src - OpenBSD base system

diff options


context:
space:
mode:

author	Miod Vallat <miod@cvs.openbsd.org>	2014-04-13 15:16:38 +0000
committer	Miod Vallat <miod@cvs.openbsd.org>	2014-04-13 15:16:38 +0000
commit	7beea9a356f8a5b214ed72826b421519e188cf83 (patch)
tree	1654953a562a6aec0607025fe139d685b54de924
parent	74d6e918c3b3e5eaeab31b3c7591dcf4995098f8 (diff)

Import OpenSSL 1.0.1g

Diffstat

-rw-r--r--

lib/libcrypto/aes/asm/bsaes-x86_64.pl

-rw-r--r--

lib/libcrypto/aes/asm/vpaes-x86_64.pl

-rw-r--r--

lib/libcrypto/bn/asm/mips-mont.pl

-rw-r--r--

lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod

-rw-r--r--

lib/libcrypto/doc/EVP_PKEY_verify_recover.pod

103

-rw-r--r--

lib/libcrypto/modes/asm/ghash-x86.pl

-rw-r--r--

lib/libcrypto/modes/asm/ghash-x86_64.pl

-rw-r--r--

lib/libcrypto/rc5/rc5_ecb.c

-rw-r--r--

lib/libcrypto/rc5/rc5_enc.c

215

-rw-r--r--

lib/libcrypto/rc5/rc5_skey.c

113

-rw-r--r--

lib/libcrypto/rc5/rc5cfb64.c

122

-rw-r--r--

lib/libcrypto/rc5/rc5ofb64.c

111

-rw-r--r--

lib/libcrypto/rc5/rc5speed.c

277

-rw-r--r--

lib/libcrypto/sha/asm/sha1-armv4-large.pl

-rw-r--r--

lib/libcrypto/sha/asm/sha1-ia64.pl

-rw-r--r--

lib/libcrypto/sha/asm/sha1-sparcv9a.pl

-rwxr-xr-x

lib/libcrypto/sha/asm/sha1-x86_64.pl

-rw-r--r--

lib/libcrypto/sha/asm/sha512-586.pl

-rw-r--r--

lib/libcrypto/whrlpool/asm/wp-mmx.pl

-rw-r--r--

lib/libssl/test/cms-test.pl

20 files changed, 1121 insertions, 30 deletions

diff --git a/lib/libcrypto/aes/asm/bsaes-x86_64.pl b/lib/libcrypto/aes/asm/bsaes-x86_64.pl
index c9c6312fa74..41b90f08443 100644
--- a/lib/libcrypto/aes/asm/bsaes-x86_64.pl
+++ b/lib/libcrypto/aes/asm/bsaes-x86_64.pl

@@ -83,9 +83,9 @@

# Add decryption procedure. Performance in CPU cycles spent to decrypt

# one byte out of 4096-byte buffer with 128-bit key is:

-# Core 2 11.0

-# Nehalem 9.16

-# Atom 20.9

+# Core 2 9.83

+# Nehalem 7.74

+# Atom 19.0

# November 2011.

@@ -105,7 +105,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;

( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or

die "can't locate x86_64-xlate.pl";

-open STDOUT,"| $^X $xlate $flavour $output";

+open OUT,"| \"$^X\" $xlate $flavour $output";

+*STDOUT=*OUT;

my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");

my @XMM=map("%xmm$_",(15,0..14)); # best on Atom, +10% over (0..15)

@@ -455,6 +456,7 @@ sub MixColumns {

# modified to emit output in order suitable for feeding back to aesenc[last]

my @x=@_[0..7];

my @t=@_[8..15];

+my $inv=@_[16]; # optional

$code.=<<___;

pshufd \$0x93, @x[0], @t[0] # x0 <<< 32

pshufd \$0x93, @x[1], @t[1]

@@ -496,7 +498,8 @@ $code.=<<___;

pxor @t[4], @t[0]

pshufd \$0x4E, @x[2], @x[6]

pxor @t[5], @t[1]

+___

+$code.=<<___ if (!$inv);

pxor @t[3], @x[4]

pxor @t[7], @x[5]

pxor @t[6], @x[3]

@@ -504,9 +507,20 @@ $code.=<<___;

pxor @t[2], @x[6]

movdqa @t[1], @x[7]

___

+$code.=<<___ if ($inv);

+ pxor @x[4], @t[3]

+ pxor @t[7], @x[5]

+ pxor @x[3], @t[6]

+ movdqa @t[0], @x[3]

+ pxor @t[2], @x[6]

+ movdqa @t[6], @x[2]

+ movdqa @t[1], @x[7]

+ movdqa @x[6], @x[4]

+ movdqa @t[3], @x[6]

+___

}

-sub InvMixColumns {

+sub InvMixColumns_orig {

my @x=@_[0..7];

my @t=@_[8..15];

@@ -660,6 +674,54 @@ $code.=<<___;

___

}

+sub InvMixColumns {

+my @x=@_[0..7];

+my @t=@_[8..15];

+# Thanks to Jussi Kivilinna for providing pointer to

+# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 |

+# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |

+# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 |

+# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 |

+$code.=<<___;

+ # multiplication by 0x05-0x00-0x04-0x00

+ pshufd \$0x4E, @x[0], @t[0]

+ pshufd \$0x4E, @x[6], @t[6]

+ pxor @x[0], @t[0]

+ pshufd \$0x4E, @x[7], @t[7]

+ pxor @x[6], @t[6]

+ pshufd \$0x4E, @x[1], @t[1]

+ pxor @x[7], @t[7]

+ pshufd \$0x4E, @x[2], @t[2]

+ pxor @x[1], @t[1]

+ pshufd \$0x4E, @x[3], @t[3]

+ pxor @x[2], @t[2]

+ pxor @t[6], @x[0]

+ pxor @t[6], @x[1]

+ pshufd \$0x4E, @x[4], @t[4]

+ pxor @x[3], @t[3]

+ pxor @t[0], @x[2]

+ pxor @t[1], @x[3]

+ pshufd \$0x4E, @x[5], @t[5]

+ pxor @x[4], @t[4]

+ pxor @t[7], @x[1]

+ pxor @t[2], @x[4]

+ pxor @x[5], @t[5]

+ pxor @t[7], @x[2]

+ pxor @t[6], @x[3]

+ pxor @t[6], @x[4]

+ pxor @t[3], @x[5]

+ pxor @t[4], @x[6]

+ pxor @t[7], @x[4]

+ pxor @t[7], @x[5]

+ pxor @t[5], @x[7]

+___

+ &MixColumns (@x,@t,1); # flipped 2<->3 and 4<->6

sub aesenc { # not used

my @b=@_[0..7];

my @t=@_[8..15];

@@ -2027,6 +2089,8 @@ ___

# const unsigned char iv[16]);

my ($twmask,$twres,$twtmp)=@XMM[13..15];

+$arg6=~s/d$//;

$code.=<<___;

.globl bsaes_xts_encrypt

.type bsaes_xts_encrypt,\@abi-omnipotent

diff --git a/lib/libcrypto/aes/asm/vpaes-x86_64.pl b/lib/libcrypto/aes/asm/vpaes-x86_64.pl
index 37998db5e13..bd7f45b8509 100644
--- a/lib/libcrypto/aes/asm/vpaes-x86_64.pl
+++ b/lib/libcrypto/aes/asm/vpaes-x86_64.pl

@@ -56,7 +56,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;

( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or

die "can't locate x86_64-xlate.pl";

-open STDOUT,"| $^X $xlate $flavour $output";

+open OUT,"| \"$^X\" $xlate $flavour $output";

+*STDOUT=*OUT;

$PREFIX="vpaes";

@@ -1059,7 +1060,7 @@ _vpaes_consts:

.Lk_dsbo: # decryption sbox final output

.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D

.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C

-.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"

+.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"

.align 64

.size _vpaes_consts,.-_vpaes_consts

___

diff --git a/lib/libcrypto/bn/asm/mips-mont.pl b/lib/libcrypto/bn/asm/mips-mont.pl
index b944a12b8e2..caae04ed3a8 100644
--- a/lib/libcrypto/bn/asm/mips-mont.pl
+++ b/lib/libcrypto/bn/asm/mips-mont.pl

@@ -133,7 +133,7 @@ $code.=<<___;

bnez $at,1f

li $t0,0

slt $at,$num,17 # on in-order CPU

- bnezl $at,bn_mul_mont_internal

+ bnez $at,bn_mul_mont_internal

nop

1: jr $ra

li $a0,0

diff --git a/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod b/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
index 1a9c7954c55..8ff597d44ad 100644
--- a/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
+++ b/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod

@@ -32,7 +32,7 @@ public key algorithm.

L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,

L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,

L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,

-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,

+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,

=head1 HISTORY

diff --git a/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod b/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod
new file mode 100644
index 00000000000..23a28a9c43e
--- /dev/null
+++ b/lib/libcrypto/doc/EVP_PKEY_verify_recover.pod

@@ -0,0 +1,103 @@

+=pod

+=head1 NAME

+EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm

+=head1 SYNOPSIS

+ #include <openssl/evp.h>

+ int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);

+ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,

+ unsigned char *rout, size_t *routlen,

+ const unsigned char *sig, size_t siglen);

+=head1 DESCRIPTION

+The EVP_PKEY_verify_recover_init() function initializes a public key algorithm

+context using key B<pkey> for a verify recover operation.

+The EVP_PKEY_verify_recover() function recovers signed data

+using B<ctx>. The signature is specified using the B<sig> and

+B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output

+buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then

+before the call the B<routlen> parameter should contain the length of the

+B<rout> buffer, if the call is successful recovered data is written to

+B<rout> and the amount of data written to B<routlen>.

+=head1 NOTES

+Normally an application is only interested in whether a signature verification

+operation is successful in those cases the EVP_verify() function should be

+used.

+Sometimes however it is useful to obtain the data originally signed using a

+signing operation. Only certain public key algorithms can recover a signature

+in this way (for example RSA in PKCS padding mode).

+After the call to EVP_PKEY_verify_recover_init() algorithm specific control

+operations can be performed to set any appropriate parameters for the

+operation.

+The function EVP_PKEY_verify_recover() can be called more than once on the same

+context if several operations are performed using the same parameters.

+=head1 RETURN VALUES

+EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success

+and 0 or a negative value for failure. In particular a return value of -2

+indicates the operation is not supported by the public key algorithm.

+=head1 EXAMPLE

+Recover digest originally signed using PKCS#1 and SHA256 digest:

+ #include <openssl/evp.h>

+ #include <openssl/rsa.h>

+ EVP_PKEY_CTX *ctx;

+ unsigned char *rout, *sig;

+ size_t routlen, siglen;

+ EVP_PKEY *verify_key;

+ /* NB: assumes verify_key, sig and siglen are already set up

+ * and that verify_key is an RSA public key

+ */

+ ctx = EVP_PKEY_CTX_new(verify_key);

+ if (!ctx)

+ /* Error occurred */

+ if (EVP_PKEY_verify_recover_init(ctx) <= 0)

+ /* Error */

+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)

+ /* Error */

+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)

+ /* Error */

+ /* Determine buffer length */

+ if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)

+ /* Error */

+ rout = OPENSSL_malloc(routlen);

+ if (!rout)

+ /* malloc failure */

+ if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)

+ /* Error */

+ /* Recovered data is routlen bytes written to buffer rout */

+=head1 SEE ALSO

+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,

+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,

+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,

+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,

+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,

+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>

+=head1 HISTORY

+These functions were first added to OpenSSL 1.0.0.

+=cut

diff --git a/lib/libcrypto/modes/asm/ghash-x86.pl b/lib/libcrypto/modes/asm/ghash-x86.pl
index 6b09669d474..83c727e07f9 100644
--- a/lib/libcrypto/modes/asm/ghash-x86.pl
+++ b/lib/libcrypto/modes/asm/ghash-x86.pl

@@ -635,7 +635,7 @@ sub mmx_loop() {

{ my @lo = ("mm0","mm1","mm2");

my @hi = ("mm3","mm4","mm5");

my @tmp = ("mm6","mm7");

- my $off1=0,$off2=0,$i;

+ my ($off1,$off2,$i) = (0,0,);

&add ($Htbl,128); # optimize for size

&lea ("edi",&DWP(16+128,"esp"));

@@ -883,7 +883,7 @@ sub reduction_alg9 { # 17/13 times faster than Intel version

my ($Xhi,$Xi) = @_;

# 1st phase

- &movdqa ($T1,$Xi) #

+ &movdqa ($T1,$Xi); #

&psllq ($Xi,1);

&pxor ($Xi,$T1); #

&psllq ($Xi,5); #

@@ -1019,7 +1019,7 @@ my ($Xhi,$Xi) = @_;

&movdqa ($Xhn,$Xn);

&pxor ($Xhi,$T1); # "Ii+Xi", consume early

- &movdqa ($T1,$Xi) #&reduction_alg9($Xhi,$Xi); 1st phase

+ &movdqa ($T1,$Xi); #&reduction_alg9($Xhi,$Xi); 1st phase

&psllq ($Xi,1);

&pxor ($Xi,$T1); #

&psllq ($Xi,5); #

diff --git a/lib/libcrypto/modes/asm/ghash-x86_64.pl b/lib/libcrypto/modes/asm/ghash-x86_64.pl
index a5ae180882d..38d779edbcf 100644
--- a/lib/libcrypto/modes/asm/ghash-x86_64.pl
+++ b/lib/libcrypto/modes/asm/ghash-x86_64.pl

@@ -50,7 +50,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;

( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or

die "can't locate x86_64-xlate.pl";

-open STDOUT,"| $^X $xlate $flavour $output";

+open OUT,"| \"$^X\" $xlate $flavour $output";

+*STDOUT=*OUT;

# common register layout

$nlo="%rax";

diff --git a/lib/libcrypto/rc5/rc5_ecb.c b/lib/libcrypto/rc5/rc5_ecb.c
new file mode 100644
index 00000000000..e72b535507c
--- /dev/null
+++ b/lib/libcrypto/rc5/rc5_ecb.c

@@ -0,0 +1,80 @@

+/* crypto/rc5/rc5_ecb.c */

+ *

+ * This package is an SSL implementation written

+ * by Eric Young (eay@cryptsoft.com).

+ * The implementation was written so as to conform with Netscapes SSL.

+ *

+ * This library is free for commercial and non-commercial use as long as

+ * the following conditions are aheared to. The following conditions

+ * apply to all code found in this distribution, be it the RC4, RSA,

+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation

+ * included with this distribution is covered by the same copyright terms

+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).

+ *

+ * Copyright remains Eric Young's, and as such any Copyright notices in

+ * the code are not to be removed.

+ * If this package is used in a product, Eric Young should be given attribution

+ * as the author of the parts of the library used.

+ * This can be in the form of a textual message at program startup or

+ * in documentation (online or textual) provided with the package.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ * 1. Redistributions of source code must retain the copyright

+ * notice, this list of conditions and the following disclaimer.

+ * 2. Redistributions in binary form must reproduce the above copyright

+ * notice, this list of conditions and the following disclaimer in the

+ * documentation and/or other materials provided with the distribution.

+ * 3. All advertising materials mentioning features or use of this software

+ * must display the following acknowledgement:

+ * "This product includes cryptographic software written by

+ * Eric Young (eay@cryptsoft.com)"

+ * The word 'cryptographic' can be left out if the rouines from the library

+ * being used are not cryptographic related :-).

+ * 4. If you include any Windows specific code (or a derivative thereof) from

+ * the apps directory (application code) you must include an acknowledgement:

+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

+ *

+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

+ * SUCH DAMAGE.

+ *

+ * The licence and distribution terms for any publically available version or

+ * derivative of this code cannot be changed. i.e. this code cannot simply be

+ * copied and put under another distribution licence

+ * [including the GNU Public Licence.]

+ */

+#include <openssl/rc5.h>

+#include "rc5_locl.h"

+#include <openssl/opensslv.h>

+const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT;

+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,

+ RC5_32_KEY *ks, int encrypt)

+ {

+ unsigned long l,d[2];

+ c2l(in,l); d[0]=l;

+ c2l(in,l); d[1]=l;

+ if (encrypt)

+ RC5_32_encrypt(d,ks);

+ else

+ RC5_32_decrypt(d,ks);

+ l=d[0]; l2c(l,out);

+ l=d[1]; l2c(l,out);

+ l=d[0]=d[1]=0;

+ }

diff --git a/lib/libcrypto/rc5/rc5_enc.c b/lib/libcrypto/rc5/rc5_enc.c
new file mode 100644
index 00000000000..f327d32a766
--- /dev/null
+++ b/lib/libcrypto/rc5/rc5_enc.c

@@ -0,0 +1,215 @@

+/* crypto/rc5/rc5_enc.c */