<7;$i++) { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index 10ccc6414a49..de9b194510bf 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2014, Intel Corporation. All Rights Reserved. # Copyright (c) 2015 CloudFlare, Inc. # @@ -72,7 +72,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -1579,6 +1579,7 @@ $code.=<<___; .type ecp_nistz256_to_mont,\@function,2 .align 32 ecp_nistz256_to_mont: +.cfi_startproc ___ $code.=<<___ if ($addx); mov \$0x80100, %ecx @@ -1587,6 +1588,7 @@ ___ $code.=<<___; lea .LRR(%rip), $b_org jmp .Lmul_mont +.cfi_endproc .size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont ################################################################################ @@ -2562,6 +2564,7 @@ $code.=<<___; .type ecp_nistz256_scatter_w5,\@abi-omnipotent .align 32 ecp_nistz256_scatter_w5: +.cfi_startproc lea -3($index,$index,2), $index movdqa 0x00($in_t), %xmm0 shl \$5, $index @@ -2578,6 +2581,7 @@ ecp_nistz256_scatter_w5: movdqa %xmm5, 0x50($val,$index) ret +.cfi_endproc .size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 ################################################################################ @@ -2685,6 +2689,7 @@ $code.=<<___; .type ecp_nistz256_scatter_w7,\@abi-omnipotent .align 32 ecp_nistz256_scatter_w7: +.cfi_startproc movdqu 0x00($in_t), %xmm0 shl \$6, $index movdqu 0x10($in_t), %xmm1 @@ -2696,6 +2701,7 @@ ecp_nistz256_scatter_w7: movdqa %xmm3, 0x30($val,$index) ret +.cfi_endproc .size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 ################################################################################ @@ -3020,8 +3026,10 @@ $code.=<<___; .type ecp_nistz256_avx2_gather_w7,\@function,3 .align 32 ecp_nistz256_avx2_gather_w7: +.cfi_startproc .byte 0x0f,0x0b # ud2 ret +.cfi_endproc .size ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7 ___ } @@ -3617,29 +3625,19 @@ $code.=<<___; call __ecp_nistz256_sub_from$x # p256_sub(H, U2, U1); or $acc5, $acc4 # see if result is zero + or $acc0, $acc4 + or $acc1, $acc4 # !is_equal(U1, U2) + + movq %xmm2, $acc0 # in1infty | in2infty + movq %xmm3, $acc1 # !is_equal(S1, S2) + or $acc0, $acc4 or $acc1, $acc4 + # if (!is_equal(U1, U2) | in1infty | in2infty | !is_equal(S1, S2)) .byte 0x3e # predict taken - jnz .Ladd_proceed$x # is_equal(U1,U2)? - movq %xmm2, $acc0 - movq %xmm3, $acc1 - test $acc0, $acc0 - jnz .Ladd_proceed$x # (in1infty || in2infty)? - test $acc1, $acc1 - jz .Ladd_double$x # is_equal(S1,S2)? + jnz .Ladd_proceed$x - movq %xmm0, $r_ptr # restore $r_ptr - pxor %xmm0, %xmm0 - movdqu %xmm0, 0x00($r_ptr) - movdqu %xmm0, 0x10($r_ptr) - movdqu %xmm0, 0x20($r_ptr) - movdqu %xmm0, 0x30($r_ptr) - movdqu %xmm0, 0x40($r_ptr) - movdqu %xmm0, 0x50($r_ptr) - jmp .Ladd_done$x - -.align 32 .Ladd_double$x: movq %xmm1, $a_ptr # restore $a_ptr movq %xmm0, $r_ptr # restore $r_ptr @@ -4738,4 +4736,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/x25519-ppc64.pl b/crypto/ec/asm/x25519-ppc64.pl index 6e8b36420f53..f4b523bf8a08 100755 --- a/crypto/ec/asm/x25519-ppc64.pl +++ b/crypto/ec/asm/x25519-ppc64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -821,4 +821,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/x25519-x86_64.pl b/crypto/ec/asm/x25519-x86_64.pl index 18dc6af9fae9..3d9d1dc1ad0c 100755 --- a/crypto/ec/asm/x25519-x86_64.pl +++ b/crypto/ec/asm/x25519-x86_64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -90,7 +90,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -488,12 +488,14 @@ $code.=<<___; .type x25519_fe64_eligible,\@abi-omnipotent .align 32 x25519_fe64_eligible: +.cfi_startproc mov OPENSSL_ia32cap_P+8(%rip),%ecx xor %eax,%eax and \$0x80100,%ecx cmp \$0x80100,%ecx cmove %ecx,%eax ret +.cfi_endproc .size x25519_fe64_eligible,.-x25519_fe64_eligible .globl x25519_fe64_mul @@ -722,6 +724,7 @@ x25519_fe64_sqr: .align 32 x25519_fe64_mul121666: .Lfe64_mul121666_body: +.cfi_startproc mov \$121666,%edx mulx 8*0(%rsi),$acc0,%rcx mulx 8*1(%rsi),$acc1,%rax @@ -750,6 +753,7 @@ x25519_fe64_mul121666: .Lfe64_mul121666_epilogue: ret +.cfi_endproc .size x25519_fe64_mul121666,.-x25519_fe64_mul121666 .globl x25519_fe64_add @@ -757,6 +761,7 @@ x25519_fe64_mul121666: .align 32 x25519_fe64_add: .Lfe64_add_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -785,6 +790,7 @@ x25519_fe64_add: .Lfe64_add_epilogue: ret +.cfi_endproc .size x25519_fe64_add,.-x25519_fe64_add .globl x25519_fe64_sub @@ -792,6 +798,7 @@ x25519_fe64_add: .align 32 x25519_fe64_sub: .Lfe64_sub_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -820,6 +827,7 @@ x25519_fe64_sub: .Lfe64_sub_epilogue: ret +.cfi_endproc .size x25519_fe64_sub,.-x25519_fe64_sub .globl x25519_fe64_tobytes @@ -827,6 +835,7 @@ x25519_fe64_sub: .align 32 x25519_fe64_tobytes: .Lfe64_to_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -862,6 +871,7 @@ x25519_fe64_tobytes: .Lfe64_to_epilogue: ret +.cfi_endproc .size x25519_fe64_tobytes,.-x25519_fe64_tobytes ___ } else { @@ -870,8 +880,10 @@ $code.=<<___; .type x25519_fe64_eligible,\@abi-omnipotent .align 32 x25519_fe64_eligible: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size x25519_fe64_eligible,.-x25519_fe64_eligible .globl x25519_fe64_mul @@ -887,8 +899,10 @@ x25519_fe64_mul121666: x25519_fe64_add: x25519_fe64_sub: x25519_fe64_tobytes: +.cfi_startproc .byte 0x0f,0x0b # ud2 ret +.cfi_endproc .size x25519_fe64_mul,.-x25519_fe64_mul ___ } @@ -1114,4 +1128,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index c5d887ec4cd4..952da0e65385 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ diff --git a/crypto/ec/curve448/arch_32/arch_intrinsics.h b/crypto/ec/curve448/arch_32/arch_intrinsics.h index 48081c77170b..5f6389863d15 100644 --- a/crypto/ec/curve448/arch_32/arch_intrinsics.h +++ b/crypto/ec/curve448/arch_32/arch_intrinsics.h @@ -10,10 +10,10 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ARCH_32_ARCH_INTRINSICS_H -# define HEADER_ARCH_32_ARCH_INTRINSICS_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H +# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" # define ARCH_WORD_BITS 32 @@ -24,4 +24,4 @@ static ossl_inline uint64_t widemul(uint32_t a, uint32_t b) return ((uint64_t)a) * b; } -#endif /* HEADER_ARCH_32_ARCH_INTRINSICS_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H */ diff --git a/crypto/ec/curve448/arch_32/f_impl.h b/crypto/ec/curve448/arch_32/f_impl.h index bbde84a03897..e1ddddaee08d 100644 --- a/crypto/ec/curve448/arch_32/f_impl.h +++ b/crypto/ec/curve448/arch_32/f_impl.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ARCH_32_F_IMPL_H -# define HEADER_ARCH_32_F_IMPL_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H +# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H # define GF_HEADROOM 2 # define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28) @@ -57,4 +57,4 @@ void gf_weak_reduce(gf a) a->limb[0] = (a->limb[0] & mask) + tmp; } -#endif /* HEADER_ARCH_32_F_IMPL_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H */ diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c index 19bd3857812c..12d97f06795b 100644 --- a/crypto/ec/curve448/curve448.c +++ b/crypto/ec/curve448/curve448.c @@ -15,7 +15,7 @@ #include "point_448.h" #include "ed448.h" -#include "curve448_lcl.h" +#include "curve448_local.h" #define COFACTOR 4 diff --git a/crypto/ec/curve448/curve448_lcl.h b/crypto/ec/curve448/curve448_lcl.h deleted file mode 100644 index 2bc3bd84c86d..000000000000 --- a/crypto/ec/curve448/curve448_lcl.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#ifndef HEADER_CURVE448_LCL_H -# define HEADER_CURVE448_LCL_H -# include "curve448utils.h" - -int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], - const uint8_t peer_public_value[56]); - -void X448_public_from_private(uint8_t out_public_value[56], - const uint8_t private_key[56]); - -int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len); - -int ED448_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len); - -int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len); - -int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], - const uint8_t public_key[57], const uint8_t *context, - size_t context_len); - -int ED448_public_from_private(uint8_t out_public_key[57], - const uint8_t private_key[57]); - -#endif /* HEADER_CURVE448_LCL_H */ diff --git a/crypto/ec/curve448/curve448_local.h b/crypto/ec/curve448/curve448_local.h new file mode 100644 index 000000000000..b27770661f89 --- /dev/null +++ b/crypto/ec/curve448/curve448_local.h @@ -0,0 +1,38 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_CRYPTO_EC_CURVE448_LOCAL_H +# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H +# include "curve448utils.h" + +int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], + const uint8_t peer_public_value[56]); + +void X448_public_from_private(uint8_t out_public_value[56], + const uint8_t private_key[56]); + +int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len); + +int ED448_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len); + +int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len); + +int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], + const uint8_t public_key[57], const uint8_t *context, + size_t context_len); + +int ED448_public_from_private(uint8_t out_public_key[57], + const uint8_t private_key[57]); + +#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */ diff --git a/crypto/ec/curve448/curve448utils.h b/crypto/ec/curve448/curve448utils.h index 9032bb4f730a..86c258e745e4 100644 --- a/crypto/ec/curve448/curve448utils.h +++ b/crypto/ec/curve448/curve448utils.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_CURVE448UTILS_H -# define HEADER_CURVE448UTILS_H +#ifndef OSSL_CRYPTO_EC_CURVE448UTILS_H +# define OSSL_CRYPTO_EC_CURVE448UTILS_H # include diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h index 5fe939e8e19d..c1e5c2832f9b 100644 --- a/crypto/ec/curve448/ed448.h +++ b/crypto/ec/curve448/ed448.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ED448_H -# define HEADER_ED448_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ED448_H +# define OSSL_CRYPTO_EC_CURVE448_ED448_H # include "point_448.h" @@ -192,4 +192,4 @@ c448_error_t c448_ed448_convert_private_key_to_x448( uint8_t x[X448_PRIVATE_BYTES], const uint8_t ed[EDDSA_448_PRIVATE_BYTES]); -#endif /* HEADER_ED448_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */ diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index b28f7dff9138..82741f543549 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,7 +12,7 @@ #include #include #include -#include "curve448_lcl.h" +#include "curve448_local.h" #include "word.h" #include "ed448.h" #include "internal/numbers.h" @@ -50,7 +50,12 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, const uint8_t *context, size_t context_len) { - const char *dom_s = "SigEd448"; +#ifdef CHARSET_EBCDIC + const char dom_s[] = {0x53, 0x69, 0x67, 0x45, + 0x64, 0x34, 0x34, 0x38, 0x00}; +#else + const char dom_s[] = "SigEd448"; +#endif uint8_t dom[2]; if (context_len > UINT8_MAX) diff --git a/crypto/ec/curve448/field.h b/crypto/ec/curve448/field.h index d96d4c023d44..ccd04482d205 100644 --- a/crypto/ec/curve448/field.h +++ b/crypto/ec/curve448/field.h @@ -10,10 +10,10 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_FIELD_H -# define HEADER_FIELD_H +#ifndef OSSL_CRYPTO_EC_CURVE448_FIELD_H +# define OSSL_CRYPTO_EC_CURVE448_FIELD_H -# include "internal/constant_time_locl.h" +# include "internal/constant_time.h" # include # include # include "word.h" @@ -165,4 +165,4 @@ static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap) } } -#endif /* HEADER_FIELD_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_FIELD_H */ diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h index 399f91b9a1d9..93e715fd9c8d 100644 --- a/crypto/ec/curve448/point_448.h +++ b/crypto/ec/curve448/point_448.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_POINT_448_H -# define HEADER_POINT_448_H +#ifndef OSSL_CRYPTO_EC_CURVE448_POINT_448_H +# define OSSL_CRYPTO_EC_CURVE448_POINT_448_H # include "curve448utils.h" # include "field.h" @@ -298,4 +298,4 @@ void curve448_scalar_destroy(curve448_scalar_t scalar); /* Overwrite point with zeros. */ void curve448_point_destroy(curve448_point_t point); -#endif /* HEADER_POINT_448_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */ diff --git a/crypto/ec/curve448/word.h b/crypto/ec/curve448/word.h index a48b9e053a5c..237cc9b63139 100644 --- a/crypto/ec/curve448/word.h +++ b/crypto/ec/curve448/word.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_WORD_H -# define HEADER_WORD_H +#ifndef OSSL_CRYPTO_EC_CURVE448_WORD_H +# define OSSL_CRYPTO_EC_CURVE448_WORD_H # include # include @@ -78,4 +78,4 @@ static ossl_inline mask_t bool_to_mask(c448_bool_t m) return ret; } -#endif /* HEADER_WORD_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_WORD_H */ diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index ee300518d69c..48543265eeab 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -10,7 +10,7 @@ #include -#include "ec_lcl.h" +#include "ec_local.h" #ifndef OPENSSL_NO_EC2M diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 898e741fcb97..84e5537a034a 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -10,8 +10,8 @@ #include -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #ifndef OPENSSL_NO_EC2M diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index c086f47ab3cc..221038373921 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -14,9 +14,9 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "ec_lcl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "ec_local.h" #ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 1ce1181fc10a..336afc989d30 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #include #include @@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, unsigned char *buffer = NULL; const EC_POINT *point = NULL; point_conversion_form_t form; + ASN1_INTEGER *orig; if (params == NULL) { if ((ret = ECPARAMETERS_new()) == NULL) { @@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB); goto err; } - ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); + ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); if (ret->order == NULL) { + ret->order = orig; ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } @@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, /* set the cofactor (optional) */ tmp = EC_GROUP_get0_cofactor(group); if (tmp != NULL) { - ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); + ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); if (ret->cofactor == NULL) { + ret->cofactor = orig; ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } @@ -846,6 +849,20 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) * serialized using explicit parameters by default. */ EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); + + /* + * If the input params do not contain the optional seed field we make + * sure it is not added to the returned group. + * + * The seed field is not really used inside libcrypto anyway, and + * adding it to parsed explicit parameter keys would alter their DER + * encoding output (because of the extra field) which could impact + * applications fingerprinting keys by their DER encoding. + */ + if (params->curve->seed == NULL) { + if (EC_GROUP_set_seed(ret, NULL, 0) != 1) + goto err; + } } ok = 1; diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index eeb06ec1cbe3..d0706d2857e6 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ec_lcl.h" +#include "ec_local.h" #include int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 477349d4413e..8de486cbd763 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -9,7 +9,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #include #include diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index 0ec346c125ad..944e317d9d14 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -9,7 +9,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 9349abf03079..08aaac5d8a6f 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include -#include "ec_lcl.h" +#include "ec_local.h" #include "internal/refcount.h" #include #include diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 64a5d20872e4..53a4a9295201 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -11,7 +11,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" static const EC_KEY_METHOD openssl_ec_key_method = { diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h deleted file mode 100644 index fbdb04ea3a04..000000000000 --- a/crypto/ec/ec_lcl.h +++ /dev/null @@ -1,739 +0,0 @@ -/* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include -#include "internal/refcount.h" -#include "internal/ec_int.h" - -#if defined(__SUNPRO_C) -# if __SUNPRO_C >= 0x520 -# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -# endif -#endif - -/* Use default functions for poin2oct, oct2point and compressed coordinates */ -#define EC_FLAGS_DEFAULT_OCT 0x1 - -/* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */ -#define EC_FLAGS_CUSTOM_CURVE 0x2 - -/* Curve does not support signing operations */ -#define EC_FLAGS_NO_SIGN 0x4 - -/* - * Structure details are not part of the exported interface, so all this may - * change in future versions. - */ - -struct ec_method_st { - /* Various method flags */ - int flags; - /* used by EC_METHOD_get_field_type: */ - int field_type; /* a NID */ - /* - * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, - * EC_GROUP_copy: - */ - int (*group_init) (EC_GROUP *); - void (*group_finish) (EC_GROUP *); - void (*group_clear_finish) (EC_GROUP *); - int (*group_copy) (EC_GROUP *, const EC_GROUP *); - /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */ - int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, - BN_CTX *); - /* used by EC_GROUP_get_degree: */ - int (*group_get_degree) (const EC_GROUP *); - int (*group_order_bits) (const EC_GROUP *); - /* used by EC_GROUP_check: */ - int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *); - /* - * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, - * EC_POINT_copy: - */ - int (*point_init) (EC_POINT *); - void (*point_finish) (EC_POINT *); - void (*point_clear_finish) (EC_POINT *); - int (*point_copy) (EC_POINT *, const EC_POINT *); - /*- - * used by EC_POINT_set_to_infinity, - * EC_POINT_set_Jprojective_coordinates_GFp, - * EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates, - * EC_POINT_get_affine_coordinates, - * EC_POINT_set_compressed_coordinates: - */ - int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); - int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *, - EC_POINT *, const BIGNUM *x, - const BIGNUM *y, - const BIGNUM *z, BN_CTX *); - int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BIGNUM *z, - BN_CTX *); - int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *); - int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BN_CTX *); - int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); - /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ - size_t (*point2oct) (const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, unsigned char *buf, - size_t len, BN_CTX *); - int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf, - size_t len, BN_CTX *); - /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */ - int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); - int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); - int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *); - /* - * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: - */ - int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *); - int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *); - int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, - BN_CTX *); - /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */ - int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *); - int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[], - BN_CTX *); - /* - * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, - * EC_POINT_have_precompute_mult (default implementations are used if the - * 'mul' pointer is 0): - */ - /*- - * mul() calculates the value - * - * r := generator * scalar - * + points[0] * scalars[0] - * + ... - * + points[num-1] * scalars[num-1]. - * - * For a fixed point multiplication (scalar != NULL, num == 0) - * or a variable point multiplication (scalar == NULL, num == 1), - * mul() must use a constant time algorithm: in both cases callers - * should provide an input scalar (either scalar or scalars[0]) - * in the range [0, ec_group_order); for robustness, implementers - * should handle the case when the scalar has not been reduced, but - * may treat it as an unusual input, without any constant-timeness - * guarantee. - */ - int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); - int (*precompute_mult) (EC_GROUP *group, BN_CTX *); - int (*have_precompute_mult) (const EC_GROUP *group); - /* internal functions */ - /* - * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and - * 'dbl' so that the same implementations of point operations can be used - * with different optimized implementations of expensive field - * operations: - */ - int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); - int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - /*- - * 'field_inv' computes the multiplicative inverse of a in the field, - * storing the result in r. - * - * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error. - */ - int (*field_inv) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); - /* e.g. to Montgomery */ - int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); - /* e.g. from Montgomery */ - int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); - int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *); - /* private key operations */ - size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len); - int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len); - int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key); - int (*keygen)(EC_KEY *eckey); - int (*keycheck)(const EC_KEY *eckey); - int (*keygenpub)(EC_KEY *eckey); - int (*keycopy)(EC_KEY *dst, const EC_KEY *src); - void (*keyfinish)(EC_KEY *eckey); - /* custom ECDH operation */ - int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); - /* Inverse modulo order */ - int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, - const BIGNUM *x, BN_CTX *); - int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); - int (*ladder_pre)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); - int (*ladder_step)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); - int (*ladder_post)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); -}; - -/* - * Types and functions to manipulate pre-computed values. - */ -typedef struct nistp224_pre_comp_st NISTP224_PRE_COMP; -typedef struct nistp256_pre_comp_st NISTP256_PRE_COMP; -typedef struct nistp521_pre_comp_st NISTP521_PRE_COMP; -typedef struct nistz256_pre_comp_st NISTZ256_PRE_COMP; -typedef struct ec_pre_comp_st EC_PRE_COMP; - -struct ec_group_st { - const EC_METHOD *meth; - EC_POINT *generator; /* optional */ - BIGNUM *order, *cofactor; - int curve_name; /* optional NID for named curve */ - int asn1_flag; /* flag to control the asn1 encoding */ - point_conversion_form_t asn1_form; - unsigned char *seed; /* optional seed for parameters (appears in - * ASN1) */ - size_t seed_len; - /* - * The following members are handled by the method functions, even if - * they appear generic - */ - /* - * Field specification. For curves over GF(p), this is the modulus; for - * curves over GF(2^m), this is the irreducible polynomial defining the - * field. - */ - BIGNUM *field; - /* - * Field specification for curves over GF(2^m). The irreducible f(t) is - * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m = - * poly[0] > poly[1] > ... > poly[k] = 0. The array is terminated with - * poly[k+1]=-1. All elliptic curve irreducibles have at most 5 non-zero - * terms. - */ - int poly[6]; - /* - * Curve coefficients. (Here the assumption is that BIGNUMs can be used - * or abused for all kinds of fields, not just GF(p).) For characteristic - * > 3, the curve is defined by a Weierstrass equation of the form y^2 = - * x^3 + a*x + b. For characteristic 2, the curve is defined by an - * equation of the form y^2 + x*y = x^3 + a*x^2 + b. - */ - BIGNUM *a, *b; - /* enable optimized point arithmetics for special case */ - int a_is_minus3; - /* method-specific (e.g., Montgomery structure) */ - void *field_data1; - /* method-specific */ - void *field_data2; - /* method-specific */ - int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *); - /* data for ECDSA inverse */ - BN_MONT_CTX *mont_data; - - /* - * Precomputed values for speed. The PCT_xxx names match the - * pre_comp.xxx union names; see the SETPRECOMP and HAVEPRECOMP - * macros, below. - */ - enum { - PCT_none, - PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256, - PCT_ec - } pre_comp_type; - union { - NISTP224_PRE_COMP *nistp224; - NISTP256_PRE_COMP *nistp256; - NISTP521_PRE_COMP *nistp521; - NISTZ256_PRE_COMP *nistz256; - EC_PRE_COMP *ec; - } pre_comp; -}; - -#define SETPRECOMP(g, type, pre) \ - g->pre_comp_type = PCT_##type, g->pre_comp.type = pre -#define HAVEPRECOMP(g, type) \ - g->pre_comp_type == PCT_##type && g->pre_comp.type != NULL - -struct ec_key_st { - const EC_KEY_METHOD *meth; - ENGINE *engine; - int version; - EC_GROUP *group; - EC_POINT *pub_key; - BIGNUM *priv_key; - unsigned int enc_flag; - point_conversion_form_t conv_form; - CRYPTO_REF_COUNT references; - int flags; - CRYPTO_EX_DATA ex_data; - CRYPTO_RWLOCK *lock; -}; - -struct ec_point_st { - const EC_METHOD *meth; - /* NID for the curve if known */ - int curve_name; - /* - * All members except 'meth' are handled by the method functions, even if - * they appear generic - */ - BIGNUM *X; - BIGNUM *Y; - BIGNUM *Z; /* Jacobian projective coordinates: * (X, Y, - * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */ - int Z_is_one; /* enable optimized point arithmetics for - * special case */ -}; - -static ossl_inline int ec_point_is_compat(const EC_POINT *point, - const EC_GROUP *group) -{ - if (group->meth != point->meth - || (group->curve_name != 0 - && point->curve_name != 0 - && group->curve_name != point->curve_name)) - return 0; - - return 1; -} - -NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); -NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); -NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); -NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *); -NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); -EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *); - -void EC_pre_comp_free(EC_GROUP *group); -void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *); -void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *); -void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *); -void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *); -void EC_ec_pre_comp_free(EC_PRE_COMP *); - -/* - * method functions in ec_mult.c (ec_lib.c uses these as defaults if - * group->method->mul is 0) - */ -int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); -int ec_wNAF_have_precompute_mult(const EC_GROUP *group); - -/* method functions in ecp_smpl.c */ -int ec_GFp_simple_group_init(EC_GROUP *); -void ec_GFp_simple_group_finish(EC_GROUP *); -void ec_GFp_simple_group_clear_finish(EC_GROUP *); -int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); -int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *); -int ec_GFp_simple_group_get_degree(const EC_GROUP *); -int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); -int ec_GFp_simple_point_init(EC_POINT *); -void ec_GFp_simple_point_finish(EC_POINT *); -void ec_GFp_simple_point_clear_finish(EC_POINT *); -int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); -int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); -int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, - EC_POINT *, const BIGNUM *x, - const BIGNUM *y, - const BIGNUM *z, BN_CTX *); -int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BIGNUM *z, - BN_CTX *); -int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, - const BIGNUM *y, BN_CTX *); -int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BN_CTX *); -int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); -size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *); -int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *buf, size_t len, BN_CTX *); -int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); -int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - BN_CTX *); -int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); -int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); -int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); -int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, - BN_CTX *); -int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); -int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, - EC_POINT *[], BN_CTX *); -int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx); -int ec_GFp_simple_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); -int ec_GFp_simple_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); -int ec_GFp_simple_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); - -/* method functions in ecp_mont.c */ -int ec_GFp_mont_group_init(EC_GROUP *); -int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -void ec_GFp_mont_group_finish(EC_GROUP *); -void ec_GFp_mont_group_clear_finish(EC_GROUP *); -int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); -int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); - -/* method functions in ecp_nist.c */ -int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); -int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); - -/* method functions in ec2_smpl.c */ -int ec_GF2m_simple_group_init(EC_GROUP *); -void ec_GF2m_simple_group_finish(EC_GROUP *); -void ec_GF2m_simple_group_clear_finish(EC_GROUP *); -int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); -int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *); -int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *); -int ec_GF2m_simple_group_get_degree(const EC_GROUP *); -int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); -int ec_GF2m_simple_point_init(EC_POINT *); -void ec_GF2m_simple_point_finish(EC_POINT *); -void ec_GF2m_simple_point_clear_finish(EC_POINT *); -int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); -int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); -int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, - const BIGNUM *y, BN_CTX *); -int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BN_CTX *); -int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); -size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *); -int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *buf, size_t len, BN_CTX *); -int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); -int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - BN_CTX *); -int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); -int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); -int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); -int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, - BN_CTX *); -int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); -int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, - EC_POINT *[], BN_CTX *); -int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -/* method functions in ecp_nistp224.c */ -int ec_GFp_nistp224_group_init(EC_GROUP *group); -int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); -int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); -int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); -int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group); - -/* method functions in ecp_nistp256.c */ -int ec_GFp_nistp256_group_init(EC_GROUP *group); -int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); -int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); -int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); -int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group); - -/* method functions in ecp_nistp521.c */ -int ec_GFp_nistp521_group_init(EC_GROUP *group); -int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); -int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); -int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); -int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group); - -/* utility functions in ecp_nistputil.c */ -void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, - size_t felem_size, - void *tmp_felems, - void (*felem_one) (void *out), - int (*felem_is_zero) (const void - *in), - void (*felem_assign) (void *out, - const void - *in), - void (*felem_square) (void *out, - const void - *in), - void (*felem_mul) (void *out, - const void - *in1, - const void - *in2), - void (*felem_inv) (void *out, - const void - *in), - void (*felem_contract) (void - *out, - const - void - *in)); -void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, - unsigned char *digit, unsigned char in); -#endif -int ec_group_simple_order_bits(const EC_GROUP *group); - -#ifdef ECP_NISTZ256_ASM -/** Returns GFp methods using montgomery multiplication, with x86-64 optimized - * P256. See http://eprint.iacr.org/2013/816. - * \return EC_METHOD object - */ -const EC_METHOD *EC_GFp_nistz256_method(void); -#endif - -size_t ec_key_simple_priv2oct(const EC_KEY *eckey, - unsigned char *buf, size_t len); -int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); -int ec_key_simple_generate_key(EC_KEY *eckey); -int ec_key_simple_generate_public_key(EC_KEY *eckey); -int ec_key_simple_check_key(const EC_KEY *eckey); - -int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); - -/* EC_METHOD definitions */ - -struct ec_key_method_st { - const char *name; - int32_t flags; - int (*init)(EC_KEY *key); - void (*finish)(EC_KEY *key); - int (*copy)(EC_KEY *dest, const EC_KEY *src); - int (*set_group)(EC_KEY *key, const EC_GROUP *grp); - int (*set_private)(EC_KEY *key, const BIGNUM *priv_key); - int (*set_public)(EC_KEY *key, const EC_POINT *pub_key); - int (*keygen)(EC_KEY *key); - int (*compute_key)(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); - int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char - *sig, unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *r, EC_KEY *eckey); - int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey); - - int (*verify)(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); - int (*verify_sig)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); -}; - -#define EC_KEY_METHOD_DYNAMIC 1 - -int ossl_ec_key_gen(EC_KEY *eckey); -int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); -int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); - -struct ECDSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -}; - -int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); -int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); -ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey); -int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); -int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); - -int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[32], const uint8_t private_key[32]); -int ED25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[64], const uint8_t public_key[32]); -void ED25519_public_from_private(uint8_t out_public_key[32], - const uint8_t private_key[32]); - -int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], - const uint8_t peer_public_value[32]); -void X25519_public_from_private(uint8_t out_public_value[32], - const uint8_t private_key[32]); - -/*- - * This functions computes a single point multiplication over the EC group, - * using, at a high level, a Montgomery ladder with conditional swaps, with - * various timing attack defenses. - * - * It performs either a fixed point multiplication - * (scalar * generator) - * when point is NULL, or a variable point multiplication - * (scalar * point) - * when point is not NULL. - * - * `scalar` cannot be NULL and should be in the range [0,n) otherwise all - * constant time bets are off (where n is the cardinality of the EC group). - * - * This function expects `group->order` and `group->cardinality` to be well - * defined and non-zero: it fails with an error code otherwise. - * - * NB: This says nothing about the constant-timeness of the ladder step - * implementation (i.e., the default implementation is based on EC_POINT_add and - * EC_POINT_dbl, which of course are not constant time themselves) or the - * underlying multiprecision arithmetic. - * - * The product is stored in `r`. - * - * This is an internal function: callers are in charge of ensuring that the - * input parameters `group`, `r`, `scalar` and `ctx` are not NULL. - * - * Returns 1 on success, 0 otherwise. - */ -int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, const EC_POINT *point, - BN_CTX *ctx); - -int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); - -static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - if (group->meth->ladder_pre != NULL) - return group->meth->ladder_pre(group, r, s, p, ctx); - - if (!EC_POINT_copy(s, p) - || !EC_POINT_dbl(group, r, s, ctx)) - return 0; - - return 1; -} - -static ossl_inline int ec_point_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - if (group->meth->ladder_step != NULL) - return group->meth->ladder_step(group, r, s, p, ctx); - - if (!EC_POINT_add(group, s, r, s, ctx) - || !EC_POINT_dbl(group, r, r, ctx)) - return 0; - - return 1; - -} - -static ossl_inline int ec_point_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - if (group->meth->ladder_post != NULL) - return group->meth->ladder_post(group, r, s, p, ctx); - - return 1; -} diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 1289c8608edd..3554ada82797 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -13,7 +13,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" /* functions for EC_GROUP objects */ diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h new file mode 100644 index 000000000000..e656fbd5e775 --- /dev/null +++ b/crypto/ec/ec_local.h @@ -0,0 +1,739 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include +#include +#include +#include "internal/refcount.h" +#include "crypto/ec.h" + +#if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +#endif + +/* Use default functions for poin2oct, oct2point and compressed coordinates */ +#define EC_FLAGS_DEFAULT_OCT 0x1 + +/* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */ +#define EC_FLAGS_CUSTOM_CURVE 0x2 + +/* Curve does not support signing operations */ +#define EC_FLAGS_NO_SIGN 0x4 + +/* + * Structure details are not part of the exported interface, so all this may + * change in future versions. + */ + +struct ec_method_st { + /* Various method flags */ + int flags; + /* used by EC_METHOD_get_field_type: */ + int field_type; /* a NID */ + /* + * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, + * EC_GROUP_copy: + */ + int (*group_init) (EC_GROUP *); + void (*group_finish) (EC_GROUP *); + void (*group_clear_finish) (EC_GROUP *); + int (*group_copy) (EC_GROUP *, const EC_GROUP *); + /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */ + int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); + int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *); + /* used by EC_GROUP_get_degree: */ + int (*group_get_degree) (const EC_GROUP *); + int (*group_order_bits) (const EC_GROUP *); + /* used by EC_GROUP_check: */ + int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *); + /* + * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, + * EC_POINT_copy: + */ + int (*point_init) (EC_POINT *); + void (*point_finish) (EC_POINT *); + void (*point_clear_finish) (EC_POINT *); + int (*point_copy) (EC_POINT *, const EC_POINT *); + /*- + * used by EC_POINT_set_to_infinity, + * EC_POINT_set_Jprojective_coordinates_GFp, + * EC_POINT_get_Jprojective_coordinates_GFp, + * EC_POINT_set_affine_coordinates, + * EC_POINT_get_affine_coordinates, + * EC_POINT_set_compressed_coordinates: + */ + int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); + int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *, + EC_POINT *, const BIGNUM *x, + const BIGNUM *y, + const BIGNUM *z, BN_CTX *); + int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *, + const EC_POINT *, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *); + int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *); + int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *, + BIGNUM *x, BIGNUM *y, BN_CTX *); + int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, + BN_CTX *); + /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ + size_t (*point2oct) (const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, unsigned char *buf, + size_t len, BN_CTX *); + int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf, + size_t len, BN_CTX *); + /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */ + int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *); + int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); + int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *); + /* + * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: + */ + int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *); + int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *); + int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, + BN_CTX *); + /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */ + int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *); + int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[], + BN_CTX *); + /* + * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, + * EC_POINT_have_precompute_mult (default implementations are used if the + * 'mul' pointer is 0): + */ + /*- + * mul() calculates the value + * + * r := generator * scalar + * + points[0] * scalars[0] + * + ... + * + points[num-1] * scalars[num-1]. + * + * For a fixed point multiplication (scalar != NULL, num == 0) + * or a variable point multiplication (scalar == NULL, num == 1), + * mul() must use a constant time algorithm: in both cases callers + * should provide an input scalar (either scalar or scalars[0]) + * in the range [0, ec_group_order); for robustness, implementers + * should handle the case when the scalar has not been reduced, but + * may treat it as an unusual input, without any constant-timeness + * guarantee. + */ + int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); + int (*precompute_mult) (EC_GROUP *group, BN_CTX *); + int (*have_precompute_mult) (const EC_GROUP *group); + /* internal functions */ + /* + * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and + * 'dbl' so that the same implementations of point operations can be used + * with different optimized implementations of expensive field + * operations: + */ + int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); + int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); + int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); + /*- + * 'field_inv' computes the multiplicative inverse of a in the field, + * storing the result in r. + * + * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error. + */ + int (*field_inv) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); + /* e.g. to Montgomery */ + int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); + /* e.g. from Montgomery */ + int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); + int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *); + /* private key operations */ + size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len); + int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len); + int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key); + int (*keygen)(EC_KEY *eckey); + int (*keycheck)(const EC_KEY *eckey); + int (*keygenpub)(EC_KEY *eckey); + int (*keycopy)(EC_KEY *dst, const EC_KEY *src); + void (*keyfinish)(EC_KEY *eckey); + /* custom ECDH operation */ + int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); + /* Inverse modulo order */ + int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, + const BIGNUM *x, BN_CTX *); + int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); + int (*ladder_pre)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); + int (*ladder_step)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); + int (*ladder_post)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); +}; + +/* + * Types and functions to manipulate pre-computed values. + */ +typedef struct nistp224_pre_comp_st NISTP224_PRE_COMP; +typedef struct nistp256_pre_comp_st NISTP256_PRE_COMP; +typedef struct nistp521_pre_comp_st NISTP521_PRE_COMP; +typedef struct nistz256_pre_comp_st NISTZ256_PRE_COMP; +typedef struct ec_pre_comp_st EC_PRE_COMP; + +struct ec_group_st { + const EC_METHOD *meth; + EC_POINT *generator; /* optional */ + BIGNUM *order, *cofactor; + int curve_name; /* optional NID for named curve */ + int asn1_flag; /* flag to control the asn1 encoding */ + point_conversion_form_t asn1_form; + unsigned char *seed; /* optional seed for parameters (appears in + * ASN1) */ + size_t seed_len; + /* + * The following members are handled by the method functions, even if + * they appear generic + */ + /* + * Field specification. For curves over GF(p), this is the modulus; for + * curves over GF(2^m), this is the irreducible polynomial defining the + * field. + */ + BIGNUM *field; + /* + * Field specification for curves over GF(2^m). The irreducible f(t) is + * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m = + * poly[0] > poly[1] > ... > poly[k] = 0. The array is terminated with + * poly[k+1]=-1. All elliptic curve irreducibles have at most 5 non-zero + * terms. + */ + int poly[6]; + /* + * Curve coefficients. (Here the assumption is that BIGNUMs can be used + * or abused for all kinds of fields, not just GF(p).) For characteristic + * > 3, the curve is defined by a Weierstrass equation of the form y^2 = + * x^3 + a*x + b. For characteristic 2, the curve is defined by an + * equation of the form y^2 + x*y = x^3 + a*x^2 + b. + */ + BIGNUM *a, *b; + /* enable optimized point arithmetics for special case */ + int a_is_minus3; + /* method-specific (e.g., Montgomery structure) */ + void *field_data1; + /* method-specific */ + void *field_data2; + /* method-specific */ + int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *); + /* data for ECDSA inverse */ + BN_MONT_CTX *mont_data; + + /* + * Precomputed values for speed. The PCT_xxx names match the + * pre_comp.xxx union names; see the SETPRECOMP and HAVEPRECOMP + * macros, below. + */ + enum { + PCT_none, + PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256, + PCT_ec + } pre_comp_type; + union { + NISTP224_PRE_COMP *nistp224; + NISTP256_PRE_COMP *nistp256; + NISTP521_PRE_COMP *nistp521; + NISTZ256_PRE_COMP *nistz256; + EC_PRE_COMP *ec; + } pre_comp; +}; + +#define SETPRECOMP(g, type, pre) \ + g->pre_comp_type = PCT_##type, g->pre_comp.type = pre +#define HAVEPRECOMP(g, type) \ + g->pre_comp_type == PCT_##type && g->pre_comp.type != NULL + +struct ec_key_st { + const EC_KEY_METHOD *meth; + ENGINE *engine; + int version; + EC_GROUP *group; + EC_POINT *pub_key; + BIGNUM *priv_key; + unsigned int enc_flag; + point_conversion_form_t conv_form; + CRYPTO_REF_COUNT references; + int flags; + CRYPTO_EX_DATA ex_data; + CRYPTO_RWLOCK *lock; +}; + +struct ec_point_st { + const EC_METHOD *meth; + /* NID for the curve if known */ + int curve_name; + /* + * All members except 'meth' are handled by the method functions, even if + * they appear generic + */ + BIGNUM *X; + BIGNUM *Y; + BIGNUM *Z; /* Jacobian projective coordinates: * (X, Y, + * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */ + int Z_is_one; /* enable optimized point arithmetics for + * special case */ +}; + +static ossl_inline int ec_point_is_compat(const EC_POINT *point, + const EC_GROUP *group) +{ + if (group->meth != point->meth + || (group->curve_name != 0 + && point->curve_name != 0 + && group->curve_name != point->curve_name)) + return 0; + + return 1; +} + +NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); +NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); +NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); +NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *); +NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); +EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *); + +void EC_pre_comp_free(EC_GROUP *group); +void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *); +void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *); +void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *); +void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *); +void EC_ec_pre_comp_free(EC_PRE_COMP *); + +/* + * method functions in ec_mult.c (ec_lib.c uses these as defaults if + * group->method->mul is 0) + */ +int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); +int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); +int ec_wNAF_have_precompute_mult(const EC_GROUP *group); + +/* method functions in ecp_smpl.c */ +int ec_GFp_simple_group_init(EC_GROUP *); +void ec_GFp_simple_group_finish(EC_GROUP *); +void ec_GFp_simple_group_clear_finish(EC_GROUP *); +int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); +int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *); +int ec_GFp_simple_group_get_degree(const EC_GROUP *); +int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); +int ec_GFp_simple_point_init(EC_POINT *); +void ec_GFp_simple_point_finish(EC_POINT *); +void ec_GFp_simple_point_clear_finish(EC_POINT *); +int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); +int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); +int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, + EC_POINT *, const BIGNUM *x, + const BIGNUM *y, + const BIGNUM *z, BN_CTX *); +int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, + const EC_POINT *, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *); +int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, + const BIGNUM *y, BN_CTX *); +int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, + const EC_POINT *, BIGNUM *x, + BIGNUM *y, BN_CTX *); +int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, + BN_CTX *); +size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *); +int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, + const unsigned char *buf, size_t len, BN_CTX *); +int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *); +int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, + BN_CTX *); +int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); +int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); +int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, + BN_CTX *); +int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, + EC_POINT *[], BN_CTX *); +int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); +int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); +int ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); +int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, + BN_CTX *ctx); +int ec_GFp_simple_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); +int ec_GFp_simple_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); +int ec_GFp_simple_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); + +/* method functions in ecp_mont.c */ +int ec_GFp_mont_group_init(EC_GROUP *); +int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); +void ec_GFp_mont_group_finish(EC_GROUP *); +void ec_GFp_mont_group_clear_finish(EC_GROUP *); +int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); +int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); +int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); +int ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); +int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); +int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); +int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); + +/* method functions in ecp_nist.c */ +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); +int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); +int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); +int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); + +/* method functions in ec2_smpl.c */ +int ec_GF2m_simple_group_init(EC_GROUP *); +void ec_GF2m_simple_group_finish(EC_GROUP *); +void ec_GF2m_simple_group_clear_finish(EC_GROUP *); +int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); +int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *); +int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *); +int ec_GF2m_simple_group_get_degree(const EC_GROUP *); +int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); +int ec_GF2m_simple_point_init(EC_POINT *); +void ec_GF2m_simple_point_finish(EC_POINT *); +void ec_GF2m_simple_point_clear_finish(EC_POINT *); +int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); +int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); +int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, + const BIGNUM *y, BN_CTX *); +int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, + const EC_POINT *, BIGNUM *x, + BIGNUM *y, BN_CTX *); +int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, + BN_CTX *); +size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *); +int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, + const unsigned char *buf, size_t len, BN_CTX *); +int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *); +int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, + BN_CTX *); +int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); +int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); +int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, + BN_CTX *); +int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, + EC_POINT *[], BN_CTX *); +int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); +int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + BN_CTX *); +int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *); + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/* method functions in ecp_nistp224.c */ +int ec_GFp_nistp224_group_init(EC_GROUP *group); +int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *); +int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx); +int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); +int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx); +int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group); + +/* method functions in ecp_nistp256.c */ +int ec_GFp_nistp256_group_init(EC_GROUP *group); +int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *); +int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx); +int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); +int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx); +int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group); + +/* method functions in ecp_nistp521.c */ +int ec_GFp_nistp521_group_init(EC_GROUP *group); +int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *); +int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, + BIGNUM *x, BIGNUM *y, + BN_CTX *ctx); +int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], const BIGNUM *scalars[], + BN_CTX *); +int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx); +int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group); + +/* utility functions in ecp_nistputil.c */ +void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, + size_t felem_size, + void *tmp_felems, + void (*felem_one) (void *out), + int (*felem_is_zero) (const void + *in), + void (*felem_assign) (void *out, + const void + *in), + void (*felem_square) (void *out, + const void + *in), + void (*felem_mul) (void *out, + const void + *in1, + const void + *in2), + void (*felem_inv) (void *out, + const void + *in), + void (*felem_contract) (void + *out, + const + void + *in)); +void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, + unsigned char *digit, unsigned char in); +#endif +int ec_group_simple_order_bits(const EC_GROUP *group); + +#ifdef ECP_NISTZ256_ASM +/** Returns GFp methods using montgomery multiplication, with x86-64 optimized + * P256. See http://eprint.iacr.org/2013/816. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistz256_method(void); +#endif + +size_t ec_key_simple_priv2oct(const EC_KEY *eckey, + unsigned char *buf, size_t len); +int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); +int ec_key_simple_generate_key(EC_KEY *eckey); +int ec_key_simple_generate_public_key(EC_KEY *eckey); +int ec_key_simple_check_key(const EC_KEY *eckey); + +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); + +/* EC_METHOD definitions */ + +struct ec_key_method_st { + const char *name; + int32_t flags; + int (*init)(EC_KEY *key); + void (*finish)(EC_KEY *key); + int (*copy)(EC_KEY *dest, const EC_KEY *src); + int (*set_group)(EC_KEY *key, const EC_GROUP *grp); + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key); + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key); + int (*keygen)(EC_KEY *key); + int (*compute_key)(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); + int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char + *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *r, EC_KEY *eckey); + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey); + + int (*verify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); + int (*verify_sig)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); +}; + +#define EC_KEY_METHOD_DYNAMIC 1 + +int ossl_ec_key_gen(EC_KEY *eckey); +int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); +int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); + +struct ECDSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +}; + +int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); +int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); +ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey); +int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); +int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[32], const uint8_t private_key[32]); +int ED25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[64], const uint8_t public_key[32]); +void ED25519_public_from_private(uint8_t out_public_key[32], + const uint8_t private_key[32]); + +int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], + const uint8_t peer_public_value[32]); +void X25519_public_from_private(uint8_t out_public_value[32], + const uint8_t private_key[32]); + +/*- + * This functions computes a single point multiplication over the EC group, + * using, at a high level, a Montgomery ladder with conditional swaps, with + * various timing attack defenses. + * + * It performs either a fixed point multiplication + * (scalar * generator) + * when point is NULL, or a variable point multiplication + * (scalar * point) + * when point is not NULL. + * + * `scalar` cannot be NULL and should be in the range [0,n) otherwise all + * constant time bets are off (where n is the cardinality of the EC group). + * + * This function expects `group->order` and `group->cardinality` to be well + * defined and non-zero: it fails with an error code otherwise. + * + * NB: This says nothing about the constant-timeness of the ladder step + * implementation (i.e., the default implementation is based on EC_POINT_add and + * EC_POINT_dbl, which of course are not constant time themselves) or the + * underlying multiprecision arithmetic. + * + * The product is stored in `r`. + * + * This is an internal function: callers are in charge of ensuring that the + * input parameters `group`, `r`, `scalar` and `ctx` are not NULL. + * + * Returns 1 on success, 0 otherwise. + */ +int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx); + +int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); + +static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_pre != NULL) + return group->meth->ladder_pre(group, r, s, p, ctx); + + if (!EC_POINT_copy(s, p) + || !EC_POINT_dbl(group, r, s, ctx)) + return 0; + + return 1; +} + +static ossl_inline int ec_point_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_step != NULL) + return group->meth->ladder_step(group, r, s, p, ctx); + + if (!EC_POINT_add(group, s, r, s, ctx) + || !EC_POINT_dbl(group, r, r, ctx)) + return 0; + + return 1; + +} + +static ossl_inline int ec_point_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_post != NULL) + return group->meth->ladder_post(group, r, s, p, ctx); + + return 1; +} diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 57bdf116f1b6..7980a6728288 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -12,8 +12,8 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #include "internal/refcount.h" /* diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index 522f79e67360..7ddc86b047ca 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -13,7 +13,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 454be16c5439..64d2cc93a620 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -12,9 +12,9 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* EC pkey context structure */ diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c index 027a51928aab..660fc400fb75 100644 --- a/crypto/ec/ec_print.c +++ b/crypto/ec/ec_print.c @@ -9,7 +9,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *point, @@ -39,13 +39,13 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, EC_POINT *ret; if ((buf_len = BN_num_bytes(bn)) == 0) - return NULL; + buf_len = 1; if ((buf = OPENSSL_malloc(buf_len)) == NULL) { ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE); return NULL; } - if (!BN_bn2bin(bn, buf)) { + if (!BN_bn2binpad(bn, buf, buf_len)) { OPENSSL_free(buf); return NULL; } diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index d686f9d897df..96efac62f66f 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -10,7 +10,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" /* Key derivation function from X9.63/SECG */ /* Way more than we will ever need */ diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index ab51ee7138ff..0be00d43da4e 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -17,7 +17,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, const EC_POINT *pub_key, const EC_KEY *ecdh) diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index c35ed2dcd0e7..1da87bfb5e39 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -11,8 +11,8 @@ #include #include #include -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, @@ -309,7 +309,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, goto err; ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); err: - OPENSSL_clear_free(der, derlen); + OPENSSL_free(der); ECDSA_SIG_free(s); return ret; } diff --git a/crypto/ec/ecdsa_sign.c b/crypto/ec/ecdsa_sign.c index aee06e991bad..dc79c8c8e3df 100644 --- a/crypto/ec/ecdsa_sign.c +++ b/crypto/ec/ecdsa_sign.c @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c index f61a20063e4b..ff597bdc143c 100644 --- a/crypto/ec/ecdsa_vrf.c +++ b/crypto/ec/ecdsa_vrf.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include /*- @@ -23,7 +23,7 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, if (eckey->meth->verify_sig != NULL) return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED); - return 0; + return -1; } /*- @@ -39,5 +39,5 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len, eckey); ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED); - return 0; + return -1; } diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 252e66ef3791..bdc39d5efb0e 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -10,7 +10,7 @@ #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_mont_method(void) { diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 5eaa99d8402b..9fd01279a891 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -12,7 +12,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_nist_method(void) { diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index fbbdb9d9386c..9a9ced8f1343 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -907,6 +907,7 @@ static void point_add(felem x3, felem y3, felem z3, felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out; widefelem tmp, tmp2; limb z1_is_zero, z2_is_zero, x_equal, y_equal; + limb points_equal; if (!mixed) { /* ftmp2 = z2^2 */ @@ -963,15 +964,41 @@ static void point_add(felem x3, felem y3, felem z3, felem_reduce(ftmp, tmp); /* - * the formulae are incorrect if the points are equal so we check for - * this and do doubling if this happens + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. */ x_equal = felem_is_zero(ftmp); y_equal = felem_is_zero(ftmp3); + /* + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + */ z1_is_zero = felem_is_zero(z1); z2_is_zero = felem_is_zero(z2); - /* In affine coordinates, (X_1, Y_1) == (X_2, Y_2) */ - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + + /* + * Compared to `ecp_nistp256.c` and `ecp_nistp521.c`, in this + * specific implementation `felem_is_zero()` returns truth as `0x1` + * (rather than `0xff..ff`). + * + * This implies that `~true` in this implementation becomes + * `0xff..fe` (rather than `0x0`): for this reason, to be used in + * the if expression, we mask out only the last bit in the next + * line. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)) & 1; + + if (points_equal) { + /* + * This is obviously not constant-time but, as mentioned before, this + * case never happens during single point multiplication, so there is no + * timing leak for ECDH or ECDSA signing. + */ point_double(x3, y3, z3, x1, y1, z1); return; } diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 22ba69aa44ba..e23e9d2a0b34 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,7 +39,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -74,8 +74,8 @@ static const felem_bytearray nistp256_curve_params[5] = { {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, /* b */ - {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, + {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, /* b */ 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b}, @@ -1241,6 +1241,7 @@ static void point_add(felem x3, felem y3, felem z3, longfelem tmp, tmp2; smallfelem small1, small2, small3, small4, small5; limb x_equal, y_equal, z1_is_zero, z2_is_zero; + limb points_equal; felem_shrink(small3, z1); @@ -1340,7 +1341,26 @@ static void point_add(felem x3, felem y3, felem z3, felem_shrink(small1, ftmp5); y_equal = smallfelem_is_zero(small1); - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + /* + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. + * + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)); + + if (points_equal) { + /* + * This is obviously not constant-time but, as mentioned before, this + * case never happens during single point multiplication, so there is no + * timing leak for ECDH or ECDSA signing. + */ point_double(x3, y3, z3, x1, y1, z1); return; } diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 6340f4827937..75eeba853679 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -1158,6 +1158,7 @@ static void point_add(felem x3, felem y3, felem z3, felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; largefelem tmp, tmp2; limb x_equal, y_equal, z1_is_zero, z2_is_zero; + limb points_equal; z1_is_zero = felem_is_zero(z1); z2_is_zero = felem_is_zero(z2); @@ -1242,7 +1243,24 @@ static void point_add(felem x3, felem y3, felem z3, felem_scalar64(ftmp5, 2); /* ftmp5[i] < 2^61 */ - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + /* + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. + * + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + * + * Notice the comment below on the implications of this branching for timing + * leaks and why it is considered practically irrelevant. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)); + + if (points_equal) { /* * This is obviously not constant-time but it will almost-never happen * for ECDH / ECDSA. The case where it can happen is during scalar-mult diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c index f89a2f0aacc1..60e1325c340f 100644 --- a/crypto/ec/ecp_nistputil.c +++ b/crypto/ec/ecp_nistputil.c @@ -33,7 +33,7 @@ NON_EMPTY_TRANSLATION_UNIT */ # include -# include "ec_lcl.h" +# include "ec_local.h" /* * Convert an array of points into affine coordinates. (If the point at diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 7ad5eb627de1..ba9268138862 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2014, Intel Corporation. All Rights Reserved. * Copyright (c) 2015, CloudFlare, Inc. * @@ -21,8 +21,8 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #include "internal/refcount.h" #if BN_BITS2 != 64 @@ -358,16 +358,47 @@ static void ecp_nistz256_point_add(P256_POINT *r, ecp_nistz256_sub(H, U2, U1); /* H = U2 - U1 */ /* - * This should not happen during sign/ecdh, so no constant time violation + * The formulae are incorrect if the points are equal so we check for + * this and do doubling if this happens. + * + * Points here are in Jacobian projective coordinates (Xi, Yi, Zi) + * that are bound to the affine coordinates (xi, yi) by the following + * equations: + * - xi = Xi / (Zi)^2 + * - y1 = Yi / (Zi)^3 + * + * For the sake of optimization, the algorithm operates over + * intermediate variables U1, U2 and S1, S2 that are derived from + * the projective coordinates: + * - U1 = X1 * (Z2)^2 ; U2 = X2 * (Z1)^2 + * - S1 = Y1 * (Z2)^3 ; S2 = Y2 * (Z1)^3 + * + * It is easy to prove that is_equal(U1, U2) implies that the affine + * x-coordinates are equal, or either point is at infinity. + * Likewise is_equal(S1, S2) implies that the affine y-coordinates are + * equal, or either point is at infinity. + * + * The special case of either point being the point at infinity (Z1 or Z2 + * is zero), is handled separately later on in this function, so we avoid + * jumping to point_double here in those special cases. + * + * When both points are inverse of each other, we know that the affine + * x-coordinates are equal, and the y-coordinates have different sign. + * Therefore since U1 = U2, we know H = 0, and therefore Z3 = H*Z1*Z2 + * will equal 0, thus the result is infinity, if we simply let this + * function continue normally. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. */ - if (is_equal(U1, U2) && !in1infty && !in2infty) { - if (is_equal(S1, S2)) { - ecp_nistz256_point_double(r, a); - return; - } else { - memset(r, 0, sizeof(*r)); - return; - } + if (is_equal(U1, U2) & ~in1infty & ~in2infty & is_equal(S1, S2)) { + /* + * This is obviously not constant-time but it should never happen during + * single point multiplication, so there is no timing leak for ECDH or + * ECDSA signing. + */ + ecp_nistz256_point_double(r, a); + return; } ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index 7ade1b3d2173..9460763256fd 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -11,7 +11,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index e6e4c9d2cbb7..b354bfe9ce9e 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -11,7 +11,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_simple_method(void) { diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index c87419b5db38..9dc5259e4afc 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -12,10 +12,10 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "ec_lcl.h" -#include "curve448/curve448_lcl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "ec_local.h" +#include "curve448/curve448_local.h" #define X25519_BITS 253 #define X25519_SECURITY_BITS 128 @@ -191,7 +191,7 @@ static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) } rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE); - ASN1_OCTET_STRING_free(oct); + ASN1_STRING_clear_free(oct); return rv; } diff --git a/crypto/engine/README b/crypto/engine/README index c7a5696ca14c..0f8a8fbde410 100644 --- a/crypto/engine/README +++ b/crypto/engine/README @@ -9,7 +9,7 @@ for masochists" document *and* a rather extensive commit log message. (I'd get lynched for sticking all this in CHANGES or the commit mails :-). ENGINE_TABLE underlies this restructuring, as described in the internal header -"eng_int.h", implemented in eng_table.c, and used in each of the "class" files; +"eng_local.h", implemented in eng_table.c, and used in each of the "class" files; tb_rsa.c, tb_dsa.c, etc. However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index af306ccffc12..b675ed7892e2 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "eng_int.h" +#include "eng_local.h" void ENGINE_load_builtin_engines(void) { diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index 6f0a066d06d1..df00df6acd61 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include /* #define ENGINE_CONF_DEBUG */ diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index 3bc4aab16fed..e65e78447b43 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* * When querying a ENGINE-specific control command's 'description', this diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c index a727c6f64606..49e9ce1af33b 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -22,7 +22,7 @@ #include #include -#include "internal/engine.h" +#include "crypto/engine.h" /* #define ENGINE_DEVCRYPTO_DEBUG */ diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 843226c077db..06e677290a70 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include "internal/dso.h" #include diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index 591fddc8e4fb..fe231a65f658 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -8,7 +8,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include int ENGINE_set_default(ENGINE *e, unsigned int flags) diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c index 7c235fc472a2..6c9063f8f681 100644 --- a/crypto/engine/eng_init.c +++ b/crypto/engine/eng_init.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" /* * Initialise a engine type for use (or up its functional reference count if diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h deleted file mode 100644 index b95483341e20..000000000000 --- a/crypto/engine/eng_int.h +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_ENGINE_INT_H -# define HEADER_ENGINE_INT_H - -# include "internal/cryptlib.h" -# include "internal/engine.h" -# include "internal/thread_once.h" -# include "internal/refcount.h" - -extern CRYPTO_RWLOCK *global_engine_lock; - -/* - * If we compile with this symbol defined, then both reference counts in the - * ENGINE structure will be monitored with a line of output on stderr for - * each change. This prints the engine's pointer address (truncated to - * unsigned int), "struct" or "funct" to indicate the reference type, the - * before and after reference count, and the file:line-number pair. The - * "engine_ref_debug" statements must come *after* the change. - */ -# ifdef ENGINE_REF_COUNT_DEBUG - -# define engine_ref_debug(e, isfunct, diff) \ - fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \ - (unsigned int)(e), (isfunct ? "funct" : "struct"), \ - ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \ - ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ - (OPENSSL_FILE), (OPENSSL_LINE)) - -# else - -# define engine_ref_debug(e, isfunct, diff) - -# endif - -/* - * Any code that will need cleanup operations should use these functions to - * register callbacks. engine_cleanup_int() will call all registered - * callbacks in order. NB: both the "add" functions assume the engine lock to - * already be held (in "write" mode). - */ -typedef void (ENGINE_CLEANUP_CB) (void); -typedef struct st_engine_cleanup_item { - ENGINE_CLEANUP_CB *cb; -} ENGINE_CLEANUP_ITEM; -DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM) -void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); -void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); - -/* We need stacks of ENGINEs for use in eng_table.c */ -DEFINE_STACK_OF(ENGINE) - -/* - * If this symbol is defined then engine_table_select(), the function that is - * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults - * and functional references (etc), will display debugging summaries to - * stderr. - */ -/* #define ENGINE_TABLE_DEBUG */ - -/* - * This represents an implementation table. Dependent code should instantiate - * it as a (ENGINE_TABLE *) pointer value set initially to NULL. - */ -typedef struct st_engine_table ENGINE_TABLE; -int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, - int setdefault); -void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e); -void engine_table_cleanup(ENGINE_TABLE **table); -# ifndef ENGINE_TABLE_DEBUG -ENGINE *engine_table_select(ENGINE_TABLE **table, int nid); -# else -ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, - int l); -# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE) -# endif -typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk, - ENGINE *def, void *arg); -void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, - void *arg); - -/* - * Internal versions of API functions that have control over locking. These - * are used between C files when functionality needs to be shared but the - * caller may already be controlling of the engine lock. - */ -int engine_unlocked_init(ENGINE *e); -int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers); -int engine_free_util(ENGINE *e, int not_locked); - -/* - * This function will reset all "set"able values in an ENGINE to NULL. This - * won't touch reference counts or ex_data, but is equivalent to calling all - * the ENGINE_set_***() functions with a NULL value. - */ -void engine_set_all_null(ENGINE *e); - -/* - * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now - * exposed in engine.h. - */ - -/* Free up dynamically allocated public key methods associated with ENGINE */ - -void engine_pkey_meths_free(ENGINE *e); -void engine_pkey_asn1_meths_free(ENGINE *e); - -/* Once initialisation function */ -extern CRYPTO_ONCE engine_lock_init; -DECLARE_RUN_ONCE(do_engine_lock_init) - -/* - * This is a structure for storing implementations of various crypto - * algorithms and functions. - */ -struct engine_st { - const char *id; - const char *name; - const RSA_METHOD *rsa_meth; - const DSA_METHOD *dsa_meth; - const DH_METHOD *dh_meth; - const EC_KEY_METHOD *ec_meth; - const RAND_METHOD *rand_meth; - /* Cipher handling is via this callback */ - ENGINE_CIPHERS_PTR ciphers; - /* Digest handling is via this callback */ - ENGINE_DIGESTS_PTR digests; - /* Public key handling via this callback */ - ENGINE_PKEY_METHS_PTR pkey_meths; - /* ASN1 public key handling via this callback */ - ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths; - ENGINE_GEN_INT_FUNC_PTR destroy; - ENGINE_GEN_INT_FUNC_PTR init; - ENGINE_GEN_INT_FUNC_PTR finish; - ENGINE_CTRL_FUNC_PTR ctrl; - ENGINE_LOAD_KEY_PTR load_privkey; - ENGINE_LOAD_KEY_PTR load_pubkey; - ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; - const ENGINE_CMD_DEFN *cmd_defns; - int flags; - /* reference count on the structure itself */ - CRYPTO_REF_COUNT struct_ref; - /* - * reference count on usability of the engine type. NB: This controls the - * loading and initialisation of any functionality required by this - * engine, whereas the previous count is simply to cope with - * (de)allocation of this structure. Hence, running_ref <= struct_ref at - * all times. - */ - int funct_ref; - /* A place to store per-ENGINE data */ - CRYPTO_EX_DATA ex_data; - /* Used to maintain the linked-list of engines. */ - struct engine_st *prev; - struct engine_st *next; -}; - -typedef struct st_engine_pile ENGINE_PILE; - -DEFINE_LHASH_OF(ENGINE_PILE); - -#endif /* HEADER_ENGINE_INT_H */ diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index d7f2026fac54..b851ff695756 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" #include #include "internal/refcount.h" diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 45c339c54157..1352fb7c961d 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -8,7 +8,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* * The linked-list of pointers to engine types. engine_list_head incorporates diff --git a/crypto/engine/eng_local.h b/crypto/engine/eng_local.h new file mode 100644 index 000000000000..8ef7172b9f45 --- /dev/null +++ b/crypto/engine/eng_local.h @@ -0,0 +1,171 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H +# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H + +# include "internal/cryptlib.h" +# include "crypto/engine.h" +# include "internal/thread_once.h" +# include "internal/refcount.h" + +extern CRYPTO_RWLOCK *global_engine_lock; + +/* + * If we compile with this symbol defined, then both reference counts in the + * ENGINE structure will be monitored with a line of output on stderr for + * each change. This prints the engine's pointer address (truncated to + * unsigned int), "struct" or "funct" to indicate the reference type, the + * before and after reference count, and the file:line-number pair. The + * "engine_ref_debug" statements must come *after* the change. + */ +# ifdef ENGINE_REF_COUNT_DEBUG + +# define engine_ref_debug(e, isfunct, diff) \ + fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \ + (unsigned int)(e), (isfunct ? "funct" : "struct"), \ + ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \ + ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ + (OPENSSL_FILE), (OPENSSL_LINE)) + +# else + +# define engine_ref_debug(e, isfunct, diff) + +# endif + +/* + * Any code that will need cleanup operations should use these functions to + * register callbacks. engine_cleanup_int() will call all registered + * callbacks in order. NB: both the "add" functions assume the engine lock to + * already be held (in "write" mode). + */ +typedef void (ENGINE_CLEANUP_CB) (void); +typedef struct st_engine_cleanup_item { + ENGINE_CLEANUP_CB *cb; +} ENGINE_CLEANUP_ITEM; +DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM) +void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); +void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); + +/* We need stacks of ENGINEs for use in eng_table.c */ +DEFINE_STACK_OF(ENGINE) + +/* + * If this symbol is defined then engine_table_select(), the function that is + * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults + * and functional references (etc), will display debugging summaries to + * stderr. + */ +/* #define ENGINE_TABLE_DEBUG */ + +/* + * This represents an implementation table. Dependent code should instantiate + * it as a (ENGINE_TABLE *) pointer value set initially to NULL. + */ +typedef struct st_engine_table ENGINE_TABLE; +int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, + ENGINE *e, const int *nids, int num_nids, + int setdefault); +void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e); +void engine_table_cleanup(ENGINE_TABLE **table); +# ifndef ENGINE_TABLE_DEBUG +ENGINE *engine_table_select(ENGINE_TABLE **table, int nid); +# else +ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, + int l); +# define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE) +# endif +typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk, + ENGINE *def, void *arg); +void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, + void *arg); + +/* + * Internal versions of API functions that have control over locking. These + * are used between C files when functionality needs to be shared but the + * caller may already be controlling of the engine lock. + */ +int engine_unlocked_init(ENGINE *e); +int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers); +int engine_free_util(ENGINE *e, int not_locked); + +/* + * This function will reset all "set"able values in an ENGINE to NULL. This + * won't touch reference counts or ex_data, but is equivalent to calling all + * the ENGINE_set_***() functions with a NULL value. + */ +void engine_set_all_null(ENGINE *e); + +/* + * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now + * exposed in engine.h. + */ + +/* Free up dynamically allocated public key methods associated with ENGINE */ + +void engine_pkey_meths_free(ENGINE *e); +void engine_pkey_asn1_meths_free(ENGINE *e); + +/* Once initialisation function */ +extern CRYPTO_ONCE engine_lock_init; +DECLARE_RUN_ONCE(do_engine_lock_init) + +/* + * This is a structure for storing implementations of various crypto + * algorithms and functions. + */ +struct engine_st { + const char *id; + const char *name; + const RSA_METHOD *rsa_meth; + const DSA_METHOD *dsa_meth; + const DH_METHOD *dh_meth; + const EC_KEY_METHOD *ec_meth; + const RAND_METHOD *rand_meth; + /* Cipher handling is via this callback */ + ENGINE_CIPHERS_PTR ciphers; + /* Digest handling is via this callback */ + ENGINE_DIGESTS_PTR digests; + /* Public key handling via this callback */ + ENGINE_PKEY_METHS_PTR pkey_meths; + /* ASN1 public key handling via this callback */ + ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths; + ENGINE_GEN_INT_FUNC_PTR destroy; + ENGINE_GEN_INT_FUNC_PTR init; + ENGINE_GEN_INT_FUNC_PTR finish; + ENGINE_CTRL_FUNC_PTR ctrl; + ENGINE_LOAD_KEY_PTR load_privkey; + ENGINE_LOAD_KEY_PTR load_pubkey; + ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; + const ENGINE_CMD_DEFN *cmd_defns; + int flags; + /* reference count on the structure itself */ + CRYPTO_REF_COUNT struct_ref; + /* + * reference count on usability of the engine type. NB: This controls the + * loading and initialisation of any functionality required by this + * engine, whereas the previous count is simply to cope with + * (de)allocation of this structure. Hence, running_ref <= struct_ref at + * all times. + */ + int funct_ref; + /* A place to store per-ENGINE data */ + CRYPTO_EX_DATA ex_data; + /* Used to maintain the linked-list of engines. */ + struct engine_st *prev; + struct engine_st *next; +}; + +typedef struct st_engine_pile ENGINE_PILE; + +DEFINE_LHASH_OF(ENGINE_PILE); + +#endif /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */ diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index d9b3067a1322..25631fb879ee 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -11,7 +11,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/engine.h" +#include "crypto/engine.h" #include #include #include @@ -167,7 +167,7 @@ static int bind_fn(ENGINE *e, const char *id) } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */ #ifdef TEST_ENG_OPENSSL_RC4 /*- diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index 305a648feb6a..e813bc6db0e6 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* Basic get/set stuff */ diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c index 261e5debbfd7..9dceb1671099 100644 --- a/crypto/engine/eng_rdrand.c +++ b/crypto/engine/eng_rdrand.c @@ -11,7 +11,7 @@ #include #include -#include "internal/engine.h" +#include "crypto/engine.h" #include #include #include diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index ac4b02fc12a8..72f393dbe143 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include #include -#include "eng_int.h" +#include "eng_local.h" /* The type of the items in the table */ struct st_engine_pile { @@ -26,7 +26,7 @@ struct st_engine_pile { int uptodate; }; -/* The type exposed in eng_int.h */ +/* The type exposed in eng_local.h */ struct st_engine_table { LHASH_OF(ENGINE_PILE) piles; }; /* ENGINE_TABLE */ @@ -76,7 +76,7 @@ static int int_table_check(ENGINE_TABLE **t, int create) } /* - * Privately exposed (via eng_int.h) functions for adding and/or removing + * Privately exposed (via eng_local.h) functions for adding and/or removing * ENGINEs from the implementation table */ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index 4bcc76136a10..72850b9398e3 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -8,9 +8,9 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" /* * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the @@ -147,7 +147,8 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); for (i = 0; i < nidcount; i++) { e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); - if (((int)strlen(ameth->pem_str) == len) + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == len) && strncasecmp(ameth->pem_str, str, len) == 0) return ameth; } diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c index faa967c475f5..236da346cd4c 100644 --- a/crypto/engine/tb_cipher.c +++ b/crypto/engine/tb_cipher.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *cipher_table = NULL; diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c index 785119f65af9..a13a13950083 100644 --- a/crypto/engine/tb_dh.c +++ b/crypto/engine/tb_dh.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dh_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c index d644b1b0a825..a6e6337a01d9 100644 --- a/crypto/engine/tb_digest.c +++ b/crypto/engine/tb_digest.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *digest_table = NULL; diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c index 65b6ea8d3a0e..2c77f0f3e151 100644 --- a/crypto/engine/tb_dsa.c +++ b/crypto/engine/tb_dsa.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dsa_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c index 1e5073685410..907d55ae8c44 100644 --- a/crypto/engine/tb_eckey.c +++ b/crypto/engine/tb_eckey.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dh_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c index 03cd1e69dd6d..c5c001c5cbec 100644 --- a/crypto/engine/tb_pkmeth.c +++ b/crypto/engine/tb_pkmeth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include static ENGINE_TABLE *pkey_meth_table = NULL; diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c index 98a98073cdd0..92f61c5a8840 100644 --- a/crypto/engine/tb_rand.c +++ b/crypto/engine/tb_rand.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *rand_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c index d8d2e34f848b..43e865e6d6d1 100644 --- a/crypto/engine/tb_rsa.c +++ b/crypto/engine/tb_rsa.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *rsa_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/err/err.c b/crypto/err/err.c index 3a58ccb95882..1372d52f80ee 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -10,17 +10,17 @@ #include #include #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/err.h" -#include "internal/err_int.h" +#include "crypto/err.h" #include #include #include #include #include #include "internal/thread_once.h" -#include "internal/ctype.h" -#include "internal/constant_time_locl.h" +#include "crypto/ctype.h" +#include "internal/constant_time.h" #include "e_os.h" static int err_load_strings(const ERR_STRING_DATA *str); diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index d9ec04b60676..7c0a5f0b9c5f 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -8,7 +8,7 @@ */ #include -#include "internal/err_int.h" +#include "crypto/err.h" #include #include #include diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a433b0324078..f5324c6819d8 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1002,6 +1002,7 @@ PKCS7_F_PKCS7_SIGNER_INFO_SIGN:139:PKCS7_SIGNER_INFO_sign PKCS7_F_PKCS7_SIGN_ADD_SIGNER:137:PKCS7_sign_add_signer PKCS7_F_PKCS7_SIMPLE_SMIMECAP:119:PKCS7_simple_smimecap PKCS7_F_PKCS7_VERIFY:117:PKCS7_verify +RAND_F_DATA_COLLECT_METHOD:127:data_collect_method RAND_F_DRBG_BYTES:101:drbg_bytes RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy RAND_F_DRBG_SETUP:117:drbg_setup @@ -1027,6 +1028,7 @@ RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed RAND_F_RAND_POOL_GROW:125:rand_pool_grow RAND_F_RAND_POOL_NEW:116:rand_pool_new +RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo_bytes RAND_F_RAND_WRITE_FILE:112:RAND_write_file RSA_F_CHECK_PADDING_MD:140:check_padding_md RSA_F_ENCODE_PKCS1:146:encode_pkcs1 @@ -1178,6 +1180,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:* SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\ ossl_statem_server_post_process_message SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work +SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640: SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ @@ -2254,6 +2257,7 @@ EVP_R_INITIALIZATION_ERROR:134:initialization error EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized EVP_R_INVALID_DIGEST:152:invalid digest EVP_R_INVALID_FIPS_MODE:168:invalid fips mode +EVP_R_INVALID_IV_LENGTH:194:invalid iv length EVP_R_INVALID_KEY:163:invalid key EVP_R_INVALID_KEY_LENGTH:130:invalid key length EVP_R_INVALID_OPERATION:148:invalid operation @@ -2848,6 +2852,7 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data +SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading SSL_R_UNEXPECTED_MESSAGE:244:unexpected message SSL_R_UNEXPECTED_RECORD:245:unexpected record SSL_R_UNINITIALIZED:276:uninitialized diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 288dee01b220..fed4cf1eb1ff 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -12,8 +12,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" #include "internal/bio.h" /* diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 300db6cd320d..a77cfb1552de 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -76,7 +76,7 @@ #include "internal/bio.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int ok_write(BIO *h, const char *buf, int num); static int ok_read(BIO *h, char *buf, int size); diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 086b3c4d51b4..22fdcc409c16 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include #include diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 1267531a7d23..16ac1b67f465 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include #include diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index e2295c4dc589..272e48249e42 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -10,8 +10,8 @@ #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) { diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 6693f270b694..d1bfa274ca81 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -12,8 +12,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" /* This call frees resources associated with the context */ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 1db346fc864b..405ddbf9bf09 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,10 +14,10 @@ #include #include #include -#include "internal/evp_int.h" -#include "modes_lcl.h" +#include "crypto/evp.h" +#include "modes_local.h" #include -#include "evp_locl.h" +#include "evp_local.h" typedef struct { union { @@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter) # define HWAES_xts_decrypt aes_p8_xts_decrypt #endif -#if !defined(OPENSSL_NO_ASM) && ( \ +#if defined(OPENSSL_CPUID_OBJ) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ defined(__x86_64) || defined(__x86_64__) || \ @@ -1127,7 +1127,7 @@ typedef struct { } icv; unsigned char k[32]; } kmac_param; - /* KMAC-AES paramater block - end */ + /* KMAC-AES parameter block - end */ union { unsigned long long g[2]; @@ -1414,7 +1414,7 @@ static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, (OPENSSL_s390xcap_P.kma[0] & \ S390X_CAPBIT(S390X_AES_256))) -/* iv + padding length for iv lenghts != 12 */ +/* iv + padding length for iv lengths != 12 */ # define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) /*- diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 09d24dc3d02a..27c36b46e7a4 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -17,9 +17,9 @@ #include #include #include -#include "modes_lcl.h" -#include "internal/evp_int.h" -#include "internal/constant_time_locl.h" +#include "modes_local.h" +#include "crypto/evp.h" +#include "internal/constant_time.h" typedef struct { AES_KEY ks; @@ -33,7 +33,7 @@ typedef struct { #define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ +#if defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index caac0c9d3da2..cc622b6faa8c 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -18,9 +18,9 @@ #include #include #include -#include "modes_lcl.h" -#include "internal/constant_time_locl.h" -#include "internal/evp_int.h" +#include "modes_local.h" +#include "internal/constant_time.h" +#include "crypto/evp.h" typedef struct { AES_KEY ks; @@ -34,7 +34,7 @@ typedef struct { # define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ +#if defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) @@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) { return NULL; } -#endif +#endif /* AESNI_ASM */ diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index fcaceb3bcadf..1cc6dd91a95a 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -14,10 +14,10 @@ # include # include # include -# include "internal/aria.h" -# include "internal/evp_int.h" -# include "modes_lcl.h" -# include "evp_locl.h" +# include "crypto/aria.h" +# include "crypto/evp.h" +# include "modes_local.h" +# include "evp_local.h" /* ARIA subkey Structure */ typedef struct { @@ -695,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!cctx->iv_set) return -1; - if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) - return -1; if (!out) { if (!in) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), @@ -711,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_ccm128_aad(ccm, in, len); return len; } + + /* The tag must be set before actually decrypting data */ + if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) + return -1; + /* If not set length yet do it */ if (!cctx->len_set) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index dc386905c5cb..9a065582c6c8 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #ifndef OPENSSL_NO_BF # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index 2df4a6e3e011..502d6936cc13 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -17,8 +17,8 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "internal/evp_int.h" -# include "modes_lcl.h" +# include "crypto/evp.h" +# include "modes_local.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 259d44059b20..df9f445bd0a2 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_CAST # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 435a38d3658d..bdc406bb69dc 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -14,9 +14,9 @@ # include # include -# include "evp_locl.h" -# include "internal/evp_int.h" -# include "internal/chacha.h" +# include "evp_local.h" +# include "crypto/evp.h" +# include "crypto/chacha.h" typedef struct { union { @@ -146,7 +146,7 @@ const EVP_CIPHER *EVP_chacha20(void) } # ifndef OPENSSL_NO_POLY1305 -# include "internal/poly1305.h" +# include "crypto/poly1305.h" typedef struct { EVP_CHACHA_KEY key; diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index c13fb3e25a9b..6d6e919af696 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -12,7 +12,7 @@ #ifndef OPENSSL_NO_DES # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 6b492ce47023..2a5597fee527 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -12,10 +12,10 @@ #ifndef OPENSSL_NO_DES # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include -# include "evp_locl.h" +# include "evp_local.h" typedef struct { union { diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index 93f6a4131fa8..1068378ddc75 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_IDEA # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index 18a8468216a0..0725454a3a4a 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index aa0d14018687..4d8a0ee4b015 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -14,7 +14,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index d16abdd0d2d7..c24bc8fe5982 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -16,7 +16,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" typedef struct { RC4_KEY ks; /* working key */ diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index b1e8ccd6ddca..201ce443435c 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -19,7 +19,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" typedef struct { RC4_KEY ks; diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index dc5589b68813..c86e87b65ab4 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -13,9 +13,9 @@ #ifndef OPENSSL_NO_RC5 # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include -# include "evp_locl.h" +# include "evp_local.h" # include static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c index 40aec5fc6ac0..aeb2363beade 100644 --- a/crypto/evp/e_seed.c +++ b/crypto/evp/e_seed.c @@ -16,7 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index 79deb6563646..fce32794fc51 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -13,8 +13,8 @@ #ifndef OPENSSL_NO_SM4 # include # include -# include "internal/sm4.h" -# include "internal/evp_int.h" +# include "crypto/sm4.h" +# include "crypto/evp.h" typedef struct { SM4_KEY ks; diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index 57ce813da824..b73077542264 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -14,7 +14,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index da32d4fd1973..9307ff046424 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -11,8 +11,8 @@ #include #include "internal/cryptlib.h" #include -#include "evp_locl.h" -#include "internal/evp_int.h" +#include "evp_local.h" +#include "crypto/evp.h" static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 05dd791b6cb0..b9b6490fe069 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -15,8 +15,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) { @@ -305,6 +305,17 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; + /* + * CCM mode needs to know about the case where inl == 0 && in == NULL - it + * means the plaintext/ciphertext length is 0 + */ + if (inl < 0 + || (inl == 0 + && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -320,10 +331,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -457,6 +464,17 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; + /* + * CCM mode needs to know about the case where inl == 0 - it means the + * plaintext/ciphertext length is 0 + */ + if (inl < 0 + || (inl == 0 + && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -472,11 +490,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 84bd3c2dab27..05481d827fb4 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -213,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "input not initialized"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 4935c2a94a1a..45cde0da8bfc 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h new file mode 100644 index 000000000000..f1589d682894 --- /dev/null +++ b/crypto/evp/evp_local.h @@ -0,0 +1,68 @@ +/* + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* EVP_MD_CTX related stuff */ + +struct evp_md_ctx_st { + const EVP_MD *digest; + ENGINE *engine; /* functional reference if 'digest' is + * ENGINE-provided */ + unsigned long flags; + void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); +} /* EVP_MD_CTX */ ; + +struct evp_cipher_ctx_st { + const EVP_CIPHER *cipher; + ENGINE *engine; /* functional reference if 'cipher' is + * ENGINE-provided */ + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ + int num; /* used by cfb/ofb/ctr mode */ + /* FIXME: Should this even exist? It appears unused */ + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ +} /* EVP_CIPHER_CTX */ ; + +int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, + int en_de); + +struct evp_Encode_Ctx_st { + /* number saved in a partial encode/decode */ + int num; + /* + * The length is either the output line length (in input bytes) or the + * shortest input line length that is ok. Once decoding begins, the + * length is adjusted up each time a longer line is decoded + */ + int length; + /* data to encode */ + unsigned char enc_data[80]; + /* number read on current line */ + int line_num; + unsigned int flags; +}; + +typedef struct evp_pbe_st EVP_PBE_CTL; +DEFINE_STACK_OF(EVP_PBE_CTL) + +int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h deleted file mode 100644 index f1589d682894..000000000000 --- a/crypto/evp/evp_locl.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* EVP_MD_CTX related stuff */ - -struct evp_md_ctx_st { - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is - * ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -} /* EVP_MD_CTX */ ; - -struct evp_cipher_ctx_st { - const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is - * ENGINE-provided */ - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ - int num; /* used by cfb/ofb/ctr mode */ - /* FIXME: Should this even exist? It appears unused */ - void *app_data; /* application stuff */ - int key_len; /* May change for variable length cipher */ - unsigned long flags; /* Various flags */ - void *cipher_data; /* per EVP data */ - int final_used; - int block_mask; - unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ -} /* EVP_CIPHER_CTX */ ; - -int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, - int en_de); - -struct evp_Encode_Ctx_st { - /* number saved in a partial encode/decode */ - int num; - /* - * The length is either the output line length (in input bytes) or the - * shortest input line length that is ok. Once decoding begins, the - * length is adjusted up each time a longer line is decoded - */ - int length; - /* data to encode */ - unsigned char enc_data[80]; - /* number read on current line */ - int line_num; - unsigned int flags; -}; - -typedef struct evp_pbe_st EVP_PBE_CTL; -DEFINE_STACK_OF(EVP_PBE_CTL) - -int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 5a88817b4aa9..967203f373c9 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -12,7 +12,7 @@ #include #include #include -#include "evp_locl.h" +#include "evp_local.h" /* Password based encryption (PBE) functions */ diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index e61a8761a92d..586b74605cbd 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -12,9 +12,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "internal/x509_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "crypto/x509.h" /* Extract a private key from a PKCS8 structure */ diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index c4e28ae17af2..1aec5185239d 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -18,7 +18,7 @@ # include # include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 0efc586dbaff..45d2cafee101 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 3d96ae93b6c4..d26b5a4d31dc 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 2d98886ba0e7..eeec2b13e9ed 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -15,7 +15,7 @@ # include # include # include "internal/cryptlib.h" -# include "internal/evp_int.h" +# include "crypto/evp.h" # include struct md5_sha1_ctx { diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 1051a9070f97..fffa751efd18 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 5dce1d510e28..0847139df17b 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 7ab320843cee..d93ad24fe58a 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index ac52417855b3..22b9bbc7d861 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -14,8 +14,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "internal/sha.h" +#include "crypto/evp.h" +#include "crypto/sha.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c index 01cf57d313d0..54c592a3cce2 100644 --- a/crypto/evp/m_sha3.c +++ b/crypto/evp/m_sha3.c @@ -12,8 +12,8 @@ #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, size_t r); diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 94e37f02b22e..04643acc8837 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -12,8 +12,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 27e2b3c5cab8..5ce15d2d5e57 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -16,7 +16,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 077c2a6c4b9a..90c7b73b7a49 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -10,9 +10,9 @@ #include #include "internal/cryptlib.h" #include -#include "internal/objects.h" +#include "crypto/objects.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_add_cipher(const EVP_CIPHER *c) { diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 7e55d0bfb817..6c5f45f73368 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int i; + int i, ivl, kl; PBEPARAM *pbe; int saltlen, iter; unsigned char *salt; @@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } + ivl = EVP_CIPHER_iv_length(cipher); + if (ivl < 0 || ivl > 16) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + kl = EVP_CIPHER_key_length(cipher); + if (kl < 0 || kl > (int)sizeof(md_tmp)) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + if (!pbe->iter) iter = 1; else @@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); + pbe = NULL; if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); @@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); - memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); - memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), - EVP_CIPHER_iv_length(cipher)); + memcpy(key, md_tmp, kl); + memcpy(iv, md_tmp + (16 - ivl), ivl); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) goto err; OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); @@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: + PBEPARAM_free(pbe); EVP_MD_CTX_free(ctx); return rv; } diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index e819eb9b47dc..7f625b3d57f3 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -13,7 +13,7 @@ # include # include # include -# include "evp_locl.h" +# include "evp_local.h" /* set this to print out info about the keygen algorithm */ /* #define OPENSSL_DEBUG_PKCS5V2 */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 3cd7ca8d54ca..9f1a485a5b83 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -21,8 +21,8 @@ #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" static void EVP_PKEY_free_it(EVP_PKEY *x); @@ -102,7 +102,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { - if (pkey->ameth && pkey->ameth->param_missing) + if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing) return pkey->ameth->param_missing(pkey); return 0; } @@ -465,7 +465,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { - if (pkey->type != EVP_PKEY_RSA) { + if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } @@ -540,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { - int ret = EVP_PKEY_assign_DH(pkey, key); + int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX; + int ret = EVP_PKEY_assign(pkey, type, key); + if (ret) DH_up_ref(key); return ret; diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 6cb442e4f91d..0383294a87c8 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 6e8c565dfd6b..e27196f7c2e6 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index de1c07e17114..02f4093461d8 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -12,7 +12,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #define M_check_autoarg(ctx, arg, arglen, err) \ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index e14965f33384..3ad6d5c7c7a0 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -12,9 +12,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/bn_int.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/bn.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) { diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 7fbf895e0732..603ccd835219 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include "internal/numbers.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -642,6 +642,21 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl_str = ctrl_str; } +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + pmeth->digestsign = digestsign; +} + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) +{ + pmeth->digestverify = digestverify; +} + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)) { @@ -834,6 +849,23 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, *pctrl_str = pmeth->ctrl_str; } +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + if (digestsign) + *digestsign = pmeth->digestsign; +} + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) +{ + if (digestverify) + *digestverify = pmeth->digestverify; +} + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)) { diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 08dc7c40734d..22f3b70edf14 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/thread_once.h" /* diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index fa204e9068e4..638f61b5863a 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -10,8 +10,8 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index 55dd27d63b5c..56f98707f539 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* HMAC pkey context structure */ diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 0c0a7133fb5a..5e087bf92ff2 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,21 +13,22 @@ #include "internal/cryptlib.h" #include #include -#include "hmac_lcl.h" +#include "hmac_local.h" int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) { - int rv = 0; - int i, j, reset = 0; + int rv = 0, reset = 0; + int i, j; unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; + unsigned int keytmp_length; + unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE]; /* If we are changing MD then we must have a key */ if (md != NULL && md != ctx->md && (key == NULL || len < 0)) return 0; if (md != NULL) { - reset = 1; ctx->md = md; } else if (ctx->md) { md = ctx->md; @@ -44,35 +45,34 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, if (key != NULL) { reset = 1; + j = EVP_MD_block_size(md); - if (!ossl_assert(j <= (int)sizeof(ctx->key))) + if (!ossl_assert(j <= (int)sizeof(keytmp))) return 0; if (j < len) { if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) || !EVP_DigestUpdate(ctx->md_ctx, key, len) - || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, - &ctx->key_length)) + || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, + &keytmp_length)) return 0; } else { - if (len < 0 || len > (int)sizeof(ctx->key)) + if (len < 0 || len > (int)sizeof(keytmp)) return 0; - memcpy(ctx->key, key, len); - ctx->key_length = len; + memcpy(keytmp, key, len); + keytmp_length = len; } - if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE) - memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length); - } + if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE) + memset(&keytmp[keytmp_length], 0, + HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length); - if (reset) { for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) - pad[i] = 0x36 ^ ctx->key[i]; + pad[i] = 0x36 ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) goto err; for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) - pad[i] = 0x5c ^ ctx->key[i]; + pad[i] = 0x5c ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) goto err; @@ -81,8 +81,10 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, goto err; rv = 1; err: - if (reset) + if (reset) { + OPENSSL_cleanse(keytmp, sizeof(keytmp)); OPENSSL_cleanse(pad, sizeof(pad)); + } return rv; } @@ -149,8 +151,6 @@ static void hmac_ctx_cleanup(HMAC_CTX *ctx) EVP_MD_CTX_reset(ctx->o_ctx); EVP_MD_CTX_reset(ctx->md_ctx); ctx->md = NULL; - ctx->key_length = 0; - OPENSSL_cleanse(ctx->key, sizeof(ctx->key)); } void HMAC_CTX_free(HMAC_CTX *ctx) @@ -201,8 +201,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) goto err; if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE); - dctx->key_length = sctx->key_length; dctx->md = sctx->md; return 1; err: diff --git a/crypto/hmac/hmac_lcl.h b/crypto/hmac/hmac_lcl.h deleted file mode 100644 index 8fd8345694a2..000000000000 --- a/crypto/hmac/hmac_lcl.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_HMAC_LCL_H -# define HEADER_HMAC_LCL_H - -/* The current largest case is for SHA3-224 */ -#define HMAC_MAX_MD_CBLOCK_SIZE 144 - -struct hmac_ctx_st { - const EVP_MD *md; - EVP_MD_CTX *md_ctx; - EVP_MD_CTX *i_ctx; - EVP_MD_CTX *o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE]; -}; - -#endif diff --git a/crypto/hmac/hmac_local.h b/crypto/hmac/hmac_local.h new file mode 100644 index 000000000000..8bcc55817ae5 --- /dev/null +++ b/crypto/hmac/hmac_local.h @@ -0,0 +1,23 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_HMAC_LOCAL_H +# define OSSL_CRYPTO_HMAC_LOCAL_H + +/* The current largest case is for SHA3-224 */ +#define HMAC_MAX_MD_CBLOCK_SIZE 144 + +struct hmac_ctx_st { + const EVP_MD *md; + EVP_MD_CTX *md_ctx; + EVP_MD_CTX *i_ctx; + EVP_MD_CTX *o_ctx; +}; + +#endif diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c index a70a8682a780..4eff467111be 100644 --- a/crypto/idea/i_cbc.c +++ b/crypto/idea/i_cbc.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c index daf467eb5c26..61c723015b99 100644 --- a/crypto/idea/i_cfb64.c +++ b/crypto/idea/i_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c index 058d0c14c005..cb724e1a6c0b 100644 --- a/crypto/idea/i_ecb.c +++ b/crypto/idea/i_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" #include const char *IDEA_options(void) diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c index 997a7b88edf4..f000ced58620 100644 --- a/crypto/idea/i_ofb64.c +++ b/crypto/idea/i_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c index 9d9145580fcf..230338d7e3ab 100644 --- a/crypto/idea/i_skey.c +++ b/crypto/idea/i_skey.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" static IDEA_INT inverse(unsigned int xin); void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) diff --git a/crypto/idea/idea_lcl.h b/crypto/idea/idea_lcl.h deleted file mode 100644 index 50f81dfd8dee..000000000000 --- a/crypto/idea/idea_lcl.h +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define idea_mul(r,a,b,ul) \ -ul=(unsigned long)a*b; \ -if (ul != 0) \ - { \ - r=(ul&0xffff)-(ul>>16); \ - r-=((r)>>16); \ - } \ -else \ - r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#undef s2n -#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) - -#undef n2s -#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \ - l|=((IDEA_INT)(*((c)++))) ) - - -#define E_IDEA(num) \ - x1&=0xffff; \ - idea_mul(x1,x1,*p,ul); p++; \ - x2+= *(p++); \ - x3+= *(p++); \ - x4&=0xffff; \ - idea_mul(x4,x4,*p,ul); p++; \ - t0=(x1^x3)&0xffff; \ - idea_mul(t0,t0,*p,ul); p++; \ - t1=(t0+(x2^x4))&0xffff; \ - idea_mul(t1,t1,*p,ul); p++; \ - t0+=t1; \ - x1^=t1; \ - x4^=t0; \ - ul=x2^t0; /* do the swap to x3 */ \ - x2=x3^t1; \ - x3=ul; diff --git a/crypto/idea/idea_local.h b/crypto/idea/idea_local.h new file mode 100644 index 000000000000..50f81dfd8dee --- /dev/null +++ b/crypto/idea/idea_local.h @@ -0,0 +1,102 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define idea_mul(r,a,b,ul) \ +ul=(unsigned long)a*b; \ +if (ul != 0) \ + { \ + r=(ul&0xffff)-(ul>>16); \ + r-=((r)>>16); \ + } \ +else \ + r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ + +/* NOTE - c is not incremented as per n2l */ +#define n2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ + case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +#define l2nn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ + case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ + case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ + case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ + case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ + case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ + case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ + case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + } \ + } + +#undef n2l +#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))) + +#undef l2n +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +#undef s2n +#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) + +#undef n2s +#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \ + l|=((IDEA_INT)(*((c)++))) ) + + +#define E_IDEA(num) \ + x1&=0xffff; \ + idea_mul(x1,x1,*p,ul); p++; \ + x2+= *(p++); \ + x3+= *(p++); \ + x4&=0xffff; \ + idea_mul(x4,x4,*p,ul); p++; \ + t0=(x1^x3)&0xffff; \ + idea_mul(t0,t0,*p,ul); p++; \ + t1=(t0+(x2^x4))&0xffff; \ + idea_mul(t1,t1,*p,ul); p++; \ + t0+=t1; \ + x1^=t1; \ + x4^=t0; \ + ul=x2^t0; /* do the swap to x3 */ \ + x2=x3^t1; \ + x3=ul; diff --git a/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H b/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H deleted file mode 100644 index c350018ad190..000000000000 --- a/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is only used by HP C on VMS, and is included automatically - * after each header file from this directory - */ - -/* restore state. Must correspond to the save in __decc_include_prologue.h */ -#pragma names restore diff --git a/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H b/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H deleted file mode 100644 index 9a9c777f93f8..000000000000 --- a/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is only used by HP C on VMS, and is included automatically - * after each header file from this directory - */ - -/* save state */ -#pragma names save -/* have the compiler shorten symbols larger than 31 chars to 23 chars - * followed by a 8 hex char CRC - */ -#pragma names as_is,shortened diff --git a/crypto/include/internal/aria.h b/crypto/include/internal/aria.h deleted file mode 100644 index 355abe539805..000000000000 --- a/crypto/include/internal/aria.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - - /* Copyright (c) 2017 National Security Research Institute. All rights reserved. */ - -#ifndef HEADER_ARIA_H -# define HEADER_ARIA_H - -# include - -# ifdef OPENSSL_NO_ARIA -# error ARIA is disabled. -# endif - -# define ARIA_ENCRYPT 1 -# define ARIA_DECRYPT 0 - -# define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decryption block */ -# define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */ - -typedef union { - unsigned char c[ARIA_BLOCK_SIZE]; - unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)]; -} ARIA_u128; - -typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE]; - -struct aria_key_st { - ARIA_u128 rd_key[ARIA_MAX_KEYS]; - unsigned int rounds; -}; -typedef struct aria_key_st ARIA_KEY; - - -int aria_set_encrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key); -int aria_set_decrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key); - -void aria_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key); - -#endif diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h deleted file mode 100644 index 9c9b4d897456..000000000000 --- a/crypto/include/internal/asn1_int.h +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Internal ASN1 structures and functions: not for application use */ - -/* ASN1 public key method structure */ - -struct evp_pkey_asn1_method_st { - int pkey_id; - int pkey_base_id; - unsigned long pkey_flags; - char *pem_str; - char *info; - int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); - int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); - int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); - int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); - int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*pkey_size) (const EVP_PKEY *pk); - int (*pkey_bits) (const EVP_PKEY *pk); - int (*pkey_security_bits) (const EVP_PKEY *pk); - int (*param_decode) (EVP_PKEY *pkey, - const unsigned char **pder, int derlen); - int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); - int (*param_missing) (const EVP_PKEY *pk); - int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); - int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); - int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*sig_print) (BIO *out, - const X509_ALGOR *sigalg, const ASN1_STRING *sig, - int indent, ASN1_PCTX *pctx); - void (*pkey_free) (EVP_PKEY *pkey); - int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); - /* Legacy functions for old PEM */ - int (*old_priv_decode) (EVP_PKEY *pkey, - const unsigned char **pder, int derlen); - int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); - /* Custom ASN1 signature verification */ - int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); - int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *sig); - int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig); - /* Check */ - int (*pkey_check) (const EVP_PKEY *pk); - int (*pkey_public_check) (const EVP_PKEY *pk); - int (*pkey_param_check) (const EVP_PKEY *pk); - /* Get/set raw private/public key data */ - int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); - int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); - int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); - int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); -} /* EVP_PKEY_ASN1_METHOD */ ; - -DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) - -extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5]; -extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth; - -extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2]; -extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth; - -/* - * These are used internally in the ASN1_OBJECT to keep track of whether the - * names and data need to be free()ed - */ -# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ -# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ -# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ -# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ -struct asn1_object_st { - const char *sn, *ln; - int nid; - int length; - const unsigned char *data; /* data remains const after init */ - int flags; /* Should we free this one */ -}; - -/* ASN1 print context structure */ - -struct asn1_pctx_st { - unsigned long flags; - unsigned long nm_flags; - unsigned long cert_flags; - unsigned long oid_flags; - unsigned long str_flags; -} /* ASN1_PCTX */ ; - -int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); diff --git a/crypto/include/internal/async.h b/crypto/include/internal/async.h deleted file mode 100644 index dc8e937b0ced..000000000000 --- a/crypto/include/internal/async.h +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -int async_init(void); -void async_deinit(void); -void async_delete_thread_state(void); - diff --git a/crypto/include/internal/bn_conf.h.in b/crypto/include/internal/bn_conf.h.in deleted file mode 100644 index ec6e4f6c1b5e..000000000000 --- a/crypto/include/internal/bn_conf.h.in +++ /dev/null @@ -1,27 +0,0 @@ -{- join("\n",map { "/* $_ */" } @autowarntext) -} -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_BN_CONF_H -# define HEADER_BN_CONF_H - -/* - * The contents of this file are not used in the UEFI build, as - * both 32-bit and 64-bit builds are supported from a single run - * of the Configure script. - */ - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -{- $config{b64l} ? "#define" : "#undef" -} SIXTY_FOUR_BIT_LONG -{- $config{b64} ? "#define" : "#undef" -} SIXTY_FOUR_BIT -{- $config{b32} ? "#define" : "#undef" -} THIRTY_TWO_BIT - -#endif diff --git a/crypto/include/internal/bn_dh.h b/crypto/include/internal/bn_dh.h deleted file mode 100644 index 70ebca28753c..000000000000 --- a/crypto/include/internal/bn_dh.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define declare_dh_bn(x) \ - extern const BIGNUM _bignum_dh##x##_p; \ - extern const BIGNUM _bignum_dh##x##_g; \ - extern const BIGNUM _bignum_dh##x##_q; - -declare_dh_bn(1024_160) -declare_dh_bn(2048_224) -declare_dh_bn(2048_256) - -extern const BIGNUM _bignum_ffdhe2048_p; -extern const BIGNUM _bignum_ffdhe3072_p; -extern const BIGNUM _bignum_ffdhe4096_p; -extern const BIGNUM _bignum_ffdhe6144_p; -extern const BIGNUM _bignum_ffdhe8192_p; -extern const BIGNUM _bignum_const_2; diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h deleted file mode 100644 index 30be7efe14d8..000000000000 --- a/crypto/include/internal/bn_int.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_BN_INT_H -# define HEADER_BN_INT_H - -# include -# include - -BIGNUM *bn_wexpand(BIGNUM *a, int words); -BIGNUM *bn_expand2(BIGNUM *a, int words); - -void bn_correct_top(BIGNUM *a); - -/* - * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. - * This is an array r[] of values that are either zero or odd with an - * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at - * most one of any w+1 consecutive digits is non-zero with the exception that - * the most significant digit may be only w-1 zeros away from that next - * non-zero digit. - */ -signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len); - -int bn_get_top(const BIGNUM *a); - -int bn_get_dmax(const BIGNUM *a); - -/* Set all words to zero */ -void bn_set_all_zero(BIGNUM *a); - -/* - * Copy the internal BIGNUM words into out which holds size elements (and size - * must be bigger than top) - */ -int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size); - -BN_ULONG *bn_get_words(const BIGNUM *a); - -/* - * Set the internal data words in a to point to words which contains size - * elements. The BN_FLG_STATIC_DATA flag is set - */ -void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); - -/* - * Copy words into the BIGNUM |a|, reallocating space as necessary. - * The negative flag of |a| is not modified. - * Returns 1 on success and 0 on failure. - */ -/* - * |num_words| is int because bn_expand2 takes an int. This is an internal - * function so we simply trust callers not to pass negative values. - */ -int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); - -/* - * Some BIGNUM functions assume most significant limb to be non-zero, which - * is customarily arranged by bn_correct_top. Output from below functions - * is not processed with bn_correct_top, and for this reason it may not be - * returned out of public API. It may only be passed internally into other - * functions known to support non-minimal or zero-padded BIGNUMs. Even - * though the goal is to facilitate constant-time-ness, not each subroutine - * is constant-time by itself. They all have pre-conditions, consult source - * code... - */ -int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx); -int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); -int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); -int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m); -int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m); -int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); -int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); -int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - const BIGNUM *d, BN_CTX *ctx); - -#endif diff --git a/crypto/include/internal/bn_srp.h b/crypto/include/internal/bn_srp.h deleted file mode 100644 index d4b282a6bbbe..000000000000 --- a/crypto/include/internal/bn_srp.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OPENSSL_NO_SRP - -extern const BIGNUM bn_group_1024; - -extern const BIGNUM bn_group_1536; - -extern const BIGNUM bn_group_2048; - -extern const BIGNUM bn_group_3072; - -extern const BIGNUM bn_group_4096; - -extern const BIGNUM bn_group_6144; - -extern const BIGNUM bn_group_8192; - -extern const BIGNUM bn_generator_19; - -extern const BIGNUM bn_generator_5; - -extern const BIGNUM bn_generator_2; - -#endif diff --git a/crypto/include/internal/chacha.h b/crypto/include/internal/chacha.h deleted file mode 100644 index 67243f222801..000000000000 --- a/crypto/include/internal/chacha.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_CHACHA_H -#define HEADER_CHACHA_H - -#include - -/* - * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and - * nonce and writes the result to |out|, which may be equal to |inp|. - * The |key| is not 32 bytes of verbatim key material though, but the - * said material collected into 8 32-bit elements array in host byte - * order. Same approach applies to nonce: the |counter| argument is - * pointer to concatenated nonce and counter values collected into 4 - * 32-bit elements. This, passing crypto material collected into 32-bit - * elements as opposite to passing verbatim byte vectors, is chosen for - * efficiency in multi-call scenarios. - */ -void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); -/* - * You can notice that there is no key setup procedure. Because it's - * as trivial as collecting bytes into 32-bit elements, it's reckoned - * that below macro is sufficient. - */ -#define CHACHA_U8TOU32(p) ( \ - ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \ - ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) ) - -#define CHACHA_KEY_SIZE 32 -#define CHACHA_CTR_SIZE 16 -#define CHACHA_BLK_SIZE 64 - -#endif diff --git a/crypto/include/internal/cryptlib_int.h b/crypto/include/internal/cryptlib_int.h deleted file mode 100644 index 38b5dac9a364..000000000000 --- a/crypto/include/internal/cryptlib_int.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" - -/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */ - -struct thread_local_inits_st { - int async; - int err_state; - int rand; -}; - -int ossl_init_thread_start(uint64_t opts); - -/* - * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below - * are those omitted from crypto.h because they are "reserved for internal - * use". - */ -# define OPENSSL_INIT_ZLIB 0x00010000L -# define OPENSSL_INIT_BASE_ONLY 0x00040000L - -/* OPENSSL_INIT_THREAD flags */ -# define OPENSSL_INIT_THREAD_ASYNC 0x01 -# define OPENSSL_INIT_THREAD_ERR_STATE 0x02 -# define OPENSSL_INIT_THREAD_RAND 0x04 - -void ossl_malloc_setup_failures(void); diff --git a/crypto/include/internal/ctype.h b/crypto/include/internal/ctype.h deleted file mode 100644 index 9f3a58339c4f..000000000000 --- a/crypto/include/internal/ctype.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This version of ctype.h provides a standardised and platform - * independent implementation that supports seven bit ASCII characters. - * The specific intent is to not pass extended ASCII characters (> 127) - * even if the host operating system would. - * - * There is EBCDIC support included for machines which use this. However, - * there are a number of concerns about how well EBCDIC is supported - * throughout the rest of the source code. Refer to issue #4154 for - * details. - */ -#ifndef INTERNAL_CTYPE_H -# define INTERNAL_CTYPE_H - -# define CTYPE_MASK_lower 0x1 -# define CTYPE_MASK_upper 0x2 -# define CTYPE_MASK_digit 0x4 -# define CTYPE_MASK_space 0x8 -# define CTYPE_MASK_xdigit 0x10 -# define CTYPE_MASK_blank 0x20 -# define CTYPE_MASK_cntrl 0x40 -# define CTYPE_MASK_graph 0x80 -# define CTYPE_MASK_print 0x100 -# define CTYPE_MASK_punct 0x200 -# define CTYPE_MASK_base64 0x400 -# define CTYPE_MASK_asn1print 0x800 - -# define CTYPE_MASK_alpha (CTYPE_MASK_lower | CTYPE_MASK_upper) -# define CTYPE_MASK_alnum (CTYPE_MASK_alpha | CTYPE_MASK_digit) - -/* - * The ascii mask assumes that any other classification implies that - * the character is ASCII and that there are no ASCII characters - * that aren't in any of the classifications. - * - * This assumption holds at the moment, but it might not in the future. - */ -# define CTYPE_MASK_ascii (~0) - -# ifdef CHARSET_EBCDIC -int ossl_toascii(int c); -int ossl_fromascii(int c); -# else -# define ossl_toascii(c) (c) -# define ossl_fromascii(c) (c) -# endif -int ossl_ctype_check(int c, unsigned int mask); -int ossl_tolower(int c); -int ossl_toupper(int c); - -int ascii_isdigit(const char inchar); - -# define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum)) -# define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha)) -# ifdef CHARSET_EBCDIC -# define ossl_isascii(c) (ossl_ctype_check((c), CTYPE_MASK_ascii)) -# else -# define ossl_isascii(c) (((c) & ~127) == 0) -# endif -# define ossl_isblank(c) (ossl_ctype_check((c), CTYPE_MASK_blank)) -# define ossl_iscntrl(c) (ossl_ctype_check((c), CTYPE_MASK_cntrl)) -# define ossl_isdigit(c) (ossl_ctype_check((c), CTYPE_MASK_digit)) -# define ossl_isgraph(c) (ossl_ctype_check((c), CTYPE_MASK_graph)) -# define ossl_islower(c) (ossl_ctype_check((c), CTYPE_MASK_lower)) -# define ossl_isprint(c) (ossl_ctype_check((c), CTYPE_MASK_print)) -# define ossl_ispunct(c) (ossl_ctype_check((c), CTYPE_MASK_punct)) -# define ossl_isspace(c) (ossl_ctype_check((c), CTYPE_MASK_space)) -# define ossl_isupper(c) (ossl_ctype_check((c), CTYPE_MASK_upper)) -# define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit)) -# define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) -# define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) - -#endif diff --git a/crypto/include/internal/dso_conf.h.in b/crypto/include/internal/dso_conf.h.in deleted file mode 100644 index 2a76818b50d9..000000000000 --- a/crypto/include/internal/dso_conf.h.in +++ /dev/null @@ -1,31 +0,0 @@ -{- join("\n",map { "/* $_ */" } @autowarntext) -} -/* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_DSO_CONF_H -# define HEADER_DSO_CONF_H -{- # The DSO code currently always implements all functions so that no - # applications will have to worry about that from a compilation point - # of view. However, the "method"s may return zero unless that platform - # has support compiled in for them. Currently each method is enabled - # by a define "DSO_" ... we translate the "dso_scheme" config - # string entry into using the following logic; - my $scheme = uc $target{dso_scheme}; - if (!$scheme) { - $scheme = "NONE"; - } - my @macros = ( "DSO_$scheme" ); - if ($scheme eq 'DLFCN') { - @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" ); - } elsif ($scheme eq "DLFCN_NO_H") { - @macros = ( "DSO_DLFCN" ); - } - join("\n", map { "# define $_" } @macros); -} -# define DSO_EXTENSION "{- $target{dso_extension} -}" -#endif diff --git a/crypto/include/internal/ec_int.h b/crypto/include/internal/ec_int.h deleted file mode 100644 index 182c39cc8056..000000000000 --- a/crypto/include/internal/ec_int.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Internal EC functions for other submodules: not for application use */ - -#ifndef HEADER_OSSL_EC_INTERNAL_H -# define HEADER_OSSL_EC_INTERNAL_H -# include - -# ifndef OPENSSL_NO_EC - -# include - -/*- - * Computes the multiplicative inverse of x in the range - * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the - * subgroup generated by the generator G: - * - * res := x^(-1) (mod EC_GROUP::order). - * - * This function expects the following two conditions to hold: - * - the EC_GROUP order is prime, and - * - x is included in the range [1, EC_GROUP::order). - * - * This function returns 1 on success, 0 on error. - * - * If the EC_GROUP order is even, this function explicitly returns 0 as - * an error. - * In case any of the two conditions stated above is not satisfied, - * the correctness of its output is not guaranteed, even if the return - * value could still be 1 (as primality testing and a conditional modular - * reduction round on the input can be omitted by the underlying - * implementations for better SCA properties on regular input values). - */ -__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, - const BIGNUM *x, BN_CTX *ctx); - -/*- - * ECDH Key Derivation Function as defined in ANSI X9.63 - */ -int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md); - -# endif /* OPENSSL_NO_EC */ -#endif diff --git a/crypto/include/internal/engine.h b/crypto/include/internal/engine.h deleted file mode 100644 index f80ae3ec30c9..000000000000 --- a/crypto/include/internal/engine.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -void engine_load_openssl_int(void); -void engine_load_devcrypto_int(void); -void engine_load_rdrand_int(void); -void engine_load_dynamic_int(void); -void engine_load_padlock_int(void); -void engine_load_capi_int(void); -void engine_load_dasync_int(void); -void engine_load_afalg_int(void); -void engine_cleanup_int(void); diff --git a/crypto/include/internal/err_int.h b/crypto/include/internal/err_int.h deleted file mode 100644 index 44ac94462750..000000000000 --- a/crypto/include/internal/err_int.h +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef INTERNAL_ERR_INT_H -# define INTERNAL_ERR_INT_H - -int err_load_crypto_strings_int(void); -void err_cleanup(void); -void err_delete_thread_state(void); -int err_shelve_state(void **); -void err_unshelve_state(void *); - -#endif diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h deleted file mode 100644 index d86aed36f075..000000000000 --- a/crypto/include/internal/evp_int.h +++ /dev/null @@ -1,442 +0,0 @@ -/* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/refcount.h" - -/* - * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag - * values in evp.h - */ -#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 - -struct evp_pkey_ctx_st { - /* Method associated with this operation */ - const EVP_PKEY_METHOD *pmeth; - /* Engine that implements this method or NULL if builtin */ - ENGINE *engine; - /* Key: may be NULL */ - EVP_PKEY *pkey; - /* Peer key for key agreement, may be NULL */ - EVP_PKEY *peerkey; - /* Actual operation */ - int operation; - /* Algorithm specific data */ - void *data; - /* Application specific data */ - void *app_data; - /* Keygen callback */ - EVP_PKEY_gen_cb *pkey_gencb; - /* implementation specific keygen data */ - int *keygen_info; - int keygen_info_count; -} /* EVP_PKEY_CTX */ ; - -#define EVP_PKEY_FLAG_DYNAMIC 1 - -struct evp_pkey_method_st { - int pkey_id; - int flags; - int (*init) (EVP_PKEY_CTX *ctx); - int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); - void (*cleanup) (EVP_PKEY_CTX *ctx); - int (*paramgen_init) (EVP_PKEY_CTX *ctx); - int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*keygen_init) (EVP_PKEY_CTX *ctx); - int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*sign_init) (EVP_PKEY_CTX *ctx); - int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_init) (EVP_PKEY_CTX *ctx); - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_recover_init) (EVP_PKEY_CTX *ctx); - int (*verify_recover) (EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); - int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx); - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx); - int (*encrypt_init) (EVP_PKEY_CTX *ctx); - int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*decrypt_init) (EVP_PKEY_CTX *ctx); - int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*derive_init) (EVP_PKEY_CTX *ctx); - int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); - int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); - int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen); - int (*check) (EVP_PKEY *pkey); - int (*public_check) (EVP_PKEY *pkey); - int (*param_check) (EVP_PKEY *pkey); - - int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -} /* EVP_PKEY_METHOD */ ; - -DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) - -void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); - -extern const EVP_PKEY_METHOD cmac_pkey_meth; -extern const EVP_PKEY_METHOD dh_pkey_meth; -extern const EVP_PKEY_METHOD dhx_pkey_meth; -extern const EVP_PKEY_METHOD dsa_pkey_meth; -extern const EVP_PKEY_METHOD ec_pkey_meth; -extern const EVP_PKEY_METHOD sm2_pkey_meth; -extern const EVP_PKEY_METHOD ecx25519_pkey_meth; -extern const EVP_PKEY_METHOD ecx448_pkey_meth; -extern const EVP_PKEY_METHOD ed25519_pkey_meth; -extern const EVP_PKEY_METHOD ed448_pkey_meth; -extern const EVP_PKEY_METHOD hmac_pkey_meth; -extern const EVP_PKEY_METHOD rsa_pkey_meth; -extern const EVP_PKEY_METHOD rsa_pss_pkey_meth; -extern const EVP_PKEY_METHOD scrypt_pkey_meth; -extern const EVP_PKEY_METHOD tls1_prf_pkey_meth; -extern const EVP_PKEY_METHOD hkdf_pkey_meth; -extern const EVP_PKEY_METHOD poly1305_pkey_meth; -extern const EVP_PKEY_METHOD siphash_pkey_meth; - -struct evp_md_st { - int type; - int pkey_type; - int md_size; - unsigned long flags; - int (*init) (EVP_MD_CTX *ctx); - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); - int (*final) (EVP_MD_CTX *ctx, unsigned char *md); - int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); - int (*cleanup) (EVP_MD_CTX *ctx); - int block_size; - int ctx_size; /* how big does the ctx->md_data need to be */ - /* control function */ - int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -} /* EVP_MD */ ; - -struct evp_cipher_st { - int nid; - int block_size; - /* Default value for variable length ciphers */ - int key_len; - int iv_len; - /* Various flags */ - unsigned long flags; - /* init key */ - int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - /* encrypt/decrypt data */ - int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - /* cleanup ctx */ - int (*cleanup) (EVP_CIPHER_CTX *); - /* how big ctx->cipher_data needs to be */ - int ctx_size; - /* Populate a ASN1_TYPE with parameters */ - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); - /* Get parameters from a ASN1_TYPE */ - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); - /* Miscellaneous operations */ - int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); - /* Application data */ - void *app_data; -} /* EVP_CIPHER */ ; - -/* Macros to code block cipher wrappers */ - -/* Wrapper functions for each cipher mode */ - -#define EVP_C_DATA(kstruct, ctx) \ - ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) - -#define BLOCK_CIPHER_ecb_loop() \ - size_t i, bl; \ - bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \ - if (inl < bl) return 1;\ - inl -= bl; \ - for (i=0; i <= inl; i+=bl) - -#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - BLOCK_CIPHER_ecb_loop() \ - cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \ - return 1;\ -} - -#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) - -#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ - static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK) {\ - int num = EVP_CIPHER_CTX_num(ctx);\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ - EVP_CIPHER_CTX_set_num(ctx, num);\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl) {\ - int num = EVP_CIPHER_CTX_num(ctx);\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ - EVP_CIPHER_CTX_set_num(ctx, num);\ - }\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - while(inl>=EVP_MAXCHUNK) \ - {\ - cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ - inl-=EVP_MAXCHUNK;\ - in +=EVP_MAXCHUNK;\ - out+=EVP_MAXCHUNK;\ - }\ - if (inl)\ - cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ - return 1;\ -} - -#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ -{\ - size_t chunk = EVP_MAXCHUNK;\ - if (cbits == 1) chunk >>= 3;\ - if (inl < chunk) chunk = inl;\ - while (inl && inl >= chunk)\ - {\ - int num = EVP_CIPHER_CTX_num(ctx);\ - cprefix##_cfb##cbits##_encrypt(in, out, (long) \ - ((cbits == 1) \ - && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ - ? chunk*8 : chunk), \ - &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\ - &num, EVP_CIPHER_CTX_encrypting(ctx));\ - EVP_CIPHER_CTX_set_num(ctx, num);\ - inl -= chunk;\ - in += chunk;\ - out += chunk;\ - if (inl < chunk) chunk = inl;\ - }\ - return 1;\ -} - -#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ - BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ - BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) - -#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ - key_len, iv_len, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -static const EVP_CIPHER cname##_##mode = { \ - nid##_##nmode, block_size, key_len, iv_len, \ - flags | EVP_CIPH_##MODE##_MODE, \ - init_key, \ - cname##_##mode##_cipher, \ - cleanup, \ - sizeof(kstruct), \ - set_asn1, get_asn1,\ - ctrl, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } - -#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) - -#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ - set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ - flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ - 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) - -#define BLOCK_CIPHER_defs(cname, kstruct, \ - nid, block_size, key_len, iv_len, cbits, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) - -/*- -#define BLOCK_CIPHER_defs(cname, kstruct, \ - nid, block_size, key_len, iv_len, flags,\ - init_key, cleanup, set_asn1, get_asn1, ctrl)\ -static const EVP_CIPHER cname##_cbc = {\ - nid##_cbc, block_size, key_len, iv_len, \ - flags | EVP_CIPH_CBC_MODE,\ - init_key,\ - cname##_cbc_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl, \ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ -static const EVP_CIPHER cname##_cfb = {\ - nid##_cfb64, 1, key_len, iv_len, \ - flags | EVP_CIPH_CFB_MODE,\ - init_key,\ - cname##_cfb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ -static const EVP_CIPHER cname##_ofb = {\ - nid##_ofb64, 1, key_len, iv_len, \ - flags | EVP_CIPH_OFB_MODE,\ - init_key,\ - cname##_ofb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ -static const EVP_CIPHER cname##_ecb = {\ - nid##_ecb, block_size, key_len, iv_len, \ - flags | EVP_CIPH_ECB_MODE,\ - init_key,\ - cname##_ecb_cipher,\ - cleanup,\ - sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ - sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ - set_asn1, get_asn1,\ - ctrl,\ - NULL \ -};\ -const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } -*/ - -#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ - block_size, key_len, iv_len, cbits, \ - flags, init_key, \ - cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ - BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ - cbits, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) - -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ - BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ - BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ - NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ - cipher##_init_key, NULL, NULL, NULL, NULL) - - -# ifndef OPENSSL_NO_EC - -#define X25519_KEYLEN 32 -#define X448_KEYLEN 56 -#define ED448_KEYLEN 57 - -#define MAX_KEYLEN ED448_KEYLEN - -typedef struct { - unsigned char pubkey[MAX_KEYLEN]; - unsigned char *privkey; -} ECX_KEY; - -#endif - -/* - * Type needs to be a bit field Sub-type needs to be for variations on the - * method, as in, can it do arbitrary encryption.... - */ -struct evp_pkey_st { - int type; - int save_type; - CRYPTO_REF_COUNT references; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; - ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ - union { - void *ptr; -# ifndef OPENSSL_NO_RSA - struct rsa_st *rsa; /* RSA */ -# endif -# ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -# endif -# ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -# endif -# ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ - ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ -# endif - } pkey; - int save_parameters; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ - CRYPTO_RWLOCK *lock; -} /* EVP_PKEY */ ; - - -void openssl_add_all_ciphers_int(void); -void openssl_add_all_digests_int(void); -void evp_cleanup_int(void); -void evp_app_cleanup_int(void); - -/* Pulling defines out of C source files */ - -#define EVP_RC4_KEY_SIZE 16 -#ifndef TLS1_1_VERSION -# define TLS1_1_VERSION 0x0302 -#endif - -void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); - -/* EVP_ENCODE_CTX flags */ -/* Don't generate new lines when encoding */ -#define EVP_ENCODE_CTX_NO_NEWLINES 1 -/* Use the SRP base64 alphabet instead of the standard one */ -#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 diff --git a/crypto/include/internal/lhash.h b/crypto/include/internal/lhash.h deleted file mode 100644 index 200ba8685da2..000000000000 --- a/crypto/include/internal/lhash.h +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef INTERNAL_LHASH_H -# define INTERNAL_LHASH_H - -unsigned long openssl_lh_strcasehash(const char *); - -#endif diff --git a/crypto/include/internal/md32_common.h b/crypto/include/internal/md32_common.h deleted file mode 100644 index 1124e9c24b2a..000000000000 --- a/crypto/include/internal/md32_common.h +++ /dev/null @@ -1,256 +0,0 @@ -/* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * This is a generic 32 bit "collector" for message digest algorithms. - * Whenever needed it collects input character stream into chunks of - * 32 bit values and invokes a block function that performs actual hash - * calculations. - * - * Porting guide. - * - * Obligatory macros: - * - * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN - * this macro defines byte order of input stream. - * HASH_CBLOCK - * size of a unit chunk HASH_BLOCK operates on. - * HASH_LONG - * has to be at least 32 bit wide. - * HASH_CTX - * context structure that at least contains following - * members: - * typedef struct { - * ... - * HASH_LONG Nl,Nh; - * either { - * HASH_LONG data[HASH_LBLOCK]; - * unsigned char data[HASH_CBLOCK]; - * }; - * unsigned int num; - * ... - * } HASH_CTX; - * data[] vector is expected to be zeroed upon first call to - * HASH_UPDATE. - * HASH_UPDATE - * name of "Update" function, implemented here. - * HASH_TRANSFORM - * name of "Transform" function, implemented here. - * HASH_FINAL - * name of "Final" function, implemented here. - * HASH_BLOCK_DATA_ORDER - * name of "block" function capable of treating *unaligned* input - * message in original (data) byte order, implemented externally. - * HASH_MAKE_STRING - * macro converting context variables to an ASCII hash string. - * - * MD5 example: - * - * #define DATA_ORDER_IS_LITTLE_ENDIAN - * - * #define HASH_LONG MD5_LONG - * #define HASH_CTX MD5_CTX - * #define HASH_CBLOCK MD5_CBLOCK - * #define HASH_UPDATE MD5_Update - * #define HASH_TRANSFORM MD5_Transform - * #define HASH_FINAL MD5_Final - * #define HASH_BLOCK_DATA_ORDER md5_block_data_order - */ - -#include - -#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# error "DATA_ORDER must be defined!" -#endif - -#ifndef HASH_CBLOCK -# error "HASH_CBLOCK must be defined!" -#endif -#ifndef HASH_LONG -# error "HASH_LONG must be defined!" -#endif -#ifndef HASH_CTX -# error "HASH_CTX must be defined!" -#endif - -#ifndef HASH_UPDATE -# error "HASH_UPDATE must be defined!" -#endif -#ifndef HASH_TRANSFORM -# error "HASH_TRANSFORM must be defined!" -#endif -#ifndef HASH_FINAL -# error "HASH_FINAL must be defined!" -#endif - -#ifndef HASH_BLOCK_DATA_ORDER -# error "HASH_BLOCK_DATA_ORDER must be defined!" -#endif - -#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) - -#if defined(DATA_ORDER_IS_BIG_ENDIAN) - -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++))) ) ) -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff), \ - l) - -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) - -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24) ) -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - l) - -#endif - -/* - * Time for some action :-) - */ - -int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) -{ - const unsigned char *data = data_; - unsigned char *p; - HASH_LONG l; - size_t n; - - if (len == 0) - return 1; - - l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; - if (l < c->Nl) /* overflow */ - c->Nh++; - c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on - * 16-bit */ - c->Nl = l; - - n = c->num; - if (n != 0) { - p = (unsigned char *)c->data; - - if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { - memcpy(p + n, data, HASH_CBLOCK - n); - HASH_BLOCK_DATA_ORDER(c, p, 1); - n = HASH_CBLOCK - n; - data += n; - len -= n; - c->num = 0; - /* - * We use memset rather than OPENSSL_cleanse() here deliberately. - * Using OPENSSL_cleanse() here could be a performance issue. It - * will get properly cleansed on finalisation so this isn't a - * security problem. - */ - memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ - } else { - memcpy(p + n, data, len); - c->num += (unsigned int)len; - return 1; - } - } - - n = len / HASH_CBLOCK; - if (n > 0) { - HASH_BLOCK_DATA_ORDER(c, data, n); - n *= HASH_CBLOCK; - data += n; - len -= n; - } - - if (len != 0) { - p = (unsigned char *)c->data; - c->num = (unsigned int)len; - memcpy(p, data, len); - } - return 1; -} - -void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) -{ - HASH_BLOCK_DATA_ORDER(c, data, 1); -} - -int HASH_FINAL(unsigned char *md, HASH_CTX *c) -{ - unsigned char *p = (unsigned char *)c->data; - size_t n = c->num; - - p[n] = 0x80; /* there is always room for one */ - n++; - - if (n > (HASH_CBLOCK - 8)) { - memset(p + n, 0, HASH_CBLOCK - n); - n = 0; - HASH_BLOCK_DATA_ORDER(c, p, 1); - } - memset(p + n, 0, HASH_CBLOCK - 8 - n); - - p += HASH_CBLOCK - 8; -#if defined(DATA_ORDER_IS_BIG_ENDIAN) - (void)HOST_l2c(c->Nh, p); - (void)HOST_l2c(c->Nl, p); -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) - (void)HOST_l2c(c->Nl, p); - (void)HOST_l2c(c->Nh, p); -#endif - p -= HASH_CBLOCK; - HASH_BLOCK_DATA_ORDER(c, p, 1); - c->num = 0; - OPENSSL_cleanse(p, HASH_CBLOCK); - -#ifndef HASH_MAKE_STRING -# error "HASH_MAKE_STRING must be defined!" -#else - HASH_MAKE_STRING(c, md); -#endif - - return 1; -} - -#ifndef MD32_REG_T -# if defined(__alpha) || defined(__sparcv9) || defined(__mips) -# define MD32_REG_T long -/* - * This comment was originally written for MD5, which is why it - * discusses A-D. But it basically applies to all 32-bit digests, - * which is why it was moved to common header file. - * - * In case you wonder why A-D are declared as long and not - * as MD5_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - */ -# else -/* - * Above is not absolute and there are LP64 compilers that - * generate better code if MD32_REG_T is defined int. The above - * pre-processor condition reflects the circumstances under which - * the conclusion was made and is subject to further extension. - */ -# define MD32_REG_T int -# endif -#endif diff --git a/crypto/include/internal/objects.h b/crypto/include/internal/objects.h deleted file mode 100644 index 76e1b4d98838..000000000000 --- a/crypto/include/internal/objects.h +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -void obj_cleanup_int(void); diff --git a/crypto/include/internal/poly1305.h b/crypto/include/internal/poly1305.h deleted file mode 100644 index 5fef239d0f8f..000000000000 --- a/crypto/include/internal/poly1305.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#define POLY1305_BLOCK_SIZE 16 -#define POLY1305_DIGEST_SIZE 16 -#define POLY1305_KEY_SIZE 32 - -typedef struct poly1305_context POLY1305; - -size_t Poly1305_ctx_size(void); -void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]); -void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len); -void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]); diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h deleted file mode 100644 index 10347ab0e374..000000000000 --- a/crypto/include/internal/rand_int.h +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Licensed under the OpenSSL licenses, (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * https://www.openssl.org/source/license.html - * or in the file LICENSE in the source distribution. - */ - -#ifndef HEADER_RAND_INT_H -# define HEADER_RAND_INT_H - -# include - -/* forward declaration */ -typedef struct rand_pool_st RAND_POOL; - -void rand_cleanup_int(void); -void rand_drbg_cleanup_int(void); -void drbg_delete_thread_state(void); - -/* Hardware-based seeding functions. */ -size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); -size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool); - -/* DRBG entropy callbacks. */ -size_t rand_drbg_get_entropy(RAND_DRBG *drbg, - unsigned char **pout, - int entropy, size_t min_len, size_t max_len, - int prediction_resistance); -void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, - unsigned char *out, size_t outlen); -size_t rand_drbg_get_nonce(RAND_DRBG *drbg, - unsigned char **pout, - int entropy, size_t min_len, size_t max_len); -void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, - unsigned char *out, size_t outlen); - -size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout); - -void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); - -/* - * RAND_POOL functions - */ -RAND_POOL *rand_pool_new(int entropy_requested, int secure, - size_t min_len, size_t max_len); -RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, - size_t entropy); -void rand_pool_free(RAND_POOL *pool); - -const unsigned char *rand_pool_buffer(RAND_POOL *pool); -unsigned char *rand_pool_detach(RAND_POOL *pool); -void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer); - -size_t rand_pool_entropy(RAND_POOL *pool); -size_t rand_pool_length(RAND_POOL *pool); - -size_t rand_pool_entropy_available(RAND_POOL *pool); -size_t rand_pool_entropy_needed(RAND_POOL *pool); -/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */ -size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor); -size_t rand_pool_bytes_remaining(RAND_POOL *pool); - -int rand_pool_add(RAND_POOL *pool, - const unsigned char *buffer, size_t len, size_t entropy); -unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len); -int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); - - -/* - * Add random bytes to the pool to acquire requested amount of entropy - * - * This function is platform specific and tries to acquire the requested - * amount of entropy by polling platform specific entropy sources. - * - * If the function succeeds in acquiring at least |entropy_requested| bits - * of entropy, the total entropy count is returned. If it fails, it returns - * an entropy count of 0. - */ -size_t rand_pool_acquire_entropy(RAND_POOL *pool); - -/* - * Add some application specific nonce data - * - * This function is platform specific and adds some application specific - * data to the nonce used for instantiating the drbg. - * - * This data currently consists of the process and thread id, and a high - * resolution timestamp. The data does not include an atomic counter, - * because that is added by the calling function rand_drbg_get_nonce(). - * - * Returns 1 on success and 0 on failure. - */ -int rand_pool_add_nonce_data(RAND_POOL *pool); - - -/* - * Add some platform specific additional data - * - * This function is platform specific and adds some random noise to the - * additional data used for generating random bytes and for reseeding - * the drbg. - * - * Returns 1 on success and 0 on failure. - */ -int rand_pool_add_additional_data(RAND_POOL *pool); - -/* - * Initialise the random pool reseeding sources. - * - * Returns 1 on success and 0 on failure. - */ -int rand_pool_init(void); - -/* - * Finalise the random pool reseeding sources. - */ -void rand_pool_cleanup(void); - -/* - * Control the random pool use of open file descriptors. - */ -void rand_pool_keep_random_devices_open(int keep); - -#endif diff --git a/crypto/include/internal/sha.h b/crypto/include/internal/sha.h deleted file mode 100644 index 458a75e89d4a..000000000000 --- a/crypto/include/internal/sha.h +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_INTERNAL_SHA_H -# define HEADER_INTERNAL_SHA_H - -# include - -int sha512_224_init(SHA512_CTX *); -int sha512_256_init(SHA512_CTX *); - -#endif diff --git a/crypto/include/internal/siphash.h b/crypto/include/internal/siphash.h deleted file mode 100644 index 9573680f0f15..000000000000 --- a/crypto/include/internal/siphash.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#define SIPHASH_BLOCK_SIZE 8 -#define SIPHASH_KEY_SIZE 16 -#define SIPHASH_MIN_DIGEST_SIZE 8 -#define SIPHASH_MAX_DIGEST_SIZE 16 - -typedef struct siphash_st SIPHASH; - -size_t SipHash_ctx_size(void); -size_t SipHash_hash_size(SIPHASH *ctx); -int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size); -int SipHash_Init(SIPHASH *ctx, const unsigned char *k, - int crounds, int drounds); -void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen); -int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen); diff --git a/crypto/include/internal/sm2.h b/crypto/include/internal/sm2.h deleted file mode 100644 index 5c5cd4b4f567..000000000000 --- a/crypto/include/internal/sm2.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * Ported from Ribose contributions from Botan. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_SM2_H -# define HEADER_SM2_H -# include - -# ifndef OPENSSL_NO_SM2 - -# include - -/* The default user id as specified in GM/T 0009-2012 */ -# define SM2_DEFAULT_USERID "1234567812345678" - -int sm2_compute_z_digest(uint8_t *out, - const EVP_MD *digest, - const uint8_t *id, - const size_t id_len, - const EC_KEY *key); - -/* - * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2 - */ -ECDSA_SIG *sm2_do_sign(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len); - -int sm2_do_verify(const EC_KEY *key, - const EVP_MD *digest, - const ECDSA_SIG *signature, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len); - -/* - * SM2 signature generation. - */ -int sm2_sign(const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); - -/* - * SM2 signature verification. - */ -int sm2_verify(const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int siglen, EC_KEY *eckey); - -/* - * SM2 encryption - */ -int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, - size_t *ct_size); - -int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, - size_t *pt_size); - -int sm2_encrypt(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *msg, - size_t msg_len, - uint8_t *ciphertext_buf, size_t *ciphertext_len); - -int sm2_decrypt(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *ciphertext, - size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len); - -# endif /* OPENSSL_NO_SM2 */ -#endif diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h deleted file mode 100644 index 09edfab787f4..000000000000 --- a/crypto/include/internal/sm2err.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_SM2ERR_H -# define HEADER_SM2ERR_H - -# ifndef HEADER_SYMHACKS_H -# include -# endif - -# include - -# ifndef OPENSSL_NO_SM2 - -# ifdef __cplusplus -extern "C" -# endif -int ERR_load_SM2_strings(void); - -/* - * SM2 function codes. - */ -# define SM2_F_PKEY_SM2_COPY 115 -# define SM2_F_PKEY_SM2_CTRL 109 -# define SM2_F_PKEY_SM2_CTRL_STR 110 -# define SM2_F_PKEY_SM2_DIGEST_CUSTOM 114 -# define SM2_F_PKEY_SM2_INIT 111 -# define SM2_F_PKEY_SM2_SIGN 112 -# define SM2_F_SM2_COMPUTE_MSG_HASH 100 -# define SM2_F_SM2_COMPUTE_USERID_DIGEST 101 -# define SM2_F_SM2_COMPUTE_Z_DIGEST 113 -# define SM2_F_SM2_DECRYPT 102 -# define SM2_F_SM2_ENCRYPT 103 -# define SM2_F_SM2_PLAINTEXT_SIZE 104 -# define SM2_F_SM2_SIGN 105 -# define SM2_F_SM2_SIG_GEN 106 -# define SM2_F_SM2_SIG_VERIFY 107 -# define SM2_F_SM2_VERIFY 108 - -/* - * SM2 reason codes. - */ -# define SM2_R_ASN1_ERROR 100 -# define SM2_R_BAD_SIGNATURE 101 -# define SM2_R_BUFFER_TOO_SMALL 107 -# define SM2_R_DIST_ID_TOO_LARGE 110 -# define SM2_R_ID_NOT_SET 112 -# define SM2_R_ID_TOO_LARGE 111 -# define SM2_R_INVALID_CURVE 108 -# define SM2_R_INVALID_DIGEST 102 -# define SM2_R_INVALID_DIGEST_TYPE 103 -# define SM2_R_INVALID_ENCODING 104 -# define SM2_R_INVALID_FIELD 105 -# define SM2_R_NO_PARAMETERS_SET 109 -# define SM2_R_USER_ID_TOO_LARGE 106 - -# endif -#endif diff --git a/crypto/include/internal/sm3.h b/crypto/include/internal/sm3.h deleted file mode 100644 index 27eb471c2831..000000000000 --- a/crypto/include/internal/sm3.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_SM3_H -# define HEADER_SM3_H - -# include - -# ifdef OPENSSL_NO_SM3 -# error SM3 is disabled. -# endif - -# define SM3_DIGEST_LENGTH 32 -# define SM3_WORD unsigned int - -# define SM3_CBLOCK 64 -# define SM3_LBLOCK (SM3_CBLOCK/4) - -typedef struct SM3state_st { - SM3_WORD A, B, C, D, E, F, G, H; - SM3_WORD Nl, Nh; - SM3_WORD data[SM3_LBLOCK]; - unsigned int num; -} SM3_CTX; - -int sm3_init(SM3_CTX *c); -int sm3_update(SM3_CTX *c, const void *data, size_t len); -int sm3_final(unsigned char *md, SM3_CTX *c); - -void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num); - -#endif diff --git a/crypto/include/internal/sm4.h b/crypto/include/internal/sm4.h deleted file mode 100644 index f1f157ef5351..000000000000 --- a/crypto/include/internal/sm4.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_SM4_H -# define HEADER_SM4_H - -# include -# include - -# ifdef OPENSSL_NO_SM4 -# error SM4 is disabled. -# endif - -# define SM4_ENCRYPT 1 -# define SM4_DECRYPT 0 - -# define SM4_BLOCK_SIZE 16 -# define SM4_KEY_SCHEDULE 32 - -typedef struct SM4_KEY_st { - uint32_t rk[SM4_KEY_SCHEDULE]; -} SM4_KEY; - -int SM4_set_key(const uint8_t *key, SM4_KEY *ks); - -void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); - -void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); - -#endif diff --git a/crypto/include/internal/store.h b/crypto/include/internal/store.h deleted file mode 100644 index f5013dc36795..000000000000 --- a/crypto/include/internal/store.h +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -void ossl_store_cleanup_int(void); diff --git a/crypto/include/internal/store_int.h b/crypto/include/internal/store_int.h deleted file mode 100644 index 6f31e019ea21..000000000000 --- a/crypto/include/internal/store_int.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_STORE_INT_H -# define HEADER_STORE_INT_H - -# include -# include -# include - -/* - * Two functions to read PEM data off an already opened BIO. To be used - * instead of OSSLSTORE_open() and OSSLSTORE_close(). Everything is done - * as usual with OSSLSTORE_load() and OSSLSTORE_eof(). - */ -OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, - void *ui_data); -int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx); - -#endif diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h deleted file mode 100644 index b53c2b03c39e..000000000000 --- a/crypto/include/internal/x509_int.h +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/refcount.h" - -/* Internal X509 structures and functions: not for application use */ - -/* Note: unless otherwise stated a field pointer is mandatory and should - * never be set to NULL: the ASN.1 code and accessors rely on mandatory - * fields never being NULL. - */ - -/* - * name entry structure, equivalent to AttributeTypeAndValue defined - * in RFC5280 et al. - */ -struct X509_name_entry_st { - ASN1_OBJECT *object; /* AttributeType */ - ASN1_STRING *value; /* AttributeValue */ - int set; /* index of RDNSequence for this entry */ - int size; /* temp variable */ -}; - -/* Name from RFC 5280. */ -struct X509_name_st { - STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */ - int modified; /* true if 'bytes' needs to be built */ - BUF_MEM *bytes; /* cached encoding: cannot be NULL */ - /* canonical encoding used for rapid Name comparison */ - unsigned char *canon_enc; - int canon_enclen; -} /* X509_NAME */ ; - -/* Signature info structure */ - -struct x509_sig_info_st { - /* NID of message digest */ - int mdnid; - /* NID of public key algorithm */ - int pknid; - /* Security bits */ - int secbits; - /* Various flags */ - uint32_t flags; -}; - -/* PKCS#10 certificate request */ - -struct X509_req_info_st { - ASN1_ENCODING enc; /* cached encoding of signed part */ - ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ - X509_NAME *subject; /* certificate request DN */ - X509_PUBKEY *pubkey; /* public key of request */ - /* - * Zero or more attributes. - * NB: although attributes is a mandatory field some broken - * encodings omit it so this may be NULL in that case. - */ - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - -struct X509_req_st { - X509_REQ_INFO req_info; /* signed certificate request data */ - X509_ALGOR sig_alg; /* signature algorithm */ - ASN1_BIT_STRING *signature; /* signature */ - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -struct X509_crl_info_st { - ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ - X509_ALGOR sig_alg; /* signature algorithm */ - X509_NAME *issuer; /* CRL issuer name */ - ASN1_TIME *lastUpdate; /* lastUpdate field */ - ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ - STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ - STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ - ASN1_ENCODING enc; /* encoding of signed portion of CRL */ -}; - -struct X509_crl_st { - X509_CRL_INFO crl; /* signed CRL data */ - X509_ALGOR sig_alg; /* CRL signature algorithm */ - ASN1_BIT_STRING signature; /* CRL signature */ - CRYPTO_REF_COUNT references; - int flags; - /* - * Cached copies of decoded extension values, since extensions - * are optional any of these can be NULL. - */ - AUTHORITY_KEYID *akid; - ISSUING_DIST_POINT *idp; - /* Convenient breakdown of IDP */ - int idp_flags; - int idp_reasons; - /* CRL and base CRL numbers for delta processing */ - ASN1_INTEGER *crl_number; - ASN1_INTEGER *base_crl_number; - STACK_OF(GENERAL_NAMES) *issuers; - /* hash of CRL */ - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - /* alternative method to handle this CRL */ - const X509_CRL_METHOD *meth; - void *meth_data; - CRYPTO_RWLOCK *lock; -}; - -struct x509_revoked_st { - ASN1_INTEGER serialNumber; /* revoked entry serial number */ - ASN1_TIME *revocationDate; /* revocation date */ - STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ - /* decoded value of CRLissuer extension: set if indirect CRL */ - STACK_OF(GENERAL_NAME) *issuer; - /* revocation reason: set to CRL_REASON_NONE if reason extension absent */ - int reason; - /* - * CRL entries are reordered for faster lookup of serial numbers. This - * field contains the original load sequence for this entry. - */ - int sequence; -}; - -/* - * This stuff is certificate "auxiliary info": it contains details which are - * useful in certificate stores and databases. When used this is tagged onto - * the end of the certificate itself. OpenSSL specific structure not defined - * in any RFC. - */ - -struct x509_cert_aux_st { - STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ - STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ - STACK_OF(X509_ALGOR) *other; /* other unspecified info */ -}; - -struct x509_cinf_st { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER serialNumber; - X509_ALGOR signature; - X509_NAME *issuer; - X509_VAL validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ - ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ - STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ - ASN1_ENCODING enc; -}; - -struct x509_st { - X509_CINF cert_info; - X509_ALGOR sig_alg; - ASN1_BIT_STRING signature; - X509_SIG_INFO siginf; - CRYPTO_REF_COUNT references; - CRYPTO_EX_DATA ex_data; - /* These contain copies of various extension values */ - long ex_pathlen; - long ex_pcpathlen; - uint32_t ex_flags; - uint32_t ex_kusage; - uint32_t ex_xkusage; - uint32_t ex_nscert; - ASN1_OCTET_STRING *skid; - AUTHORITY_KEYID *akid; - X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; -#ifndef OPENSSL_NO_RFC3779 - STACK_OF(IPAddressFamily) *rfc3779_addr; - struct ASIdentifiers_st *rfc3779_asid; -# endif - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - X509_CERT_AUX *aux; - CRYPTO_RWLOCK *lock; - volatile int ex_cached; -} /* X509 */ ; - -/* - * This is a used when verifying cert chains. Since the gathering of the - * cert chain can take some time (and have to be 'retried', this needs to be - * kept and passed around. - */ -struct x509_store_ctx_st { /* X509_STORE_CTX */ - X509_STORE *ctx; - /* The following are set by the caller */ - /* The cert to check */ - X509 *cert; - /* chain of X509s - untrusted - passed in */ - STACK_OF(X509) *untrusted; - /* set of CRLs passed in */ - STACK_OF(X509_CRL) *crls; - X509_VERIFY_PARAM *param; - /* Other info for use with get_issuer() */ - void *other_ctx; - /* Callbacks for various operations */ - /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); - /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); - /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); - /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); - /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); - /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); - /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); - /* The following is built up */ - /* if 0, rebuild chain */ - int valid; - /* number of untrusted certs */ - int num_untrusted; - /* chain of X509s - built up and trusted */ - STACK_OF(X509) *chain; - /* Valid policy tree */ - X509_POLICY_TREE *tree; - /* Require explicit policy value */ - int explicit_policy; - /* When something goes wrong, this is why */ - int error_depth; - int error; - X509 *current_cert; - /* cert currently being tested as valid issuer */ - X509 *current_issuer; - /* current CRL */ - X509_CRL *current_crl; - /* score of current CRL */ - int current_crl_score; - /* Reason mask */ - unsigned int current_reasons; - /* For CRL path validation: parent context */ - X509_STORE_CTX *parent; - CRYPTO_EX_DATA ex_data; - SSL_DANE *dane; - /* signed via bare TA public key, rather than CA certificate */ - int bare_ta_signed; -}; - -/* PKCS#8 private key info structure */ - -struct pkcs8_priv_key_info_st { - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - ASN1_OCTET_STRING *pkey; - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - -struct X509_sig_st { - X509_ALGOR *algor; - ASN1_OCTET_STRING *digest; -}; - -struct x509_object_st { - /* one of the above types */ - X509_LOOKUP_TYPE type; - union { - char *ptr; - X509 *x509; - X509_CRL *crl; - EVP_PKEY *pkey; - } data; -}; - -int a2i_ipadd(unsigned char *ipout, const char *ipasc); -int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); - -void x509_init_sig_info(X509 *x); diff --git a/crypto/init.c b/crypto/init.c index 9fc0e8ef68aa..1b0d523beae0 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -8,25 +8,25 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include -#include "internal/rand_int.h" +#include "crypto/rand.h" #include "internal/bio.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include "internal/conf.h" -#include "internal/async.h" -#include "internal/engine.h" +#include "crypto/async.h" +#include "crypto/engine.h" #include "internal/comp.h" #include "internal/err.h" -#include "internal/err_int.h" -#include "internal/objects.h" +#include "crypto/err.h" +#include "crypto/objects.h" #include #include #include "internal/thread_once.h" -#include "internal/dso_conf.h" +#include "crypto/dso_conf.h" #include "internal/dso.h" -#include "internal/store.h" +#include "crypto/store.h" static int stopped = 0; diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index ae46fad609ac..25bf4b729f64 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -13,7 +13,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" #define HKDF_MAXBUF 1024 diff --git a/crypto/kdf/scrypt.c b/crypto/kdf/scrypt.c index 61fd390e95f0..68606ac00aed 100644 --- a/crypto/kdf/scrypt.c +++ b/crypto/kdf/scrypt.c @@ -13,7 +13,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" #ifndef OPENSSL_NO_SCRYPT diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index 49f7ecced906..e9ca8e12780b 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int tls1_prf_alg(const EVP_MD *md, const unsigned char *sec, size_t slen, diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 65b91e1ef415..45f1b105554f 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -18,7 +18,7 @@ #include #include -#include "lhash_lcl.h" +#include "lhash_local.h" # ifndef OPENSSL_NO_STDIO void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 485d4c3ffff4..9dc887d91e4b 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/ctype.h" -#include "internal/lhash.h" -#include "lhash_lcl.h" +#include "crypto/ctype.h" +#include "crypto/lhash.h" +#include "lhash_local.h" /* * A hashing implementation that appears to be based on the linear hashing diff --git a/crypto/lhash/lhash_lcl.h b/crypto/lhash/lhash_lcl.h deleted file mode 100644 index 678224acd5d5..000000000000 --- a/crypto/lhash/lhash_lcl.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include - -#include "internal/tsan_assist.h" - -struct lhash_node_st { - void *data; - struct lhash_node_st *next; - unsigned long hash; -}; - -struct lhash_st { - OPENSSL_LH_NODE **b; - OPENSSL_LH_COMPFUNC comp; - OPENSSL_LH_HASHFUNC hash; - unsigned int num_nodes; - unsigned int num_alloc_nodes; - unsigned int p; - unsigned int pmax; - unsigned long up_load; /* load times 256 */ - unsigned long down_load; /* load times 256 */ - unsigned long num_items; - unsigned long num_expands; - unsigned long num_expand_reallocs; - unsigned long num_contracts; - unsigned long num_contract_reallocs; - TSAN_QUALIFIER unsigned long num_hash_calls; - TSAN_QUALIFIER unsigned long num_comp_calls; - unsigned long num_insert; - unsigned long num_replace; - unsigned long num_delete; - unsigned long num_no_delete; - TSAN_QUALIFIER unsigned long num_retrieve; - TSAN_QUALIFIER unsigned long num_retrieve_miss; - TSAN_QUALIFIER unsigned long num_hash_comps; - int error; -}; diff --git a/crypto/lhash/lhash_local.h b/crypto/lhash/lhash_local.h new file mode 100644 index 000000000000..678224acd5d5 --- /dev/null +++ b/crypto/lhash/lhash_local.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#include + +#include "internal/tsan_assist.h" + +struct lhash_node_st { + void *data; + struct lhash_node_st *next; + unsigned long hash; +}; + +struct lhash_st { + OPENSSL_LH_NODE **b; + OPENSSL_LH_COMPFUNC comp; + OPENSSL_LH_HASHFUNC hash; + unsigned int num_nodes; + unsigned int num_alloc_nodes; + unsigned int p; + unsigned int pmax; + unsigned long up_load; /* load times 256 */ + unsigned long down_load; /* load times 256 */ + unsigned long num_items; + unsigned long num_expands; + unsigned long num_expand_reallocs; + unsigned long num_contracts; + unsigned long num_contract_reallocs; + TSAN_QUALIFIER unsigned long num_hash_calls; + TSAN_QUALIFIER unsigned long num_comp_calls; + unsigned long num_insert; + unsigned long num_replace; + unsigned long num_delete; + unsigned long num_no_delete; + TSAN_QUALIFIER unsigned long num_retrieve; + TSAN_QUALIFIER unsigned long num_retrieve_miss; + TSAN_QUALIFIER unsigned long num_hash_comps; + int error; +}; diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c index 5319618615e3..29b6b252bae3 100644 --- a/crypto/md4/md4_dgst.c +++ b/crypto/md4/md4_dgst.c @@ -9,7 +9,7 @@ #include #include -#include "md4_locl.h" +#include "md4_local.h" /* * Implemented from RFC1186 The MD4 Message-Digest Algorithm @@ -39,7 +39,7 @@ void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) const unsigned char *data = data_; register unsigned MD32_REG_T A, B, C, D, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/crypto/md4/md4_local.h b/crypto/md4/md4_local.h new file mode 100644 index 000000000000..5f05720e9769 --- /dev/null +++ b/crypto/md4/md4_local.h @@ -0,0 +1,60 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); + +#define DATA_ORDER_IS_LITTLE_ENDIAN + +#define HASH_LONG MD4_LONG +#define HASH_CTX MD4_CTX +#define HASH_CBLOCK MD4_CBLOCK +#define HASH_UPDATE MD4_Update +#define HASH_TRANSFORM MD4_Transform +#define HASH_FINAL MD4_Final +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + ll=(c)->A; (void)HOST_l2c(ll,(s)); \ + ll=(c)->B; (void)HOST_l2c(ll,(s)); \ + ll=(c)->C; (void)HOST_l2c(ll,(s)); \ + ll=(c)->D; (void)HOST_l2c(ll,(s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER md4_block_data_order + +#include "crypto/md32_common.h" + +/*- +#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) +#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z)))) +*/ + +/* + * As pointed out by Wei Dai, the above can be simplified to the code + * below. Wei attributes these optimizations to Peter Gutmann's SHS code, + * and he attributes it to Rich Schroeppel. + */ +#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) +#define H(b,c,d) ((b) ^ (c) ^ (d)) + +#define R0(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+F((b),(c),(d))); \ + a=ROTATE(a,s); }; + +#define R1(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+G((b),(c),(d))); \ + a=ROTATE(a,s); }; + +#define R2(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+H((b),(c),(d))); \ + a=ROTATE(a,s); }; diff --git a/crypto/md4/md4_locl.h b/crypto/md4/md4_locl.h deleted file mode 100644 index a6c4003fdbc2..000000000000 --- a/crypto/md4/md4_locl.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_LONG MD4_LONG -#define HASH_CTX MD4_CTX -#define HASH_CBLOCK MD4_CBLOCK -#define HASH_UPDATE MD4_Update -#define HASH_TRANSFORM MD4_Transform -#define HASH_FINAL MD4_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER md4_block_data_order - -#include "internal/md32_common.h" - -/*- -#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z)))) -*/ - -/* - * As pointed out by Wei Dai, the above can be simplified to the code - * below. Wei attributes these optimizations to Peter Gutmann's SHS code, - * and he attributes it to Rich Schroeppel. - */ -#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) -#define H(b,c,d) ((b) ^ (c) ^ (d)) - -#define R0(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+F((b),(c),(d))); \ - a=ROTATE(a,s); }; - -#define R1(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); };\ - -#define R2(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+H((b),(c),(d))); \ - a=ROTATE(a,s); }; diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl index 15e14864d195..7986a2413da2 100644 --- a/crypto/md5/asm/md5-586.pl +++ b/crypto/md5/asm/md5-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -43,7 +43,7 @@ $X="esi"; &md5_block("md5_block_asm_data_order"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub Np { diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl index 6a62c6253189..3595e3d32fc9 100755 --- a/crypto/md5/asm/md5-sparcv9.pl +++ b/crypto/md5/asm/md5-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -434,4 +434,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl index 386d8048ec02..c6a172d448c6 100755 --- a/crypto/md5/asm/md5-x86_64.pl +++ b/crypto/md5/asm/md5-x86_64.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # Author: Marc Bevand -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -390,4 +390,4 @@ ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c index fbede6742af6..d84cba37ae98 100644 --- a/crypto/md5/md5_dgst.c +++ b/crypto/md5/md5_dgst.c @@ -8,7 +8,7 @@ */ #include -#include "md5_locl.h" +#include "md5_local.h" #include /* @@ -39,7 +39,7 @@ void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) const unsigned char *data = data_; register unsigned MD32_REG_T A, B, C, D, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/crypto/md5/md5_local.h b/crypto/md5/md5_local.h new file mode 100644 index 000000000000..b0087bea81c4 --- /dev/null +++ b/crypto/md5/md5_local.h @@ -0,0 +1,80 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +#ifdef MD5_ASM +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +# define md5_block_data_order md5_block_asm_data_order +# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) +# define md5_block_data_order md5_block_asm_data_order +# elif defined(__sparc) || defined(__sparc__) +# define md5_block_data_order md5_block_asm_data_order +# endif +#endif + +void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); + +#define DATA_ORDER_IS_LITTLE_ENDIAN + +#define HASH_LONG MD5_LONG +#define HASH_CTX MD5_CTX +#define HASH_CBLOCK MD5_CBLOCK +#define HASH_UPDATE MD5_Update +#define HASH_TRANSFORM MD5_Transform +#define HASH_FINAL MD5_Final +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + ll=(c)->A; (void)HOST_l2c(ll,(s)); \ + ll=(c)->B; (void)HOST_l2c(ll,(s)); \ + ll=(c)->C; (void)HOST_l2c(ll,(s)); \ + ll=(c)->D; (void)HOST_l2c(ll,(s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER md5_block_data_order + +#include "crypto/md32_common.h" + +/*- +#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) +#define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) +*/ + +/* + * As pointed out by Wei Dai, the above can be simplified to the code + * below. Wei attributes these optimizations to Peter Gutmann's + * SHS code, and he attributes it to Rich Schroeppel. + */ +#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +#define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c)) +#define H(b,c,d) ((b) ^ (c) ^ (d)) +#define I(b,c,d) (((~(d)) | (b)) ^ (c)) + +#define R0(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+F((b),(c),(d))); \ + a=ROTATE(a,s); \ + a+=b; }; + +#define R1(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+G((b),(c),(d))); \ + a=ROTATE(a,s); \ + a+=b; }; + +#define R2(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+H((b),(c),(d))); \ + a=ROTATE(a,s); \ + a+=b; }; + +#define R3(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+I((b),(c),(d))); \ + a=ROTATE(a,s); \ + a+=b; }; diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h deleted file mode 100644 index 4eb7e50ef4d0..000000000000 --- a/crypto/md5/md5_locl.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -#ifdef MD5_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -# define md5_block_data_order md5_block_asm_data_order -# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) -# define md5_block_data_order md5_block_asm_data_order -# elif defined(__sparc) || defined(__sparc__) -# define md5_block_data_order md5_block_asm_data_order -# endif -#endif - -void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_LONG MD5_LONG -#define HASH_CTX MD5_CTX -#define HASH_CBLOCK MD5_CBLOCK -#define HASH_UPDATE MD5_Update -#define HASH_TRANSFORM MD5_Transform -#define HASH_FINAL MD5_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER md5_block_data_order - -#include "internal/md32_common.h" - -/*- -#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -#define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) -*/ - -/* - * As pointed out by Wei Dai, the above can be simplified to the code - * below. Wei attributes these optimizations to Peter Gutmann's - * SHS code, and he attributes it to Rich Schroeppel. - */ -#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c)) -#define H(b,c,d) ((b) ^ (c) ^ (d)) -#define I(b,c,d) (((~(d)) | (b)) ^ (c)) - -#define R0(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+F((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; };\ - -#define R1(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; - -#define R2(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+H((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; - -#define R3(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+I((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; diff --git a/crypto/mem.c b/crypto/mem.c index 780053ffeff1..2b39ca3a1049 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -9,7 +9,7 @@ #include "e_os.h" #include "internal/cryptlib.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #include #include diff --git a/crypto/mips_arch.h b/crypto/mips_arch.h index e18ac07210c5..4ae1a1a9339e 100644 --- a/crypto/mips_arch.h +++ b/crypto/mips_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef __MIPS_ARCH_H__ -# define __MIPS_ARCH_H__ +#ifndef OSSL_CRYPTO_MIPS_ARCH_H +# define OSSL_CRYPTO_MIPS_ARCH_H # if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \ defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \ diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl index b42016101ebc..959efedb0de7 100755 --- a/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/crypto/modes/asm/aesni-gcm-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -90,6 +90,7 @@ $code=<<___; .type _aesni_ctr32_ghash_6x,\@abi-omnipotent .align 32 _aesni_ctr32_ghash_6x: +.cfi_startproc vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb sub \$6,$len vpxor $Z0,$Z0,$Z0 # $Z0 = 0 @@ -397,6 +398,7 @@ _aesni_ctr32_ghash_6x: vpxor $Z0,$Xi,$Xi # modulo-scheduled ret +.cfi_endproc .size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x ___ ###################################################################### @@ -543,6 +545,7 @@ $code.=<<___; .type _aesni_ctr32_6x,\@abi-omnipotent .align 32 _aesni_ctr32_6x: +.cfi_startproc vmovdqu 0x00-0x80($key),$Z0 # borrow $Z0 for $rndkey vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb lea -1($rounds),%r13 @@ -629,6 +632,7 @@ _aesni_ctr32_6x: vpshufb $Ii,$T1,$T1 # next counter value vpxor $Z0,$inout5,$inout5 jmp .Loop_ctr32 +.cfi_endproc .size _aesni_ctr32_6x,.-_aesni_ctr32_6x .globl aesni_gcm_encrypt @@ -1079,15 +1083,19 @@ $code=<<___; # assembler is too old .globl aesni_gcm_encrypt .type aesni_gcm_encrypt,\@abi-omnipotent aesni_gcm_encrypt: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size aesni_gcm_encrypt,.-aesni_gcm_encrypt .globl aesni_gcm_decrypt .type aesni_gcm_decrypt,\@abi-omnipotent aesni_gcm_decrypt: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size aesni_gcm_decrypt,.-aesni_gcm_decrypt ___ }}} @@ -1096,4 +1104,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index dcc23f7d7dbe..d84ac6f2bf43 100755 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -548,4 +548,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl index 3cadda39945c..5826dcbdfe64 100755 --- a/crypto/modes/asm/ghash-c64xplus.pl +++ b/crypto/modes/asm/ghash-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -244,4 +244,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-ia64.pl b/crypto/modes/asm/ghash-ia64.pl index eb9ded91e5b6..6e29f995fa85 100755 --- a/crypto/modes/asm/ghash-ia64.pl +++ b/crypto/modes/asm/ghash-ia64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -467,4 +467,4 @@ $code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm if ($big_endian); $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl index a614c99c22ce..d798b7abf490 100755 --- a/crypto/modes/asm/ghash-parisc.pl +++ b/crypto/modes/asm/ghash-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -745,4 +745,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl index 17dc375053c5..2f3ca295bdca 100755 --- a/crypto/modes/asm/ghash-s390x.pl +++ b/crypto/modes/asm/ghash-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -259,4 +259,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl index c4eb3b1f0206..ccebc74b4e97 100755 --- a/crypto/modes/asm/ghash-sparcv9.pl +++ b/crypto/modes/asm/ghash-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -578,4 +578,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl index bcbe6e399d13..4183d99b68b1 100755 --- a/crypto/modes/asm/ghash-x86.pl +++ b/crypto/modes/asm/ghash-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1378,7 +1378,7 @@ my ($Xhi,$Xi)=@_; &asciz("GHASH for x86, CRYPTOGAMS by "); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; # A question was risen about choice of vanilla MMX. Or rather why wasn't # SSE2 chosen instead? In addition to the fact that MMX runs on legacy diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl index 6b2a51ecd77e..0a0bfd575cee 100755 --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -116,7 +116,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1815,4 +1815,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl index 6a2ac712950b..447472cb4592 100755 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ b/crypto/modes/asm/ghashp8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -668,4 +668,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 47e882008069..d0e398b50ae0 100755 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -778,4 +778,4 @@ if ($flavour =~ /64/) { ######## 64-bit code } } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c index 4ce5eb2ae341..fc7e0b60510b 100644 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c index 05a33239f56e..424722811c16 100644 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c index e439567fe59f..b6bec414a966 100644 --- a/crypto/modes/cfb128.c +++ b/crypto/modes/cfb128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c index 03920b447333..ae35116e9524 100644 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/cts128.c b/crypto/modes/cts128.c index 93826a1e2f06..9052e857764f 100644 --- a/crypto/modes/cts128.c +++ b/crypto/modes/cts128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 15f76e3e86bc..48775e6d05ff 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h deleted file mode 100644 index f2ae01d11afd..000000000000 --- a/crypto/modes/modes_lcl.h +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -typedef __int64 i64; -typedef unsigned __int64 u64; -# define U64(C) C##UI64 -#elif defined(__arch64__) -typedef long i64; -typedef unsigned long u64; -# define U64(C) C##UL -#else -typedef long long i64; -typedef unsigned long long u64; -# define U64(C) C##ULL -#endif - -typedef unsigned int u32; -typedef unsigned char u8; - -#define STRICT_ALIGNMENT 1 -#ifndef PEDANTIC -# if defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__aarch64__) || \ - defined(__s390__) || defined(__s390x__) -# undef STRICT_ALIGNMENT -# endif -#endif - -#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__GNUC__) && __GNUC__>=2 -# if defined(__x86_64) || defined(__x86_64__) -# define BSWAP8(x) ({ u64 ret_=(x); \ - asm ("bswapq %0" \ - : "+r"(ret_)); ret_; }) -# define BSWAP4(x) ({ u32 ret_=(x); \ - asm ("bswapl %0" \ - : "+r"(ret_)); ret_; }) -# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) -# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ - asm ("bswapl %0; bswapl %1" \ - : "+r"(hi_),"+r"(lo_)); \ - (u64)hi_<<32|lo_; }) -# define BSWAP4(x) ({ u32 ret_=(x); \ - asm ("bswapl %0" \ - : "+r"(ret_)); ret_; }) -# elif defined(__aarch64__) -# define BSWAP8(x) ({ u64 ret_; \ - asm ("rev %0,%1" \ - : "=r"(ret_) : "r"(x)); ret_; }) -# define BSWAP4(x) ({ u32 ret_; \ - asm ("rev %w0,%w1" \ - : "=r"(ret_) : "r"(x)); ret_; }) -# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) -# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ - asm ("rev %0,%0; rev %1,%1" \ - : "+r"(hi_),"+r"(lo_)); \ - (u64)hi_<<32|lo_; }) -# define BSWAP4(x) ({ u32 ret_; \ - asm ("rev %0,%1" \ - : "=r"(ret_) : "r"((u32)(x))); \ - ret_; }) -# endif -# elif defined(_MSC_VER) -# if _MSC_VER>=1300 -# include -# pragma intrinsic(_byteswap_uint64,_byteswap_ulong) -# define BSWAP8(x) _byteswap_uint64((u64)(x)) -# define BSWAP4(x) _byteswap_ulong((u32)(x)) -# elif defined(_M_IX86) -__inline u32 _bswap4(u32 val) -{ -_asm mov eax, val _asm bswap eax} -# define BSWAP4(x) _bswap4(x) -# endif -# endif -#endif -#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) -#else -# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) -# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) -#endif -/*- GCM definitions */ typedef struct { - u64 hi, lo; -} u128; - -#ifdef TABLE_BITS -# undef TABLE_BITS -#endif -/* - * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should - * never be set to 8 [or 1]. For further information see gcm128.c. - */ -#define TABLE_BITS 4 - -struct gcm128_context { - /* Following 6 names follow names in GCM specification */ - union { - u64 u[2]; - u32 d[4]; - u8 c[16]; - size_t t[16 / sizeof(size_t)]; - } Yi, EKi, EK0, len, Xi, H; - /* - * Relative position of Xi, H and pre-computed Htable is used in some - * assembler modules, i.e. don't change the order! - */ -#if TABLE_BITS==8 - u128 Htable[256]; -#else - u128 Htable[16]; - void (*gmult) (u64 Xi[2], const u128 Htable[16]); - void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -#endif - unsigned int mres, ares; - block128_f block; - void *key; -#if !defined(OPENSSL_SMALL_FOOTPRINT) - unsigned char Xn[48]; -#endif -}; - -struct xts128_context { - void *key1, *key2; - block128_f block1, block2; -}; - -struct ccm128_context { - union { - u64 u[2]; - u8 c[16]; - } nonce, cmac; - u64 blocks; - block128_f block; - void *key; -}; - -#ifndef OPENSSL_NO_OCB - -typedef union { - u64 a[2]; - unsigned char c[16]; -} OCB_BLOCK; -# define ocb_block16_xor(in1,in2,out) \ - ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ - (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) -# if STRICT_ALIGNMENT -# define ocb_block16_xor_misaligned(in1,in2,out) \ - ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) -# else -# define ocb_block16_xor_misaligned ocb_block16_xor -# endif - -struct ocb128_context { - /* Need both encrypt and decrypt key schedules for decryption */ - block128_f encrypt; - block128_f decrypt; - void *keyenc; - void *keydec; - ocb128_f stream; /* direction dependent */ - /* Key dependent variables. Can be reused if key remains the same */ - size_t l_index; - size_t max_l_index; - OCB_BLOCK l_star; - OCB_BLOCK l_dollar; - OCB_BLOCK *l; - /* Must be reset for each session */ - struct { - u64 blocks_hashed; - u64 blocks_processed; - OCB_BLOCK offset_aad; - OCB_BLOCK sum; - OCB_BLOCK offset; - OCB_BLOCK checksum; - } sess; -}; -#endif /* OPENSSL_NO_OCB */ diff --git a/crypto/modes/modes_local.h b/crypto/modes/modes_local.h new file mode 100644 index 000000000000..f2ae01d11afd --- /dev/null +++ b/crypto/modes/modes_local.h @@ -0,0 +1,190 @@ +/* + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +typedef __int64 i64; +typedef unsigned __int64 u64; +# define U64(C) C##UI64 +#elif defined(__arch64__) +typedef long i64; +typedef unsigned long u64; +# define U64(C) C##UL +#else +typedef long long i64; +typedef unsigned long long u64; +# define U64(C) C##ULL +#endif + +typedef unsigned int u32; +typedef unsigned char u8; + +#define STRICT_ALIGNMENT 1 +#ifndef PEDANTIC +# if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__aarch64__) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +# endif +#endif + +#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__GNUC__) && __GNUC__>=2 +# if defined(__x86_64) || defined(__x86_64__) +# define BSWAP8(x) ({ u64 ret_=(x); \ + asm ("bswapq %0" \ + : "+r"(ret_)); ret_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ + asm ("bswapl %0" \ + : "+r"(ret_)); ret_; }) +# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) +# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ + asm ("bswapl %0; bswapl %1" \ + : "+r"(hi_),"+r"(lo_)); \ + (u64)hi_<<32|lo_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ + asm ("bswapl %0" \ + : "+r"(ret_)); ret_; }) +# elif defined(__aarch64__) +# define BSWAP8(x) ({ u64 ret_; \ + asm ("rev %0,%1" \ + : "=r"(ret_) : "r"(x)); ret_; }) +# define BSWAP4(x) ({ u32 ret_; \ + asm ("rev %w0,%w1" \ + : "=r"(ret_) : "r"(x)); ret_; }) +# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) +# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ + asm ("rev %0,%0; rev %1,%1" \ + : "+r"(hi_),"+r"(lo_)); \ + (u64)hi_<<32|lo_; }) +# define BSWAP4(x) ({ u32 ret_; \ + asm ("rev %0,%1" \ + : "=r"(ret_) : "r"((u32)(x))); \ + ret_; }) +# endif +# elif defined(_MSC_VER) +# if _MSC_VER>=1300 +# include +# pragma intrinsic(_byteswap_uint64,_byteswap_ulong) +# define BSWAP8(x) _byteswap_uint64((u64)(x)) +# define BSWAP4(x) _byteswap_ulong((u32)(x)) +# elif defined(_M_IX86) +__inline u32 _bswap4(u32 val) +{ +_asm mov eax, val _asm bswap eax} +# define BSWAP4(x) _bswap4(x) +# endif +# endif +#endif +#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) +# define GETU32(p) BSWAP4(*(const u32 *)(p)) +# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +#else +# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) +# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) +#endif +/*- GCM definitions */ typedef struct { + u64 hi, lo; +} u128; + +#ifdef TABLE_BITS +# undef TABLE_BITS +#endif +/* + * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should + * never be set to 8 [or 1]. For further information see gcm128.c. + */ +#define TABLE_BITS 4 + +struct gcm128_context { + /* Following 6 names follow names in GCM specification */ + union { + u64 u[2]; + u32 d[4]; + u8 c[16]; + size_t t[16 / sizeof(size_t)]; + } Yi, EKi, EK0, len, Xi, H; + /* + * Relative position of Xi, H and pre-computed Htable is used in some + * assembler modules, i.e. don't change the order! + */ +#if TABLE_BITS==8 + u128 Htable[256]; +#else + u128 Htable[16]; + void (*gmult) (u64 Xi[2], const u128 Htable[16]); + void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp, + size_t len); +#endif + unsigned int mres, ares; + block128_f block; + void *key; +#if !defined(OPENSSL_SMALL_FOOTPRINT) + unsigned char Xn[48]; +#endif +}; + +struct xts128_context { + void *key1, *key2; + block128_f block1, block2; +}; + +struct ccm128_context { + union { + u64 u[2]; + u8 c[16]; + } nonce, cmac; + u64 blocks; + block128_f block; + void *key; +}; + +#ifndef OPENSSL_NO_OCB + +typedef union { + u64 a[2]; + unsigned char c[16]; +} OCB_BLOCK; +# define ocb_block16_xor(in1,in2,out) \ + ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ + (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) +# if STRICT_ALIGNMENT +# define ocb_block16_xor_misaligned(in1,in2,out) \ + ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) +# else +# define ocb_block16_xor_misaligned ocb_block16_xor +# endif + +struct ocb128_context { + /* Need both encrypt and decrypt key schedules for decryption */ + block128_f encrypt; + block128_f decrypt; + void *keyenc; + void *keydec; + ocb128_f stream; /* direction dependent */ + /* Key dependent variables. Can be reused if key remains the same */ + size_t l_index; + size_t max_l_index; + OCB_BLOCK l_star; + OCB_BLOCK l_dollar; + OCB_BLOCK *l; + /* Must be reset for each session */ + struct { + u64 blocks_hashed; + u64 blocks_processed; + OCB_BLOCK offset_aad; + OCB_BLOCK sum; + OCB_BLOCK offset; + OCB_BLOCK checksum; + } sess; +}; +#endif /* OPENSSL_NO_OCB */ diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index 713b9aaf19d5..b39a55a1a145 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -10,7 +10,7 @@ #include #include #include -#include "modes_lcl.h" +#include "modes_local.h" #ifndef OPENSSL_NO_OCB diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c index 83092564c6b6..44bdf888db1a 100644 --- a/crypto/modes/ofb128.c +++ b/crypto/modes/ofb128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c index 81b1eacd5920..b5bda5e6402d 100644 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index c4355370cb15..979d83577c22 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -17,8 +17,8 @@ #include #include #include "internal/thread_once.h" -#include "internal/lhash.h" -#include "obj_lcl.h" +#include "crypto/lhash.h" +#include "obj_local.h" #include "e_os.h" /* diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index ef2d1e0ddaf2..46006fe6cf9c 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -8,15 +8,15 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include #include -#include "internal/objects.h" +#include "crypto/objects.h" #include -#include "internal/asn1_int.h" -#include "obj_lcl.h" +#include "crypto/asn1.h" +#include "obj_local.h" /* obj_dat.h is generated from objects.h by obj_dat.pl */ #include "obj_dat.h" diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index ea91db660b65..d1b1bc7faf91 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -1728,8 +1728,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"ITU-T", "itu-t", NID_itu_t}, {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t}, {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]}, - {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]}, - {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]}, + {"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 10, &so[4440]}, + {"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, &so[4450]}, {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1}, {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1}, {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1}, @@ -3578,9 +3578,9 @@ static const unsigned int ln_objs[NUM_LN] = { 134, /* "Microsoft Individual Code Signing" */ 856, /* "Microsoft Local Key set" */ 137, /* "Microsoft Server Gated Crypto" */ - 648, /* "Microsoft Smartcardlogin" */ + 648, /* "Microsoft Smartcard Login" */ 136, /* "Microsoft Trust List Signing" */ - 649, /* "Microsoft Universal Principal Name" */ + 649, /* "Microsoft User Principal Name" */ 393, /* "NULL" */ 404, /* "NULL" */ 72, /* "Netscape Base Url" */ diff --git a/crypto/objects/obj_lcl.h b/crypto/objects/obj_lcl.h deleted file mode 100644 index a417f7c46ef6..000000000000 --- a/crypto/objects/obj_lcl.h +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -typedef struct name_funcs_st NAME_FUNCS; -DEFINE_STACK_OF(NAME_FUNCS) -DEFINE_LHASH_OF(OBJ_NAME); -typedef struct added_obj_st ADDED_OBJ; -DEFINE_LHASH_OF(ADDED_OBJ); diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c index acbdeec2c980..456a1598cec5 100644 --- a/crypto/objects/obj_lib.c +++ b/crypto/objects/obj_lib.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { diff --git a/crypto/objects/obj_local.h b/crypto/objects/obj_local.h new file mode 100644 index 000000000000..a417f7c46ef6 --- /dev/null +++ b/crypto/objects/obj_local.h @@ -0,0 +1,14 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +typedef struct name_funcs_st NAME_FUNCS; +DEFINE_STACK_OF(NAME_FUNCS) +DEFINE_LHASH_OF(OBJ_NAME); +typedef struct added_obj_st ADDED_OBJ; +DEFINE_LHASH_OF(ADDED_OBJ); diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 9144d569dcd0..1ca04bbff19f 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 5b2bb54eb929..c49d4c568b59 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -426,9 +426,9 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc !Cname ms-efs 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System !Cname ms-smartcard-login -1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin +1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login !Cname ms-upn -1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name +1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft User Principal Name 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c index 1e0b82797bdc..a869e32bc8b3 100644 --- a/crypto/ocsp/ocsp_asn.c +++ b/crypto/ocsp/ocsp_asn.c @@ -10,7 +10,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" ASN1_SEQUENCE(OCSP_SIGNATURE) = { ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 739ac01807a0..55ffd45c6ec0 100755 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -16,7 +16,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" /* * Utility functions related to sending OCSP requests and extracting relevant diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 3ab5308a12bb..f6c387ffb7d7 100755 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -12,7 +12,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include #include diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 42c368643135..ba408bc86f98 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -10,7 +10,7 @@ #include "e_os.h" #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_lcl.h deleted file mode 100644 index 36646fdfc97a..000000000000 --- a/crypto/ocsp/ocsp_lcl.h +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ -struct ocsp_cert_id_st { - X509_ALGOR hashAlgorithm; - ASN1_OCTET_STRING issuerNameHash; - ASN1_OCTET_STRING issuerKeyHash; - ASN1_INTEGER serialNumber; -}; - -/*- Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_one_request_st { - OCSP_CERTID *reqCert; - STACK_OF(X509_EXTENSION) *singleRequestExtensions; -}; - -/*- TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_req_info_st { - ASN1_INTEGER *version; - GENERAL_NAME *requestorName; - STACK_OF(OCSP_ONEREQ) *requestList; - STACK_OF(X509_EXTENSION) *requestExtensions; -}; - -/*- Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -struct ocsp_signature_st { - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; - -/*- OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ -struct ocsp_request_st { - OCSP_REQINFO tbsRequest; - OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -}; - -/*- OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - */ - -/*- ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ -struct ocsp_resp_bytes_st { - ASN1_OBJECT *responseType; - ASN1_OCTET_STRING *response; -}; - -/*- OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ -struct ocsp_response_st { - ASN1_ENUMERATED *responseStatus; - OCSP_RESPBYTES *responseBytes; -}; - -/*- ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ -struct ocsp_responder_id_st { - int type; - union { - X509_NAME *byName; - ASN1_OCTET_STRING *byKey; - } value; -}; - -/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ - -/*- RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ -struct ocsp_revoked_info_st { - ASN1_GENERALIZEDTIME *revocationTime; - ASN1_ENUMERATED *revocationReason; -}; - -/*- CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ -struct ocsp_cert_status_st { - int type; - union { - ASN1_NULL *good; - OCSP_REVOKEDINFO *revoked; - ASN1_NULL *unknown; - } value; -}; - -/*- SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_single_response_st { - OCSP_CERTID *certId; - OCSP_CERTSTATUS *certStatus; - ASN1_GENERALIZEDTIME *thisUpdate; - ASN1_GENERALIZEDTIME *nextUpdate; - STACK_OF(X509_EXTENSION) *singleExtensions; -}; - -/*- ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -}; - -/*- BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ - /* - * Note 1: The value for "signature" is specified in the OCSP rfc2560 as - * follows: "The value for the signature SHALL be computed on the hash of - * the DER encoding ResponseData." This means that you must hash the - * DER-encoded tbsResponseData, and then run it through a crypto-signing - * function, which will (at least w/RSA) do a hash-'n'-private-encrypt - * operation. This seems a bit odd, but that's the spec. Also note that - * the data structures do not leave anywhere to independently specify the - * algorithm used for the initial hash. So, we look at the - * signature-specification algorithm, and try to do something intelligent. - * -- Kathy Weinhold, CertCo - */ - /* - * Note 2: It seems that the mentioned passage from RFC 2560 (section - * 4.2.1) is open for interpretation. I've done tests against another - * responder, and found that it doesn't do the double hashing that the RFC - * seems to say one should. Therefore, all relevant functions take a flag - * saying which variant should be used. -- Richard Levitte, OpenSSL team - * and CeloCom - */ -struct ocsp_basic_response_st { - OCSP_RESPDATA tbsResponseData; - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; - -/*- - * CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ -struct ocsp_crl_id_st { - ASN1_IA5STRING *crlUrl; - ASN1_INTEGER *crlNum; - ASN1_GENERALIZEDTIME *crlTime; -}; - -/*- - * ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ -struct ocsp_service_locator_st { - X509_NAME *issuer; - STACK_OF(ACCESS_DESCRIPTION) *locator; -}; - -# define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &(o)->optionalSignature->signatureAlgorithm,NULL,\ - (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md) - -# define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ - NULL,(o)->signature,&(o)->tbsResponseData,pkey,md) - -# define OCSP_BASICRESP_sign_ctx(o,ctx,d) \ - ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ - NULL,(o)->signature,&(o)->tbsResponseData,ctx) - -# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &(a)->optionalSignature->signatureAlgorithm,\ - (a)->optionalSignature->signature,&(a)->tbsRequest,r) - -# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r) diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index b8b91cc9eb3f..37ac6c03fd04 100755 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -14,7 +14,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include /* Convert a certificate and its issuer to an OCSP_CERTID */ diff --git a/crypto/ocsp/ocsp_local.h b/crypto/ocsp/ocsp_local.h new file mode 100644 index 000000000000..36646fdfc97a --- /dev/null +++ b/crypto/ocsp/ocsp_local.h @@ -0,0 +1,236 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) + * serialNumber CertificateSerialNumber } + */ +struct ocsp_cert_id_st { + X509_ALGOR hashAlgorithm; + ASN1_OCTET_STRING issuerNameHash; + ASN1_OCTET_STRING issuerKeyHash; + ASN1_INTEGER serialNumber; +}; + +/*- Request ::= SEQUENCE { + * reqCert CertID, + * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_one_request_st { + OCSP_CERTID *reqCert; + STACK_OF(X509_EXTENSION) *singleRequestExtensions; +}; + +/*- TBSRequest ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * requestorName [1] EXPLICIT GeneralName OPTIONAL, + * requestList SEQUENCE OF Request, + * requestExtensions [2] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_req_info_st { + ASN1_INTEGER *version; + GENERAL_NAME *requestorName; + STACK_OF(OCSP_ONEREQ) *requestList; + STACK_OF(X509_EXTENSION) *requestExtensions; +}; + +/*- Signature ::= SEQUENCE { + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +struct ocsp_signature_st { + X509_ALGOR signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +}; + +/*- OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + */ +struct ocsp_request_st { + OCSP_REQINFO tbsRequest; + OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ +}; + +/*- OCSPResponseStatus ::= ENUMERATED { + * successful (0), --Response has valid confirmations + * malformedRequest (1), --Illegal confirmation request + * internalError (2), --Internal error in issuer + * tryLater (3), --Try again later + * --(4) is not used + * sigRequired (5), --Must sign the request + * unauthorized (6) --Request unauthorized + * } + */ + +/*- ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + */ +struct ocsp_resp_bytes_st { + ASN1_OBJECT *responseType; + ASN1_OCTET_STRING *response; +}; + +/*- OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + */ +struct ocsp_response_st { + ASN1_ENUMERATED *responseStatus; + OCSP_RESPBYTES *responseBytes; +}; + +/*- ResponderID ::= CHOICE { + * byName [1] Name, + * byKey [2] KeyHash } + */ +struct ocsp_responder_id_st { + int type; + union { + X509_NAME *byName; + ASN1_OCTET_STRING *byKey; + } value; +}; + +/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + * --(excluding the tag and length fields) + */ + +/*- RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + */ +struct ocsp_revoked_info_st { + ASN1_GENERALIZEDTIME *revocationTime; + ASN1_ENUMERATED *revocationReason; +}; + +/*- CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + */ +struct ocsp_cert_status_st { + int type; + union { + ASN1_NULL *good; + OCSP_REVOKEDINFO *revoked; + ASN1_NULL *unknown; + } value; +}; + +/*- SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_single_response_st { + OCSP_CERTID *certId; + OCSP_CERTSTATUS *certStatus; + ASN1_GENERALIZEDTIME *thisUpdate; + ASN1_GENERALIZEDTIME *nextUpdate; + STACK_OF(X509_EXTENSION) *singleExtensions; +}; + +/*- ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_response_data_st { + ASN1_INTEGER *version; + OCSP_RESPID responderId; + ASN1_GENERALIZEDTIME *producedAt; + STACK_OF(OCSP_SINGLERESP) *responses; + STACK_OF(X509_EXTENSION) *responseExtensions; +}; + +/*- BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ + /* + * Note 1: The value for "signature" is specified in the OCSP rfc2560 as + * follows: "The value for the signature SHALL be computed on the hash of + * the DER encoding ResponseData." This means that you must hash the + * DER-encoded tbsResponseData, and then run it through a crypto-signing + * function, which will (at least w/RSA) do a hash-'n'-private-encrypt + * operation. This seems a bit odd, but that's the spec. Also note that + * the data structures do not leave anywhere to independently specify the + * algorithm used for the initial hash. So, we look at the + * signature-specification algorithm, and try to do something intelligent. + * -- Kathy Weinhold, CertCo + */ + /* + * Note 2: It seems that the mentioned passage from RFC 2560 (section + * 4.2.1) is open for interpretation. I've done tests against another + * responder, and found that it doesn't do the double hashing that the RFC + * seems to say one should. Therefore, all relevant functions take a flag + * saying which variant should be used. -- Richard Levitte, OpenSSL team + * and CeloCom + */ +struct ocsp_basic_response_st { + OCSP_RESPDATA tbsResponseData; + X509_ALGOR signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +}; + +/*- + * CrlID ::= SEQUENCE { + * crlUrl [0] EXPLICIT IA5String OPTIONAL, + * crlNum [1] EXPLICIT INTEGER OPTIONAL, + * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } + */ +struct ocsp_crl_id_st { + ASN1_IA5STRING *crlUrl; + ASN1_INTEGER *crlNum; + ASN1_GENERALIZEDTIME *crlTime; +}; + +/*- + * ServiceLocator ::= SEQUENCE { + * issuer Name, + * locator AuthorityInfoAccessSyntax OPTIONAL } + */ +struct ocsp_service_locator_st { + X509_NAME *issuer; + STACK_OF(ACCESS_DESCRIPTION) *locator; +}; + +# define OCSP_REQUEST_sign(o,pkey,md) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ + &(o)->optionalSignature->signatureAlgorithm,NULL,\ + (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md) + +# define OCSP_BASICRESP_sign(o,pkey,md,d) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ + NULL,(o)->signature,&(o)->tbsResponseData,pkey,md) + +# define OCSP_BASICRESP_sign_ctx(o,ctx,d) \ + ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ + NULL,(o)->signature,&(o)->tbsResponseData,ctx) + +# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ + &(a)->optionalSignature->signatureAlgorithm,\ + (a)->optionalSignature->signature,&(a)->tbsRequest,r) + +# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ + &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r) diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 5605812ef74b..1965f2a183b3 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -10,7 +10,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include "internal/cryptlib.h" #include diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 6bd6f7b6d892..e35fc52fd944 100755 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -14,7 +14,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" /* * Utility functions related to sending OCSP responses and extracting diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 9a8d34386621..e87b71c0c791 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -8,7 +8,7 @@ */ #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include #include diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c index 2d425a8951d6..a174ce15a60d 100644 --- a/crypto/ocsp/v3_ocsp.c +++ b/crypto/ocsp/v3_ocsp.c @@ -12,7 +12,7 @@ # include # include # include -# include "ocsp_lcl.h" +# include "ocsp_local.h" # include # include "../x509v3/ext_dat.h" diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl index 5a231c49f02a..f4d364754a1f 100755 --- a/crypto/pariscid.pl +++ b/crypto/pariscid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -272,5 +272,5 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 0e7181311340..9d57ee7cc2e5 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -84,9 +84,8 @@ IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, - RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, - PEM_STRING_PUBLIC, - RSA_PUBKEY) + RSAPublicKey) +IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) #endif #ifndef OPENSSL_NO_DSA static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) @@ -115,7 +114,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) - IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) +IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) # ifndef OPENSSL_NO_STDIO DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) { @@ -176,6 +175,6 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, #ifndef OPENSSL_NO_DH IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) - IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) +IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) #endif IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 4bb86463fae5..64baf7108ea4 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include @@ -18,7 +18,7 @@ #include #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index aa032d2b1cac..e58cdf4a3e0b 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -17,8 +17,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int pem_check_suffix(const char *pem_str, const char *suffix); diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 2bbee4a306e4..1fc19c17f913 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -844,9 +844,9 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) goto error; OPENSSL_cleanse(keybuf, 20); - if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) + if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) goto error; - if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen)) + if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen)) goto error; } diff --git a/crypto/perlasm/README b/crypto/perlasm/README index 3177c3716542..59f2c95515fe 100644 --- a/crypto/perlasm/README +++ b/crypto/perlasm/README @@ -35,7 +35,7 @@ Functions of interest are: &function_begin_B(name,extra) Same as normal function_begin but no pushing. &function_end(name) Call at end of function. &function_end_A(name) Standard pop and ret, for use inside functions -&function_end_B(name) Call at end but with poping or 'ret'. +&function_end_B(name) Call at end but with pop or ret. &swtmp(num) Address on stack temp word. &wparam(num) Parameter number num, that was push in C convention. This all works over pushes diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl index ca2f8b990b97..48819be54052 100755 --- a/crypto/perlasm/arm-xlate.pl +++ b/crypto/perlasm/arm-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -174,4 +174,4 @@ while(my $line=<>) { print "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index d220c6245b56..08668b295bf6 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -341,4 +341,4 @@ while($line=<>) { print "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 29a0eacfd532..59af6df9c200 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1216,7 +1216,7 @@ while(defined(my $line=<>)) { print "\n$current_segment\tENDS\n" if ($current_segment && $masm); print "END\n" if ($masm); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; ################################################# # Cross-reference x86_64 ABI "card" diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 193ed8097dc3..af184c86af5d 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Pack an object into an OCTET STRING and turn into a safebag */ diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index 422dfc398fab..88f145890cf6 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "p12_lcl.h" +#include "p12_local.h" /* PKCS#12 ASN1 module */ diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index c324f5051469..a958fdf3465e 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Add a local keyid to a safebag */ diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 10cf8dd589d9..d43dc3b30cf3 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index 88db0f2dc4f9..7ecc29ec0ce0 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Initialise a PKCS12 structure to take data */ diff --git a/crypto/pkcs12/p12_lcl.h b/crypto/pkcs12/p12_lcl.h deleted file mode 100644 index 0b52f1e1fed9..000000000000 --- a/crypto/pkcs12/p12_lcl.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -struct PKCS12_MAC_DATA_st { - X509_SIG *dinfo; - ASN1_OCTET_STRING *salt; - ASN1_INTEGER *iter; /* defaults to 1 */ -}; - -struct PKCS12_st { - ASN1_INTEGER *version; - PKCS12_MAC_DATA *mac; - PKCS7 *authsafes; -}; - -struct PKCS12_SAFEBAG_st { - ASN1_OBJECT *type; - union { - struct pkcs12_bag_st *bag; /* secret, crl and certbag */ - struct pkcs8_priv_key_info_st *keybag; /* keybag */ - X509_SIG *shkeybag; /* shrouded key bag */ - STACK_OF(PKCS12_SAFEBAG) *safes; - ASN1_TYPE *other; - } value; - STACK_OF(X509_ATTRIBUTE) *attrib; -}; - -struct pkcs12_bag_st { - ASN1_OBJECT *type; - union { - ASN1_OCTET_STRING *x509cert; - ASN1_OCTET_STRING *x509crl; - ASN1_OCTET_STRING *octet; - ASN1_IA5STRING *sdsicert; - ASN1_TYPE *other; /* Secret or other bag */ - } value; -}; diff --git a/crypto/pkcs12/p12_local.h b/crypto/pkcs12/p12_local.h new file mode 100644 index 000000000000..0b52f1e1fed9 --- /dev/null +++ b/crypto/pkcs12/p12_local.h @@ -0,0 +1,43 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +struct PKCS12_MAC_DATA_st { + X509_SIG *dinfo; + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; /* defaults to 1 */ +}; + +struct PKCS12_st { + ASN1_INTEGER *version; + PKCS12_MAC_DATA *mac; + PKCS7 *authsafes; +}; + +struct PKCS12_SAFEBAG_st { + ASN1_OBJECT *type; + union { + struct pkcs12_bag_st *bag; /* secret, crl and certbag */ + struct pkcs8_priv_key_info_st *keybag; /* keybag */ + X509_SIG *shkeybag; /* shrouded key bag */ + STACK_OF(PKCS12_SAFEBAG) *safes; + ASN1_TYPE *other; + } value; + STACK_OF(X509_ATTRIBUTE) *attrib; +}; + +struct pkcs12_bag_st { + ASN1_OBJECT *type; + union { + ASN1_OCTET_STRING *x509cert; + ASN1_OCTET_STRING *x509crl; + ASN1_OCTET_STRING *octet; + ASN1_IA5STRING *sdsicert; + ASN1_TYPE *other; /* Secret or other bag */ + } value; +}; diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 0cbbed364a21..3658003fe598 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -13,7 +13,7 @@ #include #include #include -#include "p12_lcl.h" +#include "p12_local.h" int PKCS12_mac_present(const PKCS12 *p12) { diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index 0ce75ed330ee..0334289a89fa 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -13,7 +13,7 @@ #include #include #include -#include "p12_lcl.h" +#include "p12_local.h" /* PKCS#12 password change routine */ diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 86a07e1335e4..05fc388a9969 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index a09c5b93132a..7cf522786b03 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" #if OPENSSL_API_COMPAT < 0x10100000L ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 16b76431d1bd..ec4d9abd587f 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) { diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl index 5cdb6be05914..f77e1170f66b 100755 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ b/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1250,4 +1250,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index 6c6c9bb05be0..9bfee2759579 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -943,4 +943,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-mips.pl b/crypto/poly1305/asm/poly1305-mips.pl index 28b6772ee5fe..965825dc3eda 100755 --- a/crypto/poly1305/asm/poly1305-mips.pl +++ b/crypto/poly1305/asm/poly1305-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -433,5 +433,5 @@ ___ $output=pop and open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index 0c6d015d585b..e5d6933ac4d5 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -642,4 +642,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/poly1305/asm/poly1305-ppcfp.pl index 09f818584842..a9ab20714697 100755 --- a/crypto/poly1305/asm/poly1305-ppcfp.pl +++ b/crypto/poly1305/asm/poly1305-ppcfp.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -736,4 +736,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl index 82d757d9a1ca..bcc8fd3b886a 100755 --- a/crypto/poly1305/asm/poly1305-s390x.pl +++ b/crypto/poly1305/asm/poly1305-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -224,4 +224,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-sparcv9.pl b/crypto/poly1305/asm/poly1305-sparcv9.pl index 0bdd04892544..997e0d8344c6 100755 --- a/crypto/poly1305/asm/poly1305-sparcv9.pl +++ b/crypto/poly1305/asm/poly1305-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1117,4 +1117,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl index 1e09ddcc10d7..4aaf63a0a1dd 100755 --- a/crypto/poly1305/asm/poly1305-x86.pl +++ b/crypto/poly1305/asm/poly1305-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -71,7 +71,7 @@ if ($sse2) { $avx = ($1>=2.09) + ($1>=2.10); } - if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { + if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } } @@ -1812,4 +1812,4 @@ sub vlazy_reduction { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index 342ad7f18aa7..c014be1ca9fa 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -90,7 +90,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -168,6 +168,7 @@ $code.=<<___; .type poly1305_init,\@function,3 .align 32 poly1305_init: +.cfi_startproc xor %rax,%rax mov %rax,0($ctx) # initialize hash value mov %rax,8($ctx) @@ -219,6 +220,7 @@ $code.=<<___; mov \$1,%eax .Lno_key: ret +.cfi_endproc .size poly1305_init,.-poly1305_init .type poly1305_blocks,\@function,4 @@ -298,6 +300,7 @@ $code.=<<___; .type poly1305_emit,\@function,3 .align 32 poly1305_emit: +.cfi_startproc .Lemit: mov 0($ctx),%r8 # load hash value mov 8($ctx),%r9 @@ -318,6 +321,7 @@ poly1305_emit: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit,.-poly1305_emit ___ if ($avx) { @@ -342,15 +346,18 @@ $code.=<<___; .type __poly1305_block,\@abi-omnipotent .align 32 __poly1305_block: +.cfi_startproc ___ &poly1305_iteration(); $code.=<<___; ret +.cfi_endproc .size __poly1305_block,.-__poly1305_block .type __poly1305_init_avx,\@abi-omnipotent .align 32 __poly1305_init_avx: +.cfi_startproc mov $r0,$h0 mov $r1,$h1 xor $h2,$h2 @@ -508,6 +515,7 @@ __poly1305_init_avx: lea -48-64($ctx),$ctx # size [de-]optimization ret +.cfi_endproc .size __poly1305_init_avx,.-__poly1305_init_avx .type poly1305_blocks_avx,\@function,4 @@ -1373,6 +1381,7 @@ $code.=<<___; .type poly1305_emit_avx,\@function,3 .align 32 poly1305_emit_avx: +.cfi_startproc cmpl \$0,20($ctx) # is_base2_26? je .Lemit @@ -1423,6 +1432,7 @@ poly1305_emit_avx: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit_avx,.-poly1305_emit_avx ___ @@ -2741,6 +2751,7 @@ $code.=<<___; .type poly1305_init_base2_44,\@function,3 .align 32 poly1305_init_base2_44: +.cfi_startproc xor %rax,%rax mov %rax,0($ctx) # initialize hash value mov %rax,8($ctx) @@ -2782,6 +2793,7 @@ ___ $code.=<<___; mov \$1,%eax ret +.cfi_endproc .size poly1305_init_base2_44,.-poly1305_init_base2_44 ___ { @@ -2793,6 +2805,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52,\@function,4 .align 32 poly1305_blocks_vpmadd52: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52 # too short @@ -2899,6 +2912,7 @@ poly1305_blocks_vpmadd52: .Lno_data_vpmadd52: ret +.cfi_endproc .size poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52 ___ } @@ -2916,6 +2930,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52_4x,\@function,4 .align 32 poly1305_blocks_vpmadd52_4x: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52_4x # too short @@ -3340,6 +3355,7 @@ poly1305_blocks_vpmadd52_4x: .Lno_data_vpmadd52_4x: ret +.cfi_endproc .size poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x ___ } @@ -3358,6 +3374,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52_8x,\@function,4 .align 32 poly1305_blocks_vpmadd52_8x: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52_8x # too short @@ -3713,6 +3730,7 @@ $code.=<<___; .Lno_data_vpmadd52_8x: ret +.cfi_endproc .size poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x ___ } @@ -3720,6 +3738,7 @@ $code.=<<___; .type poly1305_emit_base2_44,\@function,3 .align 32 poly1305_emit_base2_44: +.cfi_startproc mov 0($ctx),%r8 # load hash value mov 8($ctx),%r9 mov 16($ctx),%r10 @@ -3750,6 +3769,7 @@ poly1305_emit_base2_44: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit_base2_44,.-poly1305_emit_base2_44 ___ } } } @@ -3800,6 +3820,7 @@ $code.=<<___; .type xor128_encrypt_n_pad,\@abi-omnipotent .align 16 xor128_encrypt_n_pad: +.cfi_startproc sub $otp,$inp sub $otp,$out mov $len,%r10 # put len aside @@ -3841,12 +3862,14 @@ xor128_encrypt_n_pad: .Ldone_enc: mov $otp,%rax ret +.cfi_endproc .size xor128_encrypt_n_pad,.-xor128_encrypt_n_pad .globl xor128_decrypt_n_pad .type xor128_decrypt_n_pad,\@abi-omnipotent .align 16 xor128_decrypt_n_pad: +.cfi_startproc sub $otp,$inp sub $otp,$out mov $len,%r10 # put len aside @@ -3892,6 +3915,7 @@ xor128_decrypt_n_pad: .Ldone_dec: mov $otp,%rax ret +.cfi_endproc .size xor128_decrypt_n_pad,.-xor128_decrypt_n_pad ___ } @@ -4156,4 +4180,4 @@ foreach (split('\n',$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c index 1d182364aee4..e7f5b92c8f3d 100644 --- a/crypto/poly1305/poly1305.c +++ b/crypto/poly1305/poly1305.c @@ -11,7 +11,7 @@ #include #include -#include "internal/poly1305.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" size_t Poly1305_ctx_size(void) @@ -89,7 +89,7 @@ static void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit); /* - * Type-agnostic "rip-off" from constant_time_locl.h + * Type-agnostic "rip-off" from constant_time.h */ # define CONSTANT_TIME_CARRY(a,b) ( \ (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \ diff --git a/crypto/poly1305/poly1305_ameth.c b/crypto/poly1305/poly1305_ameth.c index 033ee8cd9699..0c8a91dc79dc 100644 --- a/crypto/poly1305/poly1305_ameth.c +++ b/crypto/poly1305/poly1305_ameth.c @@ -10,10 +10,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/poly1305.h" +#include "crypto/asn1.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* * POLY1305 "ASN1" method. This is just here to indicate the maximum diff --git a/crypto/poly1305/poly1305_pmeth.c b/crypto/poly1305/poly1305_pmeth.c index 3bc24c98cd61..49a799a12f51 100644 --- a/crypto/poly1305/poly1305_pmeth.c +++ b/crypto/poly1305/poly1305_pmeth.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/poly1305.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* POLY1305 pkey context structure */ diff --git a/crypto/ppc_arch.h b/crypto/ppc_arch.h index 72bd7468745c..e3845e9394ae 100644 --- a/crypto/ppc_arch.h +++ b/crypto/ppc_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_PPC_ARCH_H -# define HEADER_PPC_ARCH_H +#ifndef OSSL_CRYPTO_PPC_ARCH_H +# define OSSL_CRYPTO_PPC_ARCH_H extern unsigned int OPENSSL_ppccap_P; diff --git a/crypto/ppccap.c b/crypto/ppccap.c index a59485207b16..b12cd949ccfe 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -29,8 +29,8 @@ #include #include #include -#include -#include "bn/bn_lcl.h" +#include +#include "bn/bn_local.h" #include "ppc_arch.h" diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl index a38445fd3c52..2065cbb84b10 100755 --- a/crypto/ppccpuid.pl +++ b/crypto/ppccpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -379,4 +379,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index a243361b56e4..93b82f34ceda 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -14,7 +14,7 @@ #include #include "internal/thread_once.h" #include "internal/thread_once.h" -#include "rand_lcl.h" +#include "rand_local.h" /* * Implementation of NIST SP 800-90A CTR DRBG. */ diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 12bb627a04ef..faf0590c6c28 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,10 +11,10 @@ #include #include #include -#include "rand_lcl.h" +#include "rand_local.h" #include "internal/thread_once.h" -#include "internal/rand_int.h" -#include "internal/cryptlib_int.h" +#include "crypto/rand.h" +#include "crypto/cryptlib.h" /* * Support framework for NIST SP 800-90A DRBG @@ -1044,7 +1044,7 @@ static int drbg_add(const void *buf, int num, double randomness) return ret; #else /* - * If an os entropy source is avaible then we declare the buffer content + * If an os entropy source is available then we declare the buffer content * as additional data by setting randomness to zero and trigger a regular * reseeding. */ diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index ae4d8559fb28..a3ae5f53c295 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,8 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA RAND_str_functs[] = { + {ERR_PACK(ERR_LIB_RAND, RAND_F_DATA_COLLECT_METHOD, 0), + "data_collect_method"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"}, @@ -49,6 +51,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = { "rand_pool_bytes_needed"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_GROW, 0), "rand_pool_grow"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_PSEUDO_BYTES, 0), "RAND_pseudo_bytes"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"}, {0, NULL} }; diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h deleted file mode 100755 index 306c59f6efa0..000000000000 --- a/crypto/rand/rand_lcl.h +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_RAND_LCL_H -# define HEADER_RAND_LCL_H - -# include -# include -# include -# include -# include -# include -# include "internal/tsan_assist.h" - -# include "internal/numbers.h" - -/* How many times to read the TSC as a randomness source. */ -# define TSC_READ_COUNT 4 - -/* Maximum reseed intervals */ -# define MAX_RESEED_INTERVAL (1 << 24) -# define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */ - -/* Default reseed intervals */ -# define MASTER_RESEED_INTERVAL (1 << 8) -# define SLAVE_RESEED_INTERVAL (1 << 16) -# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */ -# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */ - - - -/* - * Maximum input size for the DRBG (entropy, nonce, personalization string) - * - * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes. - * - * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes. - */ -# define DRBG_MAX_LENGTH INT32_MAX - - -/* - * Maximum allocation size for RANDOM_POOL buffers - * - * The max_len value for the buffer provided to the rand_drbg_get_entropy() - * callback is currently 2^31 bytes (2 gigabytes), if a derivation function - * is used. Since this is much too large to be allocated, the rand_pool_new() - * function chooses more modest values as default pool length, bounded - * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH - * - * The choice of the RAND_POOL_FACTOR is large enough such that the - * RAND_POOL can store a random input which has a lousy entropy rate of - * 8/256 (= 0.03125) bits per byte. This input will be sent through the - * derivation function which 'compresses' the low quality input into a - * high quality output. - * - * The factor 1.5 below is the pessimistic estimate for the extra amount - * of entropy required when no get_nonce() callback is defined. - */ -# define RAND_POOL_FACTOR 256 -# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \ - 3 * (RAND_DRBG_STRENGTH / 16)) -/* - * = (RAND_POOL_FACTOR * \ - * 1.5 * (RAND_DRBG_STRENGTH / 8)) - */ - -/* - * Initial allocation minimum. - * - * There is a distinction between the secure and normal allocation minimums. - * Ideally, the secure allocation size should be a power of two. The normal - * allocation size doesn't have any such restriction. - * - * The secure value is based on 128 bits of secure material, which is 16 bytes. - * Typically, the DRBGs will set a minimum larger than this so optimal - * allocation ought to take place (for full quality seed material). - * - * The normal value has been chosed by noticing that the rand_drbg_get_nonce - * function is usually the largest of the built in allocation (twenty four - * bytes and then appending another sixteen bytes). This means the buffer ends - * with 40 bytes. The value of forty eight is comfortably above this which - * allows some slack in the platform specific values used. - */ -# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48) - -/* DRBG status values */ -typedef enum drbg_status_e { - DRBG_UNINITIALISED, - DRBG_READY, - DRBG_ERROR -} DRBG_STATUS; - - -/* instantiate */ -typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx, - const unsigned char *ent, - size_t entlen, - const unsigned char *nonce, - size_t noncelen, - const unsigned char *pers, - size_t perslen); -/* reseed */ -typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx, - const unsigned char *ent, - size_t entlen, - const unsigned char *adin, - size_t adinlen); -/* generate output */ -typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx, - unsigned char *out, - size_t outlen, - const unsigned char *adin, - size_t adinlen); -/* uninstantiate */ -typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx); - - -/* - * The DRBG methods - */ - -typedef struct rand_drbg_method_st { - RAND_DRBG_instantiate_fn instantiate; - RAND_DRBG_reseed_fn reseed; - RAND_DRBG_generate_fn generate; - RAND_DRBG_uninstantiate_fn uninstantiate; -} RAND_DRBG_METHOD; - - -/* - * The state of a DRBG AES-CTR. - */ -typedef struct rand_drbg_ctr_st { - EVP_CIPHER_CTX *ctx; - EVP_CIPHER_CTX *ctx_df; - const EVP_CIPHER *cipher; - size_t keylen; - unsigned char K[32]; - unsigned char V[16]; - /* Temporary block storage used by ctr_df */ - unsigned char bltmp[16]; - size_t bltmp_pos; - unsigned char KX[48]; -} RAND_DRBG_CTR; - - -/* - * The 'random pool' acts as a dumb container for collecting random - * input from various entropy sources. The pool has no knowledge about - * whether its randomness is fed into a legacy RAND_METHOD via RAND_add() - * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the - * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and - * 4) cleanup the random pool again. - * - * The random pool contains no locking mechanism because its scope and - * lifetime is intended to be restricted to a single stack frame. - */ -struct rand_pool_st { - unsigned char *buffer; /* points to the beginning of the random pool */ - size_t len; /* current number of random bytes contained in the pool */ - - int attached; /* true pool was attached to existing buffer */ - int secure; /* 1: allocated on the secure heap, 0: otherwise */ - - size_t min_len; /* minimum number of random bytes requested */ - size_t max_len; /* maximum number of random bytes (allocated buffer size) */ - size_t alloc_len; /* current number of bytes allocated */ - size_t entropy; /* current entropy count in bits */ - size_t entropy_requested; /* requested entropy count in bits */ -}; - -/* - * The state of all types of DRBGs, even though we only have CTR mode - * right now. - */ -struct rand_drbg_st { - CRYPTO_RWLOCK *lock; - RAND_DRBG *parent; - int secure; /* 1: allocated on the secure heap, 0: otherwise */ - int type; /* the nid of the underlying algorithm */ - /* - * Stores the return value of openssl_get_fork_id() as of when we last - * reseeded. The DRBG reseeds automatically whenever drbg->fork_id != - * openssl_get_fork_id(). Used to provide fork-safety and reseed this - * DRBG in the child process. - */ - int fork_id; - unsigned short flags; /* various external flags */ - - /* - * The random_data is used by RAND_add()/drbg_add() to attach random - * data to the global drbg, such that the rand_drbg_get_entropy() callback - * can pull it during instantiation and reseeding. This is necessary to - * reconcile the different philosophies of the RAND and the RAND_DRBG - * with respect to how randomness is added to the RNG during reseeding - * (see PR #4328). - */ - struct rand_pool_st *seed_pool; - - /* - * Auxiliary pool for additional data. - */ - struct rand_pool_st *adin_pool; - - /* - * The following parameters are setup by the per-type "init" function. - * - * Currently the only type is CTR_DRBG, its init function is drbg_ctr_init(). - * - * The parameters are closely related to the ones described in - * section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one - * crucial difference: In the NIST standard, all counts are given - * in bits, whereas in OpenSSL entropy counts are given in bits - * and buffer lengths are given in bytes. - * - * Since this difference has lead to some confusion in the past, - * (see [GitHub Issue #2443], formerly [rt.openssl.org #4055]) - * the 'len' suffix has been added to all buffer sizes for - * clarification. - */ - - int strength; - size_t max_request; - size_t min_entropylen, max_entropylen; - size_t min_noncelen, max_noncelen; - size_t max_perslen, max_adinlen; - - /* Counts the number of generate requests since the last reseed. */ - unsigned int reseed_gen_counter; - /* - * Maximum number of generate requests until a reseed is required. - * This value is ignored if it is zero. - */ - unsigned int reseed_interval; - /* Stores the time when the last reseeding occurred */ - time_t reseed_time; - /* - * Specifies the maximum time interval (in seconds) between reseeds. - * This value is ignored if it is zero. - */ - time_t reseed_time_interval; - /* - * Counts the number of reseeds since instantiation. - * This value is ignored if it is zero. - * - * This counter is used only for seed propagation from the DRBG - * to its two children, the and DRBG. This feature is - * very special and its sole purpose is to ensure that any randomness which - * is added by RAND_add() or RAND_seed() will have an immediate effect on - * the output of RAND_bytes() resp. RAND_priv_bytes(). - */ - TSAN_QUALIFIER unsigned int reseed_prop_counter; - unsigned int reseed_next_counter; - - size_t seedlen; - DRBG_STATUS state; - - /* Application data, mainly used in the KATs. */ - CRYPTO_EX_DATA ex_data; - - /* Implementation specific data (currently only one implementation) */ - union { - RAND_DRBG_CTR ctr; - } data; - - /* Implementation specific methods */ - RAND_DRBG_METHOD *meth; - - /* Callback functions. See comments in rand_lib.c */ - RAND_DRBG_get_entropy_fn get_entropy; - RAND_DRBG_cleanup_entropy_fn cleanup_entropy; - RAND_DRBG_get_nonce_fn get_nonce; - RAND_DRBG_cleanup_nonce_fn cleanup_nonce; -}; - -/* The global RAND method, and the global buffer and DRBG instance. */ -extern RAND_METHOD rand_meth; - -/* DRBG helpers */ -int rand_drbg_restart(RAND_DRBG *drbg, - const unsigned char *buffer, size_t len, size_t entropy); -size_t rand_drbg_seedlen(RAND_DRBG *drbg); -/* locking api */ -int rand_drbg_lock(RAND_DRBG *drbg); -int rand_drbg_unlock(RAND_DRBG *drbg); -int rand_drbg_enable_locking(RAND_DRBG *drbg); - - -/* initializes the AES-CTR DRBG implementation */ -int drbg_ctr_init(RAND_DRBG *drbg); - -#endif diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 91b26523110f..ab4e9b5486cb 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,10 +11,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/rand_int.h" +#include "crypto/rand.h" #include #include "internal/thread_once.h" -#include "rand_lcl.h" +#include "rand_local.h" #include "e_os.h" #ifndef OPENSSL_NO_ENGINE @@ -386,6 +386,9 @@ int RAND_poll(void) const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth == NULL) + return 0; + if (meth == RAND_OpenSSL()) { /* fill random pool and seed the master DRBG */ RAND_DRBG *drbg = RAND_DRBG_get0_master(); @@ -765,7 +768,7 @@ int rand_pool_add(RAND_POOL *pool, * is returned without producing an error message. * * After updating the buffer, rand_pool_add_end() needs to be called - * to finish the udpate operation (see next comment). + * to finish the update operation (see next comment). */ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) { @@ -896,7 +899,7 @@ void RAND_seed(const void *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->seed != NULL) + if (meth != NULL && meth->seed != NULL) meth->seed(buf, num); } @@ -904,7 +907,7 @@ void RAND_add(const void *buf, int num, double randomness) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->add != NULL) + if (meth != NULL && meth->add != NULL) meth->add(buf, num, randomness); } @@ -917,24 +920,22 @@ int RAND_priv_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); RAND_DRBG *drbg; - int ret; - if (meth != RAND_OpenSSL()) + if (meth != NULL && meth != RAND_OpenSSL()) return RAND_bytes(buf, num); drbg = RAND_DRBG_get0_private(); - if (drbg == NULL) - return 0; + if (drbg != NULL) + return RAND_DRBG_bytes(drbg, buf, num); - ret = RAND_DRBG_bytes(drbg, buf, num); - return ret; + return 0; } int RAND_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->bytes != NULL) + if (meth != NULL && meth->bytes != NULL) return meth->bytes(buf, num); RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; @@ -945,8 +946,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->pseudorand != NULL) + if (meth != NULL && meth->pseudorand != NULL) return meth->pseudorand(buf, num); + RANDerr(RAND_F_RAND_PSEUDO_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } #endif @@ -955,7 +957,7 @@ int RAND_status(void) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->status != NULL) + if (meth != NULL && meth->status != NULL) return meth->status(); return 0; } diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h new file mode 100644 index 000000000000..1bc9bf7d266d --- /dev/null +++ b/crypto/rand/rand_local.h @@ -0,0 +1,299 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_RAND_LOCAL_H +# define OSSL_CRYPTO_RAND_LOCAL_H + +# include +# include +# include +# include +# include +# include +# include "internal/tsan_assist.h" + +# include "internal/numbers.h" + +/* How many times to read the TSC as a randomness source. */ +# define TSC_READ_COUNT 4 + +/* Maximum reseed intervals */ +# define MAX_RESEED_INTERVAL (1 << 24) +# define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */ + +/* Default reseed intervals */ +# define MASTER_RESEED_INTERVAL (1 << 8) +# define SLAVE_RESEED_INTERVAL (1 << 16) +# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */ +# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */ + + + +/* + * Maximum input size for the DRBG (entropy, nonce, personalization string) + * + * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes. + * + * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes. + */ +# define DRBG_MAX_LENGTH INT32_MAX + + +/* + * Maximum allocation size for RANDOM_POOL buffers + * + * The max_len value for the buffer provided to the rand_drbg_get_entropy() + * callback is currently 2^31 bytes (2 gigabytes), if a derivation function + * is used. Since this is much too large to be allocated, the rand_pool_new() + * function chooses more modest values as default pool length, bounded + * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH + * + * The choice of the RAND_POOL_FACTOR is large enough such that the + * RAND_POOL can store a random input which has a lousy entropy rate of + * 8/256 (= 0.03125) bits per byte. This input will be sent through the + * derivation function which 'compresses' the low quality input into a + * high quality output. + * + * The factor 1.5 below is the pessimistic estimate for the extra amount + * of entropy required when no get_nonce() callback is defined. + */ +# define RAND_POOL_FACTOR 256 +# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \ + 3 * (RAND_DRBG_STRENGTH / 16)) +/* + * = (RAND_POOL_FACTOR * \ + * 1.5 * (RAND_DRBG_STRENGTH / 8)) + */ + +/* + * Initial allocation minimum. + * + * There is a distinction between the secure and normal allocation minimums. + * Ideally, the secure allocation size should be a power of two. The normal + * allocation size doesn't have any such restriction. + * + * The secure value is based on 128 bits of secure material, which is 16 bytes. + * Typically, the DRBGs will set a minimum larger than this so optimal + * allocation ought to take place (for full quality seed material). + * + * The normal value has been chosen by noticing that the rand_drbg_get_nonce + * function is usually the largest of the built in allocation (twenty four + * bytes and then appending another sixteen bytes). This means the buffer ends + * with 40 bytes. The value of forty eight is comfortably above this which + * allows some slack in the platform specific values used. + */ +# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48) + +/* DRBG status values */ +typedef enum drbg_status_e { + DRBG_UNINITIALISED, + DRBG_READY, + DRBG_ERROR +} DRBG_STATUS; + + +/* instantiate */ +typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx, + const unsigned char *ent, + size_t entlen, + const unsigned char *nonce, + size_t noncelen, + const unsigned char *pers, + size_t perslen); +/* reseed */ +typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx, + const unsigned char *ent, + size_t entlen, + const unsigned char *adin, + size_t adinlen); +/* generate output */ +typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx, + unsigned char *out, + size_t outlen, + const unsigned char *adin, + size_t adinlen); +/* uninstantiate */ +typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx); + + +/* + * The DRBG methods + */ + +typedef struct rand_drbg_method_st { + RAND_DRBG_instantiate_fn instantiate; + RAND_DRBG_reseed_fn reseed; + RAND_DRBG_generate_fn generate; + RAND_DRBG_uninstantiate_fn uninstantiate; +} RAND_DRBG_METHOD; + + +/* + * The state of a DRBG AES-CTR. + */ +typedef struct rand_drbg_ctr_st { + EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx_df; + const EVP_CIPHER *cipher; + size_t keylen; + unsigned char K[32]; + unsigned char V[16]; + /* Temporary block storage used by ctr_df */ + unsigned char bltmp[16]; + size_t bltmp_pos; + unsigned char KX[48]; +} RAND_DRBG_CTR; + + +/* + * The 'random pool' acts as a dumb container for collecting random + * input from various entropy sources. The pool has no knowledge about + * whether its randomness is fed into a legacy RAND_METHOD via RAND_add() + * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the + * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and + * 4) cleanup the random pool again. + * + * The random pool contains no locking mechanism because its scope and + * lifetime is intended to be restricted to a single stack frame. + */ +struct rand_pool_st { + unsigned char *buffer; /* points to the beginning of the random pool */ + size_t len; /* current number of random bytes contained in the pool */ + + int attached; /* true pool was attached to existing buffer */ + int secure; /* 1: allocated on the secure heap, 0: otherwise */ + + size_t min_len; /* minimum number of random bytes requested */ + size_t max_len; /* maximum number of random bytes (allocated buffer size) */ + size_t alloc_len; /* current number of bytes allocated */ + size_t entropy; /* current entropy count in bits */ + size_t entropy_requested; /* requested entropy count in bits */ +}; + +/* + * The state of all types of DRBGs, even though we only have CTR mode + * right now. + */ +struct rand_drbg_st { + CRYPTO_RWLOCK *lock; + RAND_DRBG *parent; + int secure; /* 1: allocated on the secure heap, 0: otherwise */ + int type; /* the nid of the underlying algorithm */ + /* + * Stores the return value of openssl_get_fork_id() as of when we last + * reseeded. The DRBG reseeds automatically whenever drbg->fork_id != + * openssl_get_fork_id(). Used to provide fork-safety and reseed this + * DRBG in the child process. + */ + int fork_id; + unsigned short flags; /* various external flags */ + + /* + * The random_data is used by RAND_add()/drbg_add() to attach random + * data to the global drbg, such that the rand_drbg_get_entropy() callback + * can pull it during instantiation and reseeding. This is necessary to + * reconcile the different philosophies of the RAND and the RAND_DRBG + * with respect to how randomness is added to the RNG during reseeding + * (see PR #4328). + */ + struct rand_pool_st *seed_pool; + + /* + * Auxiliary pool for additional data. + */ + struct rand_pool_st *adin_pool; + + /* + * The following parameters are setup by the per-type "init" function. + * + * Currently the only type is CTR_DRBG, its init function is drbg_ctr_init(). + * + * The parameters are closely related to the ones described in + * section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one + * crucial difference: In the NIST standard, all counts are given + * in bits, whereas in OpenSSL entropy counts are given in bits + * and buffer lengths are given in bytes. + * + * Since this difference has lead to some confusion in the past, + * (see [GitHub Issue #2443], formerly [rt.openssl.org #4055]) + * the 'len' suffix has been added to all buffer sizes for + * clarification. + */ + + int strength; + size_t max_request; + size_t min_entropylen, max_entropylen; + size_t min_noncelen, max_noncelen; + size_t max_perslen, max_adinlen; + + /* Counts the number of generate requests since the last reseed. */ + unsigned int reseed_gen_counter; + /* + * Maximum number of generate requests until a reseed is required. + * This value is ignored if it is zero. + */ + unsigned int reseed_interval; + /* Stores the time when the last reseeding occurred */ + time_t reseed_time; + /* + * Specifies the maximum time interval (in seconds) between reseeds. + * This value is ignored if it is zero. + */ + time_t reseed_time_interval; + /* + * Counts the number of reseeds since instantiation. + * This value is ignored if it is zero. + * + * This counter is used only for seed propagation from the DRBG + * to its two children, the and DRBG. This feature is + * very special and its sole purpose is to ensure that any randomness which + * is added by RAND_add() or RAND_seed() will have an immediate effect on + * the output of RAND_bytes() resp. RAND_priv_bytes(). + */ + TSAN_QUALIFIER unsigned int reseed_prop_counter; + unsigned int reseed_next_counter; + + size_t seedlen; + DRBG_STATUS state; + + /* Application data, mainly used in the KATs. */ + CRYPTO_EX_DATA ex_data; + + /* Implementation specific data (currently only one implementation) */ + union { + RAND_DRBG_CTR ctr; + } data; + + /* Implementation specific methods */ + RAND_DRBG_METHOD *meth; + + /* Callback functions. See comments in rand_lib.c */ + RAND_DRBG_get_entropy_fn get_entropy; + RAND_DRBG_cleanup_entropy_fn cleanup_entropy; + RAND_DRBG_get_nonce_fn get_nonce; + RAND_DRBG_cleanup_nonce_fn cleanup_nonce; +}; + +/* The global RAND method, and the global buffer and DRBG instance. */ +extern RAND_METHOD rand_meth; + +/* DRBG helpers */ +int rand_drbg_restart(RAND_DRBG *drbg, + const unsigned char *buffer, size_t len, size_t entropy); +size_t rand_drbg_seedlen(RAND_DRBG *drbg); +/* locking api */ +int rand_drbg_lock(RAND_DRBG *drbg); +int rand_drbg_unlock(RAND_DRBG *drbg); +int rand_drbg_enable_locking(RAND_DRBG *drbg); + + +/* initializes the AES-CTR DRBG implementation */ +int drbg_ctr_init(RAND_DRBG *drbg); + +#endif diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 69efcdeed752..fe457cab4a3b 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,8 +15,8 @@ #include "internal/cryptlib.h" #include #include -#include "rand_lcl.h" -#include "internal/rand_int.h" +#include "rand_local.h" +#include "crypto/rand.h" #include #include "internal/dso.h" #ifdef __linux @@ -80,7 +80,8 @@ static uint64_t get_timer_bits(void); # define OSSL_POSIX_TIMER_OKAY # endif # endif -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) + || defined(__DJGPP__) */ #if defined(OPENSSL_RAND_SEED_NONE) /* none means none. this simplifies the following logic */ @@ -282,12 +283,58 @@ static ssize_t sysctl_random(char *buf, size_t buflen) # if defined(OPENSSL_RAND_SEED_GETRANDOM) # if defined(__linux) && !defined(__NR_getrandom) -# if defined(__arm__) && defined(__NR_SYSCALL_BASE) +# if defined(__arm__) # define __NR_getrandom (__NR_SYSCALL_BASE+384) # elif defined(__i386__) # define __NR_getrandom 355 -# elif defined(__x86_64__) && !defined(__ILP32__) -# define __NR_getrandom 318 +# elif defined(__x86_64__) +# if defined(__ILP32__) +# define __NR_getrandom (__X32_SYSCALL_BIT + 318) +# else +# define __NR_getrandom 318 +# endif +# elif defined(__xtensa__) +# define __NR_getrandom 338 +# elif defined(__s390__) || defined(__s390x__) +# define __NR_getrandom 349 +# elif defined(__bfin__) +# define __NR_getrandom 389 +# elif defined(__powerpc__) +# define __NR_getrandom 359 +# elif defined(__mips__) || defined(__mips64) +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define __NR_getrandom (__NR_Linux + 353) +# elif _MIPS_SIM == _MIPS_SIM_ABI64 +# define __NR_getrandom (__NR_Linux + 313) +# elif _MIPS_SIM == _MIPS_SIM_NABI32 +# define __NR_getrandom (__NR_Linux + 317) +# endif +# elif defined(__hppa__) +# define __NR_getrandom (__NR_Linux + 339) +# elif defined(__sparc__) +# define __NR_getrandom 347 +# elif defined(__ia64__) +# define __NR_getrandom 1339 +# elif defined(__alpha__) +# define __NR_getrandom 511 +# elif defined(__sh__) +# if defined(__SH5__) +# define __NR_getrandom 373 +# else +# define __NR_getrandom 384 +# endif +# elif defined(__avr32__) +# define __NR_getrandom 317 +# elif defined(__microblaze__) +# define __NR_getrandom 385 +# elif defined(__m68k__) +# define __NR_getrandom 352 +# elif defined(__cris__) +# define __NR_getrandom 356 +# elif defined(__aarch64__) +# define __NR_getrandom 278 +# else /* generic */ +# define __NR_getrandom 278 # endif # endif @@ -814,4 +861,5 @@ static uint64_t get_timer_bits(void) # endif return time(NULL); } -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) + || defined(__DJGPP__) */ diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c index 2b59353b1154..17e86f690e01 100644 --- a/crypto/rc2/rc2_cbc.c +++ b/crypto/rc2/rc2_cbc.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *ks, unsigned char *iv, int encrypt) diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c index fb2f78273d8e..8d9927cd5858 100644 --- a/crypto/rc2/rc2_ecb.c +++ b/crypto/rc2/rc2_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" #include /*- diff --git a/crypto/rc2/rc2_local.h b/crypto/rc2/rc2_local.h new file mode 100644 index 000000000000..e4dad947872c --- /dev/null +++ b/crypto/rc2/rc2_local.h @@ -0,0 +1,134 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#undef c2l +#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<<24L) + +/* NOTE - c is not incremented as per c2l */ +#undef c2ln +#define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ + /* fall thru */ \ + case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ + /* fall thru */ \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ + /* fall thru */ \ + case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ + /* fall thru */ \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +#undef l2c +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + +/* NOTE - c is not incremented as per l2c */ +#undef l2cn +#define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ + /* fall thru */ \ + case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ + /* fall thru */ \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ + /* fall thru */ \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ + case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ + /* fall thru */ \ + case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ + /* fall thru */ \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ + /* fall thru */ \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +/* NOTE - c is not incremented as per n2l */ +#define n2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ + case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +#define l2nn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ + case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ + case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ + case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ + case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ + case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ + case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ + case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + } \ + } + +#undef n2l +#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))) + +#undef l2n +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +#define C_RC2(n) \ + t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \ + x0=(t<<1)|(t>>15); \ + t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \ + x1=(t<<2)|(t>>14); \ + t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \ + x2=(t<<3)|(t>>13); \ + t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \ + x3=(t<<5)|(t>>11); diff --git a/crypto/rc2/rc2_locl.h b/crypto/rc2/rc2_locl.h deleted file mode 100644 index e4dad947872c..000000000000 --- a/crypto/rc2/rc2_locl.h +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#define C_RC2(n) \ - t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \ - x0=(t<<1)|(t>>15); \ - t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \ - x1=(t<<2)|(t>>14); \ - t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \ - x2=(t<<3)|(t>>13); \ - t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \ - x3=(t<<5)|(t>>11); diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c index 55d8ba37155c..60ebd42f2636 100644 --- a/crypto/rc2/rc2_skey.c +++ b/crypto/rc2/rc2_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" static const unsigned char key_table[256] = { 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c index e11093db9e21..8d1c3a4d8f66 100644 --- a/crypto/rc2/rc2cfb64.c +++ b/crypto/rc2/rc2cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c index d610278a9bdc..61b2c56434bf 100644 --- a/crypto/rc2/rc2ofb64.c +++ b/crypto/rc2/rc2ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl index 8c5cf87d05ce..3a936de1f9a7 100644 --- a/crypto/rc4/asm/rc4-586.pl +++ b/crypto/rc4/asm/rc4-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -423,4 +423,4 @@ $idx="edx"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl index 1354d1821493..b12d044af465 100755 --- a/crypto/rc4/asm/rc4-c64xplus.pl +++ b/crypto/rc4/asm/rc4-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -189,4 +189,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl index 74e5191051eb..7aa5c21bd836 100755 --- a/crypto/rc4/asm/rc4-md5-x86_64.pl +++ b/crypto/rc4/asm/rc4-md5-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -484,6 +484,7 @@ $code.=<<___; .type RC4_set_key,\@function,3 .align 16 RC4_set_key: +.cfi_startproc lea 8($dat),$dat lea ($inp,$len),$inp neg $len @@ -519,6 +520,7 @@ RC4_set_key: mov %eax,-8($dat) mov %eax,-4($dat) ret +.cfi_endproc .size RC4_set_key,.-RC4_set_key .globl RC4_options @@ -658,4 +660,4 @@ $code =~ s/#rc4#//gm if ($rc4); print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl index 4111f339dae4..631e742b739d 100755 --- a/crypto/rc4/asm/rc4-parisc.pl +++ b/crypto/rc4/asm/rc4-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -330,4 +330,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl index 469f110fafee..dded0b75e7f9 100755 --- a/crypto/rc4/asm/rc4-s390x.pl +++ b/crypto/rc4/asm/rc4-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -184,7 +184,7 @@ $code.=<<___; RC4_set_key: stm${g} %r6,%r8,6*$SIZE_T($sp) lhi $cnt,256 - la $idx,0(%r0) + la $idx,0 sth $idx,0($key) .align 4 .L1stloop: @@ -194,8 +194,8 @@ RC4_set_key: lghi $ikey,-256 lr $cnt,$len - la $iinp,0(%r0) - la $idx,0(%r0) + la $iinp,0 + la $idx,0 .align 16 .L2ndloop: llgc $acc,2+256($ikey,$key) @@ -212,7 +212,7 @@ RC4_set_key: jz .Ldone brct $cnt,.L2ndloop lr $cnt,$len - la $iinp,0(%r0) + la $iinp,0 j .L2ndloop .Ldone: lm${g} %r6,%r8,6*$SIZE_T($sp) @@ -238,4 +238,4 @@ RC4_options: ___ print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 1a9cc47d7253..423eb5b4a997 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -138,11 +138,12 @@ $code=<<___; .globl RC4 .type RC4,\@function,4 .align 16 -RC4: or $len,$len +RC4: +.cfi_startproc + or $len,$len jne .Lentry ret .Lentry: -.cfi_startproc push %rbx .cfi_push %rbx push %r12 @@ -453,6 +454,7 @@ $code.=<<___; .type RC4_set_key,\@function,3 .align 16 RC4_set_key: +.cfi_startproc lea 8($dat),$dat lea ($inp,$len),$inp neg $len @@ -519,12 +521,14 @@ RC4_set_key: mov %eax,-8($dat) mov %eax,-4($dat) ret +.cfi_endproc .size RC4_set_key,.-RC4_set_key .globl RC4_options .type RC4_options,\@abi-omnipotent .align 16 RC4_options: +.cfi_startproc lea .Lopts(%rip),%rax mov OPENSSL_ia32cap_P(%rip),%edx bt \$20,%edx @@ -537,6 +541,7 @@ RC4_options: add \$12,%rax .Ldone: ret +.cfi_endproc .align 64 .Lopts: .asciz "rc4(8x,int)" @@ -693,4 +698,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c index 638a75bb06a9..09ef6a896f07 100644 --- a/crypto/rc4/rc4_enc.c +++ b/crypto/rc4/rc4_enc.c @@ -8,7 +8,7 @@ */ #include -#include "rc4_locl.h" +#include "rc4_local.h" /*- * RC4 as implemented from a posting from diff --git a/crypto/rc4/rc4_local.h b/crypto/rc4/rc4_local.h new file mode 100644 index 000000000000..e739be4be793 --- /dev/null +++ b/crypto/rc4/rc4_local.h @@ -0,0 +1,16 @@ +/* + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_RC4_LOCAL_H +# define OSSL_CRYPTO_RC4_LOCAL_H + +# include +# include "internal/cryptlib.h" + +#endif diff --git a/crypto/rc4/rc4_locl.h b/crypto/rc4/rc4_locl.h deleted file mode 100644 index 4380addbccb2..000000000000 --- a/crypto/rc4/rc4_locl.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_RC4_LOCL_H -# define HEADER_RC4_LOCL_H - -# include -# include "internal/cryptlib.h" - -#endif diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c index e9007331eb33..100eb79c2ada 100644 --- a/crypto/rc4/rc4_skey.c +++ b/crypto/rc4/rc4_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc4_locl.h" +#include "rc4_local.h" #include const char *RC4_options(void) diff --git a/crypto/rc5/asm/rc5-586.pl b/crypto/rc5/asm/rc5-586.pl index e58a98bc83b6..af11be816259 100644 --- a/crypto/rc5/asm/rc5-586.pl +++ b/crypto/rc5/asm/rc5-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ $tmp4="edx"; &cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub RC5_32_encrypt { diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c index c32f38e473e8..94ec646390dd 100644 --- a/crypto/rc5/rc5_ecb.c +++ b/crypto/rc5/rc5_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" #include void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, diff --git a/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c index 58631dee20d2..75ddeb2eaf2b 100644 --- a/crypto/rc5/rc5_enc.c +++ b/crypto/rc5/rc5_enc.c @@ -9,7 +9,7 @@ #include #include -#include "rc5_locl.h" +#include "rc5_local.h" void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC5_32_KEY *ks, unsigned char *iv, diff --git a/crypto/rc5/rc5_local.h b/crypto/rc5/rc5_local.h new file mode 100644 index 000000000000..41130fe33be4 --- /dev/null +++ b/crypto/rc5/rc5_local.h @@ -0,0 +1,186 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#undef c2l +#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<<24L) + +/* NOTE - c is not incremented as per c2l */ +#undef c2ln +#define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ + /* fall thru */ \ + case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ + /* fall thru */ \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ + /* fall thru */ \ + case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ + /* fall thru */ \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +#undef l2c +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + +/* NOTE - c is not incremented as per l2c */ +#undef l2cn +#define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ + /* fall thru */ \ + case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ + /* fall thru */ \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ + /* fall thru */ \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ + case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ + /* fall thru */ \ + case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ + /* fall thru */ \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ + /* fall thru */ \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +/* NOTE - c is not incremented as per n2l */ +#define n2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ + case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ + case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ + case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +#define l2nn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ + case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ + case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ + case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ + case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ + case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ + case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ + case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + } \ + } + +#undef n2l +#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))) + +#undef l2n +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) +# define ROTATE_l32(a,n) _lrotl(a,n) +# define ROTATE_r32(a,n) _lrotr(a,n) +#elif defined(__ICC) +# define ROTATE_l32(a,n) _rotl(a,n) +# define ROTATE_r32(a,n) _rotr(a,n) +#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# define ROTATE_l32(a,n) ({ register unsigned int ret; \ + asm ("roll %%cl,%0" \ + : "=r"(ret) \ + : "c"(n),"0"((unsigned int)(a)) \ + : "cc"); \ + ret; \ + }) +# define ROTATE_r32(a,n) ({ register unsigned int ret; \ + asm ("rorl %%cl,%0" \ + : "=r"(ret) \ + : "c"(n),"0"((unsigned int)(a)) \ + : "cc"); \ + ret; \ + }) +# endif +#endif +#ifndef ROTATE_l32 +# define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>((32-n)&0x1f))) +#endif +#ifndef ROTATE_r32 +# define ROTATE_r32(a,n) (((a)<<((32-n)&0x1f))|(((a)&0xffffffff)>>(n&0x1f))) +#endif + +#define RC5_32_MASK 0xffffffffL + +#define RC5_16_P 0xB7E1 +#define RC5_16_Q 0x9E37 +#define RC5_32_P 0xB7E15163L +#define RC5_32_Q 0x9E3779B9L +#define RC5_64_P 0xB7E151628AED2A6BLL +#define RC5_64_Q 0x9E3779B97F4A7C15LL + +#define E_RC5_32(a,b,s,n) \ + a^=b; \ + a=ROTATE_l32(a,b); \ + a+=s[n]; \ + a&=RC5_32_MASK; \ + b^=a; \ + b=ROTATE_l32(b,a); \ + b+=s[n+1]; \ + b&=RC5_32_MASK; + +#define D_RC5_32(a,b,s,n) \ + b-=s[n+1]; \ + b&=RC5_32_MASK; \ + b=ROTATE_r32(b,a); \ + b^=a; \ + a-=s[n]; \ + a&=RC5_32_MASK; \ + a=ROTATE_r32(a,b); \ + a^=b; diff --git a/crypto/rc5/rc5_locl.h b/crypto/rc5/rc5_locl.h deleted file mode 100644 index 41130fe33be4..000000000000 --- a/crypto/rc5/rc5_locl.h +++ /dev/null @@ -1,186 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) -# define ROTATE_l32(a,n) _lrotl(a,n) -# define ROTATE_r32(a,n) _lrotr(a,n) -#elif defined(__ICC) -# define ROTATE_l32(a,n) _rotl(a,n) -# define ROTATE_r32(a,n) _rotr(a,n) -#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE_l32(a,n) ({ register unsigned int ret; \ - asm ("roll %%cl,%0" \ - : "=r"(ret) \ - : "c"(n),"0"((unsigned int)(a)) \ - : "cc"); \ - ret; \ - }) -# define ROTATE_r32(a,n) ({ register unsigned int ret; \ - asm ("rorl %%cl,%0" \ - : "=r"(ret) \ - : "c"(n),"0"((unsigned int)(a)) \ - : "cc"); \ - ret; \ - }) -# endif -#endif -#ifndef ROTATE_l32 -# define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>((32-n)&0x1f))) -#endif -#ifndef ROTATE_r32 -# define ROTATE_r32(a,n) (((a)<<((32-n)&0x1f))|(((a)&0xffffffff)>>(n&0x1f))) -#endif - -#define RC5_32_MASK 0xffffffffL - -#define RC5_16_P 0xB7E1 -#define RC5_16_Q 0x9E37 -#define RC5_32_P 0xB7E15163L -#define RC5_32_Q 0x9E3779B9L -#define RC5_64_P 0xB7E151628AED2A6BLL -#define RC5_64_Q 0x9E3779B97F4A7C15LL - -#define E_RC5_32(a,b,s,n) \ - a^=b; \ - a=ROTATE_l32(a,b); \ - a+=s[n]; \ - a&=RC5_32_MASK; \ - b^=a; \ - b=ROTATE_l32(b,a); \ - b+=s[n+1]; \ - b&=RC5_32_MASK; - -#define D_RC5_32(a,b,s,n) \ - b-=s[n+1]; \ - b&=RC5_32_MASK; \ - b=ROTATE_r32(b,a); \ - b^=a; \ - a-=s[n]; \ - a&=RC5_32_MASK; \ - a=ROTATE_r32(a,b); \ - a^=b; diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c index 943a7849bb89..b2e6bbb1af24 100644 --- a/crypto/rc5/rc5_skey.c +++ b/crypto/rc5/rc5_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds) diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c index 9a8aa6b244c9..cfce7ec1e84c 100644 --- a/crypto/rc5/rc5cfb64.c +++ b/crypto/rc5/rc5cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c index 3a41d773cb6e..224eb968579c 100644 --- a/crypto/rc5/rc5ofb64.c +++ b/crypto/rc5/rc5ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl index 84aa7ced17c0..e8d02812ba5e 100644 --- a/crypto/ripemd/asm/rmd-586.pl +++ b/crypto/ripemd/asm/rmd-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ $KR3=0x7A6D76E9; &ripemd160_block("ripemd160_block_asm_data_order"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub Xv { diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c index a1670c7fbd83..e9e440f18c10 100644 --- a/crypto/ripemd/rmd_dgst.c +++ b/crypto/ripemd/rmd_dgst.c @@ -8,7 +8,7 @@ */ #include -#include "rmd_locl.h" +#include "rmd_local.h" #include #ifdef RMD160_ASM @@ -39,7 +39,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num) register unsigned MD32_REG_T A, B, C, D, E; unsigned MD32_REG_T a, b, c, d, e, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/crypto/ripemd/rmd_local.h b/crypto/ripemd/rmd_local.h new file mode 100644 index 000000000000..f3604e349006 --- /dev/null +++ b/crypto/ripemd/rmd_local.h @@ -0,0 +1,87 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +/* + * DO EXAMINE COMMENTS IN crypto/md5/md5_local.h & crypto/md5/md5_dgst.c + * FOR EXPLANATIONS ON FOLLOWING "CODE." + */ +#ifdef RMD160_ASM +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) +# define ripemd160_block_data_order ripemd160_block_asm_data_order +# endif +#endif + +void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); + +#define DATA_ORDER_IS_LITTLE_ENDIAN + +#define HASH_LONG RIPEMD160_LONG +#define HASH_CTX RIPEMD160_CTX +#define HASH_CBLOCK RIPEMD160_CBLOCK +#define HASH_UPDATE RIPEMD160_Update +#define HASH_TRANSFORM RIPEMD160_Transform +#define HASH_FINAL RIPEMD160_Final +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + ll=(c)->A; (void)HOST_l2c(ll,(s)); \ + ll=(c)->B; (void)HOST_l2c(ll,(s)); \ + ll=(c)->C; (void)HOST_l2c(ll,(s)); \ + ll=(c)->D; (void)HOST_l2c(ll,(s)); \ + ll=(c)->E; (void)HOST_l2c(ll,(s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order + +#include "crypto/md32_common.h" + +/* + * Transformed F2 and F4 are courtesy of Wei Dai + */ +#define F1(x,y,z) ((x) ^ (y) ^ (z)) +#define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) +#define F3(x,y,z) (((~(y)) | (x)) ^ (z)) +#define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) +#define F5(x,y,z) (((~(z)) | (y)) ^ (x)) + +#define RIPEMD160_A 0x67452301L +#define RIPEMD160_B 0xEFCDAB89L +#define RIPEMD160_C 0x98BADCFEL +#define RIPEMD160_D 0x10325476L +#define RIPEMD160_E 0xC3D2E1F0L + +#include "rmdconst.h" + +#define RIP1(a,b,c,d,e,w,s) { \ + a+=F1(b,c,d)+X(w); \ + a=ROTATE(a,s)+e; \ + c=ROTATE(c,10); } + +#define RIP2(a,b,c,d,e,w,s,K) { \ + a+=F2(b,c,d)+X(w)+K; \ + a=ROTATE(a,s)+e; \ + c=ROTATE(c,10); } + +#define RIP3(a,b,c,d,e,w,s,K) { \ + a+=F3(b,c,d)+X(w)+K; \ + a=ROTATE(a,s)+e; \ + c=ROTATE(c,10); } + +#define RIP4(a,b,c,d,e,w,s,K) { \ + a+=F4(b,c,d)+X(w)+K; \ + a=ROTATE(a,s)+e; \ + c=ROTATE(c,10); } + +#define RIP5(a,b,c,d,e,w,s,K) { \ + a+=F5(b,c,d)+X(w)+K; \ + a=ROTATE(a,s)+e; \ + c=ROTATE(c,10); } diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h deleted file mode 100644 index f1ae4323ca9b..000000000000 --- a/crypto/ripemd/rmd_locl.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -/* - * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c - * FOR EXPLANATIONS ON FOLLOWING "CODE." - */ -#ifdef RMD160_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define ripemd160_block_data_order ripemd160_block_asm_data_order -# endif -#endif - -void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_LONG RIPEMD160_LONG -#define HASH_CTX RIPEMD160_CTX -#define HASH_CBLOCK RIPEMD160_CBLOCK -#define HASH_UPDATE RIPEMD160_Update -#define HASH_TRANSFORM RIPEMD160_Transform -#define HASH_FINAL RIPEMD160_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - ll=(c)->E; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order - -#include "internal/md32_common.h" - -/* - * Transformed F2 and F4 are courtesy of Wei Dai - */ -#define F1(x,y,z) ((x) ^ (y) ^ (z)) -#define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) -#define F3(x,y,z) (((~(y)) | (x)) ^ (z)) -#define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) -#define F5(x,y,z) (((~(z)) | (y)) ^ (x)) - -#define RIPEMD160_A 0x67452301L -#define RIPEMD160_B 0xEFCDAB89L -#define RIPEMD160_C 0x98BADCFEL -#define RIPEMD160_D 0x10325476L -#define RIPEMD160_E 0xC3D2E1F0L - -#include "rmdconst.h" - -#define RIP1(a,b,c,d,e,w,s) { \ - a+=F1(b,c,d)+X(w); \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } - -#define RIP2(a,b,c,d,e,w,s,K) { \ - a+=F2(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } - -#define RIP3(a,b,c,d,e,w,s,K) { \ - a+=F3(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } - -#define RIP4(a,b,c,d,e,w,s,K) { \ - a+=F4(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } - -#define RIP5(a,b,c,d,e,w,s,K) { \ - a+=F5(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 9dcb85d83757..6692a51ed8fe 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "rsa_local.h" #ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si); diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index 9fe62c82eb2f..e8df8d762e16 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -12,7 +12,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" /* * Override the default free and new methods, diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 1b69be30ca41..b4ba7fce3ffb 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -9,7 +9,7 @@ #include #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_check_key(const RSA *key) { diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index f4ef8b4381f7..f1131ce9e0ad 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -10,9 +10,9 @@ #include #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_bits(const RSA *r) { diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 2b818088606c..29056a62a1ae 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -17,7 +17,7 @@ #include #include "internal/cryptlib.h" #include -#include "rsa_locl.h" +#include "rsa_local.h" static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb); diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index e737a28898cc..63fd1a6db492 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -11,11 +11,11 @@ #include #include "internal/cryptlib.h" #include "internal/refcount.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include #include -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/evp.h" +#include "rsa_local.h" RSA *RSA_new(void) { @@ -451,6 +451,11 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r) return r->iqmp; } +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r) +{ + return r->pss; +} + void RSA_clear_flags(RSA *r, int flags) { r->flags &= ~flags; diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h new file mode 100644 index 000000000000..2b94462a94c6 --- /dev/null +++ b/crypto/rsa/rsa_local.h @@ -0,0 +1,132 @@ +/* + * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/refcount.h" + +#define RSA_MAX_PRIME_NUM 5 +#define RSA_MIN_MODULUS_BITS 512 + +typedef struct rsa_prime_info_st { + BIGNUM *r; + BIGNUM *d; + BIGNUM *t; + /* save product of primes prior to this one */ + BIGNUM *pp; + BN_MONT_CTX *m; +} RSA_PRIME_INFO; + +DECLARE_ASN1_ITEM(RSA_PRIME_INFO) +DEFINE_STACK_OF(RSA_PRIME_INFO) + +struct rsa_st { + /* + * The first parameter is used to pickup errors where this is passed + * instead of an EVP_PKEY, it is set to 0 + */ + int pad; + int32_t version; + const RSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + /* for multi-prime RSA, defined in RFC 8017 */ + STACK_OF(RSA_PRIME_INFO) *prime_infos; + /* If a PSS only key this contains the parameter restrictions */ + RSA_PSS_PARAMS *pss; + /* be careful using this if the RSA structure is shared */ + CRYPTO_EX_DATA ex_data; + CRYPTO_REF_COUNT references; + int flags; + /* Used to cache montgomery values */ + BN_MONT_CTX *_method_mod_n; + BN_MONT_CTX *_method_mod_p; + BN_MONT_CTX *_method_mod_q; + /* + * all BIGNUM values are actually in the following data, if it is not + * NULL + */ + char *bignum_data; + BN_BLINDING *blinding; + BN_BLINDING *mt_blinding; + CRYPTO_RWLOCK *lock; +}; + +struct rsa_meth_st { + char *name; + int (*rsa_pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + /* Can be null */ + int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + /* Can be null */ + int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + /* called at new */ + int (*init) (RSA *rsa); + /* called at free */ + int (*finish) (RSA *rsa); + /* RSA_METHOD_FLAG_* things */ + int flags; + /* may be needed! */ + char *app_data; + /* + * New sign and verify functions: some libraries don't allow arbitrary + * data to be signed/verified: this allows them to be used. Note: for + * this to work the RSA_public_decrypt() and RSA_private_encrypt() should + * *NOT* be used RSA_sign(), RSA_verify() should be used instead. + */ + int (*rsa_sign) (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); + int (*rsa_verify) (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); + /* + * If this callback is NULL, the builtin software RSA key-gen will be + * used. This is for behavioural compatibility whilst the code gets + * rewired, but one day it would be nice to assume there are no such + * things as "builtin software" implementations. + */ + int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); +}; + +extern int int_rsa_verify(int dtype, const unsigned char *m, + unsigned int m_len, unsigned char *rm, + size_t *prm_len, const unsigned char *sigbuf, + size_t siglen, RSA *rsa); +/* Macros to test if a pkey or ctx is for a PSS key */ +#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) +#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) + +RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, + const EVP_MD *mgf1md, int saltlen); +int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, + const EVP_MD **pmgf1md, int *psaltlen); +/* internal function to clear and free multi-prime parameters */ +void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo); +void rsa_multip_info_free(RSA_PRIME_INFO *pinfo); +RSA_PRIME_INFO *rsa_multip_info_new(void); +int rsa_multip_calc_product(RSA *rsa); +int rsa_multip_cap(int bits); diff --git a/crypto/rsa/rsa_locl.h b/crypto/rsa/rsa_locl.h deleted file mode 100644 index 2b94462a94c6..000000000000 --- a/crypto/rsa/rsa_locl.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/refcount.h" - -#define RSA_MAX_PRIME_NUM 5 -#define RSA_MIN_MODULUS_BITS 512 - -typedef struct rsa_prime_info_st { - BIGNUM *r; - BIGNUM *d; - BIGNUM *t; - /* save product of primes prior to this one */ - BIGNUM *pp; - BN_MONT_CTX *m; -} RSA_PRIME_INFO; - -DECLARE_ASN1_ITEM(RSA_PRIME_INFO) -DEFINE_STACK_OF(RSA_PRIME_INFO) - -struct rsa_st { - /* - * The first parameter is used to pickup errors where this is passed - * instead of an EVP_PKEY, it is set to 0 - */ - int pad; - int32_t version; - const RSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; - /* for multi-prime RSA, defined in RFC 8017 */ - STACK_OF(RSA_PRIME_INFO) *prime_infos; - /* If a PSS only key this contains the parameter restrictions */ - RSA_PSS_PARAMS *pss; - /* be careful using this if the RSA structure is shared */ - CRYPTO_EX_DATA ex_data; - CRYPTO_REF_COUNT references; - int flags; - /* Used to cache montgomery values */ - BN_MONT_CTX *_method_mod_n; - BN_MONT_CTX *_method_mod_p; - BN_MONT_CTX *_method_mod_q; - /* - * all BIGNUM values are actually in the following data, if it is not - * NULL - */ - char *bignum_data; - BN_BLINDING *blinding; - BN_BLINDING *mt_blinding; - CRYPTO_RWLOCK *lock; -}; - -struct rsa_meth_st { - char *name; - int (*rsa_pub_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_pub_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - /* Can be null */ - int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); - /* Can be null */ - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - /* called at new */ - int (*init) (RSA *rsa); - /* called at free */ - int (*finish) (RSA *rsa); - /* RSA_METHOD_FLAG_* things */ - int flags; - /* may be needed! */ - char *app_data; - /* - * New sign and verify functions: some libraries don't allow arbitrary - * data to be signed/verified: this allows them to be used. Note: for - * this to work the RSA_public_decrypt() and RSA_private_encrypt() should - * *NOT* be used RSA_sign(), RSA_verify() should be used instead. - */ - int (*rsa_sign) (int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa); - int (*rsa_verify) (int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa); - /* - * If this callback is NULL, the builtin software RSA key-gen will be - * used. This is for behavioural compatibility whilst the code gets - * rewired, but one day it would be nice to assume there are no such - * things as "builtin software" implementations. - */ - int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); - int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes, - BIGNUM *e, BN_GENCB *cb); -}; - -extern int int_rsa_verify(int dtype, const unsigned char *m, - unsigned int m_len, unsigned char *rm, - size_t *prm_len, const unsigned char *sigbuf, - size_t siglen, RSA *rsa); -/* Macros to test if a pkey or ctx is for a PSS key */ -#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) -#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) - -RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, - const EVP_MD *mgf1md, int saltlen); -int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, - const EVP_MD **pmgf1md, int *psaltlen); -/* internal function to clear and free multi-prime parameters */ -void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo); -void rsa_multip_info_free(RSA_PRIME_INFO *pinfo); -RSA_PRIME_INFO *rsa_multip_info_new(void); -int rsa_multip_calc_product(RSA *rsa); -int rsa_multip_cap(int bits); diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c index def19f375f92..2845b79db8ef 100644 --- a/crypto/rsa/rsa_meth.c +++ b/crypto/rsa/rsa_meth.c @@ -8,7 +8,7 @@ */ #include -#include "rsa_locl.h" +#include "rsa_local.h" #include RSA_METHOD *RSA_meth_new(const char *name, int flags) diff --git a/crypto/rsa/rsa_mp.c b/crypto/rsa/rsa_mp.c index e7e810823b27..44dda8f800bc 100644 --- a/crypto/rsa/rsa_mp.c +++ b/crypto/rsa/rsa_mp.c @@ -10,7 +10,7 @@ #include #include -#include "rsa_locl.h" +#include "rsa_local.h" void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo) { diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 48b888bf27ad..302360a96415 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -20,7 +20,7 @@ * one-wayness. For the RSA function, this is an equivalent notion. */ -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" #include #include "internal/cryptlib.h" @@ -28,7 +28,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *from, int flen, diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index c8c3b7886aa9..b52a66f6a628 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -8,9 +8,9 @@ */ #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "rsa_locl.h" -#include "internal/constant_time_locl.h" +#include "crypto/bn.h" +#include "rsa_local.h" +#include "internal/constant_time.h" static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 5260d12f4c91..a3d0b7cef81e 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" #include #include "internal/cryptlib.h" @@ -57,7 +57,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, * D - data. */ - if (num < 11) + if (num < RSA_PKCS1_PADDING_SIZE) return -1; /* Accept inputs with and without the leading 0-byte. */ @@ -120,7 +120,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, int i, j; unsigned char *p; - if (flen > (tlen - 11)) { + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; @@ -169,7 +169,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * section 7.2.2. */ - if (flen > num || num < 11) { + if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); return -1; @@ -226,8 +226,8 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, good &= constant_time_ge(tlen, mlen); /* - * Move the result in-place by |num|-11-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |em|+11 to |to|. + * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. * Otherwise leave |to| unchanged. * Copy the memory back in a way that does not reveal the size of * the data being copied via a timing side channel. This requires copying @@ -235,16 +235,16 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * length. Clear bits do a non-copy with identical access pattern. * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(num - 11, tlen), - num - 11, tlen); - for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0); - for (i = 11; i < num - msg_index; i++) + tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), + num - RSA_PKCS1_PADDING_SIZE, tlen); + for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); + for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); } for (i = 0; i < tlen; i++) { mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, em[i + 11], to[i]); + to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); } OPENSSL_clear_free(em, num); diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 082ab8fd8a1f..0eb21c8af975 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" #include #include "internal/cryptlib.h" @@ -18,8 +18,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/evp.h" +#include "rsa_local.h" /* RSA pkey context structure */ diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index f7c575d00ab1..40ce1c4d378a 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -14,7 +14,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 952d24fb8ae4..7fc69361bf0a 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/x509_int.h" -#include "rsa_locl.h" +#include "crypto/x509.h" +#include "rsa_local.h" /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 3859128a6d80..1f155be175da 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" int RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen) @@ -20,7 +20,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, int i, j; unsigned char *p; - if (flen > (tlen - 11)) { + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; @@ -70,7 +70,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, if (tlen <= 0 || flen <= 0) return -1; - if (flen > num || num < 11) { + if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return -1; } @@ -141,8 +141,8 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); /* - * Move the result in-place by |num|-11-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |em|+11 to |to|. + * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. * Otherwise leave |to| unchanged. * Copy the memory back in a way that does not reveal the size of * the data being copied via a timing side channel. This requires copying @@ -150,16 +150,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, * length. Clear bits do a non-copy with identical access pattern. * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(num - 11, tlen), - num - 11, tlen); - for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0); - for (i = 11; i < num - msg_index; i++) + tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), + num - RSA_PKCS1_PADDING_SIZE, tlen); + for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); + for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); } for (i = 0; i < tlen; i++) { mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, em[i + 11], to[i]); + to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); } OPENSSL_clear_free(em, num); diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index e7ac476bb4a4..322cd14a840d 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -12,7 +12,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" /* X9.31 RSA key derivation and generation */ diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h index 4a775a927db7..4d2cc02eb3d3 100644 --- a/crypto/s390x_arch.h +++ b/crypto/s390x_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef S390X_ARCH_H -# define S390X_ARCH_H +#ifndef OSSL_CRYPTO_S390X_ARCH_H +# define OSSL_CRYPTO_S390X_ARCH_H # ifndef __ASSEMBLER__ diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl index ec700a47d98e..5cbb962530c5 100755 --- a/crypto/s390xcpuid.pl +++ b/crypto/s390xcpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -418,4 +418,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c index d62da91edea6..c3a1f183a5cc 100644 --- a/crypto/seed/seed.c +++ b/crypto/seed/seed.c @@ -42,7 +42,7 @@ # endif # include -# include "seed_locl.h" +# include "seed_local.h" # ifdef SS /* can get defined on Solaris by inclusion of * */ diff --git a/crypto/seed/seed_local.h b/crypto/seed/seed_local.h new file mode 100644 index 000000000000..e3681f8bd455 --- /dev/null +++ b/crypto/seed/seed_local.h @@ -0,0 +1,112 @@ +/* + * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +#ifndef OSSL_CRYPTO_SEED_LOCAL_H +# define OSSL_CRYPTO_SEED_LOCAL_H + +# include "openssl/e_os2.h" +# include + +# ifdef SEED_LONG /* need 32-bit type */ +typedef unsigned long seed_word; +# else +typedef unsigned int seed_word; +# endif + + +# define char2word(c, i) \ + (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3])) + +# define word2char(l, c) \ + *((c)+0) = (unsigned char)((l)>>24) & 0xff; \ + *((c)+1) = (unsigned char)((l)>>16) & 0xff; \ + *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \ + *((c)+3) = (unsigned char)((l)) & 0xff + +# define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC) \ + (T0) = (X3); \ + (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff; \ + (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff; \ + (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ + (T1) = ((X2) + (KC) - (X4)) & 0xffffffff + +# define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC) \ + (T0) = (X1); \ + (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff; \ + (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff; \ + (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ + (T1) = ((X2) + (KC) - (X4)) & 0xffffffff + +# define KEYUPDATE_TEMP(T0, T1, K) \ + (K)[0] = G_FUNC((T0)); \ + (K)[1] = G_FUNC((T1)) + +# define XOR_SEEDBLOCK(DST, SRC) \ + ((DST))[0] ^= ((SRC))[0]; \ + ((DST))[1] ^= ((SRC))[1]; \ + ((DST))[2] ^= ((SRC))[2]; \ + ((DST))[3] ^= ((SRC))[3] + +# define MOV_SEEDBLOCK(DST, SRC) \ + ((DST))[0] = ((SRC))[0]; \ + ((DST))[1] = ((SRC))[1]; \ + ((DST))[2] = ((SRC))[2]; \ + ((DST))[3] = ((SRC))[3] + +# define CHAR2WORD(C, I) \ + char2word((C), (I)[0]); \ + char2word((C+4), (I)[1]); \ + char2word((C+8), (I)[2]); \ + char2word((C+12), (I)[3]) + +# define WORD2CHAR(I, C) \ + word2char((I)[0], (C)); \ + word2char((I)[1], (C+4)); \ + word2char((I)[2], (C+8)); \ + word2char((I)[3], (C+12)) + +# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \ + (T0) = (X3) ^ (ks->data)[(rbase)]; \ + (T1) = (X4) ^ (ks->data)[(rbase)+1]; \ + (T1) ^= (T0); \ + (T1) = G_FUNC((T1)); \ + (T0) = ((T0) + (T1)) & 0xffffffff; \ + (T0) = G_FUNC((T0)); \ + (T1) = ((T1) + (T0)) & 0xffffffff; \ + (T1) = G_FUNC((T1)); \ + (T0) = ((T0) + (T1)) & 0xffffffff; \ + (X1) ^= (T0); \ + (X2) ^= (T1) + +#endif /* OSSL_CRYPTO_SEED_LOCAL_H */ diff --git a/crypto/seed/seed_locl.h b/crypto/seed/seed_locl.h deleted file mode 100644 index ac2950d97c2b..000000000000 --- a/crypto/seed/seed_locl.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Neither the name of author nor the names of its contributors may - * be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ -#ifndef HEADER_SEED_LOCL_H -# define HEADER_SEED_LOCL_H - -# include "openssl/e_os2.h" -# include - -# ifdef SEED_LONG /* need 32-bit type */ -typedef unsigned long seed_word; -# else -typedef unsigned int seed_word; -# endif - - -# define char2word(c, i) \ - (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3])) - -# define word2char(l, c) \ - *((c)+0) = (unsigned char)((l)>>24) & 0xff; \ - *((c)+1) = (unsigned char)((l)>>16) & 0xff; \ - *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \ - *((c)+3) = (unsigned char)((l)) & 0xff - -# define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC) \ - (T0) = (X3); \ - (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff; \ - (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff; \ - (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ - (T1) = ((X2) + (KC) - (X4)) & 0xffffffff - -# define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC) \ - (T0) = (X1); \ - (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff; \ - (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff; \ - (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ - (T1) = ((X2) + (KC) - (X4)) & 0xffffffff - -# define KEYUPDATE_TEMP(T0, T1, K) \ - (K)[0] = G_FUNC((T0)); \ - (K)[1] = G_FUNC((T1)) - -# define XOR_SEEDBLOCK(DST, SRC) \ - ((DST))[0] ^= ((SRC))[0]; \ - ((DST))[1] ^= ((SRC))[1]; \ - ((DST))[2] ^= ((SRC))[2]; \ - ((DST))[3] ^= ((SRC))[3] - -# define MOV_SEEDBLOCK(DST, SRC) \ - ((DST))[0] = ((SRC))[0]; \ - ((DST))[1] = ((SRC))[1]; \ - ((DST))[2] = ((SRC))[2]; \ - ((DST))[3] = ((SRC))[3] - -# define CHAR2WORD(C, I) \ - char2word((C), (I)[0]); \ - char2word((C+4), (I)[1]); \ - char2word((C+8), (I)[2]); \ - char2word((C+12), (I)[3]) - -# define WORD2CHAR(I, C) \ - word2char((I)[0], (C)); \ - word2char((I)[1], (C+4)); \ - word2char((I)[2], (C+8)); \ - word2char((I)[3], (C+12)) - -# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \ - (T0) = (X3) ^ (ks->data)[(rbase)]; \ - (T1) = (X4) ^ (ks->data)[(rbase)+1]; \ - (T1) ^= (T0); \ - (T1) = G_FUNC((T1)); \ - (T0) = ((T0) + (T1)) & 0xffffffff; \ - (T0) = G_FUNC((T0)); \ - (T1) = ((T1) + (T0)) & 0xffffffff; \ - (T1) = G_FUNC((T1)); \ - (T0) = ((T0) + (T1)) & 0xffffffff; \ - (X1) ^= (T0); \ - (X2) ^= (T1) - -#endif /* HEADER_SEED_LOCL_H */ diff --git a/crypto/sha/asm/keccak1600-armv4.pl b/crypto/sha/asm/keccak1600-armv4.pl index cb8ccc90f5b9..39fe559e974b 100755 --- a/crypto/sha/asm/keccak1600-armv4.pl +++ b/crypto/sha/asm/keccak1600-armv4.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1603,4 +1603,4 @@ foreach (split($/,$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/keccak1600-armv8.pl b/crypto/sha/asm/keccak1600-armv8.pl index 3173c77f5363..ce5df4d6de1b 100755 --- a/crypto/sha/asm/keccak1600-armv8.pl +++ b/crypto/sha/asm/keccak1600-armv8.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -877,4 +877,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx2.pl b/crypto/sha/asm/keccak1600-avx2.pl index d9fc1c59ec29..6104caf4ff1f 100755 --- a/crypto/sha/asm/keccak1600-avx2.pl +++ b/crypto/sha/asm/keccak1600-avx2.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -479,4 +479,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx512.pl b/crypto/sha/asm/keccak1600-avx512.pl index 9074ff02dec3..6bfff7881756 100755 --- a/crypto/sha/asm/keccak1600-avx512.pl +++ b/crypto/sha/asm/keccak1600-avx512.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -548,4 +548,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx512vl.pl b/crypto/sha/asm/keccak1600-avx512vl.pl index a21bb8615a7c..446706fc67d1 100755 --- a/crypto/sha/asm/keccak1600-avx512vl.pl +++ b/crypto/sha/asm/keccak1600-avx512vl.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -389,4 +389,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-c64x.pl b/crypto/sha/asm/keccak1600-c64x.pl index b00af9af91d8..4d1bbee2cfdd 100755 --- a/crypto/sha/asm/keccak1600-c64x.pl +++ b/crypto/sha/asm/keccak1600-c64x.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -882,4 +882,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-mmx.pl b/crypto/sha/asm/keccak1600-mmx.pl index c7685add79dd..353f1e147c3b 100755 --- a/crypto/sha/asm/keccak1600-mmx.pl +++ b/crypto/sha/asm/keccak1600-mmx.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ # produce worse code. On the other hand one can wonder why not 128-bit # SSE2? Well, SSE2 won't provide double improvement, rather far from # that, if any at all on some processors, because it will take extra -# permutations and inter-bank data trasfers. Besides, contemporary +# permutations and inter-bank data transfers. Besides, contemporary # CPUs are better off executing 64-bit code, and it makes lesser sense # to invest into fancy 32-bit code. And the decision doesn't seem to # be inadequate, if one compares below results to "64-bit platforms in @@ -437,4 +437,4 @@ sub Rho() { ######### regular Rho step &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-ppc64.pl b/crypto/sha/asm/keccak1600-ppc64.pl index 30e70c5d6d7b..11b6329f09c0 100755 --- a/crypto/sha/asm/keccak1600-ppc64.pl +++ b/crypto/sha/asm/keccak1600-ppc64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -755,4 +755,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-s390x.pl b/crypto/sha/asm/keccak1600-s390x.pl index 1184cf233eba..a7d819a59057 100755 --- a/crypto/sha/asm/keccak1600-s390x.pl +++ b/crypto/sha/asm/keccak1600-s390x.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -557,4 +557,4 @@ ___ $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-x86_64.pl b/crypto/sha/asm/keccak1600-x86_64.pl index 42de5bf12344..b1a7e65e6baa 100755 --- a/crypto/sha/asm/keccak1600-x86_64.pl +++ b/crypto/sha/asm/keccak1600-x86_64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,7 @@ # Ryzen 8.8 # # (*) Corresponds to SHA3-256. Improvement over compiler-generate -# varies a lot, most commont coefficient is 15% in comparison to +# varies a lot, most common coefficient is 15% in comparison to # gcc-5.x, 50% for gcc-4.x, 90% for gcc-3.x. # (**) Sandy Bridge has broken rotate instruction. Performance can be # improved by 14% by replacing rotates with double-precision @@ -84,6 +84,7 @@ $code.=<<___; .type __KeccakF1600,\@abi-omnipotent .align 32 __KeccakF1600: +.cfi_startproc mov $A[4][0](%rdi),@C[0] mov $A[4][1](%rdi),@C[1] mov $A[4][2](%rdi),@C[2] @@ -342,6 +343,7 @@ $code.=<<___; lea -192($iotas),$iotas # rewind iotas ret +.cfi_endproc .size __KeccakF1600,.-__KeccakF1600 .type KeccakF1600,\@abi-omnipotent @@ -604,4 +606,4 @@ foreach (split("\n",$code)) { print $_, "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600p8-ppc.pl b/crypto/sha/asm/keccak1600p8-ppc.pl index de2bcd660a09..c04c7deafeda 100755 --- a/crypto/sha/asm/keccak1600p8-ppc.pl +++ b/crypto/sha/asm/keccak1600p8-ppc.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -847,4 +847,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 9d4ff7f39a52..f7b85e6c6d7e 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -144,7 +144,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 @@ -1488,4 +1488,4 @@ sub Xtail_avx() &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 7ff5bfbba6cb..52d426bb29f8 100755 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -739,4 +739,4 @@ foreach (split($/,$code)) { print $_,$/; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl index 3ba871fedee6..aa44feb9c7c5 100755 --- a/crypto/sha/asm/sha1-armv8.pl +++ b/crypto/sha/asm/sha1-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -361,4 +361,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl index 4db2bcb06b31..ceec503a9829 100755 --- a/crypto/sha/asm/sha1-c64xplus.pl +++ b/crypto/sha/asm/sha1-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -334,4 +334,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl index 443b649830f4..a78266d62fc3 100755 --- a/crypto/sha/asm/sha1-mb-x86_64.pl +++ b/crypto/sha/asm/sha1-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1625,4 +1625,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl index 08f84bc3b3d9..c293cd3bfa4e 100755 --- a/crypto/sha/asm/sha1-mips.pl +++ b/crypto/sha/asm/sha1-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -458,4 +458,4 @@ $code.=<<___; .asciiz "SHA1 for MIPS, CRYPTOGAMS by " ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl index b001be16a23c..70ef7956abfa 100755 --- a/crypto/sha/asm/sha1-parisc.pl +++ b/crypto/sha/asm/sha1-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -276,4 +276,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-ppc.pl b/crypto/sha/asm/sha1-ppc.pl index 0cda0a3e1517..650a62912008 100755 --- a/crypto/sha/asm/sha1-ppc.pl +++ b/crypto/sha/asm/sha1-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -348,4 +348,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl index 5729c3089877..653a6cb50a8a 100755 --- a/crypto/sha/asm/sha1-s390x.pl +++ b/crypto/sha/asm/sha1-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -246,4 +246,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl index 3e612e3d5f68..8c23d85a3d09 100755 --- a/crypto/sha/asm/sha1-sparcv9.pl +++ b/crypto/sha/asm/sha1-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -431,4 +431,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl index 50d3e136a12d..4e90da4b8bc9 100755 --- a/crypto/sha/asm/sha1-sparcv9a.pl +++ b/crypto/sha/asm/sha1-sparcv9a.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -605,4 +605,4 @@ $code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/ &unalignaddr($1,$2,$3,$4) /gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl index ac74a25d6ead..b53e0bee052d 100755 --- a/crypto/sha/asm/sha1-thumb.pl +++ b/crypto/sha/asm/sha1-thumb.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -263,4 +263,4 @@ $code.=<<___; ___ print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl index 60819f61867c..0680d6d0a2b2 100755 --- a/crypto/sha/asm/sha1-x86_64.pl +++ b/crypto/sha/asm/sha1-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -119,7 +119,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -468,8 +468,8 @@ $code.=<<___ if ($win64); .Lepilogue_shaext: ___ $code.=<<___; -.cfi_endproc ret +.cfi_endproc .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext ___ }}} @@ -2129,4 +2129,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index dccc771ad584..6989d59bd735 100755 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -96,7 +96,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1293,4 +1293,4 @@ sub bodyx_00_15 () { # +10% &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index edcfc31278e3..d120febb4832 100755 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -729,4 +729,4 @@ foreach (split($/,$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl index 3ab7d9b68946..b2d00e4fb1ab 100755 --- a/crypto/sha/asm/sha256-c64xplus.pl +++ b/crypto/sha/asm/sha256-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -317,4 +317,4 @@ K256: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl index 73978dbd81d6..81ac814effc4 100755 --- a/crypto/sha/asm/sha256-mb-x86_64.pl +++ b/crypto/sha/asm/sha256-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1611,4 +1611,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl index 867ce30b9721..66b6e96f9ded 100755 --- a/crypto/sha/asm/sha512-586.pl +++ b/crypto/sha/asm/sha512-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -922,4 +922,4 @@ sub BODY_00_15_ssse3 { # "phase-less" copy of BODY_00_15_sse2 &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index 0b4c5674d9df..e9c5e0ce7687 100755 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -665,4 +665,4 @@ while() { close SELF; print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl index 01ffe9f98c3e..07dcba42dcf4 100755 --- a/crypto/sha/asm/sha512-armv8.pl +++ b/crypto/sha/asm/sha512-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -902,4 +902,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl index 9ebfc92e23ae..4263fb1349aa 100755 --- a/crypto/sha/asm/sha512-c64xplus.pl +++ b/crypto/sha/asm/sha512-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -435,4 +435,4 @@ K512: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl index dab684dde5bc..15acd5308dda 100755 --- a/crypto/sha/asm/sha512-mips.pl +++ b/crypto/sha/asm/sha512-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -518,4 +518,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-parisc.pl b/crypto/sha/asm/sha512-parisc.pl index 59eb320ab6ed..132f1db8eb9e 100755 --- a/crypto/sha/asm/sha512-parisc.pl +++ b/crypto/sha/asm/sha512-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -804,4 +804,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-ppc.pl b/crypto/sha/asm/sha512-ppc.pl index 71699f663706..265ecfa58c87 100755 --- a/crypto/sha/asm/sha512-ppc.pl +++ b/crypto/sha/asm/sha512-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -796,4 +796,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl index 4c0f4e79315b..9752fed4ea26 100755 --- a/crypto/sha/asm/sha512-s390x.pl +++ b/crypto/sha/asm/sha512-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -321,4 +321,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl index c215909633ae..54429d34e398 100755 --- a/crypto/sha/asm/sha512-sparcv9.pl +++ b/crypto/sha/asm/sha512-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -854,4 +854,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl index f2ebdfdb68b6..64ae641c1407 100755 --- a/crypto/sha/asm/sha512-x86_64.pl +++ b/crypto/sha/asm/sha512-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -135,7 +135,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -569,6 +569,7 @@ $code.=<<___; .align 64 sha256_block_data_order_shaext: _shaext_shortcut: +.cfi_startproc ___ $code.=<<___ if ($win64); lea `-8-5*16`(%rsp),%rsp @@ -712,6 +713,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size sha256_block_data_order_shaext,.-sha256_block_data_order_shaext ___ }}} @@ -1992,7 +1994,23 @@ $code.=<<___; vmovdqa $t0,0x00(%rsp) xor $a1,$a1 vmovdqa $t1,0x20(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rdi as frame pointer + mov $_rsp,%rdi +.cfi_def_cfa %rdi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rdi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; mov $B,$a3 vmovdqa $t2,0x00(%rsp) xor $C,$a3 # magic @@ -2012,7 +2030,18 @@ my @X = @_; my @insns = (&$body,&$body,&$body,&$body); # 96 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%2)==0); + if (($j%2)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } + foreach (Xupdate_256_AVX()) { # 29 instructions eval; eval(shift(@insns)); @@ -2083,7 +2112,23 @@ $code.=<<___; vmovdqa $t2,0x40(%rsp) vpaddq 0x40($Tbl),@X[6],$t2 vmovdqa $t3,0x60(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rdi as frame pointer + mov $_rsp,%rdi +.cfi_def_cfa %rdi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rdi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; vpaddq 0x60($Tbl),@X[7],$t3 vmovdqa $t0,0x00(%rsp) xor $a1,$a1 @@ -2107,7 +2152,18 @@ my @X = @_; my @insns = (&$body,&$body); # 48 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%4)==0); + if (($j%4)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } + foreach (Xupdate_512_AVX()) { # 23 instructions eval; if ($_ !~ /\;$/) { @@ -2182,6 +2238,8 @@ $code.=<<___; add $a1,$A #mov `2*$SZ*$rounds+8`(%rsp),$inp # $_inp lea `2*$SZ*($rounds-8)`(%rsp),%rsp +# restore frame pointer to original location at $_rsp +.cfi_cfa_expression $_rsp,deref,+8 add $SZ*0($ctx),$A add $SZ*1($ctx),$B @@ -2207,22 +2265,24 @@ $code.=<<___; jbe .Loop_avx2 lea (%rsp),$Tbl +# temporarily use $Tbl as index to $_rsp +# this avoids the need to save a secondary frame pointer at -8(%rsp) +.cfi_cfa_expression $Tbl+`16*$SZ+3*8`,deref,+8 .Ldone_avx2: - lea ($Tbl),%rsp - mov $_rsp,%rsi + mov `16*$SZ+3*8`($Tbl),%rsi .cfi_def_cfa %rsi,8 vzeroupper ___ $code.=<<___ if ($win64); - movaps 16*$SZ+32(%rsp),%xmm6 - movaps 16*$SZ+48(%rsp),%xmm7 - movaps 16*$SZ+64(%rsp),%xmm8 - movaps 16*$SZ+80(%rsp),%xmm9 + movaps 16*$SZ+32($Tbl),%xmm6 + movaps 16*$SZ+48($Tbl),%xmm7 + movaps 16*$SZ+64($Tbl),%xmm8 + movaps 16*$SZ+80($Tbl),%xmm9 ___ $code.=<<___ if ($win64 && $SZ>4); - movaps 16*$SZ+96(%rsp),%xmm10 - movaps 16*$SZ+112(%rsp),%xmm11 + movaps 16*$SZ+96($Tbl),%xmm10 + movaps 16*$SZ+112($Tbl),%xmm11 ___ $code.=<<___; mov -48(%rsi),%r15 @@ -2495,4 +2555,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl index 0d4fdd292c07..3f202964261d 100755 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/sha/asm/sha512p8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -417,4 +417,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 819370e61540..7965829e64b0 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -14,4 +14,4 @@ /* The implementation is in ../md32_common.h */ -# include "sha_locl.h" +# include "sha_local.h" diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index bf78f075eefb..11050ba54714 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -128,7 +128,7 @@ static #endif void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); -#include "internal/md32_common.h" +#include "crypto/md32_common.h" #ifndef SHA256_ASM static const SHA_LONG K256[64] = { diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 50b65ee811d6..ca1f387a64f8 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -50,7 +50,7 @@ #include #include "internal/cryptlib.h" -#include "internal/sha.h" +#include "crypto/sha.h" #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ diff --git a/crypto/sha/sha_local.h b/crypto/sha/sha_local.h new file mode 100644 index 000000000000..6edb9ef1d27e --- /dev/null +++ b/crypto/sha/sha_local.h @@ -0,0 +1,424 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include +#include + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SHA_LONG +#define HASH_CTX SHA_CTX +#define HASH_CBLOCK SHA_CBLOCK +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ + } while (0) + +#define HASH_UPDATE SHA1_Update +#define HASH_TRANSFORM SHA1_Transform +#define HASH_FINAL SHA1_Final +#define HASH_INIT SHA1_Init +#define HASH_BLOCK_DATA_ORDER sha1_block_data_order +#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ + ix=(a)=ROTATE((a),1) \ + ) + +#ifndef SHA1_ASM +static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); +#else +void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); +#endif + +#include "crypto/md32_common.h" + +#define INIT_DATA_h0 0x67452301UL +#define INIT_DATA_h1 0xefcdab89UL +#define INIT_DATA_h2 0x98badcfeUL +#define INIT_DATA_h3 0x10325476UL +#define INIT_DATA_h4 0xc3d2e1f0UL + +int HASH_INIT(SHA_CTX *c) +{ + memset(c, 0, sizeof(*c)); + c->h0 = INIT_DATA_h0; + c->h1 = INIT_DATA_h1; + c->h2 = INIT_DATA_h2; + c->h3 = INIT_DATA_h3; + c->h4 = INIT_DATA_h4; + return 1; +} + +#define K_00_19 0x5a827999UL +#define K_20_39 0x6ed9eba1UL +#define K_40_59 0x8f1bbcdcUL +#define K_60_79 0xca62c1d6UL + +/* + * As pointed out by Wei Dai, F() below can be simplified to the code in + * F_00_19. Wei attributes these optimizations to Peter Gutmann's SHS code, + * and he attributes it to Rich Schroeppel. + * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) + * I've just become aware of another tweak to be made, again from Wei Dai, + * in F_40_59, (x&a)|(y&a) -> (x|y)&a + */ +#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) +#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) +#define F_60_79(b,c,d) F_20_39(b,c,d) + +#ifndef OPENSSL_SMALL_FOOTPRINT + +# define BODY_00_15(i,a,b,c,d,e,f,xi) \ + (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ + Xupdate(f,xi,xa,xb,xc,xd); \ + (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ + Xupdate(f,xi,xa,xb,xc,xd); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# ifdef X +# undef X +# endif +# ifndef MD32_XARRAY + /* + * Originally X was an array. As it's automatic it's natural + * to expect RISC compiler to accommodate at least part of it in + * the register bank, isn't it? Unfortunately not all compilers + * "find" this expectation reasonable:-( On order to make such + * compilers generate better code I replace X[] with a bunch of + * X0, X1, etc. See the function body below... + */ +# define X(i) XX##i +# else + /* + * However! Some compilers (most notably HP C) get overwhelmed by + * that many local variables so that we have to have the way to + * fall down to the original behavior. + */ +# define X(i) XX[i] +# endif + +# if !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) +{ + const unsigned char *data = p; + register unsigned MD32_REG_T A, B, C, D, E, T, l; +# ifndef MD32_XARRAY + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; +# else + SHA_LONG XX[16]; +# endif + + A = c->h0; + B = c->h1; + C = c->h2; + D = c->h3; + E = c->h4; + + for (;;) { + const union { + long one; + char little; + } is_endian = { + 1 + }; + + if (!is_endian.little && sizeof(SHA_LONG) == 4 + && ((size_t)p % 4) == 0) { + const SHA_LONG *W = (const SHA_LONG *)data; + + X(0) = W[0]; + X(1) = W[1]; + BODY_00_15(0, A, B, C, D, E, T, X(0)); + X(2) = W[2]; + BODY_00_15(1, T, A, B, C, D, E, X(1)); + X(3) = W[3]; + BODY_00_15(2, E, T, A, B, C, D, X(2)); + X(4) = W[4]; + BODY_00_15(3, D, E, T, A, B, C, X(3)); + X(5) = W[5]; + BODY_00_15(4, C, D, E, T, A, B, X(4)); + X(6) = W[6]; + BODY_00_15(5, B, C, D, E, T, A, X(5)); + X(7) = W[7]; + BODY_00_15(6, A, B, C, D, E, T, X(6)); + X(8) = W[8]; + BODY_00_15(7, T, A, B, C, D, E, X(7)); + X(9) = W[9]; + BODY_00_15(8, E, T, A, B, C, D, X(8)); + X(10) = W[10]; + BODY_00_15(9, D, E, T, A, B, C, X(9)); + X(11) = W[11]; + BODY_00_15(10, C, D, E, T, A, B, X(10)); + X(12) = W[12]; + BODY_00_15(11, B, C, D, E, T, A, X(11)); + X(13) = W[13]; + BODY_00_15(12, A, B, C, D, E, T, X(12)); + X(14) = W[14]; + BODY_00_15(13, T, A, B, C, D, E, X(13)); + X(15) = W[15]; + BODY_00_15(14, E, T, A, B, C, D, X(14)); + BODY_00_15(15, D, E, T, A, B, C, X(15)); + + data += SHA_CBLOCK; + } else { + (void)HOST_c2l(data, l); + X(0) = l; + (void)HOST_c2l(data, l); + X(1) = l; + BODY_00_15(0, A, B, C, D, E, T, X(0)); + (void)HOST_c2l(data, l); + X(2) = l; + BODY_00_15(1, T, A, B, C, D, E, X(1)); + (void)HOST_c2l(data, l); + X(3) = l; + BODY_00_15(2, E, T, A, B, C, D, X(2)); + (void)HOST_c2l(data, l); + X(4) = l; + BODY_00_15(3, D, E, T, A, B, C, X(3)); + (void)HOST_c2l(data, l); + X(5) = l; + BODY_00_15(4, C, D, E, T, A, B, X(4)); + (void)HOST_c2l(data, l); + X(6) = l; + BODY_00_15(5, B, C, D, E, T, A, X(5)); + (void)HOST_c2l(data, l); + X(7) = l; + BODY_00_15(6, A, B, C, D, E, T, X(6)); + (void)HOST_c2l(data, l); + X(8) = l; + BODY_00_15(7, T, A, B, C, D, E, X(7)); + (void)HOST_c2l(data, l); + X(9) = l; + BODY_00_15(8, E, T, A, B, C, D, X(8)); + (void)HOST_c2l(data, l); + X(10) = l; + BODY_00_15(9, D, E, T, A, B, C, X(9)); + (void)HOST_c2l(data, l); + X(11) = l; + BODY_00_15(10, C, D, E, T, A, B, X(10)); + (void)HOST_c2l(data, l); + X(12) = l; + BODY_00_15(11, B, C, D, E, T, A, X(11)); + (void)HOST_c2l(data, l); + X(13) = l; + BODY_00_15(12, A, B, C, D, E, T, X(12)); + (void)HOST_c2l(data, l); + X(14) = l; + BODY_00_15(13, T, A, B, C, D, E, X(13)); + (void)HOST_c2l(data, l); + X(15) = l; + BODY_00_15(14, E, T, A, B, C, D, X(14)); + BODY_00_15(15, D, E, T, A, B, C, X(15)); + } + + BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13)); + BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14)); + BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15)); + BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0)); + + BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1)); + BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2)); + BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3)); + BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4)); + BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5)); + BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6)); + BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7)); + BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8)); + BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9)); + BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10)); + BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11)); + BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12)); + + BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13)); + BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14)); + BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15)); + BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0)); + BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1)); + BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2)); + BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3)); + BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4)); + + BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5)); + BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6)); + BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7)); + BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8)); + BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9)); + BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10)); + BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11)); + BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12)); + BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13)); + BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14)); + BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15)); + BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0)); + BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1)); + BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2)); + BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3)); + BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4)); + BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5)); + BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6)); + BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7)); + BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8)); + + BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9)); + BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10)); + BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11)); + BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12)); + BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13)); + BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14)); + BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15)); + BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0)); + BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1)); + BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2)); + BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3)); + BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4)); + BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5)); + BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6)); + BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7)); + BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8)); + BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9)); + BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10)); + BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11)); + BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12)); + + c->h0 = (c->h0 + E) & 0xffffffffL; + c->h1 = (c->h1 + T) & 0xffffffffL; + c->h2 = (c->h2 + A) & 0xffffffffL; + c->h3 = (c->h3 + B) & 0xffffffffL; + c->h4 = (c->h4 + C) & 0xffffffffL; + + if (--num == 0) + break; + + A = c->h0; + B = c->h1; + C = c->h2; + D = c->h3; + E = c->h4; + + } +} +# endif + +#else /* OPENSSL_SMALL_FOOTPRINT */ + +# define BODY_00_15(xi) do { \ + T=E+K_00_19+F_00_19(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xi; } while(0) + +# define BODY_16_19(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_00_19+F_00_19(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +# define BODY_20_39(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_20_39+F_20_39(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +# define BODY_40_59(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_40_59+F_40_59(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +# define BODY_60_79(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T=E+K_60_79+F_60_79(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xa; } while(0) + +# if !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) +{ + const unsigned char *data = p; + register unsigned MD32_REG_T A, B, C, D, E, T, l; + int i; + SHA_LONG X[16]; + + A = c->h0; + B = c->h1; + C = c->h2; + D = c->h3; + E = c->h4; + + for (;;) { + for (i = 0; i < 16; i++) { + (void)HOST_c2l(data, l); + X[i] = l; + BODY_00_15(X[i]); + } + for (i = 0; i < 4; i++) { + BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]); + } + for (; i < 24; i++) { + BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15], + X[(i + 13) & 15]); + } + for (i = 0; i < 20; i++) { + BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], + X[(i + 5) & 15]); + } + for (i = 4; i < 24; i++) { + BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], + X[(i + 5) & 15]); + } + + c->h0 = (c->h0 + A) & 0xffffffffL; + c->h1 = (c->h1 + B) & 0xffffffffL; + c->h2 = (c->h2 + C) & 0xffffffffL; + c->h3 = (c->h3 + D) & 0xffffffffL; + c->h4 = (c->h4 + E) & 0xffffffffL; + + if (--num == 0) + break; + + A = c->h0; + B = c->h1; + C = c->h2; + D = c->h3; + E = c->h4; + + } +} +# endif + +#endif diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h deleted file mode 100644 index 4e5a09038267..000000000000 --- a/crypto/sha/sha_locl.h +++ /dev/null @@ -1,424 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include -#include - -#define DATA_ORDER_IS_BIG_ENDIAN - -#define HASH_LONG SHA_LONG -#define HASH_CTX SHA_CTX -#define HASH_CBLOCK SHA_CBLOCK -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ - } while (0) - -#define HASH_UPDATE SHA1_Update -#define HASH_TRANSFORM SHA1_Transform -#define HASH_FINAL SHA1_Final -#define HASH_INIT SHA1_Init -#define HASH_BLOCK_DATA_ORDER sha1_block_data_order -#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ - ix=(a)=ROTATE((a),1) \ - ) - -#ifndef SHA1_ASM -static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); -#else -void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); -#endif - -#include "internal/md32_common.h" - -#define INIT_DATA_h0 0x67452301UL -#define INIT_DATA_h1 0xefcdab89UL -#define INIT_DATA_h2 0x98badcfeUL -#define INIT_DATA_h3 0x10325476UL -#define INIT_DATA_h4 0xc3d2e1f0UL - -int HASH_INIT(SHA_CTX *c) -{ - memset(c, 0, sizeof(*c)); - c->h0 = INIT_DATA_h0; - c->h1 = INIT_DATA_h1; - c->h2 = INIT_DATA_h2; - c->h3 = INIT_DATA_h3; - c->h4 = INIT_DATA_h4; - return 1; -} - -#define K_00_19 0x5a827999UL -#define K_20_39 0x6ed9eba1UL -#define K_40_59 0x8f1bbcdcUL -#define K_60_79 0xca62c1d6UL - -/* - * As pointed out by Wei Dai, F() below can be simplified to the code in - * F_00_19. Wei attributes these optimizations to Peter Gutmann's SHS code, - * and he attributes it to Rich Schroeppel. - * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) - * I've just become aware of another tweak to be made, again from Wei Dai, - * in F_40_59, (x&a)|(y&a) -> (x|y)&a - */ -#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) -#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) -#define F_60_79(b,c,d) F_20_39(b,c,d) - -#ifndef OPENSSL_SMALL_FOOTPRINT - -# define BODY_00_15(i,a,b,c,d,e,f,xi) \ - (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ - Xupdate(f,xi,xa,xb,xc,xd); \ - (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ - Xupdate(f,xi,xa,xb,xc,xd); \ - (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# ifdef X -# undef X -# endif -# ifndef MD32_XARRAY - /* - * Originally X was an array. As it's automatic it's natural - * to expect RISC compiler to accommodate at least part of it in - * the register bank, isn't it? Unfortunately not all compilers - * "find" this expectation reasonable:-( On order to make such - * compilers generate better code I replace X[] with a bunch of - * X0, X1, etc. See the function body below... - */ -# define X(i) XX##i -# else - /* - * However! Some compilers (most notably HP C) get overwhelmed by - * that many local variables so that we have to have the way to - * fall down to the original behavior. - */ -# define X(i) XX[i] -# endif - -# if !defined(SHA1_ASM) -static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) -{ - const unsigned char *data = p; - register unsigned MD32_REG_T A, B, C, D, E, T, l; -# ifndef MD32_XARRAY - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# else - SHA_LONG XX[16]; -# endif - - A = c->h0; - B = c->h1; - C = c->h2; - D = c->h3; - E = c->h4; - - for (;;) { - const union { - long one; - char little; - } is_endian = { - 1 - }; - - if (!is_endian.little && sizeof(SHA_LONG) == 4 - && ((size_t)p % 4) == 0) { - const SHA_LONG *W = (const SHA_LONG *)data; - - X(0) = W[0]; - X(1) = W[1]; - BODY_00_15(0, A, B, C, D, E, T, X(0)); - X(2) = W[2]; - BODY_00_15(1, T, A, B, C, D, E, X(1)); - X(3) = W[3]; - BODY_00_15(2, E, T, A, B, C, D, X(2)); - X(4) = W[4]; - BODY_00_15(3, D, E, T, A, B, C, X(3)); - X(5) = W[5]; - BODY_00_15(4, C, D, E, T, A, B, X(4)); - X(6) = W[6]; - BODY_00_15(5, B, C, D, E, T, A, X(5)); - X(7) = W[7]; - BODY_00_15(6, A, B, C, D, E, T, X(6)); - X(8) = W[8]; - BODY_00_15(7, T, A, B, C, D, E, X(7)); - X(9) = W[9]; - BODY_00_15(8, E, T, A, B, C, D, X(8)); - X(10) = W[10]; - BODY_00_15(9, D, E, T, A, B, C, X(9)); - X(11) = W[11]; - BODY_00_15(10, C, D, E, T, A, B, X(10)); - X(12) = W[12]; - BODY_00_15(11, B, C, D, E, T, A, X(11)); - X(13) = W[13]; - BODY_00_15(12, A, B, C, D, E, T, X(12)); - X(14) = W[14]; - BODY_00_15(13, T, A, B, C, D, E, X(13)); - X(15) = W[15]; - BODY_00_15(14, E, T, A, B, C, D, X(14)); - BODY_00_15(15, D, E, T, A, B, C, X(15)); - - data += SHA_CBLOCK; - } else { - (void)HOST_c2l(data, l); - X(0) = l; - (void)HOST_c2l(data, l); - X(1) = l; - BODY_00_15(0, A, B, C, D, E, T, X(0)); - (void)HOST_c2l(data, l); - X(2) = l; - BODY_00_15(1, T, A, B, C, D, E, X(1)); - (void)HOST_c2l(data, l); - X(3) = l; - BODY_00_15(2, E, T, A, B, C, D, X(2)); - (void)HOST_c2l(data, l); - X(4) = l; - BODY_00_15(3, D, E, T, A, B, C, X(3)); - (void)HOST_c2l(data, l); - X(5) = l; - BODY_00_15(4, C, D, E, T, A, B, X(4)); - (void)HOST_c2l(data, l); - X(6) = l; - BODY_00_15(5, B, C, D, E, T, A, X(5)); - (void)HOST_c2l(data, l); - X(7) = l; - BODY_00_15(6, A, B, C, D, E, T, X(6)); - (void)HOST_c2l(data, l); - X(8) = l; - BODY_00_15(7, T, A, B, C, D, E, X(7)); - (void)HOST_c2l(data, l); - X(9) = l; - BODY_00_15(8, E, T, A, B, C, D, X(8)); - (void)HOST_c2l(data, l); - X(10) = l; - BODY_00_15(9, D, E, T, A, B, C, X(9)); - (void)HOST_c2l(data, l); - X(11) = l; - BODY_00_15(10, C, D, E, T, A, B, X(10)); - (void)HOST_c2l(data, l); - X(12) = l; - BODY_00_15(11, B, C, D, E, T, A, X(11)); - (void)HOST_c2l(data, l); - X(13) = l; - BODY_00_15(12, A, B, C, D, E, T, X(12)); - (void)HOST_c2l(data, l); - X(14) = l; - BODY_00_15(13, T, A, B, C, D, E, X(13)); - (void)HOST_c2l(data, l); - X(15) = l; - BODY_00_15(14, E, T, A, B, C, D, X(14)); - BODY_00_15(15, D, E, T, A, B, C, X(15)); - } - - BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13)); - BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14)); - BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15)); - BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0)); - - BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1)); - BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2)); - BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3)); - BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4)); - BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5)); - BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6)); - BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7)); - BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8)); - BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9)); - BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10)); - BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11)); - BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12)); - - BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13)); - BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14)); - BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15)); - BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0)); - BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1)); - BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2)); - BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3)); - BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4)); - - BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5)); - BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6)); - BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7)); - BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8)); - BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9)); - BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10)); - BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11)); - BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12)); - BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13)); - BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14)); - BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15)); - BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0)); - BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1)); - BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2)); - BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3)); - BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4)); - BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5)); - BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6)); - BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7)); - BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8)); - - BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9)); - BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10)); - BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11)); - BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12)); - BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13)); - BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14)); - BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15)); - BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0)); - BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1)); - BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2)); - BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3)); - BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4)); - BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5)); - BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6)); - BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7)); - BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8)); - BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9)); - BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10)); - BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11)); - BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12)); - - c->h0 = (c->h0 + E) & 0xffffffffL; - c->h1 = (c->h1 + T) & 0xffffffffL; - c->h2 = (c->h2 + A) & 0xffffffffL; - c->h3 = (c->h3 + B) & 0xffffffffL; - c->h4 = (c->h4 + C) & 0xffffffffL; - - if (--num == 0) - break; - - A = c->h0; - B = c->h1; - C = c->h2; - D = c->h3; - E = c->h4; - - } -} -# endif - -#else /* OPENSSL_SMALL_FOOTPRINT */ - -# define BODY_00_15(xi) do { \ - T=E+K_00_19+F_00_19(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xi; } while(0) - -# define BODY_16_19(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_00_19+F_00_19(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_20_39(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_20_39+F_20_39(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_40_59(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_40_59+F_40_59(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_60_79(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T=E+K_60_79+F_60_79(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xa; } while(0) - -# if !defined(SHA1_ASM) -static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) -{ - const unsigned char *data = p; - register unsigned MD32_REG_T A, B, C, D, E, T, l; - int i; - SHA_LONG X[16]; - - A = c->h0; - B = c->h1; - C = c->h2; - D = c->h3; - E = c->h4; - - for (;;) { - for (i = 0; i < 16; i++) { - (void)HOST_c2l(data, l); - X[i] = l; - BODY_00_15(X[i]); - } - for (i = 0; i < 4; i++) { - BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]); - } - for (; i < 24; i++) { - BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15], - X[(i + 13) & 15]); - } - for (i = 0; i < 20; i++) { - BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], - X[(i + 5) & 15]); - } - for (i = 4; i < 24; i++) { - BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], - X[(i + 5) & 15]); - } - - c->h0 = (c->h0 + A) & 0xffffffffL; - c->h1 = (c->h1 + B) & 0xffffffffL; - c->h2 = (c->h2 + C) & 0xffffffffL; - c->h3 = (c->h3 + D) & 0xffffffffL; - c->h4 = (c->h4 + E) & 0xffffffffL; - - if (--num == 0) - break; - - A = c->h0; - B = c->h1; - C = c->h2; - D = c->h3; - E = c->h4; - - } -} -# endif - -#endif diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c index be74a38d934d..07d94c1e6e59 100644 --- a/crypto/siphash/siphash.c +++ b/crypto/siphash/siphash.c @@ -27,7 +27,7 @@ #include #include -#include "internal/siphash.h" +#include "crypto/siphash.h" #include "siphash_local.h" /* default: SipHash-2-4 */ diff --git a/crypto/siphash/siphash_ameth.c b/crypto/siphash/siphash_ameth.c index c0ab7efae4b6..2da6dfec8025 100644 --- a/crypto/siphash/siphash_ameth.c +++ b/crypto/siphash/siphash_ameth.c @@ -10,10 +10,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/siphash.h" +#include "crypto/asn1.h" +#include "crypto/siphash.h" #include "siphash_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* * SIPHASH "ASN1" method. This is just here to indicate the maximum diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c index 66e552fec5e5..0c7d2c61902c 100644 --- a/crypto/siphash/siphash_pmeth.c +++ b/crypto/siphash/siphash_pmeth.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/siphash.h" +#include "crypto/siphash.h" #include "siphash_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* SIPHASH pkey context structure */ diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index 4389fc731edd..ef505f64412b 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -9,9 +9,9 @@ * https://www.openssl.org/source/license.html */ -#include "internal/sm2.h" -#include "internal/sm2err.h" -#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */ +#include "crypto/sm2.h" +#include "crypto/sm2err.h" +#include "crypto/ec.h" /* ecdh_KDF_X9_63() */ #include #include #include diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c index 653c6797f86f..e5973e9c7140 100644 --- a/crypto/sm2/sm2_err.c +++ b/crypto/sm2/sm2_err.c @@ -9,7 +9,7 @@ */ #include -#include "internal/sm2err.h" +#include "crypto/sm2err.h" #ifndef OPENSSL_NO_ERR diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c index d187699cc411..b42a14c32f26 100644 --- a/crypto/sm2/sm2_pmeth.c +++ b/crypto/sm2/sm2_pmeth.c @@ -11,9 +11,9 @@ #include #include #include -#include "internal/evp_int.h" -#include "internal/sm2.h" -#include "internal/sm2err.h" +#include "crypto/evp.h" +#include "crypto/sm2.h" +#include "crypto/sm2err.h" /* EC pkey context structure */ @@ -220,6 +220,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) *(size_t *)p2 = smctx->id_len; return 1; + case EVP_PKEY_CTRL_DIGESTINIT: + /* nothing to be inited, this is to suppress the error... */ + return 1; + default: return -2; } diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 50ecb4d68cc6..683f03f93580 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -9,9 +9,9 @@ * https://www.openssl.org/source/license.html */ -#include "internal/sm2.h" -#include "internal/sm2err.h" -#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */ +#include "crypto/sm2.h" +#include "crypto/sm2err.h" +#include "crypto/ec.h" /* ec_group_do_inverse_ord() */ #include "internal/numbers.h" #include #include diff --git a/crypto/sm3/m_sm3.c b/crypto/sm3/m_sm3.c index 85538dc8af06..7e54f4298431 100644 --- a/crypto/sm3/m_sm3.c +++ b/crypto/sm3/m_sm3.c @@ -12,8 +12,8 @@ #ifndef OPENSSL_NO_SM3 # include -# include "internal/evp_int.h" -# include "internal/sm3.h" +# include "crypto/evp.h" +# include "crypto/sm3.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/sm3/sm3.c b/crypto/sm3/sm3.c index 1588dd115aa2..d78292b4c5b7 100644 --- a/crypto/sm3/sm3.c +++ b/crypto/sm3/sm3.c @@ -10,7 +10,7 @@ */ #include -#include "sm3_locl.h" +#include "sm3_local.h" int sm3_init(SM3_CTX *c) { diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h new file mode 100644 index 000000000000..7171de510de3 --- /dev/null +++ b/crypto/sm3/sm3_local.h @@ -0,0 +1,79 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "crypto/sm3.h" + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SM3_WORD +#define HASH_CTX SM3_CTX +#define HASH_CBLOCK SM3_CBLOCK +#define HASH_UPDATE sm3_update +#define HASH_TRANSFORM sm3_transform +#define HASH_FINAL sm3_final +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned long ll; \ + ll=(c)->A; (void)HOST_l2c(ll, (s)); \ + ll=(c)->B; (void)HOST_l2c(ll, (s)); \ + ll=(c)->C; (void)HOST_l2c(ll, (s)); \ + ll=(c)->D; (void)HOST_l2c(ll, (s)); \ + ll=(c)->E; (void)HOST_l2c(ll, (s)); \ + ll=(c)->F; (void)HOST_l2c(ll, (s)); \ + ll=(c)->G; (void)HOST_l2c(ll, (s)); \ + ll=(c)->H; (void)HOST_l2c(ll, (s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER sm3_block_data_order + +void sm3_transform(SM3_CTX *c, const unsigned char *data); + +#include "crypto/md32_common.h" + +#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17)) +#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) + +#define FF0(X,Y,Z) (X ^ Y ^ Z) +#define GG0(X,Y,Z) (X ^ Y ^ Z) + +#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z)) +#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z)))) + +#define EXPAND(W0,W7,W13,W3,W10) \ + (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10) + +#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG) \ + do { \ + const SM3_WORD A12 = ROTATE(A, 12); \ + const SM3_WORD A12_SM = A12 + E + TJ; \ + const SM3_WORD SS1 = ROTATE(A12_SM, 7); \ + const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \ + const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi; \ + B = ROTATE(B, 9); \ + D = TT1; \ + F = ROTATE(F, 19); \ + H = P0(TT2); \ + } while(0) + +#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ + RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0) + +#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ + RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1) + +#define SM3_A 0x7380166fUL +#define SM3_B 0x4914b2b9UL +#define SM3_C 0x172442d7UL +#define SM3_D 0xda8a0600UL +#define SM3_E 0xa96f30bcUL +#define SM3_F 0x163138aaUL +#define SM3_G 0xe38dee4dUL +#define SM3_H 0xb0fb0e4eUL diff --git a/crypto/sm3/sm3_locl.h b/crypto/sm3/sm3_locl.h deleted file mode 100644 index efa6db57c6cd..000000000000 --- a/crypto/sm3/sm3_locl.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * Ported from Ribose contributions from Botan. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/sm3.h" - -#define DATA_ORDER_IS_BIG_ENDIAN - -#define HASH_LONG SM3_WORD -#define HASH_CTX SM3_CTX -#define HASH_CBLOCK SM3_CBLOCK -#define HASH_UPDATE sm3_update -#define HASH_TRANSFORM sm3_transform -#define HASH_FINAL sm3_final -#define HASH_MAKE_STRING(c, s) \ - do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll, (s)); \ - ll=(c)->B; (void)HOST_l2c(ll, (s)); \ - ll=(c)->C; (void)HOST_l2c(ll, (s)); \ - ll=(c)->D; (void)HOST_l2c(ll, (s)); \ - ll=(c)->E; (void)HOST_l2c(ll, (s)); \ - ll=(c)->F; (void)HOST_l2c(ll, (s)); \ - ll=(c)->G; (void)HOST_l2c(ll, (s)); \ - ll=(c)->H; (void)HOST_l2c(ll, (s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER sm3_block_data_order - -void sm3_transform(SM3_CTX *c, const unsigned char *data); - -#include "internal/md32_common.h" - -#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17)) -#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) - -#define FF0(X,Y,Z) (X ^ Y ^ Z) -#define GG0(X,Y,Z) (X ^ Y ^ Z) - -#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z)) -#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z)))) - -#define EXPAND(W0,W7,W13,W3,W10) \ - (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10) - -#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG) \ - do { \ - const SM3_WORD A12 = ROTATE(A, 12); \ - const SM3_WORD A12_SM = A12 + E + TJ; \ - const SM3_WORD SS1 = ROTATE(A12_SM, 7); \ - const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \ - const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi; \ - B = ROTATE(B, 9); \ - D = TT1; \ - F = ROTATE(F, 19); \ - H = P0(TT2); \ - } while(0) - -#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ - RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0) - -#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ - RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1) - -#define SM3_A 0x7380166fUL -#define SM3_B 0x4914b2b9UL -#define SM3_C 0x172442d7UL -#define SM3_D 0xda8a0600UL -#define SM3_E 0xa96f30bcUL -#define SM3_F 0x163138aaUL -#define SM3_G 0xe38dee4dUL -#define SM3_H 0xb0fb0e4eUL diff --git a/crypto/sm4/sm4.c b/crypto/sm4/sm4.c index 0c819a4b68eb..5750e763319a 100644 --- a/crypto/sm4/sm4.c +++ b/crypto/sm4/sm4.c @@ -10,7 +10,7 @@ */ #include -#include "internal/sm4.h" +#include "crypto/sm4.h" static const uint8_t SM4_S[256] = { 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, diff --git a/crypto/sparc_arch.h b/crypto/sparc_arch.h index 99eafb331352..c74063be2fa6 100644 --- a/crypto/sparc_arch.h +++ b/crypto/sparc_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef __SPARC_ARCH_H__ -# define __SPARC_ARCH_H__ +#ifndef OSSL_CRYPTO_SPARC_ARCH_H +# define OSSL_CRYPTO_SPARC_ARCH_H # define SPARCV9_TICK_PRIVILEGED (1<<0) # define SPARCV9_PREFER_FPU (1<<1) @@ -115,4 +115,4 @@ mov tmp, %o7; # endif -#endif /* __SPARC_ARCH_H__ */ +#endif /* OSSL_CRYPTO_SPARC_ARCH_H */ diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index c8c567536b33..ff1a983ac98b 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -268,7 +268,7 @@ void OPENSSL_cpuid_setup(void) /* * In wait for better solution _sparcv9_rdcfr is masked by - * VIS3 flag, because it goes to uninterruptable endless + * VIS3 flag, because it goes to uninterruptible endless * loop on UltraSPARC II running Solaris. Things might be * different on Linux... */ diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index ca20f6d09798..4f417de0c989 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -16,7 +16,7 @@ # include # include # include -# include "internal/bn_srp.h" +# include "crypto/bn_srp.h" /* calculate = SHA1(PAD(x) || PAD(y)) */ diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index eb279dd4187a..3dd2ab050757 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_SRP # include "internal/cryptlib.h" -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include # include diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 6f569ee62d71..8f1d20e74aa4 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -24,12 +24,12 @@ #include #include #include /* For the PKCS8 stuff o.O */ -#include "internal/asn1_int.h" -#include "internal/ctype.h" +#include "crypto/asn1.h" +#include "crypto/ctype.h" #include "internal/o_dir.h" #include "internal/cryptlib.h" -#include "internal/store_int.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" #ifdef _WIN32 # define stat _stat diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c index b398bf598ff6..0103c8db8aaf 100644 --- a/crypto/store/store_init.c +++ b/crypto/store/store_init.c @@ -8,8 +8,8 @@ */ #include -#include "internal/store.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(do_store_init) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 7de2e31f556f..fb8184d2d9b5 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -18,8 +18,8 @@ #include #include #include "internal/thread_once.h" -#include "internal/store_int.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" struct ossl_store_ctx_st { const OSSL_STORE_LOADER *loader; diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h new file mode 100644 index 000000000000..369dcb33f2d6 --- /dev/null +++ b/crypto/store/store_local.h @@ -0,0 +1,132 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/thread_once.h" +#include +#include +#include +#include +#include +#include + +/*- + * OSSL_STORE_INFO stuff + * --------------------- + */ + +struct ossl_store_info_st { + int type; + union { + void *data; /* used internally as generic pointer */ + + struct { + BUF_MEM *blob; + char *pem_name; + } embedded; /* when type == OSSL_STORE_INFO_EMBEDDED */ + + struct { + char *name; + char *desc; + } name; /* when type == OSSL_STORE_INFO_NAME */ + + EVP_PKEY *params; /* when type == OSSL_STORE_INFO_PARAMS */ + EVP_PKEY *pkey; /* when type == OSSL_STORE_INFO_PKEY */ + X509 *x509; /* when type == OSSL_STORE_INFO_CERT */ + X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */ + } _; +}; + +DEFINE_STACK_OF(OSSL_STORE_INFO) + +/* + * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file + * handlers. It should never reach a calling application or any engine. + * However, it can be used by a FILE_HANDLER's try_decode function to signal + * that it has decoded the incoming blob into a new blob, and that the + * attempted decoding should be immediately restarted with the new blob, using + * the new PEM name. + */ +/* + * Because this is an internal type, we don't make it public. + */ +#define OSSL_STORE_INFO_EMBEDDED -1 +OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name, + BUF_MEM *embedded); +BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info); +char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info); + +/*- + * OSSL_STORE_SEARCH stuff + * ----------------------- + */ + +struct ossl_store_search_st { + int search_type; + + /* + * Used by OSSL_STORE_SEARCH_BY_NAME and + * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL + */ + X509_NAME *name; + + /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ + const ASN1_INTEGER *serial; + + /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */ + const EVP_MD *digest; + + /* + * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and + * OSSL_STORE_SEARCH_BY_ALIAS + */ + const unsigned char *string; + size_t stringlength; +}; + +/*- + * OSSL_STORE_LOADER stuff + * ----------------------- + */ + +int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme); + +/* loader stuff */ +struct ossl_store_loader_st { + const char *scheme; + ENGINE *engine; + OSSL_STORE_open_fn open; + OSSL_STORE_ctrl_fn ctrl; + OSSL_STORE_expect_fn expect; + OSSL_STORE_find_fn find; + OSSL_STORE_load_fn load; + OSSL_STORE_eof_fn eof; + OSSL_STORE_error_fn error; + OSSL_STORE_close_fn close; +}; +DEFINE_LHASH_OF(OSSL_STORE_LOADER); + +const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme); +void ossl_store_destroy_loaders_int(void); + +/*- + * OSSL_STORE init stuff + * --------------------- + */ + +int ossl_store_init_once(void); +int ossl_store_file_loader_init(void); + +/*- + * 'file' scheme stuff + * ------------------- + */ + +OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp); +int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx); diff --git a/crypto/store/store_locl.h b/crypto/store/store_locl.h deleted file mode 100644 index 369dcb33f2d6..000000000000 --- a/crypto/store/store_locl.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/thread_once.h" -#include -#include -#include -#include -#include -#include - -/*- - * OSSL_STORE_INFO stuff - * --------------------- - */ - -struct ossl_store_info_st { - int type; - union { - void *data; /* used internally as generic pointer */ - - struct { - BUF_MEM *blob; - char *pem_name; - } embedded; /* when type == OSSL_STORE_INFO_EMBEDDED */ - - struct { - char *name; - char *desc; - } name; /* when type == OSSL_STORE_INFO_NAME */ - - EVP_PKEY *params; /* when type == OSSL_STORE_INFO_PARAMS */ - EVP_PKEY *pkey; /* when type == OSSL_STORE_INFO_PKEY */ - X509 *x509; /* when type == OSSL_STORE_INFO_CERT */ - X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */ - } _; -}; - -DEFINE_STACK_OF(OSSL_STORE_INFO) - -/* - * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file - * handlers. It should never reach a calling application or any engine. - * However, it can be used by a FILE_HANDLER's try_decode function to signal - * that it has decoded the incoming blob into a new blob, and that the - * attempted decoding should be immediately restarted with the new blob, using - * the new PEM name. - */ -/* - * Because this is an internal type, we don't make it public. - */ -#define OSSL_STORE_INFO_EMBEDDED -1 -OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name, - BUF_MEM *embedded); -BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info); -char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info); - -/*- - * OSSL_STORE_SEARCH stuff - * ----------------------- - */ - -struct ossl_store_search_st { - int search_type; - - /* - * Used by OSSL_STORE_SEARCH_BY_NAME and - * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL - */ - X509_NAME *name; - - /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ - const ASN1_INTEGER *serial; - - /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */ - const EVP_MD *digest; - - /* - * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and - * OSSL_STORE_SEARCH_BY_ALIAS - */ - const unsigned char *string; - size_t stringlength; -}; - -/*- - * OSSL_STORE_LOADER stuff - * ----------------------- - */ - -int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader); -OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme); - -/* loader stuff */ -struct ossl_store_loader_st { - const char *scheme; - ENGINE *engine; - OSSL_STORE_open_fn open; - OSSL_STORE_ctrl_fn ctrl; - OSSL_STORE_expect_fn expect; - OSSL_STORE_find_fn find; - OSSL_STORE_load_fn load; - OSSL_STORE_eof_fn eof; - OSSL_STORE_error_fn error; - OSSL_STORE_close_fn close; -}; -DEFINE_LHASH_OF(OSSL_STORE_LOADER); - -const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme); -void ossl_store_destroy_loaders_int(void); - -/*- - * OSSL_STORE init stuff - * --------------------- - */ - -int ossl_store_init_once(void); -int ossl_store_file_loader_init(void); - -/*- - * 'file' scheme stuff - * ------------------- - */ - -OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp); -int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx); diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c index e68cb3c56853..3631d9b50634 100644 --- a/crypto/store/store_register.c +++ b/crypto/store/store_register.c @@ -8,12 +8,12 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include -#include "store_locl.h" +#include "store_local.h" static CRYPTO_RWLOCK *registry_lock; static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT; diff --git a/crypto/threads_none.c b/crypto/threads_none.c index aabf0e0dc090..aaaaae872a9b 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -143,7 +143,7 @@ int openssl_get_fork_id(void) # if defined(OPENSSL_SYS_UNIX) return getpid(); # else - return return 0; + return 0; # endif } #endif diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c index 8707207082c9..2840f5858acb 100644 --- a/crypto/ts/ts_asn1.c +++ b/crypto/ts/ts_asn1.c @@ -10,7 +10,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" ASN1_SEQUENCE(TS_MSG_IMPRINT) = { ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), diff --git a/crypto/ts/ts_lcl.h b/crypto/ts/ts_lcl.h deleted file mode 100644 index 771784fef7c8..000000000000 --- a/crypto/ts/ts_lcl.h +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * MessageImprint ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * hashedMessage OCTET STRING } - */ -struct TS_msg_imprint_st { - X509_ALGOR *hash_algo; - ASN1_OCTET_STRING *hashed_msg; -}; - -/*- - * TimeStampResp ::= SEQUENCE { - * status PKIStatusInfo, - * timeStampToken TimeStampToken OPTIONAL } - */ -struct TS_resp_st { - TS_STATUS_INFO *status_info; - PKCS7 *token; - TS_TST_INFO *tst_info; -}; - -/*- - * TimeStampReq ::= SEQUENCE { - * version INTEGER { v1(1) }, - * messageImprint MessageImprint, - * --a hash algorithm OID and the hash value of the data to be - * --time-stamped - * reqPolicy TSAPolicyId OPTIONAL, - * nonce INTEGER OPTIONAL, - * certReq BOOLEAN DEFAULT FALSE, - * extensions [0] IMPLICIT Extensions OPTIONAL } - */ -struct TS_req_st { - ASN1_INTEGER *version; - TS_MSG_IMPRINT *msg_imprint; - ASN1_OBJECT *policy_id; - ASN1_INTEGER *nonce; - ASN1_BOOLEAN cert_req; - STACK_OF(X509_EXTENSION) *extensions; -}; - -/*- - * Accuracy ::= SEQUENCE { - * seconds INTEGER OPTIONAL, - * millis [0] INTEGER (1..999) OPTIONAL, - * micros [1] INTEGER (1..999) OPTIONAL } - */ -struct TS_accuracy_st { - ASN1_INTEGER *seconds; - ASN1_INTEGER *millis; - ASN1_INTEGER *micros; -}; - -/*- - * TSTInfo ::= SEQUENCE { - * version INTEGER { v1(1) }, - * policy TSAPolicyId, - * messageImprint MessageImprint, - * -- MUST have the same value as the similar field in - * -- TimeStampReq - * serialNumber INTEGER, - * -- Time-Stamping users MUST be ready to accommodate integers - * -- up to 160 bits. - * genTime GeneralizedTime, - * accuracy Accuracy OPTIONAL, - * ordering BOOLEAN DEFAULT FALSE, - * nonce INTEGER OPTIONAL, - * -- MUST be present if the similar field was present - * -- in TimeStampReq. In that case it MUST have the same value. - * tsa [0] GeneralName OPTIONAL, - * extensions [1] IMPLICIT Extensions OPTIONAL } - */ -struct TS_tst_info_st { - ASN1_INTEGER *version; - ASN1_OBJECT *policy_id; - TS_MSG_IMPRINT *msg_imprint; - ASN1_INTEGER *serial; - ASN1_GENERALIZEDTIME *time; - TS_ACCURACY *accuracy; - ASN1_BOOLEAN ordering; - ASN1_INTEGER *nonce; - GENERAL_NAME *tsa; - STACK_OF(X509_EXTENSION) *extensions; -}; - -struct TS_status_info_st { - ASN1_INTEGER *status; - STACK_OF(ASN1_UTF8STRING) *text; - ASN1_BIT_STRING *failure_info; -}; - -/*- - * IssuerSerial ::= SEQUENCE { - * issuer GeneralNames, - * serialNumber CertificateSerialNumber - * } - */ -struct ESS_issuer_serial { - STACK_OF(GENERAL_NAME) *issuer; - ASN1_INTEGER *serial; -}; - -/*- - * ESSCertID ::= SEQUENCE { - * certHash Hash, - * issuerSerial IssuerSerial OPTIONAL - * } - */ -struct ESS_cert_id { - ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ - ESS_ISSUER_SERIAL *issuer_serial; -}; - -/*- - * SigningCertificate ::= SEQUENCE { - * certs SEQUENCE OF ESSCertID, - * policies SEQUENCE OF PolicyInformation OPTIONAL - * } - */ -struct ESS_signing_cert { - STACK_OF(ESS_CERT_ID) *cert_ids; - STACK_OF(POLICYINFO) *policy_info; -}; - -/*- - * ESSCertIDv2 ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier - * DEFAULT {algorithm id-sha256}, - * certHash Hash, - * issuerSerial IssuerSerial OPTIONAL - * } - */ - -struct ESS_cert_id_v2_st { - X509_ALGOR *hash_alg; /* Default: SHA-256 */ - ASN1_OCTET_STRING *hash; - ESS_ISSUER_SERIAL *issuer_serial; -}; - -/*- - * SigningCertificateV2 ::= SEQUENCE { - * certs SEQUENCE OF ESSCertIDv2, - * policies SEQUENCE OF PolicyInformation OPTIONAL - * } - */ - -struct ESS_signing_cert_v2_st { - STACK_OF(ESS_CERT_ID_V2) *cert_ids; - STACK_OF(POLICYINFO) *policy_info; -}; - - -struct TS_resp_ctx { - X509 *signer_cert; - EVP_PKEY *signer_key; - const EVP_MD *signer_md; - const EVP_MD *ess_cert_id_digest; - STACK_OF(X509) *certs; /* Certs to include in signed data. */ - STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ - ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ - STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ - ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ - unsigned clock_precision_digits; /* fraction of seconds in time stamp - * token. */ - unsigned flags; /* Optional info, see values above. */ - /* Callback functions. */ - TS_serial_cb serial_cb; - void *serial_cb_data; /* User data for serial_cb. */ - TS_time_cb time_cb; - void *time_cb_data; /* User data for time_cb. */ - TS_extension_cb extension_cb; - void *extension_cb_data; /* User data for extension_cb. */ - /* These members are used only while creating the response. */ - TS_REQ *request; - TS_RESP *response; - TS_TST_INFO *tst_info; -}; - -struct TS_verify_ctx { - /* Set this to the union of TS_VFY_... flags you want to carry out. */ - unsigned flags; - /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ - X509_STORE *store; - STACK_OF(X509) *certs; - /* Must be set only with TS_VFY_POLICY. */ - ASN1_OBJECT *policy; - /* - * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the - * algorithm from the response is used. - */ - X509_ALGOR *md_alg; - unsigned char *imprint; - unsigned imprint_len; - /* Must be set only with TS_VFY_DATA. */ - BIO *data; - /* Must be set only with TS_VFY_TSA_NAME. */ - ASN1_INTEGER *nonce; - /* Must be set only with TS_VFY_TSA_NAME. */ - GENERAL_NAME *tsa_name; -}; diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index ce2e12c593e0..bfe981364b03 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -14,7 +14,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) { diff --git a/crypto/ts/ts_local.h b/crypto/ts/ts_local.h new file mode 100644 index 000000000000..771784fef7c8 --- /dev/null +++ b/crypto/ts/ts_local.h @@ -0,0 +1,211 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * MessageImprint ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * hashedMessage OCTET STRING } + */ +struct TS_msg_imprint_st { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; +}; + +/*- + * TimeStampResp ::= SEQUENCE { + * status PKIStatusInfo, + * timeStampToken TimeStampToken OPTIONAL } + */ +struct TS_resp_st { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; +}; + +/*- + * TimeStampReq ::= SEQUENCE { + * version INTEGER { v1(1) }, + * messageImprint MessageImprint, + * --a hash algorithm OID and the hash value of the data to be + * --time-stamped + * reqPolicy TSAPolicyId OPTIONAL, + * nonce INTEGER OPTIONAL, + * certReq BOOLEAN DEFAULT FALSE, + * extensions [0] IMPLICIT Extensions OPTIONAL } + */ +struct TS_req_st { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; + ASN1_INTEGER *nonce; + ASN1_BOOLEAN cert_req; + STACK_OF(X509_EXTENSION) *extensions; +}; + +/*- + * Accuracy ::= SEQUENCE { + * seconds INTEGER OPTIONAL, + * millis [0] INTEGER (1..999) OPTIONAL, + * micros [1] INTEGER (1..999) OPTIONAL } + */ +struct TS_accuracy_st { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; +}; + +/*- + * TSTInfo ::= SEQUENCE { + * version INTEGER { v1(1) }, + * policy TSAPolicyId, + * messageImprint MessageImprint, + * -- MUST have the same value as the similar field in + * -- TimeStampReq + * serialNumber INTEGER, + * -- Time-Stamping users MUST be ready to accommodate integers + * -- up to 160 bits. + * genTime GeneralizedTime, + * accuracy Accuracy OPTIONAL, + * ordering BOOLEAN DEFAULT FALSE, + * nonce INTEGER OPTIONAL, + * -- MUST be present if the similar field was present + * -- in TimeStampReq. In that case it MUST have the same value. + * tsa [0] GeneralName OPTIONAL, + * extensions [1] IMPLICIT Extensions OPTIONAL } + */ +struct TS_tst_info_st { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; +}; + +struct TS_status_info_st { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; +}; + +/*- + * IssuerSerial ::= SEQUENCE { + * issuer GeneralNames, + * serialNumber CertificateSerialNumber + * } + */ +struct ESS_issuer_serial { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; +}; + +/*- + * ESSCertID ::= SEQUENCE { + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL + * } + */ +struct ESS_cert_id { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/*- + * SigningCertificate ::= SEQUENCE { + * certs SEQUENCE OF ESSCertID, + * policies SEQUENCE OF PolicyInformation OPTIONAL + * } + */ +struct ESS_signing_cert { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + +/*- + * ESSCertIDv2 ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier + * DEFAULT {algorithm id-sha256}, + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL + * } + */ + +struct ESS_cert_id_v2_st { + X509_ALGOR *hash_alg; /* Default: SHA-256 */ + ASN1_OCTET_STRING *hash; + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/*- + * SigningCertificateV2 ::= SEQUENCE { + * certs SEQUENCE OF ESSCertIDv2, + * policies SEQUENCE OF PolicyInformation OPTIONAL + * } + */ + +struct ESS_signing_cert_v2_st { + STACK_OF(ESS_CERT_ID_V2) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + + +struct TS_resp_ctx { + X509 *signer_cert; + EVP_PKEY *signer_key; + const EVP_MD *signer_md; + const EVP_MD *ess_cert_id_digest; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in time stamp + * token. */ + unsigned flags; /* Optional info, see values above. */ + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; +}; + +struct TS_verify_ctx { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + /* + * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the + * algorithm from the response is used. + */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; +}; diff --git a/crypto/ts/ts_req_print.c b/crypto/ts/ts_req_print.c index 0dedf47d924b..4eba5cf0181c 100644 --- a/crypto/ts/ts_req_print.c +++ b/crypto/ts/ts_req_print.c @@ -13,7 +13,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_REQ_print_bio(BIO *bio, TS_REQ *a) { diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c index 2073d3395d75..a4568e3b779d 100644 --- a/crypto/ts/ts_req_utils.c +++ b/crypto/ts/ts_req_utils.c @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_REQ_set_version(TS_REQ *a, long version) { diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index 6eb0ec8d7504..a2451aaa8d81 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -13,7 +13,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" struct status_map_st { int bit; diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 1b2b84ef6b67..a584ae5f5edd 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -14,7 +14,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c index 3ecee39a22c2..3fa0dbd0f09e 100644 --- a/crypto/ts/ts_rsp_utils.c +++ b/crypto/ts/ts_rsp_utils.c @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) { diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 9deda81b07fb..086021247c01 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, STACK_OF(X509) **chain); diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index d4792ee04f59..1e80e0d37029 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include #include -#include "ts_lcl.h" +#include "ts_local.h" TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) { diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index f550972d3eec..49cc45057c4c 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -13,7 +13,7 @@ #include #include #include -#include "ui_locl.h" +#include "ui_local.h" UI *UI_new(void) { diff --git a/crypto/ui/ui_local.h b/crypto/ui/ui_local.h new file mode 100644 index 000000000000..8a7dbda14721 --- /dev/null +++ b/crypto/ui/ui_local.h @@ -0,0 +1,109 @@ +/* + * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_UI_LOCAL_H +# define OSSL_CRYPTO_UI_LOCAL_H + +# include +# include + +# ifdef _ +# undef _ +# endif + +struct ui_method_st { + char *name; + /* + * All the functions return 1 or non-NULL for success and 0 or NULL for + * failure + */ + /* + * Open whatever channel for this, be it the console, an X window or + * whatever. This function should use the ex_data structure to save + * intermediate data. + */ + int (*ui_open_session) (UI *ui); + int (*ui_write_string) (UI *ui, UI_STRING *uis); + /* + * Flush the output. If a GUI dialog box is used, this function can be + * used to actually display it. + */ + int (*ui_flush) (UI *ui); + int (*ui_read_string) (UI *ui, UI_STRING *uis); + int (*ui_close_session) (UI *ui); + /* + * Duplicate the ui_data that often comes alongside a ui_method. This + * allows some backends to save away UI information for later use. + */ + void *(*ui_duplicate_data) (UI *ui, void *ui_data); + void (*ui_destroy_data) (UI *ui, void *ui_data); + /* + * Construct a prompt in a user-defined manner. object_desc is a textual + * short description of the object, for example "pass phrase", and + * object_name is the name of the object (might be a card name or a file + * name. The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + */ + char *(*ui_construct_prompt) (UI *ui, const char *object_desc, + const char *object_name); + /* + * UI_METHOD specific application data. + */ + CRYPTO_EX_DATA ex_data; +}; + +struct ui_string_st { + enum UI_string_types type; /* Input */ + const char *out_string; /* Input */ + int input_flags; /* Flags from the user */ + /* + * The following parameters are completely irrelevant for UIT_INFO, and + * can therefore be set to 0 or NULL + */ + char *result_buf; /* Input and Output: If not NULL, + * user-defined with size in result_maxsize. + * Otherwise, it may be allocated by the UI + * routine, meaning result_minsize is going + * to be overwritten. */ + size_t result_len; + union { + struct { + int result_minsize; /* Input: minimum required size of the + * result. */ + int result_maxsize; /* Input: maximum permitted size of the + * result */ + const char *test_buf; /* Input: test string to verify against */ + } string_data; + struct { + const char *action_desc; /* Input */ + const char *ok_chars; /* Input */ + const char *cancel_chars; /* Input */ + } boolean_data; + } _; + +# define OUT_STRING_FREEABLE 0x01 + int flags; /* flags for internal use */ +}; + +struct ui_st { + const UI_METHOD *meth; + STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than + * one thing at a time, and with different + * echoing status. */ + void *user_data; + CRYPTO_EX_DATA ex_data; +# define UI_FLAG_REDOABLE 0x0001 +# define UI_FLAG_DUPL_DATA 0x0002 /* user_data was duplicated */ +# define UI_FLAG_PRINT_ERRORS 0x0100 + int flags; + + CRYPTO_RWLOCK *lock; +}; + +#endif diff --git a/crypto/ui/ui_locl.h b/crypto/ui/ui_locl.h deleted file mode 100644 index 19b33b8fc677..000000000000 --- a/crypto/ui/ui_locl.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_UI_LOCL_H -# define HEADER_UI_LOCL_H - -# include -# include - -# ifdef _ -# undef _ -# endif - -struct ui_method_st { - char *name; - /* - * All the functions return 1 or non-NULL for success and 0 or NULL for - * failure - */ - /* - * Open whatever channel for this, be it the console, an X window or - * whatever. This function should use the ex_data structure to save - * intermediate data. - */ - int (*ui_open_session) (UI *ui); - int (*ui_write_string) (UI *ui, UI_STRING *uis); - /* - * Flush the output. If a GUI dialog box is used, this function can be - * used to actually display it. - */ - int (*ui_flush) (UI *ui); - int (*ui_read_string) (UI *ui, UI_STRING *uis); - int (*ui_close_session) (UI *ui); - /* - * Duplicate the ui_data that often comes alongside a ui_method. This - * allows some backends to save away UI information for later use. - */ - void *(*ui_duplicate_data) (UI *ui, void *ui_data); - void (*ui_destroy_data) (UI *ui, void *ui_data); - /* - * Construct a prompt in a user-defined manner. object_desc is a textual - * short description of the object, for example "pass phrase", and - * object_name is the name of the object (might be a card name or a file - * name. The returned string shall always be allocated on the heap with - * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). - */ - char *(*ui_construct_prompt) (UI *ui, const char *object_desc, - const char *object_name); - /* - * UI_METHOD specific application data. - */ - CRYPTO_EX_DATA ex_data; -}; - -struct ui_string_st { - enum UI_string_types type; /* Input */ - const char *out_string; /* Input */ - int input_flags; /* Flags from the user */ - /* - * The following parameters are completely irrelevant for UIT_INFO, and - * can therefore be set to 0 or NULL - */ - char *result_buf; /* Input and Output: If not NULL, - * user-defined with size in result_maxsize. - * Otherwise, it may be allocated by the UI - * routine, meaning result_minsize is going - * to be overwritten. */ - size_t result_len; - union { - struct { - int result_minsize; /* Input: minimum required size of the - * result. */ - int result_maxsize; /* Input: maximum permitted size of the - * result */ - const char *test_buf; /* Input: test string to verify against */ - } string_data; - struct { - const char *action_desc; /* Input */ - const char *ok_chars; /* Input */ - const char *cancel_chars; /* Input */ - } boolean_data; - } _; - -# define OUT_STRING_FREEABLE 0x01 - int flags; /* flags for internal use */ -}; - -struct ui_st { - const UI_METHOD *meth; - STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than - * one thing at a time, and with different - * echoing status. */ - void *user_data; - CRYPTO_EX_DATA ex_data; -# define UI_FLAG_REDOABLE 0x0001 -# define UI_FLAG_DUPL_DATA 0x0002 /* user_data was duplicated */ -# define UI_FLAG_PRINT_ERRORS 0x0100 - int flags; - - CRYPTO_RWLOCK *lock; -}; - -#endif diff --git a/crypto/ui/ui_null.c b/crypto/ui/ui_null.c index 9e5f6fca59e5..9ab00e0a7cb8 100644 --- a/crypto/ui/ui_null.c +++ b/crypto/ui/ui_null.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ui_locl.h" +#include "ui_local.h" static const UI_METHOD ui_null = { "OpenSSL NULL UI", diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 0ec9f0daf333..168de4630dcc 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -53,7 +53,7 @@ # endif # endif -# include "ui_locl.h" +# include "ui_local.h" # include "internal/cryptlib.h" # ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index b379324f9bab..32a3c4e38de2 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -8,8 +8,9 @@ */ #include +#include /* PEM_def_callback() */ #include "internal/thread_once.h" -#include "ui_locl.h" +#include "ui_local.h" #ifndef BUFSIZ #define BUFSIZ 256 @@ -156,7 +157,7 @@ UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag) return NULL; } data->rwflag = rwflag; - data->cb = cb; + data->cb = cb != NULL ? cb : PEM_def_callback; return ui_method; } diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl index 2241c6f0f24e..176be50a67f2 100755 --- a/crypto/whrlpool/asm/wp-mmx.pl +++ b/crypto/whrlpool/asm/wp-mmx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -69,19 +69,19 @@ sub LL() unshift(@_,pop(@_)); } } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } sub scale() { if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); } elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } sub row() { if ($SCALE==2) { ((8-shift)&7); } elsif ($SCALE==8) { (8*shift); } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } $tbl="ebp"; @@ -504,4 +504,4 @@ for($i=0;$i<8;$i++) { &function_end_B("whirlpool_block_mmx"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl index fe23d8cad00b..b4fcd8be3c75 100755 --- a/crypto/whrlpool/asm/wp-x86_64.pl +++ b/crypto/whrlpool/asm/wp-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -614,4 +614,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index 2ae5c38aba63..c21c04dbc1bb 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -36,7 +36,7 @@ * */ -#include "wp_locl.h" +#include "wp_local.h" #include typedef unsigned char u8; diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c index 1ac29803a4d6..e8a3392268aa 100644 --- a/crypto/whrlpool/wp_dgst.c +++ b/crypto/whrlpool/wp_dgst.c @@ -53,7 +53,7 @@ */ #include -#include "wp_locl.h" +#include "wp_local.h" #include int WHIRLPOOL_Init(WHIRLPOOL_CTX *c) diff --git a/crypto/whrlpool/wp_local.h b/crypto/whrlpool/wp_local.h new file mode 100644 index 000000000000..3a81cfd58c1a --- /dev/null +++ b/crypto/whrlpool/wp_local.h @@ -0,0 +1,12 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t); diff --git a/crypto/whrlpool/wp_locl.h b/crypto/whrlpool/wp_locl.h deleted file mode 100644 index 3a81cfd58c1a..000000000000 --- a/crypto/whrlpool/wp_locl.h +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t); diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index b691a83a0dfb..238c2519a6e2 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -19,8 +19,8 @@ #endif #include -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "x509_local.h" struct lookup_dir_hashes_st { unsigned long hash; diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 244512c9352b..237b362e2746 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index ccacbe7cbf8f..12d807f705ed 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #ifndef OPENSSL_NO_STDIO int X509_print_fp(FILE *fp, X509 *x) diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 3c4566d2e708..651aa7808309 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 833bfce1bf23..e06489c3347b 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index 2db843760c68..4cdab724eadf 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include int X509_CRL_get_ext_count(const X509_CRL *x) diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h deleted file mode 100644 index c517a7745637..000000000000 --- a/crypto/x509/x509_lcl.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/refcount.h" - -/* - * This structure holds all parameters associated with a verify operation by - * including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ - -struct X509_VERIFY_PARAM_st { - char *name; - time_t check_time; /* Time to use */ - uint32_t inh_flags; /* Inheritance flags */ - unsigned long flags; /* Various verify flags */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - int depth; /* Verify depth */ - int auth_level; /* Security level for chain verification */ - STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ - /* Peer identity details */ - STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ - unsigned int hostflags; /* Flags to control matching features */ - char *peername; /* Matching hostname in peer certificate */ - char *email; /* If not NULL email address to match */ - size_t emaillen; - unsigned char *ip; /* If not NULL IP address to match */ - size_t iplen; /* Length of IP address */ -}; - -/* No error callback if depth < 0 */ -int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth); - -/* a sequence of these are used */ -struct x509_attributes_st { - ASN1_OBJECT *object; - STACK_OF(ASN1_TYPE) *set; -}; - -struct X509_extension_st { - ASN1_OBJECT *object; - ASN1_BOOLEAN critical; - ASN1_OCTET_STRING value; -}; - -/* - * Method to handle CRL access. In general a CRL could be very large (several - * Mb) and can consume large amounts of resources if stored in memory by - * multiple processes. This method allows general CRL operations to be - * redirected to more efficient callbacks: for example a CRL entry database. - */ - -#define X509_CRL_METHOD_DYNAMIC 1 - -struct x509_crl_method_st { - int flags; - int (*crl_init) (X509_CRL *crl); - int (*crl_free) (X509_CRL *crl); - int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer); - int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); -}; - -struct x509_lookup_method_st { - char *name; - int (*new_item) (X509_LOOKUP *ctx); - void (*free) (X509_LOOKUP *ctx); - int (*init) (X509_LOOKUP *ctx); - int (*shutdown) (X509_LOOKUP *ctx); - int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret); - int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); - int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, - X509_OBJECT *ret); - int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret); - int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret); -}; - -/* This is the functions plus an instance of the local variables. */ -struct x509_lookup_st { - int init; /* have we been started */ - int skip; /* don't use us. */ - X509_LOOKUP_METHOD *method; /* the functions */ - void *method_data; /* method data */ - X509_STORE *store_ctx; /* who owns us */ -}; - -/* - * This is used to hold everything. It is used for all certificate - * validation. Once we have a certificate chain, the 'verify' function is - * then called to actually check the cert chain. - */ -struct x509_store_st { - /* The following is a cache of trusted certs */ - int cache; /* if true, stash any hits */ - STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ - /* These are external lookup methods */ - STACK_OF(X509_LOOKUP) *get_cert_methods; - X509_VERIFY_PARAM *param; - /* Callbacks for various operations */ - /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); - /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); - /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); - /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); - /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); - /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); - /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); - CRYPTO_EX_DATA ex_data; - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -typedef struct lookup_dir_hashes_st BY_DIR_HASH; -typedef struct lookup_dir_entry_st BY_DIR_ENTRY; -DEFINE_STACK_OF(BY_DIR_HASH) -DEFINE_STACK_OF(BY_DIR_ENTRY) -typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; -DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) - -void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig); diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h new file mode 100644 index 000000000000..c517a7745637 --- /dev/null +++ b/crypto/x509/x509_local.h @@ -0,0 +1,147 @@ +/* + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/refcount.h" + +/* + * This structure holds all parameters associated with a verify operation by + * including an X509_VERIFY_PARAM structure in related structures the + * parameters used can be customized + */ + +struct X509_VERIFY_PARAM_st { + char *name; + time_t check_time; /* Time to use */ + uint32_t inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + int auth_level; /* Security level for chain verification */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + /* Peer identity details */ + STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ + unsigned int hostflags; /* Flags to control matching features */ + char *peername; /* Matching hostname in peer certificate */ + char *email; /* If not NULL email address to match */ + size_t emaillen; + unsigned char *ip; /* If not NULL IP address to match */ + size_t iplen; /* Length of IP address */ +}; + +/* No error callback if depth < 0 */ +int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth); + +/* a sequence of these are used */ +struct x509_attributes_st { + ASN1_OBJECT *object; + STACK_OF(ASN1_TYPE) *set; +}; + +struct X509_extension_st { + ASN1_OBJECT *object; + ASN1_BOOLEAN critical; + ASN1_OCTET_STRING value; +}; + +/* + * Method to handle CRL access. In general a CRL could be very large (several + * Mb) and can consume large amounts of resources if stored in memory by + * multiple processes. This method allows general CRL operations to be + * redirected to more efficient callbacks: for example a CRL entry database. + */ + +#define X509_CRL_METHOD_DYNAMIC 1 + +struct x509_crl_method_st { + int flags; + int (*crl_init) (X509_CRL *crl); + int (*crl_free) (X509_CRL *crl); + int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *ser, X509_NAME *issuer); + int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); +}; + +struct x509_lookup_method_st { + char *name; + int (*new_item) (X509_LOOKUP *ctx); + void (*free) (X509_LOOKUP *ctx); + int (*init) (X509_LOOKUP *ctx); + int (*shutdown) (X509_LOOKUP *ctx); + int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret); + int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); + int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); + int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); + int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +}; + +/* This is the functions plus an instance of the local variables. */ +struct x509_lookup_st { + int init; /* have we been started */ + int skip; /* don't use us. */ + X509_LOOKUP_METHOD *method; /* the functions */ + void *method_data; /* method data */ + X509_STORE *store_ctx; /* who owns us */ +}; + +/* + * This is used to hold everything. It is used for all certificate + * validation. Once we have a certificate chain, the 'verify' function is + * then called to actually check the cert chain. + */ +struct x509_store_st { + /* The following is a cache of trusted certs */ + int cache; /* if true, stash any hits */ + STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ + /* These are external lookup methods */ + STACK_OF(X509_LOOKUP) *get_cert_methods; + X509_VERIFY_PARAM *param; + /* Callbacks for various operations */ + /* called to verify a certificate */ + int (*verify) (X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb) (int ok, X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation) (X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + /* Check policy status of the chain */ + int (*check_policy) (X509_STORE_CTX *ctx); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup) (X509_STORE_CTX *ctx); + CRYPTO_EX_DATA ex_data; + CRYPTO_REF_COUNT references; + CRYPTO_RWLOCK *lock; +}; + +typedef struct lookup_dir_hashes_st BY_DIR_HASH; +typedef struct lookup_dir_entry_st BY_DIR_ENTRY; +DEFINE_STACK_OF(BY_DIR_HASH) +DEFINE_STACK_OF(BY_DIR_ENTRY) +typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; +DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) + +void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b7d2e66574c4..641a41c35c78 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -11,9 +11,9 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include -#include "x509_lcl.h" +#include "x509_local.h" X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { diff --git a/crypto/x509/x509_meth.c b/crypto/x509/x509_meth.c index 9dc587a09212..9348cc8eb788 100644 --- a/crypto/x509/x509_meth.c +++ b/crypto/x509/x509_meth.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name) { diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 85c39415c11e..f54d483cc4dd 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* * Limit to ensure we don't overflow: much greater than diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 3d72787d3164..6b1623feacb7 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 0bdbb81db894..7ba0f26495f9 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include #include diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 3ab6bf35115f..164b4e2be136 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -15,9 +15,9 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/asn1.h" +#include "crypto/x509.h" +#include "x509_local.h" int X509_set_version(X509 *x, long version) { diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index d749af4d590a..9e199d63e46a 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); static void trtable_free(X509_TRUST *p); diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 75ae767d608c..c7876023304c 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 6be2c71e8692..361954c62ee7 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -12,7 +12,7 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include @@ -22,8 +22,8 @@ #include #include #include "internal/dane.h" -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "x509_local.h" /* CRL score values */ diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index aea186295c2a..68b681d5ee85 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -14,9 +14,9 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "x509_lcl.h" +#include "x509_local.h" /* X509_VERIFY_PARAM functions */ diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 7645ce375970..6c08509138d5 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_CRL_set_version(X509_CRL *x, long version) { diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 64a73e793fdf..c86d8e7914f1 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) { diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c index e8921b82a838..9da3f2ee27df 100644 --- a/crypto/x509/x509rset.c +++ b/crypto/x509/x509rset.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_REQ_set_version(X509_REQ *x, long version) { diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 24e4114601ca..6cccfa99d1a6 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include #include diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index 9a41e547cb2e..813c5b01c3ae 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -12,7 +12,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" /*- * X509_ATTRIBUTE: this has the following form: diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 12ab3cca42c0..e864126fef37 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -11,9 +11,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include -#include "x509_lcl.h" +#include "x509_local.h" static int X509_REVOKED_cmp(const X509_REVOKED *const *a, const X509_REVOKED *const *b); diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.c index f10f4a4d8769..bd7518ef12bf 100644 --- a/crypto/x509/x_exten.c +++ b/crypto/x509/x_exten.c @@ -11,7 +11,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" ASN1_SEQUENCE(X509_EXTENSION) = { ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index a1e9bbdb669d..aa7f4722b6b9 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -8,13 +8,13 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" -#include "internal/asn1_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "crypto/asn1.h" +#include "x509_local.h" /* * Maximum length of X509_NAME: much larger than anything we should diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 1c87b8268eb5..4f694b93fb00 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -11,9 +11,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "internal/x509_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "crypto/x509.h" #include #include diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c index c2da95a73ecf..d2b02f6dae86 100644 --- a/crypto/x509/x_req.c +++ b/crypto/x509/x_req.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /*- * X509_REQ_INFO is handled in an unusual way to get round diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index afe59c46c518..7aa8b77ae73a 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c index 8c9ad71d1b29..c5175faef7af 100644 --- a/crypto/x509/x_x509a.c +++ b/crypto/x509/x_x509a.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* * X509_CERT_AUX routines. These are used to encode additional user diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 623870b1f6f5..04401bace8c5 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -10,9 +10,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "pcy_int.h" +#include "pcy_local.h" static int policy_data_cmp(const X509_POLICY_DATA *const *a, const X509_POLICY_DATA *const *b); diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index bd3bb0e40dfe..073505951322 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* Policy Node routines */ diff --git a/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_int.h deleted file mode 100644 index 5daf78de4585..000000000000 --- a/crypto/x509v3/pcy_int.h +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; - -DEFINE_STACK_OF(X509_POLICY_DATA) - -/* Internal structures */ - -/* - * This structure and the field names correspond to the Policy 'node' of - * RFC3280. NB this structure contains no pointers to parent or child data: - * X509_POLICY_NODE contains that. This means that the main policy data can - * be kept static and cached with the certificate. - */ - -struct X509_POLICY_DATA_st { - unsigned int flags; - /* Policy OID and qualifiers for this data */ - ASN1_OBJECT *valid_policy; - STACK_OF(POLICYQUALINFO) *qualifier_set; - STACK_OF(ASN1_OBJECT) *expected_policy_set; -}; - -/* X509_POLICY_DATA flags values */ - -/* - * This flag indicates the structure has been mapped using a policy mapping - * extension. If policy mapping is not active its references get deleted. - */ - -#define POLICY_DATA_FLAG_MAPPED 0x1 - -/* - * This flag indicates the data doesn't correspond to a policy in Certificate - * Policies: it has been mapped to any policy. - */ - -#define POLICY_DATA_FLAG_MAPPED_ANY 0x2 - -/* AND with flags to see if any mapping has occurred */ - -#define POLICY_DATA_FLAG_MAP_MASK 0x3 - -/* qualifiers are shared and shouldn't be freed */ - -#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 - -/* Parent node is an extra node and should be freed */ - -#define POLICY_DATA_FLAG_EXTRA_NODE 0x8 - -/* Corresponding CertificatePolicies is critical */ - -#define POLICY_DATA_FLAG_CRITICAL 0x10 - -/* This structure is cached with a certificate */ - -struct X509_POLICY_CACHE_st { - /* anyPolicy data or NULL if no anyPolicy */ - X509_POLICY_DATA *anyPolicy; - /* other policy data */ - STACK_OF(X509_POLICY_DATA) *data; - /* If InhibitAnyPolicy present this is its value or -1 if absent. */ - long any_skip; - /* - * If policyConstraints and requireExplicitPolicy present this is its - * value or -1 if absent. - */ - long explicit_skip; - /* - * If policyConstraints and policyMapping present this is its value or -1 - * if absent. - */ - long map_skip; -}; - -/* - * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL - */ - -/* This structure represents the relationship between nodes */ - -struct X509_POLICY_NODE_st { - /* node data this refers to */ - const X509_POLICY_DATA *data; - /* Parent node */ - X509_POLICY_NODE *parent; - /* Number of child nodes */ - int nchild; -}; - -struct X509_POLICY_LEVEL_st { - /* Cert for this level */ - X509 *cert; - /* nodes at this level */ - STACK_OF(X509_POLICY_NODE) *nodes; - /* anyPolicy node */ - X509_POLICY_NODE *anyPolicy; - /* Extra data */ - /* - * STACK_OF(X509_POLICY_DATA) *extra_data; - */ - unsigned int flags; -}; - -struct X509_POLICY_TREE_st { - /* This is the tree 'level' data */ - X509_POLICY_LEVEL *levels; - int nlevel; - /* - * Extra policy data when additional nodes (not from the certificate) are - * required. - */ - STACK_OF(X509_POLICY_DATA) *extra_data; - /* This is the authority constrained policy set */ - STACK_OF(X509_POLICY_NODE) *auth_policies; - STACK_OF(X509_POLICY_NODE) *user_policies; - unsigned int flags; -}; - -/* Set if anyPolicy present in user policies */ -#define POLICY_FLAG_ANY_POLICY 0x2 - -/* Useful macros */ - -#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL) -#define node_critical(node) node_data_critical(node->data) - -/* Internal functions */ - -X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, - int crit); -void policy_data_free(X509_POLICY_DATA *data); - -X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, - const ASN1_OBJECT *id); -int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); - -STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void); - -void policy_cache_init(void); - -void policy_cache_free(X509_POLICY_CACHE *cache); - -X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, - const X509_POLICY_NODE *parent, - const ASN1_OBJECT *id); - -X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, - const ASN1_OBJECT *id); - -X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree); -void policy_node_free(X509_POLICY_NODE *node); -int policy_node_match(const X509_POLICY_LEVEL *lvl, - const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); - -const X509_POLICY_CACHE *policy_cache_set(X509 *x); diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c index 67f7eafc6e8d..2e196b838ca2 100644 --- a/crypto/x509v3/pcy_lib.c +++ b/crypto/x509v3/pcy_lib.c @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* accessor functions */ diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h new file mode 100644 index 000000000000..5daf78de4585 --- /dev/null +++ b/crypto/x509v3/pcy_local.h @@ -0,0 +1,167 @@ +/* + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; + +DEFINE_STACK_OF(X509_POLICY_DATA) + +/* Internal structures */ + +/* + * This structure and the field names correspond to the Policy 'node' of + * RFC3280. NB this structure contains no pointers to parent or child data: + * X509_POLICY_NODE contains that. This means that the main policy data can + * be kept static and cached with the certificate. + */ + +struct X509_POLICY_DATA_st { + unsigned int flags; + /* Policy OID and qualifiers for this data */ + ASN1_OBJECT *valid_policy; + STACK_OF(POLICYQUALINFO) *qualifier_set; + STACK_OF(ASN1_OBJECT) *expected_policy_set; +}; + +/* X509_POLICY_DATA flags values */ + +/* + * This flag indicates the structure has been mapped using a policy mapping + * extension. If policy mapping is not active its references get deleted. + */ + +#define POLICY_DATA_FLAG_MAPPED 0x1 + +/* + * This flag indicates the data doesn't correspond to a policy in Certificate + * Policies: it has been mapped to any policy. + */ + +#define POLICY_DATA_FLAG_MAPPED_ANY 0x2 + +/* AND with flags to see if any mapping has occurred */ + +#define POLICY_DATA_FLAG_MAP_MASK 0x3 + +/* qualifiers are shared and shouldn't be freed */ + +#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 + +/* Parent node is an extra node and should be freed */ + +#define POLICY_DATA_FLAG_EXTRA_NODE 0x8 + +/* Corresponding CertificatePolicies is critical */ + +#define POLICY_DATA_FLAG_CRITICAL 0x10 + +/* This structure is cached with a certificate */ + +struct X509_POLICY_CACHE_st { + /* anyPolicy data or NULL if no anyPolicy */ + X509_POLICY_DATA *anyPolicy; + /* other policy data */ + STACK_OF(X509_POLICY_DATA) *data; + /* If InhibitAnyPolicy present this is its value or -1 if absent. */ + long any_skip; + /* + * If policyConstraints and requireExplicitPolicy present this is its + * value or -1 if absent. + */ + long explicit_skip; + /* + * If policyConstraints and policyMapping present this is its value or -1 + * if absent. + */ + long map_skip; +}; + +/* + * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL + */ + +/* This structure represents the relationship between nodes */ + +struct X509_POLICY_NODE_st { + /* node data this refers to */ + const X509_POLICY_DATA *data; + /* Parent node */ + X509_POLICY_NODE *parent; + /* Number of child nodes */ + int nchild; +}; + +struct X509_POLICY_LEVEL_st { + /* Cert for this level */ + X509 *cert; + /* nodes at this level */ + STACK_OF(X509_POLICY_NODE) *nodes; + /* anyPolicy node */ + X509_POLICY_NODE *anyPolicy; + /* Extra data */ + /* + * STACK_OF(X509_POLICY_DATA) *extra_data; + */ + unsigned int flags; +}; + +struct X509_POLICY_TREE_st { + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; + /* + * Extra policy data when additional nodes (not from the certificate) are + * required. + */ + STACK_OF(X509_POLICY_DATA) *extra_data; + /* This is the authority constrained policy set */ + STACK_OF(X509_POLICY_NODE) *auth_policies; + STACK_OF(X509_POLICY_NODE) *user_policies; + unsigned int flags; +}; + +/* Set if anyPolicy present in user policies */ +#define POLICY_FLAG_ANY_POLICY 0x2 + +/* Useful macros */ + +#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL) +#define node_critical(node) node_data_critical(node->data) + +/* Internal functions */ + +X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, + int crit); +void policy_data_free(X509_POLICY_DATA *data); + +X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, + const ASN1_OBJECT *id); +int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); + +STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void); + +void policy_cache_init(void); + +void policy_cache_free(X509_POLICY_CACHE *cache); + +X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + const X509_POLICY_NODE *parent, + const ASN1_OBJECT *id); + +X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + const ASN1_OBJECT *id); + +X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree); +void policy_node_free(X509_POLICY_NODE *node); +int policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); + +const X509_POLICY_CACHE *policy_cache_set(X509 *x); diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c index ab9dd21b7d93..ae2a62c97787 100644 --- a/crypto/x509v3/pcy_map.c +++ b/crypto/x509v3/pcy_map.c @@ -10,9 +10,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "pcy_int.h" +#include "pcy_local.h" /* * Set policy mapping entries in cache. Note: this modifies the passed diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c index 1ffe98498bdb..e2d7b1532236 100644 --- a/crypto/x509v3/pcy_node.c +++ b/crypto/x509v3/pcy_node.c @@ -12,7 +12,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" static int node_cmp(const X509_POLICY_NODE *const *a, const X509_POLICY_NODE *const *b) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 87f51d001bbb..6e8322cbc5e3 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* * Enable this to print out the complete policy tree at various point during diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index bb58e0484611..4258dbc40c0f 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -20,7 +20,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 diff --git a/crypto/x509v3/v3_admis.h b/crypto/x509v3/v3_admis.h index fa23fc761759..ea7632b3708d 100644 --- a/crypto/x509v3/v3_admis.h +++ b/crypto/x509v3/v3_admis.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_V3_ADMISSION_H -# define HEADER_V3_ADMISSION_H +#ifndef OSSL_CRYPTO_X509V3_V3_ADMIS_H +# define OSSL_CRYPTO_X509V3_V3_ADMIS_H struct NamingAuthority_st { ASN1_OBJECT* namingAuthorityId; diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index dfcb9094f4fc..7ac2911b91af 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -52,11 +52,24 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, { int i; GENERAL_NAME *gen; + STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret; + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { gen = sk_GENERAL_NAME_value(gens, i); - ret = i2v_GENERAL_NAME(method, gen, ret); + /* + * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes + * wrong we need to free the stack - but only if it was empty when we + * originally entered this function. + */ + tmpret = i2v_GENERAL_NAME(method, gen, ret); + if (tmpret == NULL) { + if (origret == NULL) + sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); + return NULL; + } + ret = tmpret; } - if (!ret) + if (ret == NULL) return sk_CONF_VALUE_new_null(); return ret; } diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 089f2ae29f0c..ac6857267291 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -20,7 +20,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include "ext_dat.h" @@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor, static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) { ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; BIGNUM *bn = NULL; int i, ret = 0; @@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) */ if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1) || - (a_max_plus_one = - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { + !BN_add_word(bn, 1)) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, + ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, ERR_R_MALLOC_FAILURE); goto done; @@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid) static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) { ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; BIGNUM *bn = NULL; int i, ret = 0; @@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) */ if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1) || - (a_max_plus_one = - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { + !BN_add_word(bn, 1)) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, + ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); goto done; diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 7acaebfa2250..e93de3454604 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -10,11 +10,11 @@ /* extension creation utilities */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include static int v3_check_critical(const char **value); diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 7a47fd38b379..1d12c899125c 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -14,7 +14,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" #include "ext_dat.h" /* Certificate policies extension support: this one is a bit complex... */ diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 6cba4240abf1..4854748ffb51 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -14,7 +14,7 @@ #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static void *v2i_crld(const X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 9a2cd5af00c7..2a7b4f0992a8 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -10,12 +10,12 @@ #include "internal/cryptlib.h" #include "internal/numbers.h" #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 2f06289d1949..3f60c2ea1da3 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -12,7 +12,7 @@ #include "internal/numbers.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 749f51b2f00e..c2e82045682a 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index c9b40d2c76eb..7281a7b917a8 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -12,11 +12,11 @@ #include "e_os.h" #include "internal/cryptlib.h" #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include "ext_dat.h" diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl index 6423e803b759..d9536d65768f 100644 --- a/crypto/x86_64cpuid.pl +++ b/crypto/x86_64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,7 @@ print<<___; .type OPENSSL_atomic_add,\@abi-omnipotent .align 16 OPENSSL_atomic_add: +.cfi_startproc movl ($arg1),%eax .Lspin: leaq ($arg2,%rax),%r8 .byte 0xf0 # lock @@ -47,16 +48,19 @@ OPENSSL_atomic_add: movl %r8d,%eax .byte 0x48,0x98 # cltq/cdqe ret +.cfi_endproc .size OPENSSL_atomic_add,.-OPENSSL_atomic_add .globl OPENSSL_rdtsc .type OPENSSL_rdtsc,\@abi-omnipotent .align 16 OPENSSL_rdtsc: +.cfi_startproc rdtsc shl \$32,%rdx or %rdx,%rax ret +.cfi_endproc .size OPENSSL_rdtsc,.-OPENSSL_rdtsc .globl OPENSSL_ia32_cpuid @@ -232,6 +236,7 @@ OPENSSL_ia32_cpuid: .type OPENSSL_cleanse,\@abi-omnipotent .align 16 OPENSSL_cleanse: +.cfi_startproc xor %rax,%rax cmp \$15,$arg2 jae .Lot @@ -261,12 +266,14 @@ OPENSSL_cleanse: cmp \$0,$arg2 jne .Little ret +.cfi_endproc .size OPENSSL_cleanse,.-OPENSSL_cleanse .globl CRYPTO_memcmp .type CRYPTO_memcmp,\@abi-omnipotent .align 16 CRYPTO_memcmp: +.cfi_startproc xor %rax,%rax xor %r10,%r10 cmp \$0,$arg3 @@ -295,6 +302,7 @@ CRYPTO_memcmp: shr \$63,%rax .Lno_data: ret +.cfi_endproc .size CRYPTO_memcmp,.-CRYPTO_memcmp ___ @@ -303,6 +311,7 @@ print<<___ if (!$win64); .type OPENSSL_wipe_cpu,\@abi-omnipotent .align 16 OPENSSL_wipe_cpu: +.cfi_startproc pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -329,6 +338,7 @@ OPENSSL_wipe_cpu: xorq %r11,%r11 leaq 8(%rsp),%rax ret +.cfi_endproc .size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu ___ print<<___ if ($win64); @@ -365,6 +375,7 @@ print<<___; .type OPENSSL_instrument_bus,\@abi-omnipotent .align 16 OPENSSL_instrument_bus: +.cfi_startproc mov $arg1,$out # tribute to Win64 mov $arg2,$cnt mov $arg2,$max @@ -391,12 +402,14 @@ OPENSSL_instrument_bus: mov $max,%rax ret +.cfi_endproc .size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus .globl OPENSSL_instrument_bus2 .type OPENSSL_instrument_bus2,\@abi-omnipotent .align 16 OPENSSL_instrument_bus2: +.cfi_startproc mov $arg1,$out # tribute to Win64 mov $arg2,$cnt mov $arg3,$max @@ -439,6 +452,7 @@ OPENSSL_instrument_bus2: mov $redzone(%rsp),%rax sub $cnt,%rax ret +.cfi_endproc .size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 ___ } @@ -450,6 +464,7 @@ print<<___; .type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent .align 16 OPENSSL_ia32_${rdop}_bytes: +.cfi_startproc xor %rax, %rax # return value cmp \$0,$arg2 je .Ldone_${rdop}_bytes @@ -486,10 +501,11 @@ OPENSSL_ia32_${rdop}_bytes: .Ldone_${rdop}_bytes: xor %r10,%r10 # Clear sensitive data from register ret +.cfi_endproc .size OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes ___ } gen_random("rdrand"); gen_random("rdseed"); -close STDOUT; # flush +close STDOUT or die "error closing STDOUT: $!"; # flush diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl index d43dda4d935c..ba4fd80fb32e 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -506,4 +506,4 @@ my $rdop = shift; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; -- cgit v1.2.3