diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2010-10-01 22:54:19 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2010-10-01 22:54:19 +0000 |
| commit | 575a03d2fd16079e8b67497eb4bcac6590182ec4 (patch) | |
| tree | 8bfe981551420e16987bb5e4c7786594f187c7ab /lib/libssl | |
| parent | d6d516f40a4df86e398756f712ad923a7e204d35 (diff) | |
import OpenSSL-1.0.0a
Diffstat (limited to 'lib/libssl')
382 files changed, 49232 insertions, 6265 deletions
diff --git a/lib/libssl/src/INSTALL.WCE b/lib/libssl/src/INSTALL.WCE index adc03f41d4c..d78c61afa88 100644 --- a/lib/libssl/src/INSTALL.WCE +++ b/lib/libssl/src/INSTALL.WCE @@ -4,27 +4,36 @@ Building OpenSSL for Windows CE requires the following external tools: - * Microsoft eMbedded Visual C++ 3.0 - * wcecompat compatibility library (www.essemer.com.au) - * Optionally ceutils for running automated tests (www.essemer.com.au) - - You also need Perl for Win32. You will need ActiveState Perl, available - from http://www.activestate.com/ActivePerl. - - Windows CE support in OpenSSL relies on wcecompat and therefore it's - appropriate to check http://www.essemer.com.au/windowsce/ for updates in - case of compilation problems. As for the moment of this writing version - 1.1 is available and actually required for WCE 4.2 and newer platforms. - All Windows CE specific issues should be directed to www.essemer.com.au. - - The C Runtime Library implementation for Windows CE that is included with - Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places - incorrect. wcecompat plugs the holes and tries to bring the Windows CE - CRT to a level that is more compatible with ANSI C. wcecompat goes further - and provides low-level IO and stream IO support for stdin/stdout/stderr - (which Windows CE does not provide). This IO functionality is not needed - by the OpenSSL library itself but is used for the tests and openssl.exe. - More information is available at www.essemer.com.au. + * Microsoft eMbedded Visual C++ 3.0 or later + * Appropriate SDK might be required + * Perl for Win32 [commonly recommended ActiveState Perl is available + from http://www.activestate.com/Products/ActivePerl/] + + * wcecompat compatibility library available at + http://www.essemer.com.au/windowsce/ + * Optionally ceutils for running automated tests (same location) + + _or_ + + * PocketConsole driver and PortSDK available at + http://www.symbolictools.de/public/pocketconsole/ + * CMD command interpreter (same location) + + As Windows CE support in OpenSSL relies on 3rd party compatibility + library, it's appropriate to check corresponding URL for updates. For + example if you choose wcecompat, note that as for the moment of this + writing version 1.2 is available and actually required for WCE 4.2 + and newer platforms. All wcecompat issues should be directed to + www.essemer.com.au. + + Why compatibility library at all? The C Runtime Library implementation + for Windows CE that is included with Microsoft eMbedded Visual C++ is + incomplete and in some places incorrect. Compatibility library plugs + the holes and tries to bring the Windows CE CRT to [more] usable level. + Most gaping hole in CRT is support for stdin/stdout/stderr IO, which + proposed compatibility libraries solve in two different ways: wcecompat + redirects IO to active sync link, while PortSDK - to NT-like console + driver on the handheld itself. Building -------- @@ -34,9 +43,21 @@ > "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT" - Next indicate where wcecompat is located: + Next pick compatibility library according to your preferences. - > set WCECOMPAT=C:\wcecompat + 1. To choose wcecompat set up WCECOMPAT environment variable pointing + at the location of wcecompat tree "root": + + > set WCECOMPAT=C:\wcecompat + > set PORTSDK_LIBPATH= + + 2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware- + specific location where your portlib.lib is installed: + + > set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM + > set WCECOMPAT= + + Note that you may not set both variables. Next you should run Configure: @@ -52,16 +73,16 @@ Then from the VC++ environment at a prompt do: - - to build static libraries: + > nmake -f ms\cedll.mak - > nmake -f ms\ce.mak + [note that static builds are not supported under CE] - - or to build DLLs: + If all is well it should compile and you will have some DLLs and executables + in out32dll*. - > nmake -f ms\cedll.mak + <<< everyting below needs revision in respect to wcecompat vs. PortSDK >>> - If all is well it should compile and you will have some static libraries and - executables in out32, or some DLLs and executables in out32dll. If you want + If you want to try the tests then make sure the ceutils are in the path and do: > cd out32 diff --git a/lib/libssl/src/Netware/build.bat b/lib/libssl/src/Netware/build.bat index 823134bda16..3125c2a4875 100644 --- a/lib/libssl/src/Netware/build.bat +++ b/lib/libssl/src/Netware/build.bat @@ -159,6 +159,8 @@ cd ..\..\.. echo SHA1 cd crypto\sha\asm perl sha1-586.pl %ASM_MODE% > s1-nw.asm +perl sha256-586.pl %ASM_MODE% > sha256-nw.asm +perl sha512-586.pl %ASM_MODE% > sha512-nw.asm cd ..\..\.. echo RIPEMD160 @@ -171,6 +173,11 @@ cd crypto\rc5\asm perl rc5-586.pl %ASM_MODE% > r5-nw.asm cd ..\..\.. +echo WHIRLPOOL +cd crypto\whrlpool\asm +perl wp-mmx.pl %ASM_MODE% > wp-nw.asm +cd ..\..\.. + echo CPUID cd crypto perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm diff --git a/lib/libssl/src/apps/cms.c b/lib/libssl/src/apps/cms.c index 6d227acabe8..d29a8849022 100644 --- a/lib/libssl/src/apps/cms.c +++ b/lib/libssl/src/apps/cms.c @@ -71,8 +71,9 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int cms_cb(int ok, X509_STORE_CTX *ctx); static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); -static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst, - STACK *rr_from); +static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, + int rr_allorfirst, + STACK_OF(OPENSSL_STRING) *rr_from); #define SMIME_OP 0x10 #define SMIME_IP 0x20 @@ -94,6 +95,8 @@ static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst, #define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) #define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) +int verify_err = 0; + int MAIN(int, char **); int MAIN(int argc, char **argv) @@ -105,7 +108,7 @@ int MAIN(int argc, char **argv) const char *inmode = "r", *outmode = "w"; char *infile = NULL, *outfile = NULL, *rctfile = NULL; char *signerfile = NULL, *recipfile = NULL; - STACK *sksigners = NULL, *skkeys = NULL; + STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; char *certsoutfile = NULL; const EVP_CIPHER *cipher = NULL; @@ -116,9 +119,10 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *encerts = NULL, *other = NULL; BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; int badarg = 0; - int flags = CMS_DETACHED; + int flags = CMS_DETACHED, noout = 0, print = 0; + int verify_retcode = 0; int rr_print = 0, rr_allorfirst = -1; - STACK *rr_to = NULL, *rr_from = NULL; + STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; CMS_ReceiptRequest *rr = NULL; char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL; @@ -166,6 +170,8 @@ int MAIN(int argc, char **argv) operation = SMIME_RESIGN; else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; + else if (!strcmp (*args, "-verify_retcode")) + verify_retcode = 1; else if (!strcmp(*args,"-verify_receipt")) { operation = SMIME_VERIFY_RECEIPT; @@ -252,21 +258,17 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-no_attr_verify")) flags |= CMS_NO_ATTR_VERIFY; else if (!strcmp (*args, "-stream")) - { - args++; - continue; - } + flags |= CMS_STREAM; else if (!strcmp (*args, "-indef")) - { - args++; - continue; - } + flags |= CMS_STREAM; else if (!strcmp (*args, "-noindef")) flags &= ~CMS_STREAM; else if (!strcmp (*args, "-nooldmime")) flags |= CMS_NOOLDMIMETYPE; else if (!strcmp (*args, "-crlfeol")) flags |= CMS_CRLFEOL; + else if (!strcmp (*args, "-noout")) + noout = 1; else if (!strcmp (*args, "-receipt_request_print")) rr_print = 1; else if (!strcmp (*args, "-receipt_request_all")) @@ -279,8 +281,8 @@ int MAIN(int argc, char **argv) goto argerr; args++; if (!rr_from) - rr_from = sk_new_null(); - sk_push(rr_from, *args); + rr_from = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(rr_from, *args); } else if (!strcmp(*args,"-receipt_request_to")) { @@ -288,9 +290,14 @@ int MAIN(int argc, char **argv) goto argerr; args++; if (!rr_to) - rr_to = sk_new_null(); - sk_push(rr_to, *args); + rr_to = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(rr_to, *args); } + else if (!strcmp (*args, "-print")) + { + noout = 1; + print = 1; + } else if (!strcmp(*args,"-secretkey")) { long ltmp; @@ -380,13 +387,13 @@ int MAIN(int argc, char **argv) if (signerfile) { if (!sksigners) - sksigners = sk_new_null(); - sk_push(sksigners, signerfile); + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); if (!keyfile) keyfile = signerfile; if (!skkeys) - skkeys = sk_new_null(); - sk_push(skkeys, keyfile); + skkeys = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(skkeys, keyfile); keyfile = NULL; } signerfile = *++args; @@ -428,12 +435,12 @@ int MAIN(int argc, char **argv) goto argerr; } if (!sksigners) - sksigners = sk_new_null(); - sk_push(sksigners, signerfile); + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); signerfile = NULL; if (!skkeys) - skkeys = sk_new_null(); - sk_push(skkeys, keyfile); + skkeys = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(skkeys, keyfile); } keyfile = *++args; } @@ -532,13 +539,13 @@ int MAIN(int argc, char **argv) if (signerfile) { if (!sksigners) - sksigners = sk_new_null(); - sk_push(sksigners, signerfile); + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); if (!skkeys) - skkeys = sk_new_null(); + skkeys = sk_OPENSSL_STRING_new_null(); if (!keyfile) keyfile = signerfile; - sk_push(skkeys, keyfile); + sk_OPENSSL_STRING_push(skkeys, keyfile); } if (!sksigners) { @@ -697,7 +704,7 @@ int MAIN(int argc, char **argv) if (secret_key && !secret_keyid) { - BIO_printf(bio_err, "No sectre key id\n"); + BIO_printf(bio_err, "No secret key id\n"); goto end; } @@ -873,7 +880,7 @@ int MAIN(int argc, char **argv) { if (!(store = setup_verify(bio_err, CAfile, CApath))) goto end; - X509_STORE_set_verify_cb_func(store, cms_cb); + X509_STORE_set_verify_cb(store, cms_cb); if (vpm) X509_STORE_set1_param(store, vpm); } @@ -973,11 +980,11 @@ int MAIN(int argc, char **argv) } else flags |= CMS_REUSE_DIGEST; - for (i = 0; i < sk_num(sksigners); i++) + for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { CMS_SignerInfo *si; - signerfile = sk_value(sksigners, i); - keyfile = sk_value(skkeys, i); + signerfile = sk_OPENSSL_STRING_value(sksigners, i); + keyfile = sk_OPENSSL_STRING_value(skkeys, i); signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, e, "signer certificate"); if (!signer) @@ -1075,6 +1082,8 @@ int MAIN(int argc, char **argv) else { BIO_printf(bio_err, "Verification failure\n"); + if (verify_retcode) + ret = verify_err + 32; goto end; } if (signerfile) @@ -1107,7 +1116,12 @@ int MAIN(int argc, char **argv) } else { - if (outformat == FORMAT_SMIME) + if (noout) + { + if (print) + CMS_ContentInfo_print_ctx(out, cms, 0, NULL); + } + else if (outformat == FORMAT_SMIME) { if (to) BIO_printf(out, "To: %s\n", to); @@ -1121,9 +1135,9 @@ int MAIN(int argc, char **argv) ret = SMIME_write_CMS(out, cms, in, flags); } else if (outformat == FORMAT_PEM) - ret = PEM_write_bio_CMS(out, cms); + ret = PEM_write_bio_CMS_stream(out, cms, in, flags); else if (outformat == FORMAT_ASN1) - ret = i2d_CMS_bio(out,cms); + ret = i2d_CMS_bio_stream(out,cms, in, flags); else { BIO_printf(bio_err, "Bad output format for CMS file\n"); @@ -1146,9 +1160,9 @@ end: if (vpm) X509_VERIFY_PARAM_free(vpm); if (sksigners) - sk_free(sksigners); + sk_OPENSSL_STRING_free(sksigners); if (skkeys) - sk_free(skkeys); + sk_OPENSSL_STRING_free(skkeys); if (secret_key) OPENSSL_free(secret_key); if (secret_keyid) @@ -1158,9 +1172,9 @@ end: if (rr) CMS_ReceiptRequest_free(rr); if (rr_to) - sk_free(rr_to); + sk_OPENSSL_STRING_free(rr_to); if (rr_from) - sk_free(rr_from); + sk_OPENSSL_STRING_free(rr_from); X509_STORE_free(store); X509_free(cert); X509_free(recip); @@ -1199,6 +1213,8 @@ static int cms_cb(int ok, X509_STORE_CTX *ctx) error = X509_STORE_CTX_get_error(ctx); + verify_err = error; + if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) && ((error != X509_V_OK) || (ok != 2))) return ok; @@ -1280,7 +1296,7 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) } } -static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns) +static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) { int i; STACK_OF(GENERAL_NAMES) *ret; @@ -1289,12 +1305,10 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns) ret = sk_GENERAL_NAMES_new_null(); if (!ret) goto err; - for (i = 0; i < sk_num(ns); i++) + for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) { - CONF_VALUE cnf; - cnf.name = "email"; - cnf.value = sk_value(ns, i); - gen = v2i_GENERAL_NAME(NULL, NULL, &cnf); + char *str = sk_OPENSSL_STRING_value(ns, i); + gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); if (!gen) goto err; gens = GENERAL_NAMES_new(); @@ -1321,8 +1335,9 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns) } -static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst, - STACK *rr_from) +static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, + int rr_allorfirst, + STACK_OF(OPENSSL_STRING) *rr_from) { STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; CMS_ReceiptRequest *rr; diff --git a/lib/libssl/src/apps/ec.c b/lib/libssl/src/apps/ec.c index 771e15f3577..31194b48df7 100644 --- a/lib/libssl/src/apps/ec.c +++ b/lib/libssl/src/apps/ec.c @@ -400,4 +400,10 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#else /* !OPENSSL_NO_EC */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/lib/libssl/src/apps/ecparam.c b/lib/libssl/src/apps/ecparam.c index 4e1fc837ed6..e9aa0a184ae 100644 --- a/lib/libssl/src/apps/ecparam.c +++ b/lib/libssl/src/apps/ecparam.c @@ -725,4 +725,10 @@ static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var, BIO_printf(out, "\n\t};\n\n"); return 1; } +#else /* !OPENSSL_NO_EC */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/lib/libssl/src/apps/pkeyparam.c b/lib/libssl/src/apps/pkeyparam.c index 4319eb4de51..7f18010f9d1 100644 --- a/lib/libssl/src/apps/pkeyparam.c +++ b/lib/libssl/src/apps/pkeyparam.c @@ -179,7 +179,7 @@ int MAIN(int argc, char **argv) pkey = PEM_read_bio_Parameters(in, NULL); if (!pkey) { - BIO_printf(bio_err, "Error reading paramters\n"); + BIO_printf(bio_err, "Error reading parameters\n"); ERR_print_errors(bio_err); goto end; } diff --git a/lib/libssl/src/apps/pkeyutl.c b/lib/libssl/src/apps/pkeyutl.c index b808e1ef499..22a6c4bf397 100644 --- a/lib/libssl/src/apps/pkeyutl.c +++ b/lib/libssl/src/apps/pkeyutl.c @@ -390,7 +390,7 @@ static void usage() BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); BIO_printf(bio_err, "-in file input file\n"); BIO_printf(bio_err, "-out file output file\n"); - BIO_printf(bio_err, "-signature file signature file (verify operation only)\n"); + BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n"); BIO_printf(bio_err, "-inkey file input key\n"); BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); BIO_printf(bio_err, "-pubin input is a public key\n"); diff --git a/lib/libssl/src/apps/prime.c b/lib/libssl/src/apps/prime.c index af2fed15af6..f1aaef8725e 100644 --- a/lib/libssl/src/apps/prime.c +++ b/lib/libssl/src/apps/prime.c @@ -62,6 +62,9 @@ int MAIN(int argc, char **argv) { int hex=0; int checks=20; + int generate=0; + int bits=0; + int safe=0; BIGNUM *bn=NULL; BIO *bio_out; @@ -77,6 +80,15 @@ int MAIN(int argc, char **argv) { if(!strcmp(*argv,"-hex")) hex=1; + else if(!strcmp(*argv,"-generate")) + generate=1; + else if(!strcmp(*argv,"-bits")) + if(--argc < 1) + goto bad; + else + bits=atoi(*++argv); + else if(!strcmp(*argv,"-safe")) + safe=1; else if(!strcmp(*argv,"-checks")) if(--argc < 1) goto bad; @@ -91,13 +103,13 @@ int MAIN(int argc, char **argv) ++argv; } - if (argv[0] == NULL) + if (argv[0] == NULL && !generate) { BIO_printf(bio_err,"No prime specified\n"); goto bad; } - if ((bio_out=BIO_new(BIO_s_file())) != NULL) + if ((bio_out=BIO_new(BIO_s_file())) != NULL) { BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS @@ -108,14 +120,32 @@ int MAIN(int argc, char **argv) #endif } - if(hex) - BN_hex2bn(&bn,argv[0]); + if(generate) + { + char *s; + + if(!bits) + { + BIO_printf(bio_err,"Specifiy the number of bits.\n"); + return 1; + } + bn=BN_new(); + BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL); + s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn); + BIO_printf(bio_out,"%s\n",s); + OPENSSL_free(s); + } else - BN_dec2bn(&bn,argv[0]); + { + if(hex) + BN_hex2bn(&bn,argv[0]); + else + BN_dec2bn(&bn,argv[0]); - BN_print(bio_out,bn); - BIO_printf(bio_out," is %sprime\n", - BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); + BN_print(bio_out,bn); + BIO_printf(bio_out," is %sprime\n", + BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); + } BN_free(bn); BIO_free_all(bio_out); diff --git a/lib/libssl/src/apps/ts.c b/lib/libssl/src/apps/ts.c index 74e7e932b3a..5fa9f7fda07 100644 --- a/lib/libssl/src/apps/ts.c +++ b/lib/libssl/src/apps/ts.c @@ -165,6 +165,9 @@ int MAIN(int argc, char **argv) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); } + if (!load_config(bio_err, NULL)) + goto cleanup; + for (argc--, argv++; argc > 0; argc--, argv++) { if (strcmp(*argv, "-config") == 0) @@ -646,7 +649,7 @@ static ASN1_INTEGER *create_nonce(int bits) /* Generating random byte sequence. */ if (len > (int)sizeof(buf)) goto err; - if (!RAND_bytes(buf, len)) goto err; + if (RAND_bytes(buf, len) <= 0) goto err; /* Find the first non-zero byte and creating ASN1_INTEGER object. */ for (i = 0; i < len && !buf[i]; ++i); @@ -1080,7 +1083,7 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file) cert_ctx = X509_STORE_new(); /* Setting the callback for certificate chain verification. */ - X509_STORE_set_verify_cb_func(cert_ctx, verify_cb); + X509_STORE_set_verify_cb(cert_ctx, verify_cb); /* Adding a trusted certificate directory source. */ if (ca_path) diff --git a/lib/libssl/src/crypto/LPdir_win.c b/lib/libssl/src/crypto/LPdir_win.c index 09b475beed1..702dbc730f6 100644 --- a/lib/libssl/src/crypto/LPdir_win.c +++ b/lib/libssl/src/crypto/LPdir_win.c @@ -54,8 +54,6 @@ struct LP_dir_context_st const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) { - struct dirent *direntry = NULL; - if (ctx == NULL || directory == NULL) { errno = EINVAL; diff --git a/lib/libssl/src/crypto/aes/Makefile b/lib/libssl/src/crypto/aes/Makefile index 9d174f4c3ef..c501a43a8f6 100644 --- a/lib/libssl/src/crypto/aes/Makefile +++ b/lib/libssl/src/crypto/aes/Makefile @@ -11,7 +11,7 @@ CFLAG=-g MAKEFILE= Makefile AR= ar r -AES_ASM_OBJ=aes_core.o aes_cbc.o +AES_ENC=aes_core.o aes_cbc.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -26,7 +26,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \ aes_ctr.c aes_ige.c aes_wrap.c LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \ - $(AES_ASM_OBJ) + $(AES_ENC) SRC= $(LIBSRC) @@ -41,24 +41,27 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -$(LIBOBJ): $(LIBSRC) - aes-ia64.s: asm/aes-ia64.S $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@ -ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl + $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ aes-x86_64.s: asm/aes-x86_64.pl - $(PERL) asm/aes-x86_64.pl $@ + $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@ + +aes-sparcv9.s: asm/aes-sparcv9.pl + $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ + +aes-ppc.s: asm/aes-ppc.pl + $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +aes-%.s: asm/aes-%.pl; $(PERL) $< $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -97,16 +100,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h -aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h -aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -aes_cfb.o: aes_cfb.c aes_locl.h +aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c +aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -aes_core.o: aes_core.c aes_locl.h -aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h +aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h +aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h @@ -119,8 +120,8 @@ aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c -aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c +aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/lib/libssl/src/crypto/aes/aes_ige.c b/lib/libssl/src/crypto/aes/aes_ige.c index 45d70961818..c161351e654 100644 --- a/lib/libssl/src/crypto/aes/aes_ige.c +++ b/lib/libssl/src/crypto/aes/aes_ige.c @@ -77,11 +77,11 @@ typedef struct { /* N.B. The IV for this mode is _twice_ the block size */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc) { - unsigned long n; - unsigned long len; + size_t n; + size_t len = length; OPENSSL_assert(in && out && key && ivec); OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); @@ -211,12 +211,12 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, /* N.B. The IV for this mode is _four times_ the block size */ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec, const int enc) { - unsigned long n; - unsigned long len = length; + size_t n; + size_t len = length; unsigned char tmp[AES_BLOCK_SIZE]; unsigned char tmp2[AES_BLOCK_SIZE]; unsigned char tmp3[AES_BLOCK_SIZE]; diff --git a/lib/libssl/src/crypto/aes/asm/aes-armv4.pl b/lib/libssl/src/crypto/aes/asm/aes-armv4.pl index 15742c1ec54..690244111a6 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-armv4.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-armv4.pl @@ -1024,6 +1024,7 @@ _armv4_AES_decrypt: mov pc,lr @ return .size _armv4_AES_decrypt,.-_armv4_AES_decrypt .asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 ___ $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 diff --git a/lib/libssl/src/crypto/aes/asm/aes-ppc.pl b/lib/libssl/src/crypto/aes/asm/aes-ppc.pl index ce427655ef7..f82c5e18141 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-ppc.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-ppc.pl @@ -16,6 +16,19 @@ # at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact - # at 1/3 of ppc_AES_decrypt. +# February 2010 +# +# Rescheduling instructions to favour Power6 pipeline gives 10% +# performance improvement on the platfrom in question (and marginal +# improvement even on others). It should be noted that Power6 fails +# to process byte in 18 cycles, only in 23, because it fails to issue +# 4 load instructions in two cycles, only in 3. As result non-compact +# block subroutines are 25% slower than one would expect. Compact +# functions scale better, because they have pure computational part, +# which scales perfectly with clock frequency. To be specific +# ppc_AES_encrypt_compact operates at 42 cycles per byte, while +# ppc_AES_decrypt_compact - at 55 (in 64-bit build). + $flavour = shift; if ($flavour =~ /64/) { @@ -376,7 +389,7 @@ $code.=<<___; addi $sp,$sp,$FRAME blr -.align 4 +.align 5 Lppc_AES_encrypt: lwz $acc00,240($key) lwz $t0,0($key) @@ -397,46 +410,46 @@ Lppc_AES_encrypt: Lenc_loop: rlwinm $acc00,$s0,`32-24+3`,21,28 rlwinm $acc01,$s1,`32-24+3`,21,28 - lwz $t0,0($key) - lwz $t1,4($key) rlwinm $acc02,$s2,`32-24+3`,21,28 rlwinm $acc03,$s3,`32-24+3`,21,28 - lwz $t2,8($key) - lwz $t3,12($key) + lwz $t0,0($key) + lwz $t1,4($key) rlwinm $acc04,$s1,`32-16+3`,21,28 rlwinm $acc05,$s2,`32-16+3`,21,28 - lwzx $acc00,$Tbl0,$acc00 - lwzx $acc01,$Tbl0,$acc01 + lwz $t2,8($key) + lwz $t3,12($key) rlwinm $acc06,$s3,`32-16+3`,21,28 rlwinm $acc07,$s0,`32-16+3`,21,28 - lwzx $acc02,$Tbl0,$acc02 - lwzx $acc03,$Tbl0,$acc03 + lwzx $acc00,$Tbl0,$acc00 + lwzx $acc01,$Tbl0,$acc01 rlwinm $acc08,$s2,`32-8+3`,21,28 rlwinm $acc09,$s3,`32-8+3`,21,28 - lwzx $acc04,$Tbl1,$acc04 - lwzx $acc05,$Tbl1,$acc05 + lwzx $acc02,$Tbl0,$acc02 + lwzx $acc03,$Tbl0,$acc03 rlwinm $acc10,$s0,`32-8+3`,21,28 rlwinm $acc11,$s1,`32-8+3`,21,28 - lwzx $acc06,$Tbl1,$acc06 - lwzx $acc07,$Tbl1,$acc07 + lwzx $acc04,$Tbl1,$acc04 + lwzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s3,`0+3`,21,28 rlwinm $acc13,$s0,`0+3`,21,28 - lwzx $acc08,$Tbl2,$acc08 - lwzx $acc09,$Tbl2,$acc09 + lwzx $acc06,$Tbl1,$acc06 + lwzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s1,`0+3`,21,28 rlwinm $acc15,$s2,`0+3`,21,28 - lwzx $acc10,$Tbl2,$acc10 - lwzx $acc11,$Tbl2,$acc11 + lwzx $acc08,$Tbl2,$acc08 + lwzx $acc09,$Tbl2,$acc09 xor $t0,$t0,$acc00 xor $t1,$t1,$acc01 - lwzx $acc12,$Tbl3,$acc12 - lwzx $acc13,$Tbl3,$acc13 + lwzx $acc10,$Tbl2,$acc10 + lwzx $acc11,$Tbl2,$acc11 xor $t2,$t2,$acc02 xor $t3,$t3,$acc03 - lwzx $acc14,$Tbl3,$acc14 - lwzx $acc15,$Tbl3,$acc15 + lwzx $acc12,$Tbl3,$acc12 + lwzx $acc13,$Tbl3,$acc13 xor $t0,$t0,$acc04 xor $t1,$t1,$acc05 + lwzx $acc14,$Tbl3,$acc14 + lwzx $acc15,$Tbl3,$acc15 xor $t2,$t2,$acc06 xor $t3,$t3,$acc07 xor $t0,$t0,$acc08 @@ -452,60 +465,60 @@ Lenc_loop: addi $Tbl2,$Tbl0,2048 nop - lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4 - lwz $acc09,`2048+32`($Tbl0) - lwz $acc10,`2048+64`($Tbl0) - lwz $acc11,`2048+96`($Tbl0) - lwz $acc08,`2048+128`($Tbl0) - lwz $acc09,`2048+160`($Tbl0) - lwz $acc10,`2048+192`($Tbl0) - lwz $acc11,`2048+224`($Tbl0) - rlwinm $acc00,$s0,`32-24`,24,31 - rlwinm $acc01,$s1,`32-24`,24,31 lwz $t0,0($key) lwz $t1,4($key) - rlwinm $acc02,$s2,`32-24`,24,31 - rlwinm $acc03,$s3,`32-24`,24,31 + rlwinm $acc00,$s0,`32-24`,24,31 + rlwinm $acc01,$s1,`32-24`,24,31 lwz $t2,8($key) lwz $t3,12($key) + rlwinm $acc02,$s2,`32-24`,24,31 + rlwinm $acc03,$s3,`32-24`,24,31 + lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4 + lwz $acc09,`2048+32`($Tbl0) rlwinm $acc04,$s1,`32-16`,24,31 rlwinm $acc05,$s2,`32-16`,24,31 - lbzx $acc00,$Tbl2,$acc00 - lbzx $acc01,$Tbl2,$acc01 + lwz $acc10,`2048+64`($Tbl0) + lwz $acc11,`2048+96`($Tbl0) rlwinm $acc06,$s3,`32-16`,24,31 rlwinm $acc07,$s0,`32-16`,24,31 - lbzx $acc02,$Tbl2,$acc02 - lbzx $acc03,$Tbl2,$acc03 + lwz $acc12,`2048+128`($Tbl0) + lwz $acc13,`2048+160`($Tbl0) rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc04,$Tbl2,$acc04 - lbzx $acc05,$Tbl2,$acc05 + lwz $acc14,`2048+192`($Tbl0) + lwz $acc15,`2048+224`($Tbl0) rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc06,$Tbl2,$acc06 - lbzx $acc07,$Tbl2,$acc07 + lbzx $acc00,$Tbl2,$acc00 + lbzx $acc01,$Tbl2,$acc01 rlwinm $acc12,$s3,`0`,24,31 rlwinm $acc13,$s0,`0`,24,31 - lbzx $acc08,$Tbl2,$acc08 - lbzx $acc09,$Tbl2,$acc09 + lbzx $acc02,$Tbl2,$acc02 + lbzx $acc03,$Tbl2,$acc03 rlwinm $acc14,$s1,`0`,24,31 rlwinm $acc15,$s2,`0`,24,31 - lbzx $acc10,$Tbl2,$acc10 - lbzx $acc11,$Tbl2,$acc11 + lbzx $acc04,$Tbl2,$acc04 + lbzx $acc05,$Tbl2,$acc05 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc12,$Tbl2,$acc12 - lbzx $acc13,$Tbl2,$acc13 + lbzx $acc06,$Tbl2,$acc06 + lbzx $acc07,$Tbl2,$acc07 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 - lbzx $acc14,$Tbl2,$acc14 - lbzx $acc15,$Tbl2,$acc15 + lbzx $acc08,$Tbl2,$acc08 + lbzx $acc09,$Tbl2,$acc09 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc10,$Tbl2,$acc10 + lbzx $acc11,$Tbl2,$acc11 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 + lbzx $acc12,$Tbl2,$acc12 + lbzx $acc13,$Tbl2,$acc13 rlwimi $s0,$acc08,8,16,23 rlwimi $s1,$acc09,8,16,23 + lbzx $acc14,$Tbl2,$acc14 + lbzx $acc15,$Tbl2,$acc15 rlwimi $s2,$acc10,8,16,23 rlwimi $s3,$acc11,8,16,23 or $s0,$s0,$acc12 @@ -542,40 +555,40 @@ Lenc_compact_loop: rlwinm $acc01,$s1,`32-24`,24,31 rlwinm $acc02,$s2,`32-24`,24,31 rlwinm $acc03,$s3,`32-24`,24,31 - lbzx $acc00,$Tbl1,$acc00 - lbzx $acc01,$Tbl1,$acc01 rlwinm $acc04,$s1,`32-16`,24,31 rlwinm $acc05,$s2,`32-16`,24,31 - lbzx $acc02,$Tbl1,$acc02 - lbzx $acc03,$Tbl1,$acc03 rlwinm $acc06,$s3,`32-16`,24,31 rlwinm $acc07,$s0,`32-16`,24,31 - lbzx $acc04,$Tbl1,$acc04 - lbzx $acc05,$Tbl1,$acc05 + lbzx $acc00,$Tbl1,$acc00 + lbzx $acc01,$Tbl1,$acc01 rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc06,$Tbl1,$acc06 - lbzx $acc07,$Tbl1,$acc07 + lbzx $acc02,$Tbl1,$acc02 + lbzx $acc03,$Tbl1,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc08,$Tbl1,$acc08 - lbzx $acc09,$Tbl1,$acc09 + lbzx $acc04,$Tbl1,$acc04 + lbzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s3,`0`,24,31 rlwinm $acc13,$s0,`0`,24,31 - lbzx $acc10,$Tbl1,$acc10 - lbzx $acc11,$Tbl1,$acc11 + lbzx $acc06,$Tbl1,$acc06 + lbzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s1,`0`,24,31 rlwinm $acc15,$s2,`0`,24,31 - lbzx $acc12,$Tbl1,$acc12 - lbzx $acc13,$Tbl1,$acc13 + lbzx $acc08,$Tbl1,$acc08 + lbzx $acc09,$Tbl1,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc14,$Tbl1,$acc14 - lbzx $acc15,$Tbl1,$acc15 + lbzx $acc10,$Tbl1,$acc10 + lbzx $acc11,$Tbl1,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl1,$acc12 + lbzx $acc13,$Tbl1,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl1,$acc14 + lbzx $acc15,$Tbl1,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 @@ -725,7 +738,7 @@ Lenc_compact_done: addi $sp,$sp,$FRAME blr -.align 4 +.align 5 Lppc_AES_decrypt: lwz $acc00,240($key) lwz $t0,0($key) @@ -746,46 +759,46 @@ Lppc_AES_decrypt: Ldec_loop: rlwinm $acc00,$s0,`32-24+3`,21,28 rlwinm $acc01,$s1,`32-24+3`,21,28 - lwz $t0,0($key) - lwz $t1,4($key) rlwinm $acc02,$s2,`32-24+3`,21,28 rlwinm $acc03,$s3,`32-24+3`,21,28 - lwz $t2,8($key) - lwz $t3,12($key) + lwz $t0,0($key) + lwz $t1,4($key) rlwinm $acc04,$s3,`32-16+3`,21,28 rlwinm $acc05,$s0,`32-16+3`,21,28 - lwzx $acc00,$Tbl0,$acc00 - lwzx $acc01,$Tbl0,$acc01 + lwz $t2,8($key) + lwz $t3,12($key) rlwinm $acc06,$s1,`32-16+3`,21,28 rlwinm $acc07,$s2,`32-16+3`,21,28 - lwzx $acc02,$Tbl0,$acc02 - lwzx $acc03,$Tbl0,$acc03 + lwzx $acc00,$Tbl0,$acc00 + lwzx $acc01,$Tbl0,$acc01 rlwinm $acc08,$s2,`32-8+3`,21,28 rlwinm $acc09,$s3,`32-8+3`,21,28 - lwzx $acc04,$Tbl1,$acc04 - lwzx $acc05,$Tbl1,$acc05 + lwzx $acc02,$Tbl0,$acc02 + lwzx $acc03,$Tbl0,$acc03 rlwinm $acc10,$s0,`32-8+3`,21,28 rlwinm $acc11,$s1,`32-8+3`,21,28 - lwzx $acc06,$Tbl1,$acc06 - lwzx $acc07,$Tbl1,$acc07 + lwzx $acc04,$Tbl1,$acc04 + lwzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s1,`0+3`,21,28 rlwinm $acc13,$s2,`0+3`,21,28 - lwzx $acc08,$Tbl2,$acc08 - lwzx $acc09,$Tbl2,$acc09 + lwzx $acc06,$Tbl1,$acc06 + lwzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s3,`0+3`,21,28 rlwinm $acc15,$s0,`0+3`,21,28 - lwzx $acc10,$Tbl2,$acc10 - lwzx $acc11,$Tbl2,$acc11 + lwzx $acc08,$Tbl2,$acc08 + lwzx $acc09,$Tbl2,$acc09 xor $t0,$t0,$acc00 xor $t1,$t1,$acc01 - lwzx $acc12,$Tbl3,$acc12 - lwzx $acc13,$Tbl3,$acc13 + lwzx $acc10,$Tbl2,$acc10 + lwzx $acc11,$Tbl2,$acc11 xor $t2,$t2,$acc02 xor $t3,$t3,$acc03 - lwzx $acc14,$Tbl3,$acc14 - lwzx $acc15,$Tbl3,$acc15 + lwzx $acc12,$Tbl3,$acc12 + lwzx $acc13,$Tbl3,$acc13 xor $t0,$t0,$acc04 xor $t1,$t1,$acc05 + lwzx $acc14,$Tbl3,$acc14 + lwzx $acc15,$Tbl3,$acc15 xor $t2,$t2,$acc06 xor $t3,$t3,$acc07 xor $t0,$t0,$acc08 @@ -801,56 +814,56 @@ Ldec_loop: addi $Tbl2,$Tbl0,2048 nop - lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4 - lwz $acc09,`2048+32`($Tbl0) - lwz $acc10,`2048+64`($Tbl0) - lwz $acc11,`2048+96`($Tbl0) - lwz $acc08,`2048+128`($Tbl0) - lwz $acc09,`2048+160`($Tbl0) - lwz $acc10,`2048+192`($Tbl0) - lwz $acc11,`2048+224`($Tbl0) - rlwinm $acc00,$s0,`32-24`,24,31 - rlwinm $acc01,$s1,`32-24`,24,31 lwz $t0,0($key) lwz $t1,4($key) - rlwinm $acc02,$s2,`32-24`,24,31 - rlwinm $acc03,$s3,`32-24`,24,31 + rlwinm $acc00,$s0,`32-24`,24,31 + rlwinm $acc01,$s1,`32-24`,24,31 lwz $t2,8($key) lwz $t3,12($key) + rlwinm $acc02,$s2,`32-24`,24,31 + rlwinm $acc03,$s3,`32-24`,24,31 + lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4 + lwz $acc09,`2048+32`($Tbl0) rlwinm $acc04,$s3,`32-16`,24,31 rlwinm $acc05,$s0,`32-16`,24,31 + lwz $acc10,`2048+64`($Tbl0) + lwz $acc11,`2048+96`($Tbl0) lbzx $acc00,$Tbl2,$acc00 lbzx $acc01,$Tbl2,$acc01 + lwz $acc12,`2048+128`($Tbl0) + lwz $acc13,`2048+160`($Tbl0) rlwinm $acc06,$s1,`32-16`,24,31 rlwinm $acc07,$s2,`32-16`,24,31 - lbzx $acc02,$Tbl2,$acc02 - lbzx $acc03,$Tbl2,$acc03 + lwz $acc14,`2048+192`($Tbl0) + lwz $acc15,`2048+224`($Tbl0) rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc04,$Tbl2,$acc04 - lbzx $acc05,$Tbl2,$acc05 + lbzx $acc02,$Tbl2,$acc02 + lbzx $acc03,$Tbl2,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc06,$Tbl2,$acc06 - lbzx $acc07,$Tbl2,$acc07 + lbzx $acc04,$Tbl2,$acc04 + lbzx $acc05,$Tbl2,$acc05 rlwinm $acc12,$s1,`0`,24,31 rlwinm $acc13,$s2,`0`,24,31 - lbzx $acc08,$Tbl2,$acc08 - lbzx $acc09,$Tbl2,$acc09 + lbzx $acc06,$Tbl2,$acc06 + lbzx $acc07,$Tbl2,$acc07 rlwinm $acc14,$s3,`0`,24,31 rlwinm $acc15,$s0,`0`,24,31 - lbzx $acc10,$Tbl2,$acc10 - lbzx $acc11,$Tbl2,$acc11 + lbzx $acc08,$Tbl2,$acc08 + lbzx $acc09,$Tbl2,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc12,$Tbl2,$acc12 - lbzx $acc13,$Tbl2,$acc13 + lbzx $acc10,$Tbl2,$acc10 + lbzx $acc11,$Tbl2,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 - lbzx $acc14,$Tbl2,$acc14 - lbzx $acc15,$Tbl2,$acc15 + lbzx $acc12,$Tbl2,$acc12 + lbzx $acc13,$Tbl2,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl2,$acc14 + lbzx $acc15,$Tbl2,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 @@ -897,40 +910,40 @@ Ldec_compact_loop: rlwinm $acc01,$s1,`32-24`,24,31 rlwinm $acc02,$s2,`32-24`,24,31 rlwinm $acc03,$s3,`32-24`,24,31 - lbzx $acc00,$Tbl1,$acc00 - lbzx $acc01,$Tbl1,$acc01 rlwinm $acc04,$s3,`32-16`,24,31 rlwinm $acc05,$s0,`32-16`,24,31 - lbzx $acc02,$Tbl1,$acc02 - lbzx $acc03,$Tbl1,$acc03 rlwinm $acc06,$s1,`32-16`,24,31 rlwinm $acc07,$s2,`32-16`,24,31 - lbzx $acc04,$Tbl1,$acc04 - lbzx $acc05,$Tbl1,$acc05 + lbzx $acc00,$Tbl1,$acc00 + lbzx $acc01,$Tbl1,$acc01 rlwinm $acc08,$s2,`32-8`,24,31 rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc06,$Tbl1,$acc06 - lbzx $acc07,$Tbl1,$acc07 + lbzx $acc02,$Tbl1,$acc02 + lbzx $acc03,$Tbl1,$acc03 rlwinm $acc10,$s0,`32-8`,24,31 rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc08,$Tbl1,$acc08 - lbzx $acc09,$Tbl1,$acc09 + lbzx $acc04,$Tbl1,$acc04 + lbzx $acc05,$Tbl1,$acc05 rlwinm $acc12,$s1,`0`,24,31 rlwinm $acc13,$s2,`0`,24,31 - lbzx $acc10,$Tbl1,$acc10 - lbzx $acc11,$Tbl1,$acc11 + lbzx $acc06,$Tbl1,$acc06 + lbzx $acc07,$Tbl1,$acc07 rlwinm $acc14,$s3,`0`,24,31 rlwinm $acc15,$s0,`0`,24,31 - lbzx $acc12,$Tbl1,$acc12 - lbzx $acc13,$Tbl1,$acc13 + lbzx $acc08,$Tbl1,$acc08 + lbzx $acc09,$Tbl1,$acc09 rlwinm $s0,$acc00,24,0,7 rlwinm $s1,$acc01,24,0,7 - lbzx $acc14,$Tbl1,$acc14 - lbzx $acc15,$Tbl1,$acc15 + lbzx $acc10,$Tbl1,$acc10 + lbzx $acc11,$Tbl1,$acc11 rlwinm $s2,$acc02,24,0,7 rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl1,$acc12 + lbzx $acc13,$Tbl1,$acc13 rlwimi $s0,$acc04,16,8,15 rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl1,$acc14 + lbzx $acc15,$Tbl1,$acc15 rlwimi $s2,$acc06,16,8,15 rlwimi $s3,$acc07,16,8,15 rlwimi $s0,$acc08,8,16,23 diff --git a/lib/libssl/src/crypto/aes/asm/aes-s390x.pl b/lib/libssl/src/crypto/aes/asm/aes-s390x.pl index 4b27afd92fc..7e018892982 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-s390x.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-s390x.pl @@ -765,6 +765,11 @@ $code.=<<___ if (!$softonly); srl %r5,6 ar %r5,%r0 + larl %r1,OPENSSL_s390xcap_P + lg %r0,0(%r1) + tmhl %r0,0x4000 # check for message-security assist + jz .Lekey_internal + lghi %r0,0 # query capability vector la %r1,16($sp) .long 0xb92f0042 # kmc %r4,%r2 @@ -1323,6 +1328,7 @@ $code.=<<___; 4: ex $len,0($s1) j .Lcbc_dec_exit .size AES_cbc_encrypt,.-AES_cbc_encrypt +.comm OPENSSL_s390xcap_P,8,8 ___ } $code.=<<___; diff --git a/lib/libssl/src/crypto/asn1/Makefile b/lib/libssl/src/crypto/asn1/Makefile index 94a6885804f..160544eede5 100644 --- a/lib/libssl/src/crypto/asn1/Makefile +++ b/lib/libssl/src/crypto/asn1/Makefile @@ -22,30 +22,32 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \ x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ - d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ + x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ + tasn_prn.c ameth_lib.c \ f_int.c f_string.c n_pkey.c \ - f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \ - asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ + f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \ + asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \ x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ - d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ + x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ + tasn_prn.o ameth_lib.o \ f_int.o f_string.o n_pkey.o \ - f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \ - asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ + f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \ + asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o SRC= $(LIBSRC) EXHEADER= asn1.h asn1_mac.h asn1t.h -HEADER= $(EXHEADER) +HEADER= $(EXHEADER) asn1_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -63,7 +65,7 @@ pk: pk.c all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -142,9 +144,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_digest.o: ../../include/openssl/opensslconf.h a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -173,14 +175,6 @@ a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c -a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h -a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -205,13 +199,6 @@ a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_mbstr.o: ../cryptlib.h a_mbstr.c -a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c a_object.o: ../../e_os.h ../../include/openssl/asn1.h a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -250,27 +237,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c +a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_sign.o: ../cryptlib.h a_sign.c asn1_locl.h a_strex.o: ../../e_os.h ../../include/openssl/asn1.h a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h +a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_strex.o: ../cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -318,14 +305,29 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h -a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_verify.o: ../../include/openssl/opensslconf.h +a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c +a_verify.o: asn1_locl.h +ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h +ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ameth_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ameth_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ameth_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ameth_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ameth_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ameth_lib.o: ../../include/openssl/opensslconf.h +ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ameth_lib.c +ameth_lib.o: asn1_locl.h asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -339,9 +341,8 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn1_gen.o: ../../include/openssl/opensslconf.h +asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -371,24 +372,23 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn_mime.o: ../../include/openssl/opensslconf.h +asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -asn_mime.o: ../cryptlib.h asn_mime.c +asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +asn_moid.o: ../../include/openssl/opensslconf.h asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -402,28 +402,43 @@ asn_pack.o: ../../include/openssl/opensslconf.h asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c +bio_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bio_asn1.o: ../../include/openssl/opensslconf.h +bio_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_asn1.o: ../../include/openssl/symhacks.h bio_asn1.c +bio_ndef.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +bio_ndef.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +bio_ndef.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bio_ndef.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bio_ndef.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_ndef.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_ndef.o: ../../include/openssl/symhacks.h bio_ndef.c d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +d2i_pr.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c +d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c +d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +d2i_pu.o: ../cryptlib.h d2i_pu.c evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -455,77 +470,76 @@ f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +i2d_pr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c +i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c +i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i2d_pu.o: ../cryptlib.h i2d_pu.c n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -n_pkey.o: ../cryptlib.h n_pkey.c +n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c +nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c +p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_pbe.o: ../cryptlib.h p5_pbe.c p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbev2.o: ../../include/openssl/opensslconf.h +p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -538,51 +552,48 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p8_pkey.o: ../cryptlib.h p8_pkey.c +p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c +t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_bitst.o: ../cryptlib.h t_bitst.c t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c +t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_crl.o: ../cryptlib.h t_crl.c t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h -t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +t_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h t_pkey.o: ../cryptlib.h t_pkey.c t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h @@ -591,57 +602,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c +t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_req.o: ../cryptlib.h t_req.c t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c +t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_spki.o: ../cryptlib.h t_spki.c t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c +t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_x509.o: ../cryptlib.h t_x509.c t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c +t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_x509a.o: ../cryptlib.h t_x509a.c tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -675,6 +686,21 @@ tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c +tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h +tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +tasn_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tasn_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tasn_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +tasn_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tasn_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tasn_prn.o: ../../include/openssl/opensslconf.h +tasn_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +tasn_prn.o: ../cryptlib.h asn1_locl.h tasn_prn.c tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h @@ -694,23 +720,21 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_algor.o: x_algor.c +x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_attrib.o: ../../include/openssl/opensslconf.h +x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -727,44 +751,42 @@ x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c x_crl.o: ../../e_os.h ../../include/openssl/asn1.h x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_crl.o: ../cryptlib.h x_crl.c +x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_exten.o: x_exten.c +x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_info.o: ../cryptlib.h x_info.c +x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c x_long.o: ../../e_os.h ../../include/openssl/asn1.h x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -780,125 +802,129 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_name.o: ../cryptlib.h x_name.c +x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h x_name.c +x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pkey.o: ../cryptlib.h x_pkey.c +x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_pubkey.o: ../../include/openssl/opensslconf.h x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pubkey.o: ../cryptlib.h x_pubkey.c +x_pubkey.o: ../cryptlib.h asn1_locl.h x_pubkey.c x_req.o: ../../e_os.h ../../include/openssl/asn1.h x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_req.o: ../cryptlib.h x_req.c +x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c x_sig.o: ../../e_os.h ../../include/openssl/asn1.h x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_sig.o: ../cryptlib.h x_sig.c +x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c x_spki.o: ../../e_os.h ../../include/openssl/asn1.h x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_spki.o: ../cryptlib.h x_spki.c +x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c x_val.o: ../../e_os.h ../../include/openssl/asn1.h x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_val.o: ../cryptlib.h x_val.c +x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c x_x509.o: ../../e_os.h ../../include/openssl/asn1.h x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x_x509.o: ../cryptlib.h x_x509.c +x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_x509a.o: ../cryptlib.h x_x509a.c +x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c diff --git a/lib/libssl/src/crypto/asn1/ameth_lib.c b/lib/libssl/src/crypto/asn1/ameth_lib.c index 18957c669e4..9a8b6cc2226 100644 --- a/lib/libssl/src/crypto/asn1/ameth_lib.c +++ b/lib/libssl/src/crypto/asn1/ameth_lib.c @@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, if (!ameth->info) goto err; } + else + ameth->info = NULL; if (pem_str) { @@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, if (!ameth->pem_str) goto err; } + else + ameth->pem_str = NULL; ameth->pub_decode = 0; ameth->pub_encode = 0; diff --git a/lib/libssl/src/crypto/asn1/asn1_gen.c b/lib/libssl/src/crypto/asn1/asn1_gen.c index 2da38292c8c..4fc241908f6 100644 --- a/lib/libssl/src/crypto/asn1/asn1_gen.c +++ b/lib/libssl/src/crypto/asn1/asn1_gen.c @@ -227,6 +227,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) /* Allocate buffer for new encoding */ new_der = OPENSSL_malloc(len); + if (!new_der) + goto err; /* Generate tagged encoding */ @@ -245,8 +247,14 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) /* If IMPLICIT, output tag */ if (asn1_tags.imp_tag != -1) + { + if (asn1_tags.imp_class == V_ASN1_UNIVERSAL + && (asn1_tags.imp_tag == V_ASN1_SEQUENCE + || asn1_tags.imp_tag == V_ASN1_SET) ) + hdr_constructed = V_ASN1_CONSTRUCTED; ASN1_put_object(&p, hdr_constructed, hdr_len, asn1_tags.imp_tag, asn1_tags.imp_class); + } /* Copy across original encoding */ memcpy(p, cpy_start, cpy_len); @@ -439,13 +447,15 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) { - ASN1_TYPE *ret = NULL, *typ = NULL; + ASN1_TYPE *ret = NULL; STACK_OF(ASN1_TYPE) *sk = NULL; STACK_OF(CONF_VALUE) *sect = NULL; - unsigned char *der = NULL, *p; + unsigned char *der = NULL; int derlen; - int i, is_set; + int i; sk = sk_ASN1_TYPE_new_null(); + if (!sk) + goto bad; if (section) { if (!cnf) @@ -455,28 +465,23 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) goto bad; for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { - typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); + ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); if (!typ) goto bad; - sk_ASN1_TYPE_push(sk, typ); - typ = NULL; + if (!sk_ASN1_TYPE_push(sk, typ)) + goto bad; } } /* Now we has a STACK of the components, convert to the correct form */ if (utype == V_ASN1_SET) - is_set = 1; + derlen = i2d_ASN1_SET_ANY(sk, &der); else - is_set = 0; - + derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); - derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, - V_ASN1_UNIVERSAL, is_set); - der = OPENSSL_malloc(derlen); - p = der; - i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, - V_ASN1_UNIVERSAL, is_set); + if (derlen < 0) + goto bad; if (!(ret = ASN1_TYPE_new())) goto bad; @@ -498,8 +503,6 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) if (sk) sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); - if (typ) - ASN1_TYPE_free(typ); if (sect) X509V3_section_free(cnf, sect); @@ -549,7 +552,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons static int asn1_str2tag(const char *tagstr, int len) { unsigned int i; - static struct tag_name_st *tntmp, tnst [] = { + static const struct tag_name_st *tntmp, tnst [] = { ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), ASN1_GEN_STR("NULL", V_ASN1_NULL), @@ -584,6 +587,8 @@ static int asn1_str2tag(const char *tagstr, int len) ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), + ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), + ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), /* Special cases */ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), @@ -729,6 +734,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_VISIBLESTRING: case V_ASN1_UNIVERSALSTRING: case V_ASN1_GENERALSTRING: + case V_ASN1_NUMERICSTRING: if (format == ASN1_GEN_FORMAT_ASCII) format = MBSTRING_ASC; diff --git a/lib/libssl/src/crypto/bf/Makefile b/lib/libssl/src/crypto/bf/Makefile index 7f4f03eb821..dd2c2c708e6 100644 --- a/lib/libssl/src/crypto/bf/Makefile +++ b/lib/libssl/src/crypto/bf/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r BF_ENC= bf_enc.o -# or use -#DES_ENC= bx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -40,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -# COFF -bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -# a.out -bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +bf-586.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -103,9 +94,5 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c -bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h -bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_skey.o: bf_locl.h bf_pi.h bf_skey.c +bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h +bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c diff --git a/lib/libssl/src/crypto/bio/Makefile b/lib/libssl/src/crypto/bio/Makefile index 1cd76ce7a2f..c395d804968 100644 --- a/lib/libssl/src/crypto/bio/Makefile +++ b/lib/libssl/src/crypto/bio/Makefile @@ -45,7 +45,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -102,11 +102,12 @@ b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c b_sock.o: ../../e_os.h ../../include/openssl/bio.h b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c +b_sock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +b_sock.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +b_sock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +b_sock.o: ../cryptlib.h b_sock.c bf_buff.o: ../../e_os.h ../../include/openssl/bio.h bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/lib/libssl/src/crypto/bio/bio_lcl.h b/lib/libssl/src/crypto/bio/bio_lcl.h index dba2919d430..e7f7ec8d8bf 100644 --- a/lib/libssl/src/crypto/bio/bio_lcl.h +++ b/lib/libssl/src/crypto/bio/bio_lcl.h @@ -18,11 +18,19 @@ #define UP_ftell ftell #define UP_fflush fflush #define UP_ferror ferror +#ifdef _WIN32 +#define UP_fileno _fileno +#define UP_open _open +#define UP_read _read +#define UP_write _write +#define UP_lseek _lseek +#define UP_close _close +#else #define UP_fileno fileno - #define UP_open open #define UP_read read #define UP_write write #define UP_lseek lseek #define UP_close close #endif +#endif diff --git a/lib/libssl/src/crypto/bn/asm/alpha-mont.pl b/lib/libssl/src/crypto/bn/asm/alpha-mont.pl index 7a2cc3173b0..f7e0ca1646c 100644 --- a/lib/libssl/src/crypto/bn/asm/alpha-mont.pl +++ b/lib/libssl/src/crypto/bn/asm/alpha-mont.pl @@ -53,15 +53,15 @@ $code=<<___; .align 5 .ent bn_mul_mont bn_mul_mont: - lda sp,-40(sp) + lda sp,-48(sp) stq ra,0(sp) stq s3,8(sp) stq s4,16(sp) stq s5,24(sp) stq fp,32(sp) mov sp,fp - .mask 0x0400f000,-40 - .frame fp,40,ra + .mask 0x0400f000,-48 + .frame fp,48,ra .prologue 0 .align 4 @@ -306,7 +306,7 @@ bn_mul_mont: ldq s4,16(sp) ldq s5,24(sp) ldq fp,32(sp) - lda sp,40(sp) + lda sp,48(sp) ret (ra) .end bn_mul_mont .rdata diff --git a/lib/libssl/src/crypto/bn/asm/armv4-mont.pl b/lib/libssl/src/crypto/bn/asm/armv4-mont.pl index 05d5dc1a482..14e0d2d1dd5 100644 --- a/lib/libssl/src/crypto/bn/asm/armv4-mont.pl +++ b/lib/libssl/src/crypto/bn/asm/armv4-mont.pl @@ -193,6 +193,7 @@ bn_mul_mont: bx lr @ interoperable with Thumb ISA:-) .size bn_mul_mont,.-bn_mul_mont .asciz "Montgomery multiplication for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 ___ $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 diff --git a/lib/libssl/src/crypto/bn/asm/ppc.pl b/lib/libssl/src/crypto/bn/asm/ppc.pl index 08e00534738..37c65d35111 100644 --- a/lib/libssl/src/crypto/bn/asm/ppc.pl +++ b/lib/libssl/src/crypto/bn/asm/ppc.pl @@ -100,9 +100,9 @@ # me a note at schari@us.ibm.com # -$opf = shift; +$flavour = shift; -if ($opf =~ /32\.s/) { +if ($flavour =~ /32/) { $BITS= 32; $BNSZ= $BITS/8; $ISA= "\"ppc\""; @@ -125,7 +125,7 @@ if ($opf =~ /32\.s/) { $INSR= "insrwi"; # insert right $ROTL= "rotlwi"; # rotate left by immediate $TR= "tw"; # conditional trap -} elsif ($opf =~ /64\.s/) { +} elsif ($flavour =~ /64/) { $BITS= 64; $BNSZ= $BITS/8; $ISA= "\"ppc64\""; @@ -149,93 +149,16 @@ if ($opf =~ /32\.s/) { $INSR= "insrdi"; # insert right $ROTL= "rotldi"; # rotate left by immediate $TR= "td"; # conditional trap -} else { die "nonsense $opf"; } +} else { die "nonsense $flavour"; } -( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!"; +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; -# function entry points from the AIX code -# -# There are other, more elegant, ways to handle this. We (IBM) chose -# this approach as it plays well with scripts we run to 'namespace' -# OpenSSL .i.e. we add a prefix to all the public symbols so we can -# co-exist in the same process with other implementations of OpenSSL. -# 'cleverer' ways of doing these substitutions tend to hide data we -# need to be obvious. -# -my @items = ("bn_sqr_comba4", - "bn_sqr_comba8", - "bn_mul_comba4", - "bn_mul_comba8", - "bn_sub_words", - "bn_add_words", - "bn_div_words", - "bn_sqr_words", - "bn_mul_words", - "bn_mul_add_words"); +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; -if ($opf =~ /linux/) { do_linux(); } -elsif ($opf =~ /aix/) { do_aix(); } -elsif ($opf =~ /osx/) { do_osx(); } -else { do_bsd(); } - -sub do_linux { - $d=&data(); - - if ($BITS==64) { - foreach $t (@items) { - $d =~ s/\.$t:/\ -\t.section\t".opd","aw"\ -\t.align\t3\ -\t.globl\t$t\ -$t:\ -\t.quad\t.$t,.TOC.\@tocbase,0\ -\t.size\t$t,24\ -\t.previous\n\ -\t.type\t.$t,\@function\ -\t.globl\t.$t\ -.$t:/g; - } - } - else { - foreach $t (@items) { - $d=~s/\.$t/$t/g; - } - } - # hide internal labels to avoid pollution of name table... - $d=~s/Lppcasm_/.Lppcasm_/gm; - print $d; -} - -sub do_aix { - # AIX assembler is smart enough to please the linker without - # making us do something special... - print &data(); -} - -# MacOSX 32 bit -sub do_osx { - $d=&data(); - # Change the bn symbol prefix from '.' to '_' - foreach $t (@items) { - $d=~s/\.$t/_$t/g; - } - # Change .machine to something OS X asm will accept - $d=~s/\.machine.*/.text/g; - $d=~s/\#/;/g; # change comment from '#' to ';' - print $d; -} - -# BSD (Untested) -sub do_bsd { - $d=&data(); - foreach $t (@items) { - $d=~s/\.$t/_$t/g; - } - print $d; -} - -sub data { - local($data)=<<EOF; +$data=<<EOF; #-------------------------------------------------------------------- # # @@ -297,33 +220,20 @@ sub data { # # Defines to be used in the assembly code. # -.set r0,0 # we use it as storage for value of 0 -.set SP,1 # preserved -.set RTOC,2 # preserved -.set r3,3 # 1st argument/return value -.set r4,4 # 2nd argument/volatile register -.set r5,5 # 3rd argument/volatile register -.set r6,6 # ... -.set r7,7 -.set r8,8 -.set r9,9 -.set r10,10 -.set r11,11 -.set r12,12 -.set r13,13 # not used, nor any other "below" it... - -.set BO_IF_NOT,4 -.set BO_IF,12 -.set BO_dCTR_NZERO,16 -.set BO_dCTR_ZERO,18 -.set BO_ALWAYS,20 -.set CR0_LT,0; -.set CR0_GT,1; -.set CR0_EQ,2 -.set CR1_FX,4; -.set CR1_FEX,5; -.set CR1_VX,6 -.set LR,8 +#.set r0,0 # we use it as storage for value of 0 +#.set SP,1 # preserved +#.set RTOC,2 # preserved +#.set r3,3 # 1st argument/return value +#.set r4,4 # 2nd argument/volatile register +#.set r5,5 # 3rd argument/volatile register +#.set r6,6 # ... +#.set r7,7 +#.set r8,8 +#.set r9,9 +#.set r10,10 +#.set r11,11 +#.set r12,12 +#.set r13,13 # not used, nor any other "below" it... # Declare function names to be global # NOTE: For gcc these names MUST be changed to remove @@ -344,7 +254,7 @@ sub data { # .text section - .machine $ISA + .machine "any" # # NOTE: The following label name should be changed to @@ -478,7 +388,7 @@ sub data { $ST r9,`6*$BNSZ`(r3) #r[6]=c1 $ST r10,`7*$BNSZ`(r3) #r[7]=c2 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -903,7 +813,7 @@ sub data { $ST r9, `15*$BNSZ`(r3) #r[15]=c1; - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 @@ -1055,7 +965,7 @@ sub data { $ST r10,`6*$BNSZ`(r3) #r[6]=c1 $ST r11,`7*$BNSZ`(r3) #r[7]=c2 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1591,7 +1501,7 @@ sub data { adde r10,r10,r9 $ST r12,`14*$BNSZ`(r3) #r[14]=c3; $ST r10,`15*$BNSZ`(r3) #r[15]=c1; - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1623,7 +1533,7 @@ sub data { subfc. r7,r0,r6 # If r6 is 0 then result is 0. # if r6 > 0 then result !=0 # In either case carry bit is set. - bc BO_IF,CR0_EQ,Lppcasm_sub_adios + beq Lppcasm_sub_adios addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ addi r5,r5,-$BNSZ @@ -1635,11 +1545,11 @@ Lppcasm_sub_mainloop: # if carry = 1 this is r7-r8. Else it # is r7-r8 -1 as we need. $STU r6,$BNSZ(r3) - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop + bdnz- Lppcasm_sub_mainloop Lppcasm_sub_adios: subfze r3,r0 # if carry bit is set then r3 = 0 else -1 andi. r3,r3,1 # keep only last bit. - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 @@ -1670,7 +1580,7 @@ Lppcasm_sub_adios: # check for r6 = 0. Is this needed? # addic. r6,r6,0 #test r6 and clear carry bit. - bc BO_IF,CR0_EQ,Lppcasm_add_adios + beq Lppcasm_add_adios addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ addi r5,r5,-$BNSZ @@ -1680,10 +1590,10 @@ Lppcasm_add_mainloop: $LDU r8,$BNSZ(r5) adde r8,r7,r8 $STU r8,$BNSZ(r3) - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop + bdnz- Lppcasm_add_mainloop Lppcasm_add_adios: addze r3,r0 #return carry bit. - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1707,24 +1617,24 @@ Lppcasm_add_adios: # r5 = d $UCMPI 0,r5,0 # compare r5 and 0 - bc BO_IF_NOT,CR0_EQ,Lppcasm_div1 # proceed if d!=0 + bne Lppcasm_div1 # proceed if d!=0 li r3,-1 # d=0 return -1 - bclr BO_ALWAYS,CR0_LT + blr Lppcasm_div1: xor r0,r0,r0 #r0=0 li r8,$BITS $CNTLZ. r7,r5 #r7 = num leading 0s in d. - bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if no leading zeros + beq Lppcasm_div2 #proceed if no leading zeros subf r8,r7,r8 #r8 = BN_num_bits_word(d) $SHR. r9,r3,r8 #are there any bits above r8'th? $TR 16,r9,r0 #if there're, signal to dump core... Lppcasm_div2: $UCMP 0,r3,r5 #h>=d? - bc BO_IF,CR0_LT,Lppcasm_div3 #goto Lppcasm_div3 if not + blt Lppcasm_div3 #goto Lppcasm_div3 if not subf r3,r5,r3 #h-=d ; Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i cmpi 0,0,r7,0 # is (i == 0)? - bc BO_IF,CR0_EQ,Lppcasm_div4 + beq Lppcasm_div4 $SHL r3,r3,r7 # h = (h<< i) $SHR r8,r4,r8 # r8 = (l >> BN_BITS2 -i) $SHL r5,r5,r7 # d<<=i @@ -1741,7 +1651,7 @@ Lppcasm_divouterloop: $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4 # compute here for innerloop. $UCMP 0,r8,r9 # is (h>>BN_BITS4)==dh - bc BO_IF_NOT,CR0_EQ,Lppcasm_div5 # goto Lppcasm_div5 if not + bne Lppcasm_div5 # goto Lppcasm_div5 if not li r8,-1 $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l @@ -1762,9 +1672,9 @@ Lppcasm_divinnerloop: # the following 2 instructions do that $SHLI r7,r10,`$BITS/2` # r7 = (t<<BN_BITS4) or r7,r7,r11 # r7|=((l&BN_MASK2h)>>BN_BITS4) - $UCMP 1,r6,r7 # compare (tl <= r7) - bc BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit - bc BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit + $UCMP cr1,r6,r7 # compare (tl <= r7) + bne Lppcasm_divinnerexit + ble cr1,Lppcasm_divinnerexit addi r8,r8,-1 #q-- subf r12,r9,r12 #th -=dh $CLRU r10,r5,`$BITS/2` #r10=dl. t is no longer needed in loop. @@ -1773,14 +1683,14 @@ Lppcasm_divinnerloop: Lppcasm_divinnerexit: $SHRI r10,r6,`$BITS/2` #t=(tl>>BN_BITS4) $SHLI r11,r6,`$BITS/2` #tl=(tl<<BN_BITS4)&BN_MASK2h; - $UCMP 1,r4,r11 # compare l and tl + $UCMP cr1,r4,r11 # compare l and tl add r12,r12,r10 # th+=t - bc BO_IF_NOT,CR1_FX,Lppcasm_div7 # if (l>=tl) goto Lppcasm_div7 + bge cr1,Lppcasm_div7 # if (l>=tl) goto Lppcasm_div7 addi r12,r12,1 # th++ Lppcasm_div7: subf r11,r11,r4 #r11=l-tl - $UCMP 1,r3,r12 #compare h and th - bc BO_IF_NOT,CR1_FX,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 + $UCMP cr1,r3,r12 #compare h and th + bge cr1,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 addi r8,r8,-1 # q-- add r3,r5,r3 # h+=d Lppcasm_div8: @@ -1791,12 +1701,12 @@ Lppcasm_div8: # the following 2 instructions will do this. $INSR r11,r12,`$BITS/2`,`$BITS/2` # r11 is the value we want rotated $BITS/2. $ROTL r3,r11,`$BITS/2` # rotate by $BITS/2 and store in r3 - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ; + bdz Lppcasm_div9 #if (count==0) break ; $SHLI r0,r8,`$BITS/2` #ret =q<<BN_BITS4 b Lppcasm_divouterloop Lppcasm_div9: or r3,r8,r0 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1822,7 +1732,7 @@ Lppcasm_div9: # No unrolling done here. Not performance critical. addic. r5,r5,0 #test r5. - bc BO_IF,CR0_EQ,Lppcasm_sqr_adios + beq Lppcasm_sqr_adios addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ mtctr r5 @@ -1833,9 +1743,9 @@ Lppcasm_sqr_mainloop: $UMULH r8,r6,r6 $STU r7,$BNSZ(r3) $STU r8,$BNSZ(r3) - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop + bdnz- Lppcasm_sqr_mainloop Lppcasm_sqr_adios: - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 @@ -1858,7 +1768,7 @@ Lppcasm_sqr_adios: xor r0,r0,r0 xor r12,r12,r12 # used for carry rlwinm. r7,r5,30,2,31 # num >> 2 - bc BO_IF,CR0_EQ,Lppcasm_mw_REM + beq Lppcasm_mw_REM mtctr r7 Lppcasm_mw_LOOP: #mul(rp[0],ap[0],w,c1); @@ -1896,11 +1806,11 @@ Lppcasm_mw_LOOP: addi r3,r3,`4*$BNSZ` addi r4,r4,`4*$BNSZ` - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP + bdnz- Lppcasm_mw_LOOP Lppcasm_mw_REM: andi. r5,r5,0x3 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul(rp[0],ap[0],w,c1); $LD r8,`0*$BNSZ`(r4) $UMULL r9,r6,r8 @@ -1912,7 +1822,7 @@ Lppcasm_mw_REM: addi r5,r5,-1 cmpli 0,0,r5,0 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul(rp[1],ap[1],w,c1); @@ -1926,7 +1836,7 @@ Lppcasm_mw_REM: addi r5,r5,-1 cmpli 0,0,r5,0 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul_add(rp[2],ap[2],w,c1); $LD r8,`2*$BNSZ`(r4) @@ -1939,7 +1849,7 @@ Lppcasm_mw_REM: Lppcasm_mw_OVER: addi r3,r12,0 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1964,7 +1874,7 @@ Lppcasm_mw_OVER: xor r0,r0,r0 #r0 = 0 xor r12,r12,r12 #r12 = 0 . used for carry rlwinm. r7,r5,30,2,31 # num >> 2 - bc BO_IF,CR0_EQ,Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover + beq Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover mtctr r7 Lppcasm_maw_mainloop: #mul_add(rp[0],ap[0],w,c1); @@ -2017,11 +1927,11 @@ Lppcasm_maw_mainloop: $ST r11,`3*$BNSZ`(r3) addi r3,r3,`4*$BNSZ` addi r4,r4,`4*$BNSZ` - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop + bdnz- Lppcasm_maw_mainloop Lppcasm_maw_leftover: andi. r5,r5,0x3 - bc BO_IF,CR0_EQ,Lppcasm_maw_adios + beq Lppcasm_maw_adios addi r3,r3,-$BNSZ addi r4,r4,-$BNSZ #mul_add(rp[0],ap[0],w,c1); @@ -2036,7 +1946,7 @@ Lppcasm_maw_leftover: addze r12,r10 $ST r9,0(r3) - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios + bdz Lppcasm_maw_adios #mul_add(rp[1],ap[1],w,c1); $LDU r8,$BNSZ(r4) $UMULL r9,r6,r8 @@ -2048,7 +1958,7 @@ Lppcasm_maw_leftover: addze r12,r10 $ST r9,0(r3) - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios + bdz Lppcasm_maw_adios #mul_add(rp[2],ap[2],w,c1); $LDU r8,$BNSZ(r4) $UMULL r9,r6,r8 @@ -2062,17 +1972,10 @@ Lppcasm_maw_leftover: Lppcasm_maw_adios: addi r3,r12,0 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 .align 4 EOF - $data =~ s/\`([^\`]*)\`/eval $1/gem; - - # if some assembler chokes on some simplified mnemonic, - # this is the spot to fix it up, e.g.: - # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare - $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm; - # assembler X doesn't accept li, load immediate value - #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm; - return($data); -} +$data =~ s/\`([^\`]*)\`/eval $1/gem; +print $data; +close STDOUT; diff --git a/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c b/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c index f13f52dd853..acb0b401181 100644 --- a/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c +++ b/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c @@ -1,4 +1,5 @@ -#ifdef __SUNPRO_C +#include "../bn_lcl.h" +#if !(defined(__GNUC__) && __GNUC__>=2) # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ #else /* @@ -54,7 +55,15 @@ * machine. */ +#ifdef _WIN64 +#define BN_ULONG unsigned long long +#else #define BN_ULONG unsigned long +#endif + +#undef mul +#undef mul_add +#undef sqr /* * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; @@ -97,7 +106,7 @@ : "a"(a) \ : "cc"); -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1=0; @@ -121,7 +130,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c1); } -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1=0; @@ -144,7 +153,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c1); } -void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) +void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { if (n <= 0) return; @@ -175,14 +184,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) return ret; } -BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) +BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) { BN_ULONG ret=0,i=0; if (n <= 0) return 0; asm ( " subq %2,%2 \n" - ".align 16 \n" + ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" " adcq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" @@ -198,14 +207,14 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) } #ifndef SIMICS -BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) +BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) { BN_ULONG ret=0,i=0; if (n <= 0) return 0; asm ( " subq %2,%2 \n" - ".align 16 \n" + ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" " sbbq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" @@ -485,7 +494,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) r[7]=c2; } -void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) +void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -561,7 +570,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) r[15]=c1; } -void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) +void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; diff --git a/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl b/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl index c43b69592a5..3b7a6f243f2 100755 --- a/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl +++ b/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl @@ -15,14 +15,18 @@ # respectful 50%. It remains to be seen if loop unrolling and # dedicated squaring routine can provide further improvement... -$output=shift; +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $output"; +open STDOUT,"| $^X $xlate $flavour $output"; # int bn_mul_mont( $rp="%rdi"; # BN_ULONG *rp, @@ -55,13 +59,14 @@ bn_mul_mont: push %r15 mov ${num}d,${num}d - lea 2($num),%rax - mov %rsp,%rbp - neg %rax - lea (%rsp,%rax,8),%rsp # tp=alloca(8*(num+2)) + lea 2($num),%r10 + mov %rsp,%r11 + neg %r10 + lea (%rsp,%r10,8),%rsp # tp=alloca(8*(num+2)) and \$-1024,%rsp # minimize TLB usage - mov %rbp,8(%rsp,$num,8) # tp[num+1]=%rsp + mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp +.Lprologue: mov %rdx,$bp # $bp reassigned, remember? mov ($n0),$n0 # pull n0[0] value @@ -197,18 +202,129 @@ bn_mul_mont: dec $j jge .Lcopy - mov 8(%rsp,$num,8),%rsp # restore %rsp + mov 8(%rsp,$num,8),%rsi # restore %rsp mov \$1,%rax + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue: + ret +.size bn_mul_mont,.-bn_mul_mont +.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>" +.align 16 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + mov 192($context),%r10 # pull $num + mov 8(%rax,%r10,8),%rax # pull saved stack pointer + lea 48(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq pop %r15 pop %r14 pop %r13 pop %r12 pop %rbp pop %rbx + pop %rdi + pop %rsi ret -.size bn_mul_mont,.-bn_mul_mont -.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>" +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_bn_mul_mont + .rva .LSEH_end_bn_mul_mont + .rva .LSEH_info_bn_mul_mont + +.section .xdata +.align 8 +.LSEH_info_bn_mul_mont: + .byte 9,0,0,0 + .rva se_handler ___ +} print $code; close STDOUT; diff --git a/lib/libssl/src/crypto/buffer/Makefile b/lib/libssl/src/crypto/buffer/Makefile index 9e0f46e19ab..9f3a88d2d6a 100644 --- a/lib/libssl/src/crypto/buffer/Makefile +++ b/lib/libssl/src/crypto/buffer/Makefile @@ -17,8 +17,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= buffer.c buf_str.c buf_err.c -LIBOBJ= buffer.o buf_str.o buf_err.o +LIBSRC= buffer.c buf_err.c +LIBOBJ= buffer.o buf_err.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -81,13 +81,6 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h buf_err.o: buf_err.c -buf_str.o: ../../e_os.h ../../include/openssl/bio.h -buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c buffer.o: ../../e_os.h ../../include/openssl/bio.h buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/lib/libssl/src/crypto/camellia/Makefile b/lib/libssl/src/crypto/camellia/Makefile index dfb12951fd4..ff5fe4a01db 100644 --- a/lib/libssl/src/crypto/camellia/Makefile +++ b/lib/libssl/src/crypto/camellia/Makefile @@ -11,7 +11,7 @@ CFLAG=-g MAKEFILE= Makefile AR= ar r -CAMELLIA_ASM_OBJ= +CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -25,8 +25,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \ cmll_cfb.c cmll_ctr.c -LIBOBJ= camellia.o cmll_misc.o cmll_ecb.o cmll_cbc.o cmll_ofb.o \ - cmll_cfb.o cmll_ctr.o $(CAMELLIA_ASM_OBJ) +LIBOBJ= cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o $(CMLL_ENC) SRC= $(LIBSRC) @@ -41,12 +40,14 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -$(LIBOBJ): $(LIBSRC) - +cmll-x86.s: asm/cmll-x86.pl ../perlasm/x86asm.pl + $(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +cmll-x86_64.s: asm/cmll-x86_64.pl + $(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -85,19 +86,18 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -camellia.o: camellia.c camellia.h cmll_locl.h -cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h -cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h -cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h -cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -cmll_cfb.o: cmll_cfb.c cmll_locl.h -cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h -cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h -cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h +camellia.o: ../../include/openssl/opensslconf.h camellia.c camellia.h +camellia.o: cmll_locl.h +cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h +cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c +cmll_cfb.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h +cmll_cfb.o: ../../include/openssl/opensslconf.h cmll_cfb.c +cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h +cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c +cmll_ecb.o: ../../include/openssl/camellia.h cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h -cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h +cmll_misc.o: ../../include/openssl/camellia.h cmll_misc.o: ../../include/openssl/opensslconf.h cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c -cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h -cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c +cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h +cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_ofb.c diff --git a/lib/libssl/src/crypto/camellia/asm/cmll-x86.pl b/lib/libssl/src/crypto/camellia/asm/cmll-x86.pl index 0812815bfb8..027302ac869 100644 --- a/lib/libssl/src/crypto/camellia/asm/cmll-x86.pl +++ b/lib/libssl/src/crypto/camellia/asm/cmll-x86.pl @@ -1133,6 +1133,6 @@ my ($s0,$s1,$s2,$s3) = @T; &function_end("Camellia_cbc_encrypt"); } -&asciz("Camellia for x86 by <appro@openssl.org>"); +&asciz("Camellia for x86 by <appro\@openssl.org>"); &asm_finish(); diff --git a/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl b/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl index c683646ca7c..76955e47265 100644 --- a/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl +++ b/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl @@ -656,7 +656,7 @@ Camellia_cbc_encrypt: mov %rsi,$out # out argument mov %r8,%rbx # ivp argument mov %rcx,$key # key argument - mov 272(%rcx),$keyend # grandRounds + mov 272(%rcx),${keyend}d # grandRounds mov %r8,$_ivp mov %rbp,$_rsp @@ -859,7 +859,7 @@ Camellia_cbc_encrypt: ret .size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt -.asciz "Camellia for x86_64 by <appro@openssl.org>" +.asciz "Camellia for x86_64 by <appro\@openssl.org>" ___ } diff --git a/lib/libssl/src/crypto/camellia/camellia.c b/lib/libssl/src/crypto/camellia/camellia.c index 491c26b39e9..75fc8991c08 100644 --- a/lib/libssl/src/crypto/camellia/camellia.c +++ b/lib/libssl/src/crypto/camellia/camellia.c @@ -68,1557 +68,515 @@ /* Algorithm Specification http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html */ - - -#include <string.h> -#include <stdlib.h> + +/* + * This release balances code size and performance. In particular key + * schedule setup is fully unrolled, because doing so *significantly* + * reduces amount of instructions per setup round and code increase is + * justifiable. In block functions on the other hand only inner loops + * are unrolled, as full unroll gives only nominal performance boost, + * while code size grows 4 or 7 times. Also, unlike previous versions + * this one "encourages" compiler to keep intermediate variables in + * registers, which should give better "all round" results, in other + * words reasonable performance even with not so modern compilers. + */ #include "camellia.h" #include "cmll_locl.h" +#include <string.h> +#include <stdlib.h> -/* key constants */ -#define CAMELLIA_SIGMA1L (0xA09E667FL) -#define CAMELLIA_SIGMA1R (0x3BCC908BL) -#define CAMELLIA_SIGMA2L (0xB67AE858L) -#define CAMELLIA_SIGMA2R (0x4CAA73B2L) -#define CAMELLIA_SIGMA3L (0xC6EF372FL) -#define CAMELLIA_SIGMA3R (0xE94F82BEL) -#define CAMELLIA_SIGMA4L (0x54FF53A5L) -#define CAMELLIA_SIGMA4R (0xF1D36F1CL) -#define CAMELLIA_SIGMA5L (0x10E527FAL) -#define CAMELLIA_SIGMA5R (0xDE682D1DL) -#define CAMELLIA_SIGMA6L (0xB05688C2L) -#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) - +/* 32-bit rotations */ +#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +# define RightRotate(x, s) _lrotr(x, s) +# define LeftRotate(x, s) _lrotl(x, s) +# if _MSC_VER >= 1400 +# define SWAP(x) _byteswap_ulong(x) +# else +# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +# endif +# define GETU32(p) SWAP(*((u32 *)(p))) +# define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v))) +# elif defined(__GNUC__) && __GNUC__>=2 +# if defined(__i386) || defined(__x86_64) +# define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) +# define LeftRotate(x,s) ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) +# if defined(B_ENDIAN) /* stratus.com does it */ +# define GETU32(p) (*(u32 *)(p)) +# define PUTU32(p,v) (*(u32 *)(p)=(v)) +# else +# define GETU32(p) ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; }) +# define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; }) +# endif +# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) +# define LeftRotate(x,s) ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; }) +# define RightRotate(x,s) LeftRotate(x,(32-s)) +# elif defined(__s390x__) +# define LeftRotate(x,s) ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; }) +# define RightRotate(x,s) LeftRotate(x,(32-s)) +# define GETU32(p) (*(u32 *)(p)) +# define PUTU32(p,v) (*(u32 *)(p)=(v)) +# endif +# endif +#endif + +#if !defined(RightRotate) && !defined(LeftRotate) +# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) +# define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) +#endif + +#if !defined(GETU32) && !defined(PUTU32) +# define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) +# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) +#endif + +/* S-box data */ +#define SBOX1_1110 Camellia_SBOX[0] +#define SBOX4_4404 Camellia_SBOX[1] +#define SBOX2_0222 Camellia_SBOX[2] +#define SBOX3_3033 Camellia_SBOX[3] +static const u32 Camellia_SBOX[][256] = { +{ 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, + 0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, + 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00, + 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, + 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, + 0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, + 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000, + 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, + 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, + 0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, + 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00, + 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, + 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, + 0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, + 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700, + 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, + 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, + 0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, + 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400, + 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, + 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, + 0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, + 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00, + 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, + 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, + 0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, + 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00, + 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, + 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, + 0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, + 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600, + 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, + 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, + 0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, + 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800, + 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, + 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, + 0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, + 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900, + 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, + 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, + 0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, + 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 }, +{ 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, + 0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, + 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af, + 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, + 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, + 0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, + 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb, + 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, + 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, + 0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, + 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0, + 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, + 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, + 0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, + 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8, + 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, + 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, + 0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, + 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9, + 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, + 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, + 0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, + 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093, + 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, + 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, + 0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, + 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066, + 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, + 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, + 0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, + 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2, + 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, + 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, + 0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, + 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002, + 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, + 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, + 0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, + 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a, + 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, + 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, + 0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, + 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e }, +{ 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, + 0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, + 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf, + 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, + 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, + 0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, + 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060, + 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, + 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, + 0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, + 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a, + 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, + 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, + 0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, + 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f, + 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, + 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, + 0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, + 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888, + 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, + 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, + 0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, + 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6, + 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, + 0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, + 0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, + 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8, + 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, + 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, + 0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, + 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d, + 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, + 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, + 0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, + 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131, + 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, + 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, + 0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, + 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292, + 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, + 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, + 0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, + 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d }, +{ 0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, + 0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, + 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7, + 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, + 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, + 0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, + 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818, + 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, + 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, + 0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, + 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686, + 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, + 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, + 0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, + 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb, + 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, + 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, + 0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, + 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222, + 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, + 0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, + 0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, + 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad, + 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, + 0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, + 0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, + 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e, + 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, + 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, + 0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, + 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b, + 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, + 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, + 0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, + 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c, + 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, + 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, + 0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, + 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4, + 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, + 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, + 0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, + 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f } +}; + +/* Key generation constants */ +static const u32 SIGMA[] = { + 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be, + 0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd +}; + +/* The phi algorithm given in C.2.7 of the Camellia spec document. */ /* - * macros + * This version does not attempt to minimize amount of temporary + * variables, but instead explicitly exposes algorithm's parallelism. + * It is therefore most appropriate for platforms with not less than + * ~16 registers. For platforms with less registers [well, x86 to be + * specific] assembler version should be/is provided anyway... */ - -/* e is pointer of subkey */ -#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) -#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) - -/* rotation right shift 1byte */ -#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) -/* rotation left shift 1bit */ -#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) -/* rotation left shift 1byte */ -#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) - -#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ -do \ - { \ - w0 = ll; \ - ll = (ll << bits) + (lr >> (32 - bits)); \ - lr = (lr << bits) + (rl >> (32 - bits)); \ - rl = (rl << bits) + (rr >> (32 - bits)); \ - rr = (rr << bits) + (w0 >> (32 - bits)); \ - } while(0) - -#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ -do \ - { \ - w0 = ll; \ - w1 = lr; \ - ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ - lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ - rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ - rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ - } while(0) - -#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) -#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) -#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) -#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) - -#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ -do \ - { \ - il = xl ^ kl; \ - ir = xr ^ kr; \ - t0 = il >> 16; \ - t1 = ir >> 16; \ - yl = CAMELLIA_SP1110(ir & 0xff) \ - ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ - ^ CAMELLIA_SP3033(t1 & 0xff) \ - ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ - yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ - ^ CAMELLIA_SP0222(t0 & 0xff) \ - ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ - ^ CAMELLIA_SP4404(il & 0xff); \ - yl ^= yr; \ - yr = CAMELLIA_RR8(yr); \ - yr ^= yl; \ - } while(0) - +#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\ + register u32 _t0,_t1,_t2,_t3;\ +\ + _t0 = _s0 ^ (_key)[0];\ + _t3 = SBOX4_4404[_t0&0xff];\ + _t1 = _s1 ^ (_key)[1];\ + _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\ + _t2 = SBOX1_1110[_t1&0xff];\ + _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\ + _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\ + _t3 ^= SBOX1_1110[(_t0 >> 24)];\ + _t2 ^= _t3;\ + _t3 = RightRotate(_t3,8);\ + _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\ + _s3 ^= _t3;\ + _t2 ^= SBOX2_0222[(_t1 >> 24)];\ + _s2 ^= _t2; \ + _s3 ^= _t2;\ +} while(0) /* - * for speed up - * + * Note that n has to be less than 32. Rotations for larger amount + * of bits are achieved by "rotating" order of s-elements and + * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32). */ -#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ -do \ - { \ - t0 = kll; \ - t0 &= ll; \ - lr ^= CAMELLIA_RL1(t0); \ - t1 = klr; \ - t1 |= lr; \ - ll ^= t1; \ - \ - t2 = krr; \ - t2 |= rr; \ - rl ^= t2; \ - t3 = krl; \ - t3 &= rl; \ - rr ^= CAMELLIA_RL1(t3); \ - } while(0) - -#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ -do \ - { \ - il = xl; \ - ir = xr; \ - t0 = il >> 16; \ - t1 = ir >> 16; \ - ir = CAMELLIA_SP1110(ir & 0xff) \ - ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ - ^ CAMELLIA_SP3033(t1 & 0xff) \ - ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ - il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ - ^ CAMELLIA_SP0222(t0 & 0xff) \ - ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ - ^ CAMELLIA_SP4404(il & 0xff); \ - il ^= kl; \ - ir ^= kr; \ - ir ^= il; \ - il = CAMELLIA_RR8(il); \ - il ^= ir; \ - yl ^= ir; \ - yr ^= il; \ - } while(0) - -static const u32 camellia_sp1110[256] = - { - 0x70707000,0x82828200,0x2c2c2c00,0xececec00, - 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, - 0xe4e4e400,0x85858500,0x57575700,0x35353500, - 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, - 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, - 0x45454500,0x19191900,0xa5a5a500,0x21212100, - 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, - 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, - 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, - 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, - 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, - 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, - 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, - 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, - 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, - 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, - 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, - 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, - 0x74747400,0x12121200,0x2b2b2b00,0x20202000, - 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, - 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, - 0x34343400,0x7e7e7e00,0x76767600,0x05050500, - 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, - 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, - 0x14141400,0x58585800,0x3a3a3a00,0x61616100, - 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, - 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, - 0x53535300,0x18181800,0xf2f2f200,0x22222200, - 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, - 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, - 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, - 0x60606000,0xfcfcfc00,0x69696900,0x50505000, - 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, - 0xa1a1a100,0x89898900,0x62626200,0x97979700, - 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, - 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, - 0x10101000,0xc4c4c400,0x00000000,0x48484800, - 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, - 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, - 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, - 0x87878700,0x5c5c5c00,0x83838300,0x02020200, - 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, - 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, - 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, - 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, - 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, - 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, - 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, - 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, - 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, - 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, - 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, - 0x78787800,0x98989800,0x06060600,0x6a6a6a00, - 0xe7e7e700,0x46464600,0x71717100,0xbababa00, - 0xd4d4d400,0x25252500,0xababab00,0x42424200, - 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, - 0x72727200,0x07070700,0xb9b9b900,0x55555500, - 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, - 0x36363600,0x49494900,0x2a2a2a00,0x68686800, - 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, - 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, - 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, - 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, - 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, - }; - -static const u32 camellia_sp0222[256] = +#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\ + u32 _t0=_s0>>(32-_n);\ + _s0 = (_s0<<_n) | (_s1>>(32-_n));\ + _s1 = (_s1<<_n) | (_s2>>(32-_n));\ + _s2 = (_s2<<_n) | (_s3>>(32-_n));\ + _s3 = (_s3<<_n) | _t0;\ +} while (0) + +int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k) { - 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, - 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, - 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, - 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, - 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, - 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, - 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, - 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, - 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, - 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, - 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, - 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, - 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, - 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, - 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, - 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, - 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, - 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, - 0x00e8e8e8,0x00242424,0x00565656,0x00404040, - 0x00e1e1e1,0x00636363,0x00090909,0x00333333, - 0x00bfbfbf,0x00989898,0x00979797,0x00858585, - 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, - 0x00dadada,0x006f6f6f,0x00535353,0x00626262, - 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, - 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, - 0x00bdbdbd,0x00363636,0x00222222,0x00383838, - 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, - 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, - 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, - 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, - 0x00484848,0x00101010,0x00d1d1d1,0x00515151, - 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, - 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, - 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, - 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, - 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, - 0x00202020,0x00898989,0x00000000,0x00909090, - 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, - 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, - 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, - 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, - 0x009b9b9b,0x00949494,0x00212121,0x00666666, - 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, - 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, - 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, - 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, - 0x00030303,0x002d2d2d,0x00dedede,0x00969696, - 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, - 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, - 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, - 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, - 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, - 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, - 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, - 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, - 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, - 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, - 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, - 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, - 0x00787878,0x00707070,0x00e3e3e3,0x00494949, - 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, - 0x00777777,0x00939393,0x00868686,0x00838383, - 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, - 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, - }; - -static const u32 camellia_sp3033[256] = - { - 0x38003838,0x41004141,0x16001616,0x76007676, - 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, - 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, - 0x75007575,0x06000606,0x57005757,0xa000a0a0, - 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, - 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, - 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, - 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, - 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, - 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, - 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, - 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, - 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, - 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, - 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, - 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, - 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, - 0xfd00fdfd,0x66006666,0x58005858,0x96009696, - 0x3a003a3a,0x09000909,0x95009595,0x10001010, - 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, - 0xef00efef,0x26002626,0xe500e5e5,0x61006161, - 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, - 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, - 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, - 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, - 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, - 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, - 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, - 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, - 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, - 0x12001212,0x04000404,0x74007474,0x54005454, - 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, - 0x55005555,0x68006868,0x50005050,0xbe00bebe, - 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, - 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, - 0x70007070,0xff00ffff,0x32003232,0x69006969, - 0x08000808,0x62006262,0x00000000,0x24002424, - 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, - 0x45004545,0x81008181,0x73007373,0x6d006d6d, - 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, - 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, - 0xe600e6e6,0x25002525,0x48004848,0x99009999, - 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, - 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, - 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, - 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, - 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, - 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, - 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, - 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, - 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, - 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, - 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, - 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, - 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, - 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, - 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, - 0x7c007c7c,0x77007777,0x56005656,0x05000505, - 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, - 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, - 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, - 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, - 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, - 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, - }; - -static const u32 camellia_sp4404[256] = - { - 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, - 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, - 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, - 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, - 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, - 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, - 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, - 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, - 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, - 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, - 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, - 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, - 0x14140014,0x3a3a003a,0xdede00de,0x11110011, - 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, - 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, - 0x24240024,0xe8e800e8,0x60600060,0x69690069, - 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, - 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, - 0x10100010,0x00000000,0xa3a300a3,0x75750075, - 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, - 0x87870087,0x83830083,0xcdcd00cd,0x90900090, - 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, - 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, - 0x81810081,0x6f6f006f,0x13130013,0x63630063, - 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, - 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, - 0x78780078,0x06060006,0xe7e700e7,0x71710071, - 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, - 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, - 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, - 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, - 0x15150015,0xadad00ad,0x77770077,0x80800080, - 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, - 0x85850085,0x35350035,0x0c0c000c,0x41410041, - 0xefef00ef,0x93930093,0x19190019,0x21210021, - 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, - 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, - 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, - 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, - 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, - 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, - 0x12120012,0x20200020,0xb1b100b1,0x99990099, - 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, - 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, - 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, - 0x0f0f000f,0x16160016,0x18180018,0x22220022, - 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, - 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, - 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, - 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, - 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, - 0x03030003,0xdada00da,0x3f3f003f,0x94940094, - 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, - 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, - 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, - 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, - 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, - 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, - 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, - 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, - 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, - 0x49490049,0x68680068,0x38380038,0xa4a400a4, - 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, - 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, - }; - -/** - * Stuff related to the Camellia key schedule - */ -#define subl(x) subL[(x)] -#define subr(x) subR[(x)] - -void camellia_setup128(const u8 *key, u32 *subkey) - { - u32 kll, klr, krl, krr; - u32 il, ir, t0, t1, w0, w1; - u32 kw4l, kw4r, dw, tl, tr; - u32 subL[26]; - u32 subR[26]; - - /** - * k == kll || klr || krl || krr (|| is concatination) - */ - kll = GETU32(key ); - klr = GETU32(key + 4); - krl = GETU32(key + 8); - krr = GETU32(key + 12); - /** - * generate KL dependent subkeys - */ - /* kw1 */ - subl(0) = kll; subr(0) = klr; - /* kw2 */ - subl(1) = krl; subr(1) = krr; - /* rotation left shift 15bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k3 */ - subl(4) = kll; subr(4) = klr; - /* k4 */ - subl(5) = krl; subr(5) = krr; - /* rotation left shift 15+30bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); - /* k7 */ - subl(10) = kll; subr(10) = klr; - /* k8 */ - subl(11) = krl; subr(11) = krr; - /* rotation left shift 15+30+15bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k10 */ - subl(13) = krl; subr(13) = krr; - /* rotation left shift 15+30+15+17 bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* kl3 */ - subl(16) = kll; subr(16) = klr; - /* kl4 */ - subl(17) = krl; subr(17) = krr; - /* rotation left shift 15+30+15+17+17 bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* k13 */ - subl(18) = kll; subr(18) = klr; - /* k14 */ - subl(19) = krl; subr(19) = krr; - /* rotation left shift 15+30+15+17+17+17 bit */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* k17 */ - subl(22) = kll; subr(22) = klr; - /* k18 */ - subl(23) = krl; subr(23) = krr; - - /* generate KA */ - kll = subl(0); klr = subr(0); - krl = subl(1); krr = subr(1); - CAMELLIA_F(kll, klr, - CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, - w0, w1, il, ir, t0, t1); - krl ^= w0; krr ^= w1; - CAMELLIA_F(krl, krr, - CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, - kll, klr, il, ir, t0, t1); - /* current status == (kll, klr, w0, w1) */ - CAMELLIA_F(kll, klr, - CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, - krl, krr, il, ir, t0, t1); - krl ^= w0; krr ^= w1; - CAMELLIA_F(krl, krr, - CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, - w0, w1, il, ir, t0, t1); - kll ^= w0; klr ^= w1; - - /* generate KA dependent subkeys */ - /* k1, k2 */ - subl(2) = kll; subr(2) = klr; - subl(3) = krl; subr(3) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k5,k6 */ - subl(6) = kll; subr(6) = klr; - subl(7) = krl; subr(7) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* kl1, kl2 */ - subl(8) = kll; subr(8) = klr; - subl(9) = krl; subr(9) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k9 */ - subl(12) = kll; subr(12) = klr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k11, k12 */ - subl(14) = kll; subr(14) = klr; - subl(15) = krl; subr(15) = krr; - CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); - /* k15, k16 */ - subl(20) = kll; subr(20) = klr; - subl(21) = krl; subr(21) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* kw3, kw4 */ - subl(24) = kll; subr(24) = klr; - subl(25) = krl; subr(25) = krr; - - - /* absorb kw2 to other subkeys */ -/* round 2 */ - subl(3) ^= subl(1); subr(3) ^= subr(1); -/* round 4 */ - subl(5) ^= subl(1); subr(5) ^= subr(1); -/* round 6 */ - subl(7) ^= subl(1); subr(7) ^= subr(1); - subl(1) ^= subr(1) & ~subr(9); - dw = subl(1) & subl(9), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ -/* round 8 */ - subl(11) ^= subl(1); subr(11) ^= subr(1); -/* round 10 */ - subl(13) ^= subl(1); subr(13) ^= subr(1); -/* round 12 */ - subl(15) ^= subl(1); subr(15) ^= subr(1); - subl(1) ^= subr(1) & ~subr(17); - dw = subl(1) & subl(17), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ -/* round 14 */ - subl(19) ^= subl(1); subr(19) ^= subr(1); -/* round 16 */ - subl(21) ^= subl(1); subr(21) ^= subr(1); -/* round 18 */ - subl(23) ^= subl(1); subr(23) ^= subr(1); -/* kw3 */ - subl(24) ^= subl(1); subr(24) ^= subr(1); - - /* absorb kw4 to other subkeys */ - kw4l = subl(25); kw4r = subr(25); -/* round 17 */ - subl(22) ^= kw4l; subr(22) ^= kw4r; -/* round 15 */ - subl(20) ^= kw4l; subr(20) ^= kw4r; -/* round 13 */ - subl(18) ^= kw4l; subr(18) ^= kw4r; - kw4l ^= kw4r & ~subr(16); - dw = kw4l & subl(16), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ -/* round 11 */ - subl(14) ^= kw4l; subr(14) ^= kw4r; -/* round 9 */ - subl(12) ^= kw4l; subr(12) ^= kw4r; -/* round 7 */ - subl(10) ^= kw4l; subr(10) ^= kw4r; - kw4l ^= kw4r & ~subr(8); - dw = kw4l & subl(8), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ -/* round 5 */ - subl(6) ^= kw4l; subr(6) ^= kw4r; -/* round 3 */ - subl(4) ^= kw4l; subr(4) ^= kw4r; -/* round 1 */ - subl(2) ^= kw4l; subr(2) ^= kw4r; -/* kw1 */ - subl(0) ^= kw4l; subr(0) ^= kw4r; - - - /* key XOR is end of F-function */ - CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */ - CamelliaSubkeyR(0) = subr(0) ^ subr(2); - CamelliaSubkeyL(2) = subl(3); /* round 1 */ - CamelliaSubkeyR(2) = subr(3); - CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ - CamelliaSubkeyR(3) = subr(2) ^ subr(4); - CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ - CamelliaSubkeyR(4) = subr(3) ^ subr(5); - CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ - CamelliaSubkeyR(5) = subr(4) ^ subr(6); - CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ - CamelliaSubkeyR(6) = subr(5) ^ subr(7); - tl = subl(10) ^ (subr(10) & ~subr(8)); - dw = tl & subl(8), /* FL(kl1) */ - tr = subr(10) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ - CamelliaSubkeyR(7) = subr(6) ^ tr; - CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ - CamelliaSubkeyR(8) = subr(8); - CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ - CamelliaSubkeyR(9) = subr(9); - tl = subl(7) ^ (subr(7) & ~subr(9)); - dw = tl & subl(9), /* FLinv(kl2) */ - tr = subr(7) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ - CamelliaSubkeyR(10) = tr ^ subr(11); - CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ - CamelliaSubkeyR(11) = subr(10) ^ subr(12); - CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ - CamelliaSubkeyR(12) = subr(11) ^ subr(13); - CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ - CamelliaSubkeyR(13) = subr(12) ^ subr(14); - CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ - CamelliaSubkeyR(14) = subr(13) ^ subr(15); - tl = subl(18) ^ (subr(18) & ~subr(16)); - dw = tl & subl(16), /* FL(kl3) */ - tr = subr(18) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ - CamelliaSubkeyR(15) = subr(14) ^ tr; - CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ - CamelliaSubkeyR(16) = subr(16); - CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ - CamelliaSubkeyR(17) = subr(17); - tl = subl(15) ^ (subr(15) & ~subr(17)); - dw = tl & subl(17), /* FLinv(kl4) */ - tr = subr(15) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ - CamelliaSubkeyR(18) = tr ^ subr(19); - CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ - CamelliaSubkeyR(19) = subr(18) ^ subr(20); - CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ - CamelliaSubkeyR(20) = subr(19) ^ subr(21); - CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ - CamelliaSubkeyR(21) = subr(20) ^ subr(22); - CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ - CamelliaSubkeyR(22) = subr(21) ^ subr(23); - CamelliaSubkeyL(23) = subl(22); /* round 18 */ - CamelliaSubkeyR(23) = subr(22); - CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */ - CamelliaSubkeyR(24) = subr(24) ^ subr(23); - - /* apply the inverse of the last half of P-function */ - dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), - dw = CAMELLIA_RL8(dw);/* round 1 */ - CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, - CamelliaSubkeyL(2) = dw; - dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), - dw = CAMELLIA_RL8(dw);/* round 2 */ - CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, - CamelliaSubkeyL(3) = dw; - dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), - dw = CAMELLIA_RL8(dw);/* round 3 */ - CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, - CamelliaSubkeyL(4) = dw; - dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), - dw = CAMELLIA_RL8(dw);/* round 4 */ - CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, - CamelliaSubkeyL(5) = dw; - dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), - dw = CAMELLIA_RL8(dw);/* round 5 */ - CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, - CamelliaSubkeyL(6) = dw; - dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), - dw = CAMELLIA_RL8(dw);/* round 6 */ - CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, - CamelliaSubkeyL(7) = dw; - dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), - dw = CAMELLIA_RL8(dw);/* round 7 */ - CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, - CamelliaSubkeyL(10) = dw; - dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), - dw = CAMELLIA_RL8(dw);/* round 8 */ - CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, - CamelliaSubkeyL(11) = dw; - dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), - dw = CAMELLIA_RL8(dw);/* round 9 */ - CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, - CamelliaSubkeyL(12) = dw; - dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), - dw = CAMELLIA_RL8(dw);/* round 10 */ - CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, - CamelliaSubkeyL(13) = dw; - dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), - dw = CAMELLIA_RL8(dw);/* round 11 */ - CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, - CamelliaSubkeyL(14) = dw; - dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), - dw = CAMELLIA_RL8(dw);/* round 12 */ - CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, - CamelliaSubkeyL(15) = dw; - dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), - dw = CAMELLIA_RL8(dw);/* round 13 */ - CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, - CamelliaSubkeyL(18) = dw; - dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), - dw = CAMELLIA_RL8(dw);/* round 14 */ - CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, - CamelliaSubkeyL(19) = dw; - dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), - dw = CAMELLIA_RL8(dw);/* round 15 */ - CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, - CamelliaSubkeyL(20) = dw; - dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), - dw = CAMELLIA_RL8(dw);/* round 16 */ - CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, - CamelliaSubkeyL(21) = dw; - dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), - dw = CAMELLIA_RL8(dw);/* round 17 */ - CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, - CamelliaSubkeyL(22) = dw; - dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), - dw = CAMELLIA_RL8(dw);/* round 18 */ - CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, - CamelliaSubkeyL(23) = dw; - - return; + register u32 s0,s1,s2,s3; + + k[0] = s0 = GETU32(rawKey); + k[1] = s1 = GETU32(rawKey+4); + k[2] = s2 = GETU32(rawKey+8); + k[3] = s3 = GETU32(rawKey+12); + + if (keyBitLength != 128) + { + k[8] = s0 = GETU32(rawKey+16); + k[9] = s1 = GETU32(rawKey+20); + if (keyBitLength == 192) + { + k[10] = s2 = ~s0; + k[11] = s3 = ~s1; + } + else + { + k[10] = s2 = GETU32(rawKey+24); + k[11] = s3 = GETU32(rawKey+28); + } + s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3]; + } + + /* Use the Feistel routine to scramble the key material */ + Camellia_Feistel(s0,s1,s2,s3,SIGMA+0); + Camellia_Feistel(s2,s3,s0,s1,SIGMA+2); + + s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3]; + Camellia_Feistel(s0,s1,s2,s3,SIGMA+4); + Camellia_Feistel(s2,s3,s0,s1,SIGMA+6); + + /* Fill the keyTable. Requires many block rotations. */ + if (keyBitLength == 128) + { + k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 15 */ + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 30 */ + k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 45 */ + k[24] = s0, k[25] = s1; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 60 */ + k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3; + RotLeft128(s1,s2,s3,s0,2); /* KA <<< 94 */ + k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0; + RotLeft128(s1,s2,s3,s0,17); /* KA <<<111 */ + k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0; + + s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3]; + RotLeft128(s0,s1,s2,s3,15); /* KL <<< 15 */ + k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KL <<< 45 */ + k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KL <<< 60 */ + k[26] = s2, k[27] = s3; + RotLeft128(s0,s1,s2,s3,17); /* KL <<< 77 */ + k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3; + RotLeft128(s0,s1,s2,s3,17); /* KL <<< 94 */ + k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3; + RotLeft128(s0,s1,s2,s3,17); /* KL <<<111 */ + k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3; + + return 3; /* grand rounds */ + } + else + { + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + s0 ^= k[8], s1 ^= k[9], s2 ^=k[10], s3 ^=k[11]; + Camellia_Feistel(s0,s1,s2,s3,(SIGMA+8)); + Camellia_Feistel(s2,s3,s0,s1,(SIGMA+10)); + + k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KB <<< 30 */ + k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KB <<< 60 */ + k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3; + RotLeft128(s1,s2,s3,s0,19); /* KB <<<111 */ + k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0; + + s0 = k[ 8], s1 = k[ 9], s2 = k[10], s3 = k[11]; + RotLeft128(s0,s1,s2,s3,15); /* KR <<< 15 */ + k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3; + RotLeft128(s0,s1,s2,s3,15); /* KR <<< 30 */ + k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KR <<< 60 */ + k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3; + RotLeft128(s1,s2,s3,s0,2); /* KR <<< 94 */ + k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0; + + s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15]; + RotLeft128(s0,s1,s2,s3,15); /* KA <<< 15 */ + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + RotLeft128(s0,s1,s2,s3,30); /* KA <<< 45 */ + k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3; + /* KA <<< 77 */ + k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0; + RotLeft128(s1,s2,s3,s0,17); /* KA <<< 94 */ + k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0; + + s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3]; + RotLeft128(s1,s2,s3,s0,13); /* KL <<< 45 */ + k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0; + RotLeft128(s1,s2,s3,s0,15); /* KL <<< 60 */ + k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0; + RotLeft128(s1,s2,s3,s0,17); /* KL <<< 77 */ + k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0; + RotLeft128(s2,s3,s0,s1,2); /* KL <<<111 */ + k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1; + + return 4; /* grand rounds */ + } + /* + * It is possible to perform certain precalculations, which + * would spare few cycles in block procedure. It's not done, + * because it upsets the performance balance between key + * setup and block procedures, negatively affecting overall + * throughput in applications operating on short messages + * and volatile keys. + */ } -void camellia_setup256(const u8 *key, u32 *subkey) +void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) { - u32 kll,klr,krl,krr; /* left half of key */ - u32 krll,krlr,krrl,krrr; /* right half of key */ - u32 il, ir, t0, t1, w0, w1; /* temporary variables */ - u32 kw4l, kw4r, dw, tl, tr; - u32 subL[34]; - u32 subR[34]; - - /** - * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) - * (|| is concatination) - */ - - kll = GETU32(key ); - klr = GETU32(key + 4); - krl = GETU32(key + 8); - krr = GETU32(key + 12); - krll = GETU32(key + 16); - krlr = GETU32(key + 20); - krrl = GETU32(key + 24); - krrr = GETU32(key + 28); - - /* generate KL dependent subkeys */ - /* kw1 */ - subl(0) = kll; subr(0) = klr; - /* kw2 */ - subl(1) = krl; subr(1) = krr; - CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); - /* k9 */ - subl(12) = kll; subr(12) = klr; - /* k10 */ - subl(13) = krl; subr(13) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* kl3 */ - subl(16) = kll; subr(16) = klr; - /* kl4 */ - subl(17) = krl; subr(17) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); - /* k17 */ - subl(22) = kll; subr(22) = klr; - /* k18 */ - subl(23) = krl; subr(23) = krr; - CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); - /* k23 */ - subl(30) = kll; subr(30) = klr; - /* k24 */ - subl(31) = krl; subr(31) = krr; - - /* generate KR dependent subkeys */ - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); - /* k3 */ - subl(4) = krll; subr(4) = krlr; - /* k4 */ - subl(5) = krrl; subr(5) = krrr; - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); - /* kl1 */ - subl(8) = krll; subr(8) = krlr; - /* kl2 */ - subl(9) = krrl; subr(9) = krrr; - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); - /* k13 */ - subl(18) = krll; subr(18) = krlr; - /* k14 */ - subl(19) = krrl; subr(19) = krrr; - CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); - /* k19 */ - subl(26) = krll; subr(26) = krlr; - /* k20 */ - subl(27) = krrl; subr(27) = krrr; - CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); - - /* generate KA */ - kll = subl(0) ^ krll; klr = subr(0) ^ krlr; - krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; - CAMELLIA_F(kll, klr, - CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, - w0, w1, il, ir, t0, t1); - krl ^= w0; krr ^= w1; - CAMELLIA_F(krl, krr, - CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, - kll, klr, il, ir, t0, t1); - kll ^= krll; klr ^= krlr; - CAMELLIA_F(kll, klr, - CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, - krl, krr, il, ir, t0, t1); - krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; - CAMELLIA_F(krl, krr, - CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, - w0, w1, il, ir, t0, t1); - kll ^= w0; klr ^= w1; - - /* generate KB */ - krll ^= kll; krlr ^= klr; - krrl ^= krl; krrr ^= krr; - CAMELLIA_F(krll, krlr, - CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, - w0, w1, il, ir, t0, t1); - krrl ^= w0; krrr ^= w1; - CAMELLIA_F(krrl, krrr, - CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, - w0, w1, il, ir, t0, t1); - krll ^= w0; krlr ^= w1; - - /* generate KA dependent subkeys */ - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); - /* k5 */ - subl(6) = kll; subr(6) = klr; - /* k6 */ - subl(7) = krl; subr(7) = krr; - CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); - /* k11 */ - subl(14) = kll; subr(14) = klr; - /* k12 */ - subl(15) = krl; subr(15) = krr; - /* rotation left shift 32bit */ - /* kl5 */ - subl(24) = klr; subr(24) = krl; - /* kl6 */ - subl(25) = krr; subr(25) = kll; - /* rotation left shift 49 from k11,k12 -> k21,k22 */ - CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); - /* k21 */ - subl(28) = kll; subr(28) = klr; - /* k22 */ - subl(29) = krl; subr(29) = krr; - - /* generate KB dependent subkeys */ - /* k1 */ - subl(2) = krll; subr(2) = krlr; - /* k2 */ - subl(3) = krrl; subr(3) = krrr; - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); - /* k7 */ - subl(10) = krll; subr(10) = krlr; - /* k8 */ - subl(11) = krrl; subr(11) = krrr; - CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); - /* k15 */ - subl(20) = krll; subr(20) = krlr; - /* k16 */ - subl(21) = krrl; subr(21) = krrr; - CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); - /* kw3 */ - subl(32) = krll; subr(32) = krlr; - /* kw4 */ - subl(33) = krrl; subr(33) = krrr; - - /* absorb kw2 to other subkeys */ -/* round 2 */ - subl(3) ^= subl(1); subr(3) ^= subr(1); -/* round 4 */ - subl(5) ^= subl(1); subr(5) ^= subr(1); -/* round 6 */ - subl(7) ^= subl(1); subr(7) ^= subr(1); - subl(1) ^= subr(1) & ~subr(9); - dw = subl(1) & subl(9), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */ -/* round 8 */ - subl(11) ^= subl(1); subr(11) ^= subr(1); -/* round 10 */ - subl(13) ^= subl(1); subr(13) ^= subr(1); -/* round 12 */ - subl(15) ^= subl(1); subr(15) ^= subr(1); - subl(1) ^= subr(1) & ~subr(17); - dw = subl(1) & subl(17), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */ -/* round 14 */ - subl(19) ^= subl(1); subr(19) ^= subr(1); -/* round 16 */ - subl(21) ^= subl(1); subr(21) ^= subr(1); -/* round 18 */ - subl(23) ^= subl(1); subr(23) ^= subr(1); - subl(1) ^= subr(1) & ~subr(25); - dw = subl(1) & subl(25), - subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */ -/* round 20 */ - subl(27) ^= subl(1); subr(27) ^= subr(1); -/* round 22 */ - subl(29) ^= subl(1); subr(29) ^= subr(1); -/* round 24 */ - subl(31) ^= subl(1); subr(31) ^= subr(1); -/* kw3 */ - subl(32) ^= subl(1); subr(32) ^= subr(1); - - - /* absorb kw4 to other subkeys */ - kw4l = subl(33); kw4r = subr(33); -/* round 23 */ - subl(30) ^= kw4l; subr(30) ^= kw4r; -/* round 21 */ - subl(28) ^= kw4l; subr(28) ^= kw4r; -/* round 19 */ - subl(26) ^= kw4l; subr(26) ^= kw4r; - kw4l ^= kw4r & ~subr(24); - dw = kw4l & subl(24), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */ -/* round 17 */ - subl(22) ^= kw4l; subr(22) ^= kw4r; -/* round 15 */ - subl(20) ^= kw4l; subr(20) ^= kw4r; -/* round 13 */ - subl(18) ^= kw4l; subr(18) ^= kw4r; - kw4l ^= kw4r & ~subr(16); - dw = kw4l & subl(16), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */ -/* round 11 */ - subl(14) ^= kw4l; subr(14) ^= kw4r; -/* round 9 */ - subl(12) ^= kw4l; subr(12) ^= kw4r; -/* round 7 */ - subl(10) ^= kw4l; subr(10) ^= kw4r; - kw4l ^= kw4r & ~subr(8); - dw = kw4l & subl(8), - kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */ -/* round 5 */ - subl(6) ^= kw4l; subr(6) ^= kw4r; -/* round 3 */ - subl(4) ^= kw4l; subr(4) ^= kw4r; -/* round 1 */ - subl(2) ^= kw4l; subr(2) ^= kw4r; -/* kw1 */ - subl(0) ^= kw4l; subr(0) ^= kw4r; - - /* key XOR is end of F-function */ - CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */ - CamelliaSubkeyR(0) = subr(0) ^ subr(2); - CamelliaSubkeyL(2) = subl(3); /* round 1 */ - CamelliaSubkeyR(2) = subr(3); - CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */ - CamelliaSubkeyR(3) = subr(2) ^ subr(4); - CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */ - CamelliaSubkeyR(4) = subr(3) ^ subr(5); - CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */ - CamelliaSubkeyR(5) = subr(4) ^ subr(6); - CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */ - CamelliaSubkeyR(6) = subr(5) ^ subr(7); - tl = subl(10) ^ (subr(10) & ~subr(8)); - dw = tl & subl(8), /* FL(kl1) */ - tr = subr(10) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */ - CamelliaSubkeyR(7) = subr(6) ^ tr; - CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */ - CamelliaSubkeyR(8) = subr(8); - CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */ - CamelliaSubkeyR(9) = subr(9); - tl = subl(7) ^ (subr(7) & ~subr(9)); - dw = tl & subl(9), /* FLinv(kl2) */ - tr = subr(7) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */ - CamelliaSubkeyR(10) = tr ^ subr(11); - CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */ - CamelliaSubkeyR(11) = subr(10) ^ subr(12); - CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */ - CamelliaSubkeyR(12) = subr(11) ^ subr(13); - CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */ - CamelliaSubkeyR(13) = subr(12) ^ subr(14); - CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */ - CamelliaSubkeyR(14) = subr(13) ^ subr(15); - tl = subl(18) ^ (subr(18) & ~subr(16)); - dw = tl & subl(16), /* FL(kl3) */ - tr = subr(18) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */ - CamelliaSubkeyR(15) = subr(14) ^ tr; - CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */ - CamelliaSubkeyR(16) = subr(16); - CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */ - CamelliaSubkeyR(17) = subr(17); - tl = subl(15) ^ (subr(15) & ~subr(17)); - dw = tl & subl(17), /* FLinv(kl4) */ - tr = subr(15) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */ - CamelliaSubkeyR(18) = tr ^ subr(19); - CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */ - CamelliaSubkeyR(19) = subr(18) ^ subr(20); - CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */ - CamelliaSubkeyR(20) = subr(19) ^ subr(21); - CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */ - CamelliaSubkeyR(21) = subr(20) ^ subr(22); - CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */ - CamelliaSubkeyR(22) = subr(21) ^ subr(23); - tl = subl(26) ^ (subr(26) - & ~subr(24)); - dw = tl & subl(24), /* FL(kl5) */ - tr = subr(26) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */ - CamelliaSubkeyR(23) = subr(22) ^ tr; - CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */ - CamelliaSubkeyR(24) = subr(24); - CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */ - CamelliaSubkeyR(25) = subr(25); - tl = subl(23) ^ (subr(23) & - ~subr(25)); - dw = tl & subl(25), /* FLinv(kl6) */ - tr = subr(23) ^ CAMELLIA_RL1(dw); - CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */ - CamelliaSubkeyR(26) = tr ^ subr(27); - CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */ - CamelliaSubkeyR(27) = subr(26) ^ subr(28); - CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */ - CamelliaSubkeyR(28) = subr(27) ^ subr(29); - CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */ - CamelliaSubkeyR(29) = subr(28) ^ subr(30); - CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */ - CamelliaSubkeyR(30) = subr(29) ^ subr(31); - CamelliaSubkeyL(31) = subl(30); /* round 24 */ - CamelliaSubkeyR(31) = subr(30); - CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */ - CamelliaSubkeyR(32) = subr(32) ^ subr(31); - - /* apply the inverse of the last half of P-function */ - dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), - dw = CAMELLIA_RL8(dw);/* round 1 */ - CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, - CamelliaSubkeyL(2) = dw; - dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), - dw = CAMELLIA_RL8(dw);/* round 2 */ - CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, - CamelliaSubkeyL(3) = dw; - dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), - dw = CAMELLIA_RL8(dw);/* round 3 */ - CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, - CamelliaSubkeyL(4) = dw; - dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), - dw = CAMELLIA_RL8(dw);/* round 4 */ - CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, - CamelliaSubkeyL(5) = dw; - dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), - dw = CAMELLIA_RL8(dw);/* round 5 */ - CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, - CamelliaSubkeyL(6) = dw; - dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), - dw = CAMELLIA_RL8(dw);/* round 6 */ - CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, - CamelliaSubkeyL(7) = dw; - dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), - dw = CAMELLIA_RL8(dw);/* round 7 */ - CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, - CamelliaSubkeyL(10) = dw; - dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), - dw = CAMELLIA_RL8(dw);/* round 8 */ - CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, - CamelliaSubkeyL(11) = dw; - dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), - dw = CAMELLIA_RL8(dw);/* round 9 */ - CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, - CamelliaSubkeyL(12) = dw; - dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), - dw = CAMELLIA_RL8(dw);/* round 10 */ - CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, - CamelliaSubkeyL(13) = dw; - dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), - dw = CAMELLIA_RL8(dw);/* round 11 */ - CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, - CamelliaSubkeyL(14) = dw; - dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), - dw = CAMELLIA_RL8(dw);/* round 12 */ - CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, - CamelliaSubkeyL(15) = dw; - dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), - dw = CAMELLIA_RL8(dw);/* round 13 */ - CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, - CamelliaSubkeyL(18) = dw; - dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), - dw = CAMELLIA_RL8(dw);/* round 14 */ - CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, - CamelliaSubkeyL(19) = dw; - dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), - dw = CAMELLIA_RL8(dw);/* round 15 */ - CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, - CamelliaSubkeyL(20) = dw; - dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), - dw = CAMELLIA_RL8(dw);/* round 16 */ - CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, - CamelliaSubkeyL(21) = dw; - dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), - dw = CAMELLIA_RL8(dw);/* round 17 */ - CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, - CamelliaSubkeyL(22) = dw; - dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), - dw = CAMELLIA_RL8(dw);/* round 18 */ - CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, - CamelliaSubkeyL(23) = dw; - dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), - dw = CAMELLIA_RL8(dw);/* round 19 */ - CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, - CamelliaSubkeyL(26) = dw; - dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), - dw = CAMELLIA_RL8(dw);/* round 20 */ - CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, - CamelliaSubkeyL(27) = dw; - dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), - dw = CAMELLIA_RL8(dw);/* round 21 */ - CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, - CamelliaSubkeyL(28) = dw; - dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), - dw = CAMELLIA_RL8(dw);/* round 22 */ - CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, - CamelliaSubkeyL(29) = dw; - dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), - dw = CAMELLIA_RL8(dw);/* round 23 */ - CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, - CamelliaSubkeyL(30) = dw; - dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), - dw = CAMELLIA_RL8(dw);/* round 24 */ - CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, - CamelliaSubkeyL(31) = dw; - - - return; + register u32 s0,s1,s2,s3; + const u32 *k = keyTable,*kend = keyTable+grandRounds*16; + + s0 = GETU32(plaintext) ^ k[0]; + s1 = GETU32(plaintext+4) ^ k[1]; + s2 = GETU32(plaintext+8) ^ k[2]; + s3 = GETU32(plaintext+12) ^ k[3]; + k += 4; + + while (1) + { + /* Camellia makes 6 Feistel rounds */ + Camellia_Feistel(s0,s1,s2,s3,k+0); + Camellia_Feistel(s2,s3,s0,s1,k+2); + Camellia_Feistel(s0,s1,s2,s3,k+4); + Camellia_Feistel(s2,s3,s0,s1,k+6); + Camellia_Feistel(s0,s1,s2,s3,k+8); + Camellia_Feistel(s2,s3,s0,s1,k+10); + k += 12; + + if (k == kend) break; + + /* This is the same function as the diffusion function D + * of the accompanying documentation. See section 3.2 + * for properties of the FLlayer function. */ + s1 ^= LeftRotate(s0 & k[0], 1); + s2 ^= s3 | k[3]; + s0 ^= s1 | k[1]; + s3 ^= LeftRotate(s2 & k[2], 1); + k += 4; + } + + s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3]; + + PUTU32(ciphertext, s2); + PUTU32(ciphertext+4, s3); + PUTU32(ciphertext+8, s0); + PUTU32(ciphertext+12,s1); } - -void camellia_setup192(const u8 *key, u32 *subkey) - { - u8 kk[32]; - u32 krll, krlr, krrl,krrr; - - memcpy(kk, key, 24); - memcpy((u8 *)&krll, key+16,4); - memcpy((u8 *)&krlr, key+20,4); - krrl = ~krll; - krrr = ~krlr; - memcpy(kk+24, (u8 *)&krrl, 4); - memcpy(kk+28, (u8 *)&krrr, 4); - camellia_setup256(kk, subkey); - return; - } - - -/** - * Stuff related to camellia encryption/decryption - */ -void camellia_encrypt128(const u32 *subkey, u32 *io) - { - u32 il, ir, t0, t1; - - /* pre whitening but absorb kw2*/ - io[0] ^= CamelliaSubkeyL(0); - io[1] ^= CamelliaSubkeyR(0); - /* main iteration */ - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(2),CamelliaSubkeyR(2), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(3),CamelliaSubkeyR(3), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(4),CamelliaSubkeyR(4), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(5),CamelliaSubkeyR(5), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(6),CamelliaSubkeyR(6), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(7),CamelliaSubkeyR(7), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(8),CamelliaSubkeyR(8), - CamelliaSubkeyL(9),CamelliaSubkeyR(9), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(10),CamelliaSubkeyR(10), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(11),CamelliaSubkeyR(11), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(12),CamelliaSubkeyR(12), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(13),CamelliaSubkeyR(13), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(14),CamelliaSubkeyR(14), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(15),CamelliaSubkeyR(15), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(16),CamelliaSubkeyR(16), - CamelliaSubkeyL(17),CamelliaSubkeyR(17), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(18),CamelliaSubkeyR(18), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(19),CamelliaSubkeyR(19), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(20),CamelliaSubkeyR(20), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(21),CamelliaSubkeyR(21), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(22),CamelliaSubkeyR(22), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(23),CamelliaSubkeyR(23), - io[0],io[1],il,ir,t0,t1); - - /* post whitening but kw4 */ - io[2] ^= CamelliaSubkeyL(24); - io[3] ^= CamelliaSubkeyR(24); - - t0 = io[0]; - t1 = io[1]; - io[0] = io[2]; - io[1] = io[3]; - io[2] = t0; - io[3] = t1; - - return; - } - -void camellia_decrypt128(const u32 *subkey, u32 *io) +void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) { - u32 il,ir,t0,t1; /* temporary valiables */ - - /* pre whitening but absorb kw2*/ - io[0] ^= CamelliaSubkeyL(24); - io[1] ^= CamelliaSubkeyR(24); - - /* main iteration */ - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(23),CamelliaSubkeyR(23), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(22),CamelliaSubkeyR(22), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(21),CamelliaSubkeyR(21), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(20),CamelliaSubkeyR(20), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(19),CamelliaSubkeyR(19), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(18),CamelliaSubkeyR(18), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(17),CamelliaSubkeyR(17), - CamelliaSubkeyL(16),CamelliaSubkeyR(16), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(15),CamelliaSubkeyR(15), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(14),CamelliaSubkeyR(14), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(13),CamelliaSubkeyR(13), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(12),CamelliaSubkeyR(12), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(11),CamelliaSubkeyR(11), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(10),CamelliaSubkeyR(10), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(9),CamelliaSubkeyR(9), - CamelliaSubkeyL(8),CamelliaSubkeyR(8), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(7),CamelliaSubkeyR(7), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(6),CamelliaSubkeyR(6), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(5),CamelliaSubkeyR(5), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(4),CamelliaSubkeyR(4), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(3),CamelliaSubkeyR(3), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(2),CamelliaSubkeyR(2), - io[0],io[1],il,ir,t0,t1); - - /* post whitening but kw4 */ - io[2] ^= CamelliaSubkeyL(0); - io[3] ^= CamelliaSubkeyR(0); - - t0 = io[0]; - t1 = io[1]; - io[0] = io[2]; - io[1] = io[3]; - io[2] = t0; - io[3] = t1; - - return; + Camellia_EncryptBlock_Rounds(keyBitLength==128?3:4, + plaintext,keyTable,ciphertext); } -/** - * stuff for 192 and 256bit encryption/decryption - */ -void camellia_encrypt256(const u32 *subkey, u32 *io) +void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]) { - u32 il,ir,t0,t1; /* temporary valiables */ - - /* pre whitening but absorb kw2*/ - io[0] ^= CamelliaSubkeyL(0); - io[1] ^= CamelliaSubkeyR(0); - - /* main iteration */ - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(2),CamelliaSubkeyR(2), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(3),CamelliaSubkeyR(3), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(4),CamelliaSubkeyR(4), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(5),CamelliaSubkeyR(5), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(6),CamelliaSubkeyR(6), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(7),CamelliaSubkeyR(7), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(8),CamelliaSubkeyR(8), - CamelliaSubkeyL(9),CamelliaSubkeyR(9), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(10),CamelliaSubkeyR(10), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(11),CamelliaSubkeyR(11), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(12),CamelliaSubkeyR(12), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(13),CamelliaSubkeyR(13), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(14),CamelliaSubkeyR(14), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(15),CamelliaSubkeyR(15), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(16),CamelliaSubkeyR(16), - CamelliaSubkeyL(17),CamelliaSubkeyR(17), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(18),CamelliaSubkeyR(18), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(19),CamelliaSubkeyR(19), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(20),CamelliaSubkeyR(20), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(21),CamelliaSubkeyR(21), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(22),CamelliaSubkeyR(22), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(23),CamelliaSubkeyR(23), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(24),CamelliaSubkeyR(24), - CamelliaSubkeyL(25),CamelliaSubkeyR(25), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(26),CamelliaSubkeyR(26), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(27),CamelliaSubkeyR(27), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(28),CamelliaSubkeyR(28), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(29),CamelliaSubkeyR(29), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(30),CamelliaSubkeyR(30), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(31),CamelliaSubkeyR(31), - io[0],io[1],il,ir,t0,t1); - - /* post whitening but kw4 */ - io[2] ^= CamelliaSubkeyL(32); - io[3] ^= CamelliaSubkeyR(32); - - t0 = io[0]; - t1 = io[1]; - io[0] = io[2]; - io[1] = io[3]; - io[2] = t0; - io[3] = t1; - - return; + u32 s0,s1,s2,s3; + const u32 *k = keyTable+grandRounds*16,*kend = keyTable+4; + + s0 = GETU32(ciphertext) ^ k[0]; + s1 = GETU32(ciphertext+4) ^ k[1]; + s2 = GETU32(ciphertext+8) ^ k[2]; + s3 = GETU32(ciphertext+12) ^ k[3]; + + while (1) + { + /* Camellia makes 6 Feistel rounds */ + k -= 12; + Camellia_Feistel(s0,s1,s2,s3,k+10); + Camellia_Feistel(s2,s3,s0,s1,k+8); + Camellia_Feistel(s0,s1,s2,s3,k+6); + Camellia_Feistel(s2,s3,s0,s1,k+4); + Camellia_Feistel(s0,s1,s2,s3,k+2); + Camellia_Feistel(s2,s3,s0,s1,k+0); + + if (k == kend) break; + + /* This is the same function as the diffusion function D + * of the accompanying documentation. See section 3.2 + * for properties of the FLlayer function. */ + k -= 4; + s1 ^= LeftRotate(s0 & k[2], 1); + s2 ^= s3 | k[1]; + s0 ^= s1 | k[3]; + s3 ^= LeftRotate(s2 & k[0], 1); + } + + k -= 4; + s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3]; + + PUTU32(plaintext, s2); + PUTU32(plaintext+4, s3); + PUTU32(plaintext+8, s0); + PUTU32(plaintext+12,s1); } - -void camellia_decrypt256(const u32 *subkey, u32 *io) +void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) { - u32 il,ir,t0,t1; /* temporary valiables */ - - /* pre whitening but absorb kw2*/ - io[0] ^= CamelliaSubkeyL(32); - io[1] ^= CamelliaSubkeyR(32); - - /* main iteration */ - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(31),CamelliaSubkeyR(31), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(30),CamelliaSubkeyR(30), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(29),CamelliaSubkeyR(29), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(28),CamelliaSubkeyR(28), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(27),CamelliaSubkeyR(27), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(26),CamelliaSubkeyR(26), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(25),CamelliaSubkeyR(25), - CamelliaSubkeyL(24),CamelliaSubkeyR(24), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(23),CamelliaSubkeyR(23), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(22),CamelliaSubkeyR(22), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(21),CamelliaSubkeyR(21), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(20),CamelliaSubkeyR(20), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(19),CamelliaSubkeyR(19), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(18),CamelliaSubkeyR(18), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(17),CamelliaSubkeyR(17), - CamelliaSubkeyL(16),CamelliaSubkeyR(16), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(15),CamelliaSubkeyR(15), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(14),CamelliaSubkeyR(14), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(13),CamelliaSubkeyR(13), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(12),CamelliaSubkeyR(12), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(11),CamelliaSubkeyR(11), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(10),CamelliaSubkeyR(10), - io[0],io[1],il,ir,t0,t1); - - CAMELLIA_FLS(io[0],io[1],io[2],io[3], - CamelliaSubkeyL(9),CamelliaSubkeyR(9), - CamelliaSubkeyL(8),CamelliaSubkeyR(8), - t0,t1,il,ir); - - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(7),CamelliaSubkeyR(7), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(6),CamelliaSubkeyR(6), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(5),CamelliaSubkeyR(5), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(4),CamelliaSubkeyR(4), - io[0],io[1],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[0],io[1], - CamelliaSubkeyL(3),CamelliaSubkeyR(3), - io[2],io[3],il,ir,t0,t1); - CAMELLIA_ROUNDSM(io[2],io[3], - CamelliaSubkeyL(2),CamelliaSubkeyR(2), - io[0],io[1],il,ir,t0,t1); - - /* post whitening but kw4 */ - io[2] ^= CamelliaSubkeyL(0); - io[3] ^= CamelliaSubkeyR(0); - - t0 = io[0]; - t1 = io[1]; - io[0] = io[2]; - io[1] = io[3]; - io[2] = t0; - io[3] = t1; - - return; + Camellia_DecryptBlock_Rounds(keyBitLength==128?3:4, + plaintext,keyTable,ciphertext); } - diff --git a/lib/libssl/src/crypto/camellia/camellia.h b/lib/libssl/src/crypto/camellia/camellia.h index b8a8b6e10b9..cf0457dd976 100644 --- a/lib/libssl/src/crypto/camellia/camellia.h +++ b/lib/libssl/src/crypto/camellia/camellia.h @@ -58,6 +58,8 @@ #error CAMELLIA is disabled. #endif +#include <stddef.h> + #define CAMELLIA_ENCRYPT 1 #define CAMELLIA_DECRYPT 0 @@ -74,24 +76,18 @@ extern "C" { #define CAMELLIA_TABLE_BYTE_LEN 272 #define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) - /* to match with WORD */ -typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match with WORD */ struct camellia_key_st { - KEY_TABLE_TYPE rd_key; - int bitLength; - void (*enc)(const unsigned int *subkey, unsigned int *io); - void (*dec)(const unsigned int *subkey, unsigned int *io); + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; }; - typedef struct camellia_key_st CAMELLIA_KEY; -#ifdef OPENSSL_FIPS -int private_Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key); -#endif - int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); @@ -103,25 +99,22 @@ void Camellia_decrypt(const unsigned char *in, unsigned char *out, void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key, const int enc); void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, const int enc); void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc); -void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, - const int nbits,const CAMELLIA_KEY *key, - unsigned char *ivec,const int enc); void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num); void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char ivec[CAMELLIA_BLOCK_SIZE], unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num); @@ -131,4 +124,3 @@ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, #endif #endif /* !HEADER_Camellia_H */ - diff --git a/lib/libssl/src/crypto/camellia/cmll_cbc.c b/lib/libssl/src/crypto/camellia/cmll_cbc.c index 4141a7b59bb..4c8d455adef 100644 --- a/lib/libssl/src/crypto/camellia/cmll_cbc.c +++ b/lib/libssl/src/crypto/camellia/cmll_cbc.c @@ -49,225 +49,16 @@ * */ -#ifndef CAMELLIA_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> -#include <stdio.h> -#include <string.h> - #include <openssl/camellia.h> -#include "cmll_locl.h" +#include <openssl/modes.h> void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, - unsigned char *ivec, const int enc) { - - unsigned long n; - unsigned long len = length; - const unsigned char *iv = ivec; - union { u32 t32[CAMELLIA_BLOCK_SIZE/sizeof(u32)]; - u8 t8 [CAMELLIA_BLOCK_SIZE]; } tmp; - const union { long one; char little; } camellia_endian = {1}; - - - assert(in && out && key && ivec); - assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc)); + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc) + { - if(((size_t)in|(size_t)out|(size_t)ivec) % sizeof(u32) == 0) - { - if (CAMELLIA_ENCRYPT == enc) - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - XOR4WORD2((u32 *)out, - (u32 *)in, (u32 *)iv); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->enc(key->rd_key, (u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - iv = out; - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - for(n=0; n < len; ++n) - out[n] = in[n] ^ iv[n]; - for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) - out[n] = iv[n]; - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->enc(key->rd_key, (u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - iv = out; - } - memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); - } - else if (in != out) - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - memcpy(out,in,CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->dec(key->rd_key,(u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - XOR4WORD((u32 *)out, (u32 *)iv); - iv = in; - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < len; ++n) - out[n] = tmp.t8[n] ^ iv[n]; - iv = in; - } - memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); - } - else /* in == out */ - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->dec(key->rd_key, (u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - XOR4WORD((u32 *)out, (u32 *)ivec); - memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE); - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - key->dec(key->rd_key,(u32 *)out); - if (camellia_endian.little) - SWAP4WORD((u32 *)out); - for(n=0; n < len; ++n) - out[n] ^= ivec[n]; - for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) - out[n] = tmp.t8[n]; - memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE); - } - } - } - else /* no aligned */ - { - if (CAMELLIA_ENCRYPT == enc) - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) - tmp.t8[n] = in[n] ^ iv[n]; - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->enc(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE); - iv = out; - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - for(n=0; n < len; ++n) - tmp.t8[n] = in[n] ^ iv[n]; - for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n) - tmp.t8[n] = iv[n]; - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->enc(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE); - iv = out; - } - memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); - } - else if (in != out) - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - memcpy(tmp.t8,in,CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key,tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) - out[n] = tmp.t8[n] ^ iv[n]; - iv = in; - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < len; ++n) - out[n] = tmp.t8[n] ^ iv[n]; - iv = in; - } - memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE); - } - else - { - while (len >= CAMELLIA_BLOCK_SIZE) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key, tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n) - tmp.t8[n] ^= ivec[n]; - memcpy(ivec, in, CAMELLIA_BLOCK_SIZE); - memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE); - len -= CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; - out += CAMELLIA_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - key->dec(key->rd_key,tmp.t32); - if (camellia_endian.little) - SWAP4WORD(tmp.t32); - for(n=0; n < len; ++n) - tmp.t8[n] ^= ivec[n]; - memcpy(ivec, in, CAMELLIA_BLOCK_SIZE); - memcpy(out,tmp.t8,len); - } - } - } -} + if (enc) + CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)Camellia_encrypt); + else + CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)Camellia_decrypt); + } diff --git a/lib/libssl/src/crypto/camellia/cmll_cfb.c b/lib/libssl/src/crypto/camellia/cmll_cfb.c index af0f9f49ad9..3d81b51d3f4 100644 --- a/lib/libssl/src/crypto/camellia/cmll_cfb.c +++ b/lib/libssl/src/crypto/camellia/cmll_cfb.c @@ -105,17 +105,8 @@ * [including the GNU Public Licence.] */ -#ifndef CAMELLIA_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> -#include <string.h> - #include <openssl/camellia.h> -#include "cmll_locl.h" -#include "e_os.h" +#include <openssl/modes.h> /* The input and output encrypted as though 128bit cfb mode is being @@ -124,112 +115,25 @@ */ void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - unsigned long l = length; - unsigned char c; - - assert(in && out && key && ivec && num); - - n = *num; - - if (enc) - { - while (l--) - { - if (n == 0) - { - Camellia_encrypt(ivec, ivec, key); - } - ivec[n] = *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % CAMELLIA_BLOCK_SIZE; - } - } - else - { - while (l--) - { - if (n == 0) - { - Camellia_encrypt(ivec, ivec, key); - } - c = *(in); - *(out++) = *(in++) ^ ivec[n]; - ivec[n] = c; - n = (n+1) % CAMELLIA_BLOCK_SIZE; - } - } - - *num=n; - } - -/* This expects a single block of size nbits for both in and out. Note that - it corrupts any extra bits in the last byte of out */ -void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, - const int nbits,const CAMELLIA_KEY *key, - unsigned char *ivec,const int enc) - { - int n,rem,num; - unsigned char ovec[CAMELLIA_BLOCK_SIZE*2]; - - if (nbits<=0 || nbits>128) return; - - /* fill in the first half of the new IV with the current IV */ - memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE); - /* construct the new IV */ - Camellia_encrypt(ivec,ivec,key); - num = (nbits+7)/8; - if (enc) /* encrypt the input */ - for(n=0 ; n < num ; ++n) - out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]); - else /* decrypt the input */ - for(n=0 ; n < num ; ++n) - out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; - /* shift ovec left... */ - rem = nbits%8; - num = nbits/8; - if(rem==0) - memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE); - else - for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n) - ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem); - - /* it is not necessary to cleanse ovec, since the IV is not secret */ + CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt); } /* N.B. This expects the input to be packed, MS bit first */ void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - unsigned char c[1],d[1]; - - assert(in && out && key && ivec && num); - assert(*num == 0); - - memset(out,0,(length+7)/8); - for(n=0 ; n < length ; ++n) - { - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; - Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc); - out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); - } + CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt); } void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - - assert(in && out && key && ivec && num); - assert(*num == 0); - - for(n=0 ; n < length ; ++n) - Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); + CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt); } diff --git a/lib/libssl/src/crypto/camellia/cmll_ctr.c b/lib/libssl/src/crypto/camellia/cmll_ctr.c index cc21b70890d..014e621a34b 100644 --- a/lib/libssl/src/crypto/camellia/cmll_ctr.c +++ b/lib/libssl/src/crypto/camellia/cmll_ctr.c @@ -49,95 +49,16 @@ * */ -#ifndef CAMELLIA_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> - #include <openssl/camellia.h> -#include "cmll_locl.h" - -/* NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia code - * is endian-neutral. */ -/* increment counter (128-bit int) by 1 */ -static void Camellia_ctr128_inc(unsigned char *counter) - { - unsigned long c; - - /* Grab bottom dword of counter and increment */ - c = GETU32(counter + 12); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 12, c); - - /* if no overflow, we're done */ - if (c) - return; - - /* Grab 1st dword of counter and increment */ - c = GETU32(counter + 8); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 8, c); - - /* if no overflow, we're done */ - if (c) - return; - - /* Grab 2nd dword of counter and increment */ - c = GETU32(counter + 4); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 4, c); - - /* if no overflow, we're done */ - if (c) - return; +#include <openssl/modes.h> - /* Grab top dword of counter and increment */ - c = GETU32(counter + 0); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 0, c); - } - -/* The input encrypted as though 128bit counter mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num, and the - * encrypted counter is kept in ecount_buf. Both *num and - * ecount_buf must be initialised with zeros before the first - * call to Camellia_ctr128_encrypt(). - * - * This algorithm assumes that the counter is in the x lower bits - * of the IV (ivec), and that the application has full control over - * overflow and the rest of the IV. This implementation takes NO - * responsability for checking that the counter doesn't overflow - * into the rest of the IV when incremented. - */ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char ivec[CAMELLIA_BLOCK_SIZE], unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num) { - unsigned int n; - unsigned long l=length; - - assert(in && out && key && counter && num); - assert(*num < CAMELLIA_BLOCK_SIZE); - - n = *num; - - while (l--) - { - if (n == 0) - { - Camellia_encrypt(ivec, ecount_buf, key); - Camellia_ctr128_inc(ivec); - } - *(out++) = *(in++) ^ ecount_buf[n]; - n = (n+1) % CAMELLIA_BLOCK_SIZE; - } - - *num=n; + CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)Camellia_encrypt); } diff --git a/lib/libssl/src/crypto/camellia/cmll_locl.h b/lib/libssl/src/crypto/camellia/cmll_locl.h index 2ac2e954357..4a4d880d163 100644 --- a/lib/libssl/src/crypto/camellia/cmll_locl.h +++ b/lib/libssl/src/crypto/camellia/cmll_locl.h @@ -68,98 +68,16 @@ #ifndef HEADER_CAMELLIA_LOCL_H #define HEADER_CAMELLIA_LOCL_H -#include "openssl/e_os2.h" -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - +typedef unsigned int u32; typedef unsigned char u8; -typedef unsigned int u32; - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 ) -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) ) - -#else /* not windows */ -# define GETU32(pt) (((u32)(pt)[0] << 24) \ - ^ ((u32)(pt)[1] << 16) \ - ^ ((u32)(pt)[2] << 8) \ - ^ ((u32)(pt)[3])) - -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \ - (ct)[1] = (u8)((st) >> 16); \ - (ct)[2] = (u8)((st) >> 8); \ - (ct)[3] = (u8)(st); } - -#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64))) -#define CAMELLIA_SWAP4(x) \ - do{\ - asm("bswap %1" : "+r" (x));\ - }while(0) -#else -#define CAMELLIA_SWAP4(x) \ - do{\ - x = ((u32)x << 16) + ((u32)x >> 16);\ - x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\ - } while(0) -#endif -#endif - -#define COPY4WORD(dst, src) \ - do \ - { \ - (dst)[0]=(src)[0]; \ - (dst)[1]=(src)[1]; \ - (dst)[2]=(src)[2]; \ - (dst)[3]=(src)[3]; \ - }while(0) - -#define SWAP4WORD(word) \ - do \ - { \ - CAMELLIA_SWAP4((word)[0]); \ - CAMELLIA_SWAP4((word)[1]); \ - CAMELLIA_SWAP4((word)[2]); \ - CAMELLIA_SWAP4((word)[3]); \ - }while(0) - -#define XOR4WORD(a, b)/* a = a ^ b */ \ - do \ - { \ - (a)[0]^=(b)[0]; \ - (a)[1]^=(b)[1]; \ - (a)[2]^=(b)[2]; \ - (a)[3]^=(b)[3]; \ - }while(0) - -#define XOR4WORD2(a, b, c)/* a = b ^ c */ \ - do \ - { \ - (a)[0]=(b)[0]^(c)[0]; \ - (a)[1]=(b)[1]^(c)[1]; \ - (a)[2]=(b)[2]^(c)[2]; \ - (a)[3]=(b)[3]^(c)[3]; \ - }while(0) - - -void camellia_setup128(const u8 *key, u32 *subkey); -void camellia_setup192(const u8 *key, u32 *subkey); -void camellia_setup256(const u8 *key, u32 *subkey); - -void camellia_encrypt128(const u32 *subkey, u32 *io); -void camellia_decrypt128(const u32 *subkey, u32 *io); -void camellia_encrypt256(const u32 *subkey, u32 *io); -void camellia_decrypt256(const u32 *subkey, u32 *io); - -#ifdef __cplusplus -} -#endif +int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE keyTable); +void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); +void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ - diff --git a/lib/libssl/src/crypto/camellia/cmll_misc.c b/lib/libssl/src/crypto/camellia/cmll_misc.c index 2cd7aba9bbd..f44689124b4 100644 --- a/lib/libssl/src/crypto/camellia/cmll_misc.c +++ b/lib/libssl/src/crypto/camellia/cmll_misc.c @@ -52,78 +52,28 @@ #include <openssl/opensslv.h> #include <openssl/camellia.h> #include "cmll_locl.h" -#include <openssl/crypto.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT; int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key) -#ifdef OPENSSL_FIPS { - if (FIPS_mode()) - FIPS_BAD_ABORT(CAMELLIA) - return private_Camellia_set_key(userKey, bits, key); - } -int private_Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key) -#endif - { - if (!userKey || !key) - { + if(!userKey || !key) return -1; - } - - switch(bits) - { - case 128: - camellia_setup128(userKey, (unsigned int *)key->rd_key); - key->enc = camellia_encrypt128; - key->dec = camellia_decrypt128; - break; - case 192: - camellia_setup192(userKey, (unsigned int *)key->rd_key); - key->enc = camellia_encrypt256; - key->dec = camellia_decrypt256; - break; - case 256: - camellia_setup256(userKey, (unsigned int *)key->rd_key); - key->enc = camellia_encrypt256; - key->dec = camellia_decrypt256; - break; - default: + if(bits != 128 && bits != 192 && bits != 256) return -2; - } - - key->bitLength = bits; + key->grand_rounds = Camellia_Ekeygen(bits , userKey, key->u.rd_key); return 0; } void Camellia_encrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key) { - u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)]; - const union { long one; char little; } camellia_endian = {1}; - - memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) SWAP4WORD(tmp); - key->enc(key->rd_key, tmp); - if (camellia_endian.little) SWAP4WORD(tmp); - memcpy(out, tmp, CAMELLIA_BLOCK_SIZE); + Camellia_EncryptBlock_Rounds(key->grand_rounds, in , key->u.rd_key , out); } void Camellia_decrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key) { - u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)]; - const union { long one; char little; } camellia_endian = {1}; - - memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); - if (camellia_endian.little) SWAP4WORD(tmp); - key->dec(key->rd_key, tmp); - if (camellia_endian.little) SWAP4WORD(tmp); - memcpy(out, tmp, CAMELLIA_BLOCK_SIZE); + Camellia_DecryptBlock_Rounds(key->grand_rounds, in , key->u.rd_key , out); } - diff --git a/lib/libssl/src/crypto/camellia/cmll_ofb.c b/lib/libssl/src/crypto/camellia/cmll_ofb.c index d89cf9f3b32..a482befc747 100644 --- a/lib/libssl/src/crypto/camellia/cmll_ofb.c +++ b/lib/libssl/src/crypto/camellia/cmll_ofb.c @@ -105,37 +105,15 @@ * [including the GNU Public Licence.] */ -#ifndef CAMELLIA_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include <assert.h> #include <openssl/camellia.h> -#include "cmll_locl.h" +#include <openssl/modes.h> /* The input and output encrypted as though 128bit ofb mode is being * used. The extra state information to record how much of the * 128bit block we have used is contained in *num; */ void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const CAMELLIA_KEY *key, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num) { - - unsigned int n; - unsigned long l=length; - - assert(in && out && key && ivec && num); - - n = *num; - - while (l--) { - if (n == 0) { - Camellia_encrypt(ivec, ivec, key); - } - *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % CAMELLIA_BLOCK_SIZE; - } - - *num=n; + CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)Camellia_encrypt); } diff --git a/lib/libssl/src/crypto/cast/Makefile b/lib/libssl/src/crypto/cast/Makefile index 2e026dbe0da..0acc38f28d5 100644 --- a/lib/libssl/src/crypto/cast/Makefile +++ b/lib/libssl/src/crypto/cast/Makefile @@ -38,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@) -# COFF -cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@) -# a.out -cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@) +cast-586.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/cast-586.pl $(PERLASM_SCHEME) $(CLAGS) $(PROCESSOR) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -102,8 +95,5 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h c_ofb64.o: c_ofb64.c cast_lcl.h c_skey.o: ../../e_os.h ../../include/openssl/cast.h -c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h +c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +c_skey.o: c_skey.c cast_lcl.h cast_s.h diff --git a/lib/libssl/src/crypto/cms/Makefile b/lib/libssl/src/crypto/cms/Makefile index 1c137e0cff6..5837049725d 100644 --- a/lib/libssl/src/crypto/cms/Makefile +++ b/lib/libssl/src/crypto/cms/Makefile @@ -37,7 +37,7 @@ test: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -108,6 +108,71 @@ cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h cms_att.o: cms.h cms_att.c cms_lcl.h +cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h +cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h +cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_cd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_cd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_cd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +cms_cd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +cms_cd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_cd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_cd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +cms_cd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_cd.c cms_lcl.h +cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h +cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_dd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_dd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_dd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_dd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_dd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +cms_dd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_dd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_dd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_dd.o: ../cryptlib.h cms_dd.c cms_lcl.h +cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h +cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_enc.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +cms_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +cms_enc.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_enc.c cms_lcl.h +cms_env.o: ../../e_os.h ../../include/openssl/aes.h +cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h +cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +cms_env.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +cms_env.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +cms_env.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +cms_env.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +cms_env.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +cms_env.o: ../asn1/asn1_locl.h ../cryptlib.h cms_env.c cms_lcl.h cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -121,6 +186,22 @@ cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms_err.o: cms_err.c +cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h +cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h +cms_ess.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +cms_ess.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +cms_ess.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +cms_ess.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +cms_ess.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +cms_ess.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +cms_ess.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cms_ess.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +cms_ess.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_ess.c cms_lcl.h cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -164,7 +245,7 @@ cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c +cms_sd.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_sd.c cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h diff --git a/lib/libssl/src/crypto/cms/cms.h b/lib/libssl/src/crypto/cms/cms.h index 25f88745f23..09c45d0412a 100644 --- a/lib/libssl/src/crypto/cms/cms.h +++ b/lib/libssl/src/crypto/cms/cms.h @@ -76,8 +76,9 @@ typedef struct CMS_Receipt_st CMS_Receipt; DECLARE_STACK_OF(CMS_SignerInfo) DECLARE_STACK_OF(GENERAL_NAMES) -DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo) -DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) #define CMS_SIGNERINFO_ISSUER_SERIAL 0 #define CMS_SIGNERINFO_KEYIDENTIFIER 1 @@ -124,9 +125,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached); DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) #endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); @@ -230,6 +235,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); int CMS_SignedData_init(CMS_ContentInfo *cms); diff --git a/lib/libssl/src/crypto/cms/cms_asn1.c b/lib/libssl/src/crypto/cms/cms_asn1.c index 76649218618..fcba4dcbccf 100644 --- a/lib/libssl/src/crypto/cms/cms_asn1.c +++ b/lib/libssl/src/crypto/cms/cms_asn1.c @@ -87,7 +87,8 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { } ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) /* Minor tweak to operation: free up signer key, cert */ -static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_FREE_POST) { @@ -130,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { @@ -213,7 +214,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { } ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) /* Free up RecipientInfo additional data */ -static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_FREE_PRE) { @@ -300,10 +302,42 @@ ASN1_ADB(CMS_ContentInfo) = { ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); -ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = { +/* CMS streaming support */ +static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) + { + ASN1_STREAM_ARG *sarg = exarg; + CMS_ContentInfo *cms = NULL; + if (pval) + cms = (CMS_ContentInfo *)*pval; + else + return 1; + switch(operation) + { + + case ASN1_OP_STREAM_PRE: + if (CMS_stream(&sarg->boundary, cms) <= 0) + return 0; + case ASN1_OP_DETACHED_PRE: + sarg->ndef_bio = CMS_dataInit(cms, sarg->out); + if (!sarg->ndef_bio) + return 0; + break; + + case ASN1_OP_STREAM_POST: + case ASN1_OP_DETACHED_POST: + if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0) + return 0; + break; + + } + return 1; + } + +ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), ASN1_ADB_OBJECT(CMS_ContentInfo) -} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo) +} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo) /* Specials for signed attributes */ diff --git a/lib/libssl/src/crypto/cms/cms_env.c b/lib/libssl/src/crypto/cms/cms_env.c index d499ae85b40..b3237d4b94e 100644 --- a/lib/libssl/src/crypto/cms/cms_env.c +++ b/lib/libssl/src/crypto/cms/cms_env.c @@ -60,6 +60,7 @@ #include <openssl/rand.h> #include <openssl/aes.h> #include "cms_lcl.h" +#include "asn1_locl.h" /* CMS EnvelopedData Utilities */ @@ -151,7 +152,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, CMS_KeyTransRecipientInfo *ktri; CMS_EnvelopedData *env; EVP_PKEY *pk = NULL; - int type; + int i, type; env = cms_get0_enveloped(cms); if (!env) goto err; @@ -200,21 +201,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) goto err; - /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, - * hard code algorithm parameters. - */ - - if (pk->type == EVP_PKEY_RSA) - { - X509_ALGOR_set0(ktri->keyEncryptionAlgorithm, - OBJ_nid2obj(NID_rsaEncryption), - V_ASN1_NULL, 0); - } - else + if (pk->ameth && pk->ameth->pkey_ctrl) { - CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, + i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE, + 0, ri); + if (i == -2) + { + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - goto err; + goto err; + } + if (i <= 0) + { + CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, + CMS_R_CTRL_FAILURE); + goto err; + } } if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) @@ -301,8 +303,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, { CMS_KeyTransRecipientInfo *ktri; CMS_EncryptedContentInfo *ec; + EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; - int eklen; + size_t eklen; int ret = 0; @@ -315,7 +318,22 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, ktri = ri->d.ktri; ec = cms->d.envelopedData->encryptedContentInfo; - eklen = EVP_PKEY_size(ktri->pkey); + pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); + if (!pctx) + return 0; + + if (EVP_PKEY_encrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); + goto err; + } + + if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) + goto err; ek = OPENSSL_malloc(eklen); @@ -326,9 +344,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, goto err; } - eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey); - - if (eklen <= 0) + if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) goto err; ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); @@ -337,6 +353,8 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, ret = 1; err: + if (pctx) + EVP_PKEY_CTX_free(pctx); if (ek) OPENSSL_free(ek); return ret; @@ -349,8 +367,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) { CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; + EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; - int eklen; + size_t eklen; int ret = 0; if (ktri->pkey == NULL) @@ -360,7 +379,24 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, return 0; } - eklen = EVP_PKEY_size(ktri->pkey); + pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); + if (!pctx) + return 0; + + if (EVP_PKEY_decrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, + EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) + { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); + goto err; + } + + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, + ktri->encryptedKey->data, + ktri->encryptedKey->length) <= 0) + goto err; ek = OPENSSL_malloc(eklen); @@ -371,10 +407,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, goto err; } - eklen = EVP_PKEY_decrypt(ek, + if (EVP_PKEY_decrypt(pctx, ek, &eklen, ktri->encryptedKey->data, - ktri->encryptedKey->length, ktri->pkey); - if (eklen <= 0) + ktri->encryptedKey->length) <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); goto err; @@ -386,6 +421,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, cms->d.envelopedData->encryptedContentInfo->keylen = eklen; err: + if (pctx) + EVP_PKEY_CTX_free(pctx); if (!ret && ek) OPENSSL_free(ek); diff --git a/lib/libssl/src/crypto/cms/cms_err.c b/lib/libssl/src/crypto/cms/cms_err.c index 52fa53954f3..ff7b0309e51 100644 --- a/lib/libssl/src/crypto/cms/cms_err.c +++ b/lib/libssl/src/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* crypto/cms/cms_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -133,7 +133,7 @@ static ERR_STRING_DATA CMS_str_functs[]= {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, -{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"}, +{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"}, {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, {0,NULL} diff --git a/lib/libssl/src/crypto/cms/cms_ess.c b/lib/libssl/src/crypto/cms/cms_ess.c index ed34ff32282..90c0b82fb56 100644 --- a/lib/libssl/src/crypto/cms/cms_ess.c +++ b/lib/libssl/src/crypto/cms/cms_ess.c @@ -63,7 +63,7 @@ DECLARE_ASN1_ITEM(CMS_ReceiptRequest) DECLARE_ASN1_ITEM(CMS_Receipt) -IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) +IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) /* ESS services: for now just Signed Receipt related */ @@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(osi, &rr)) + if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); goto err; @@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(si, &rr)) + if (CMS_get1_ReceiptRequest(si, &rr) <= 0) { CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); goto err; diff --git a/lib/libssl/src/crypto/cms/cms_io.c b/lib/libssl/src/crypto/cms/cms_io.c index 30f5ddfe6d2..1cb0264cc53 100644 --- a/lib/libssl/src/crypto/cms/cms_io.c +++ b/lib/libssl/src/crypto/cms/cms_io.c @@ -58,6 +58,25 @@ #include "cms.h" #include "cms_lcl.h" +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) + { + ASN1_OCTET_STRING **pos; + pos = CMS_get0_content(cms); + if (!pos) + return 0; + if (!*pos) + *pos = ASN1_OCTET_STRING_new(); + if (*pos) + { + (*pos)->flags |= ASN1_STRING_FLAG_NDEF; + (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; + *boundary = &(*pos)->data; + return 1; + } + CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE); + return 0; + } + CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) { return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); @@ -70,52 +89,26 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) -/* Callback for int_smime_write_ASN1 */ - -static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it) +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) { - CMS_ContentInfo *cms = (CMS_ContentInfo *)val; - BIO *tmpbio, *cmsbio; - int r = 0; - - if (!(flags & SMIME_DETACHED)) - { - SMIME_crlf_copy(data, out, flags); - return 1; - } - - /* Let CMS code prepend any needed BIOs */ - - cmsbio = CMS_dataInit(cms, out); - - if (!cmsbio) - return 0; - - /* Copy data across, passing through filter BIOs for processing */ - SMIME_crlf_copy(data, cmsbio, flags); - - /* Finalize structure */ - if (CMS_dataFinal(cms, cmsbio) <= 0) - goto err; - - r = 1; - - err: - - /* Now remove any digests prepended to the BIO */ - - while (cmsbio != out) - { - tmpbio = BIO_pop(cmsbio); - BIO_free(cmsbio); - cmsbio = tmpbio; - } + return BIO_new_NDEF(out, (ASN1_VALUE *)cms, + ASN1_ITEM_rptr(CMS_ContentInfo)); + } - return 1; +/* CMS wrappers round generalised stream and MIME routines */ +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) + { + return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags, + ASN1_ITEM_rptr(CMS_ContentInfo)); } +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) + { + return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags, + "CMS", + ASN1_ITEM_rptr(CMS_ContentInfo)); + } int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) { @@ -127,9 +120,8 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) else mdalgs = NULL; - return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, + return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid, econt_nid, mdalgs, - cms_output_data, ASN1_ITEM_rptr(CMS_ContentInfo)); } @@ -138,3 +130,4 @@ CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(CMS_ContentInfo)); } + diff --git a/lib/libssl/src/crypto/cms/cms_lcl.h b/lib/libssl/src/crypto/cms/cms_lcl.h index 7d60fac67eb..c8ecfa724a4 100644 --- a/lib/libssl/src/crypto/cms/cms_lcl.h +++ b/lib/libssl/src/crypto/cms/cms_lcl.h @@ -406,6 +406,7 @@ struct CMS_Receipt_st ASN1_OCTET_STRING *originatorSignatureValue; }; +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_ITEM(CMS_SignerInfo) DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) DECLARE_ASN1_ITEM(CMS_Attributes_Sign) diff --git a/lib/libssl/src/crypto/cms/cms_lib.c b/lib/libssl/src/crypto/cms/cms_lib.c index 8e6c1d29a52..d00fe0f87b3 100644 --- a/lib/libssl/src/crypto/cms/cms_lib.c +++ b/lib/libssl/src/crypto/cms/cms_lib.c @@ -60,7 +60,8 @@ #include "cms.h" #include "cms_lcl.h" -IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo) +IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) +IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) DECLARE_ASN1_ITEM(CMS_CertificateChoices) DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) @@ -346,20 +347,10 @@ void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) { int param_type; - switch (EVP_MD_type(md)) - { - case NID_sha1: - case NID_sha224: - case NID_sha256: - case NID_sha384: - case NID_sha512: + if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) param_type = V_ASN1_UNDEF; - break; - - default: + else param_type = V_ASN1_NULL; - break; - } X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); @@ -415,7 +406,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, return 0; } BIO_get_md_ctx(chain, &mtmp); - if (EVP_MD_CTX_type(mtmp) == nid) + if (EVP_MD_CTX_type(mtmp) == nid + /* Workaround for broken implementations that use signature + * algorithm OID instead of digest. + */ + || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) { EVP_MD_CTX_copy_ex(mctx, mtmp); return 1; @@ -557,6 +552,15 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) return 1; } +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) + { + int r; + r = CMS_add0_crl(cms, crl); + if (r > 0) + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + return r; + } + STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) { STACK_OF(X509) *certs = NULL; diff --git a/lib/libssl/src/crypto/cms/cms_sd.c b/lib/libssl/src/crypto/cms/cms_sd.c index cdac3b870dd..e3192b9c574 100644 --- a/lib/libssl/src/crypto/cms/cms_sd.c +++ b/lib/libssl/src/crypto/cms/cms_sd.c @@ -58,6 +58,7 @@ #include <openssl/err.h> #include <openssl/cms.h> #include "cms_lcl.h" +#include "asn1_locl.h" /* CMS SignedData Utilities */ @@ -218,10 +219,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, X509_get_issuer_name(cert))) goto merr; - ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); - sid->d.issuerAndSerialNumber->serialNumber = - ASN1_STRING_dup(X509_get_serialNumber(cert)); - if(!sid->d.issuerAndSerialNumber->serialNumber) + if (!ASN1_STRING_copy( + sid->d.issuerAndSerialNumber->serialNumber, + X509_get_serialNumber(cert))) goto merr; break; @@ -341,16 +341,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (!cms_set1_SignerIdentifier(si->sid, signer, type)) goto err; - /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */ if (md == NULL) - md = EVP_sha1(); - - /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */ + { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) + goto err; + md = EVP_get_digestbynid(def_nid); + if (md == NULL) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); + goto err; + } + } - if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) + if (!md) { - CMSerr(CMS_F_CMS_ADD1_SIGNER, - CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); goto err; } @@ -379,37 +385,21 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } } - /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, - * hard code algorithm parameters. - */ - - switch (pk->type) + if (pk->ameth && pk->ameth->pkey_ctrl) { - - case EVP_PKEY_RSA: - X509_ALGOR_set0(si->signatureAlgorithm, - OBJ_nid2obj(NID_rsaEncryption), - V_ASN1_NULL, 0); - break; - - case EVP_PKEY_DSA: - X509_ALGOR_set0(si->signatureAlgorithm, - OBJ_nid2obj(NID_dsaWithSHA1), - V_ASN1_UNDEF, 0); - break; - - - case EVP_PKEY_EC: - X509_ALGOR_set0(si->signatureAlgorithm, - OBJ_nid2obj(NID_ecdsa_with_SHA1), - V_ASN1_UNDEF, 0); - break; - - default: - CMSerr(CMS_F_CMS_ADD1_SIGNER, + i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN, + 0, si); + if (i == -2) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - goto err; - + goto err; + } + if (i <= 0) + { + CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE); + goto err; + } } if (!(flags & CMS_NOATTR)) @@ -626,25 +616,6 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, *psig = si->signatureAlgorithm; } -/* In OpenSSL 0.9.8 we have the link between digest types and public - * key types so we need to fixup the digest type if the public key - * type is not appropriate. - */ - -static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey) - { - if (EVP_MD_CTX_type(mctx) != NID_sha1) - return; -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - mctx->digest = EVP_dss1(); -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - mctx->digest = EVP_ecdsa(); -#endif - } - static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain) { @@ -693,7 +664,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, ERR_R_MALLOC_FAILURE); goto err; } - cms_fixup_mctx(&mctx, si->pkey); if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, @@ -731,9 +701,10 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) int CMS_SignerInfo_sign(CMS_SignerInfo *si) { EVP_MD_CTX mctx; + EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; - unsigned int siglen; + size_t siglen; const EVP_MD *md = NULL; md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); @@ -748,40 +719,38 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) goto err; } - if (EVP_SignInit_ex(&mctx, md, NULL) <= 0) + if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; -#if 0 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; } -#endif alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, ASN1_ITEM_rptr(CMS_Attributes_Sign)); if(!abuf) goto err; - if (EVP_SignUpdate(&mctx, abuf, alen) <= 0) + if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) + goto err; + if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) goto err; - siglen = EVP_PKEY_size(si->pkey); OPENSSL_free(abuf); abuf = OPENSSL_malloc(siglen); if(!abuf) goto err; - cms_fixup_mctx(&mctx, si->pkey); - if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0) + if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) goto err; -#if 0 + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; } -#endif + EVP_MD_CTX_cleanup(&mctx); ASN1_STRING_set0(si->signature, abuf, siglen); @@ -799,6 +768,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) int CMS_SignerInfo_verify(CMS_SignerInfo *si) { EVP_MD_CTX mctx; + EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen, r = -1; const EVP_MD *md = NULL; @@ -813,23 +783,22 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) if (md == NULL) return -1; EVP_MD_CTX_init(&mctx); - if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0) + if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, ASN1_ITEM_rptr(CMS_Attributes_Verify)); if(!abuf) goto err; - r = EVP_VerifyUpdate(&mctx, abuf, alen); + r = EVP_DigestVerifyUpdate(&mctx, abuf, alen); OPENSSL_free(abuf); if (r <= 0) { r = -1; goto err; } - cms_fixup_mctx(&mctx, si->pkey); - r = EVP_VerifyFinal(&mctx, - si->signature->data, si->signature->length, si->pkey); + r = EVP_DigestVerifyFinal(&mctx, + si->signature->data, si->signature->length); if (r <= 0) CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); err: @@ -922,7 +891,6 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else { - cms_fixup_mctx(&mctx, si->pkey); r = EVP_VerifyFinal(&mctx, si->signature->data, si->signature->length, si->pkey); if (r <= 0) @@ -991,17 +959,19 @@ static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) return CMS_add_simple_smimecap(sk, nid, arg); return 1; } -#if 0 + static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) { if (EVP_get_digestbynid(nid)) return CMS_add_simple_smimecap(sk, nid, arg); return 1; } -#endif + int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) { if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) + || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) + || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) diff --git a/lib/libssl/src/crypto/comp/Makefile b/lib/libssl/src/crypto/comp/Makefile index 5d364b85133..efda832dce4 100644 --- a/lib/libssl/src/crypto/comp/Makefile +++ b/lib/libssl/src/crypto/comp/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libssl/src/crypto/conf/Makefile b/lib/libssl/src/crypto/conf/Makefile index ccd07213326..78bb3241065 100644 --- a/lib/libssl/src/crypto/conf/Makefile +++ b/lib/libssl/src/crypto/conf/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -114,8 +114,8 @@ conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_mall.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +conf_mall.o: ../../include/openssl/objects.h conf_mall.o: ../../include/openssl/opensslconf.h conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -128,9 +128,9 @@ conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_mod.o: ../../include/openssl/opensslconf.h conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -143,9 +143,8 @@ conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_sap.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -conf_sap.o: ../../include/openssl/opensslconf.h +conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libssl/src/crypto/des/Makefile b/lib/libssl/src/crypto/des/Makefile index 786e68802ea..ae982265fde 100644 --- a/lib/libssl/src/crypto/des/Makefile +++ b/lib/libssl/src/crypto/des/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r RANLIB= ranlib DES_ENC= des_enc.o fcrypt_b.o -# or use -#DES_ENC= dx86-elf.o yx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -24,7 +22,7 @@ TEST=destest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ +LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \ fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c \ qud_cksm.c rand_key.c rpc_enc.c set_key.c \ @@ -33,7 +31,7 @@ LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \ read2pwd.c -LIBOBJ= des_lib.o set_key.o ecb_enc.o cbc_enc.o \ +LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ enc_read.o enc_writ.o ofb64enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ @@ -54,7 +52,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -64,21 +62,10 @@ des: des.o cbc3_enc.o lib des_enc-sparc.S: asm/des_enc.m4 m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S -# ELF -dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@) -yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@) -# COFF -dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@) -yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@) -# a.out -dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@) -yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@) +des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ +crypt586.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -156,14 +143,7 @@ des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -des_enc.o: des_enc.c des_locl.h ncbc_enc.c -des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -des_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -des_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_lib.o: ../../include/openssl/ui_compat.h des_lib.c des_locl.h des_ver.h +des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h @@ -182,12 +162,13 @@ ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ecb3_enc.o: des_locl.h ecb3_enc.c +ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ecb_enc.o: des_locl.h ecb_enc.c spr.h +ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ede_cbcm_enc.o: ../../include/openssl/e_os2.h ede_cbcm_enc.o: ../../include/openssl/opensslconf.h @@ -277,11 +258,11 @@ rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h -set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c +set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +set_key.o: des_locl.h set_key.c str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/lib/libssl/src/crypto/des/asm/des_enc.m4 b/lib/libssl/src/crypto/des/asm/des_enc.m4 index f59333a0308..32805954782 100644 --- a/lib/libssl/src/crypto/des/asm/des_enc.m4 +++ b/lib/libssl/src/crypto/des/asm/des_enc.m4 @@ -1954,9 +1954,11 @@ DES_ede3_cbc_encrypt: .word LOOPS ! 280 .word 0x0000FC00 ! 284 - .type .PIC.DES_SPtrans,#object - .size .PIC.DES_SPtrans,2048 + .global DES_SPtrans + .type DES_SPtrans,#object + .size DES_SPtrans,2048 .align 64 +DES_SPtrans: .PIC.DES_SPtrans: ! nibble 0 .word 0x02080800, 0x00080000, 0x02000002, 0x02080802 diff --git a/lib/libssl/src/crypto/dh/dh_ameth.c b/lib/libssl/src/crypto/dh/dh_ameth.c new file mode 100644 index 00000000000..377caf96c93 --- /dev/null +++ b/lib/libssl/src/crypto/dh/dh_ameth.c @@ -0,0 +1,500 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/asn1.h> +#include <openssl/dh.h> +#include <openssl/bn.h> +#include "asn1_locl.h" + +static void int_dh_free(EVP_PKEY *pkey) + { + DH_free(pkey->pkey.dh); + } + +static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DH *dh = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ + if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DH(pkey, dh); + return 1; + + err: + if (public_key) + ASN1_INTEGER_free(public_key); + if (dh) + DH_free(dh); + return 0; + + } + +static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + DH *dh; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL; + int penclen; + ASN1_STRING *str; + ASN1_INTEGER *pub_key = NULL; + + dh=pkey->pkey.dh; + + str = ASN1_STRING_new(); + str->length = i2d_DHparams(dh, &str->data); + if (str->length <= 0) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + pval = str; + ptype = V_ASN1_SEQUENCE; + + pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); + if (!pub_key) + goto err; + + penclen = i2d_ASN1_INTEGER(pub_key, &penc); + + ASN1_INTEGER_free(pub_key); + + if (penclen <= 0) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), + ptype, pval, penc, penclen)) + return 1; + + err: + if (penc) + OPENSSL_free(penc); + if (pval) + ASN1_STRING_free(pval); + + return 0; + } + + +/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in + * that the AlgorithmIdentifier contains the paramaters, the private key + * is explcitly included and the pubkey must be recalculated. + */ + +static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + + DH *dh = NULL; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + goto decerr; + + if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) + goto decerr; + + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + goto decerr; + /* We have parameters now set private key */ + if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) + { + DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR); + goto dherr; + } + /* Calculate public key */ + if (!DH_generate_key(dh)) + goto dherr; + + EVP_PKEY_assign_DH(pkey, dh); + + ASN1_INTEGER_free(privkey); + + return 1; + + decerr: + DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); + dherr: + DH_free(dh); + return 0; + } + +static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + params = ASN1_STRING_new(); + + if (!params) + { + DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DHparams(pkey->pkey.dh, ¶ms->data); + if (params->length <= 0) + { + DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); + + if (!prkey) + { + DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) + goto err; + + return 1; + +err: + if (dp != NULL) + OPENSSL_free(dp); + if (params != NULL) + ASN1_STRING_free(params); + if (prkey != NULL) + ASN1_INTEGER_free(prkey); + return 0; +} + + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + +static int dh_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + DH *dh; + if (!(dh = d2i_DHparams(NULL, pder, derlen))) + { + DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); + return 0; + } + EVP_PKEY_assign_DH(pkey, dh); + return 1; + } + +static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_DHparams(pkey->pkey.dh, pder); + } + +static int do_dh_print(BIO *bp, const DH *x, int indent, + ASN1_PCTX *ctx, int ptype) + { + unsigned char *m=NULL; + int reason=ERR_R_BUF_LIB,ret=0; + size_t buf_len=0; + + const char *ktype = NULL; + + BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + update_buflen(x->p, &buf_len); + + if (buf_len == 0) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + update_buflen(x->g, &buf_len); + update_buflen(pub_key, &buf_len); + update_buflen(priv_key, &buf_len); + + if (ptype == 2) + ktype = "PKCS#3 DH Private-Key"; + else if (ptype == 1) + ktype = "PKCS#3 DH Public-Key"; + else + ktype = "PKCS#3 DH Parameters"; + + m= OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + reason=ERR_R_MALLOC_FAILURE; + goto err; + } + + BIO_indent(bp, indent, 128); + if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) + goto err; + indent += 4; + + if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err; + if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err; + + if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err; + if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err; + if (x->length != 0) + { + BIO_indent(bp, indent, 128); + if (BIO_printf(bp,"recommended-private-length: %d bits\n", + (int)x->length) <= 0) goto err; + } + + + ret=1; + if (0) + { +err: + DHerr(DH_F_DO_DH_PRINT,reason); + } + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +static int int_dh_size(const EVP_PKEY *pkey) + { + return(DH_size(pkey->pkey.dh)); + } + +static int dh_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.dh->p); + } + +static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) || + BN_cmp(a->pkey.dh->g,b->pkey.dh->g)) + return 0; + else + return 1; + } + +static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { + BIGNUM *a; + + if ((a=BN_dup(from->pkey.dh->p)) == NULL) + return 0; + if (to->pkey.dh->p != NULL) + BN_free(to->pkey.dh->p); + to->pkey.dh->p=a; + + if ((a=BN_dup(from->pkey.dh->g)) == NULL) + return 0; + if (to->pkey.dh->g != NULL) + BN_free(to->pkey.dh->g); + to->pkey.dh->g=a; + + return 1; + } + +static int dh_missing_parameters(const EVP_PKEY *a) + { + if (!a->pkey.dh->p || !a->pkey.dh->g) + return 1; + return 0; + } + +static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (dh_cmp_parameters(a, b) == 0) + return 0; + if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0) + return 0; + else + return 1; + } + +static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); + } + +static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); + } + +static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); + } + +int DHparams_print(BIO *bp, const DH *x) + { + return do_dh_print(bp, x, 4, NULL, 0); + } + +const EVP_PKEY_ASN1_METHOD dh_asn1_meth = + { + EVP_PKEY_DH, + EVP_PKEY_DH, + 0, + + "DH", + "OpenSSL PKCS#3 DH method", + + dh_pub_decode, + dh_pub_encode, + dh_pub_cmp, + dh_public_print, + + dh_priv_decode, + dh_priv_encode, + dh_private_print, + + int_dh_size, + dh_bits, + + dh_param_decode, + dh_param_encode, + dh_missing_parameters, + dh_copy_parameters, + dh_cmp_parameters, + dh_param_print, + + int_dh_free, + 0 + }; + diff --git a/lib/libssl/src/crypto/dh/dh_pmeth.c b/lib/libssl/src/crypto/dh/dh_pmeth.c new file mode 100644 index 00000000000..5ae72b7d4cc --- /dev/null +++ b/lib/libssl/src/crypto/dh/dh_pmeth.c @@ -0,0 +1,254 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/evp.h> +#include <openssl/dh.h> +#include <openssl/bn.h> +#include "evp_locl.h" + +/* DH pkey context structure */ + +typedef struct + { + /* Parameter gen parameters */ + int prime_len; + int generator; + int use_dsa; + /* Keygen callback info */ + int gentmp[2]; + /* message digest */ + } DH_PKEY_CTX; + +static int pkey_dh_init(EVP_PKEY_CTX *ctx) + { + DH_PKEY_CTX *dctx; + dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); + if (!dctx) + return 0; + dctx->prime_len = 1024; + dctx->generator = 2; + dctx->use_dsa = 0; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; + } + +static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + DH_PKEY_CTX *dctx, *sctx; + if (!pkey_dh_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->prime_len = sctx->prime_len; + dctx->generator = sctx->generator; + dctx->use_dsa = sctx->use_dsa; + return 1; + } + +static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) + { + DH_PKEY_CTX *dctx = ctx->data; + if (dctx) + OPENSSL_free(dctx); + } + +static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + DH_PKEY_CTX *dctx = ctx->data; + switch (type) + { + case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: + if (p1 < 256) + return -2; + dctx->prime_len = p1; + return 1; + + case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: + dctx->generator = p1; + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + return 1; + + default: + return -2; + + } + } + + +static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, "dh_paramgen_prime_len")) + { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); + } + if (!strcmp(type, "dh_paramgen_generator")) + { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); + } + return -2; + } + +static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DH *dh = NULL; + DH_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + if (ctx->pkey_gencb) + { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } + else + pcb = NULL; + dh = DH_new(); + if (!dh) + return 0; + ret = DH_generate_parameters_ex(dh, + dctx->prime_len, dctx->generator, pcb); + if (ret) + EVP_PKEY_assign_DH(pkey, dh); + else + DH_free(dh); + return ret; + } + +static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DH *dh = NULL; + if (ctx->pkey == NULL) + { + DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); + return 0; + } + dh = DH_new(); + if (!dh) + return 0; + EVP_PKEY_assign_DH(pkey, dh); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DH_generate_key(pkey->pkey.dh); + } + +static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) + { + int ret; + if (!ctx->pkey || !ctx->peerkey) + { + DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); + return 0; + } + ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key, + ctx->pkey->pkey.dh); + if (ret < 0) + return ret; + *keylen = ret; + return 1; + } + +const EVP_PKEY_METHOD dh_pkey_meth = + { + EVP_PKEY_DH, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_dh_init, + pkey_dh_copy, + pkey_dh_cleanup, + + 0, + pkey_dh_paramgen, + + 0, + pkey_dh_keygen, + + 0, + 0, + + 0, + 0, + + 0,0, + + 0,0,0,0, + + 0,0, + + 0,0, + + 0, + pkey_dh_derive, + + pkey_dh_ctrl, + pkey_dh_ctrl_str + + }; diff --git a/lib/libssl/src/crypto/dh/dh_prn.c b/lib/libssl/src/crypto/dh/dh_prn.c new file mode 100644 index 00000000000..ae58c2ac873 --- /dev/null +++ b/lib/libssl/src/crypto/dh/dh_prn.c @@ -0,0 +1,80 @@ +/* crypto/asn1/t_pkey.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/dh.h> + +#ifndef OPENSSL_NO_FP_API +int DHparams_print_fp(FILE *fp, const DH *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DHparams_print(b, x); + BIO_free(b); + return(ret); + } +#endif diff --git a/lib/libssl/src/crypto/dsa/dsa_ameth.c b/lib/libssl/src/crypto/dsa/dsa_ameth.c new file mode 100644 index 00000000000..6413aae46e2 --- /dev/null +++ b/lib/libssl/src/crypto/dsa/dsa_ameth.c @@ -0,0 +1,657 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/asn1.h> +#include <openssl/dsa.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_CMS +#include <openssl/cms.h> +#endif +#include "asn1_locl.h" + +static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DSA *dsa = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + + if (ptype == V_ASN1_SEQUENCE) + { + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) + { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); + goto err; + } + + } + else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) + { + if (!(dsa = DSA_new())) + { + DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); + goto err; + } + } + else + { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) + { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); + goto err; + } + + if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) + { + DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + + err: + if (public_key) + ASN1_INTEGER_free(public_key); + if (dsa) + DSA_free(dsa); + return 0; + + } + +static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + DSA *dsa; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL; + int penclen; + + dsa=pkey->pkey.dsa; + if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) + { + ASN1_STRING *str; + str = ASN1_STRING_new(); + str->length = i2d_DSAparams(dsa, &str->data); + if (str->length <= 0) + { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + pval = str; + ptype = V_ASN1_SEQUENCE; + } + else + ptype = V_ASN1_UNDEF; + + dsa->write_params=0; + + penclen = i2d_DSAPublicKey(dsa, &penc); + + if (penclen <= 0) + { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), + ptype, pval, penc, penclen)) + return 1; + + err: + if (penc) + OPENSSL_free(penc); + if (pval) + ASN1_STRING_free(pval); + + return 0; + } + +/* In PKCS#8 DSA: you just get a private key integer and parameters in the + * AlgorithmIdentifier the pubkey must be recalculated. + */ + +static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + BN_CTX *ctx = NULL; + + STACK_OF(ASN1_TYPE) *ndsa = NULL; + DSA *dsa = NULL; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + /* Check for broken DSA PKCS#8, UGH! */ + if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) + { + ASN1_TYPE *t1, *t2; + if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) + goto decerr; + if (sk_ASN1_TYPE_num(ndsa) != 2) + goto decerr; + /* Handle Two broken types: + * SEQUENCE {parameters, priv_key} + * SEQUENCE {pub_key, priv_key} + */ + + t1 = sk_ASN1_TYPE_value(ndsa, 0); + t2 = sk_ASN1_TYPE_value(ndsa, 1); + if (t1->type == V_ASN1_SEQUENCE) + { + p8->broken = PKCS8_EMBEDDED_PARAM; + pval = t1->value.ptr; + } + else if (ptype == V_ASN1_SEQUENCE) + p8->broken = PKCS8_NS_DB; + else + goto decerr; + + if (t2->type != V_ASN1_INTEGER) + goto decerr; + + privkey = t2->value.integer; + } + else + { + const unsigned char *q = p; + if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) + goto decerr; + if (privkey->type == V_ASN1_NEG_INTEGER) + { + p8->broken = PKCS8_NEG_PRIVKEY; + ASN1_INTEGER_free(privkey); + if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) + goto decerr; + } + if (ptype != V_ASN1_SEQUENCE) + goto decerr; + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) + goto decerr; + /* We have parameters now set private key */ + if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) + { + DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); + goto dsaerr; + } + /* Calculate public key */ + if (!(dsa->pub_key = BN_new())) + { + DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + if (!(ctx = BN_CTX_new())) + { + DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + + if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) + { + DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); + goto dsaerr; + } + + EVP_PKEY_assign_DSA(pkey, dsa); + BN_CTX_free (ctx); + if(ndsa) + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + else + ASN1_INTEGER_free(privkey); + + return 1; + + decerr: + DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); + dsaerr: + BN_CTX_free (ctx); + if (privkey) + ASN1_INTEGER_free(privkey); + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + DSA_free(dsa); + return 0; + } + +static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + params = ASN1_STRING_new(); + + if (!params) + { + DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); + if (params->length <= 0) + { + DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); + + if (!prkey) + { + DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) + goto err; + + return 1; + +err: + if (dp != NULL) + OPENSSL_free(dp); + if (params != NULL) + ASN1_STRING_free(params); + if (prkey != NULL) + ASN1_INTEGER_free(prkey); + return 0; +} + +static int int_dsa_size(const EVP_PKEY *pkey) + { + return(DSA_size(pkey->pkey.dsa)); + } + +static int dsa_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.dsa->p); + } + +static int dsa_missing_parameters(const EVP_PKEY *pkey) + { + DSA *dsa; + dsa=pkey->pkey.dsa; + if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + return 1; + return 0; + } + +static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { + BIGNUM *a; + + if ((a=BN_dup(from->pkey.dsa->p)) == NULL) + return 0; + if (to->pkey.dsa->p != NULL) + BN_free(to->pkey.dsa->p); + to->pkey.dsa->p=a; + + if ((a=BN_dup(from->pkey.dsa->q)) == NULL) + return 0; + if (to->pkey.dsa->q != NULL) + BN_free(to->pkey.dsa->q); + to->pkey.dsa->q=a; + + if ((a=BN_dup(from->pkey.dsa->g)) == NULL) + return 0; + if (to->pkey.dsa->g != NULL) + BN_free(to->pkey.dsa->g); + to->pkey.dsa->g=a; + return 1; + } + +static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || + BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || + BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) + return 0; + else + return 1; + } + +static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) + return 0; + else + return 1; + } + +static void int_dsa_free(EVP_PKEY *pkey) + { + DSA_free(pkey->pkey.dsa); + } + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + +static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) + { + unsigned char *m=NULL; + int ret=0; + size_t buf_len=0; + const char *ktype = NULL; + + const BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + if (ptype == 2) + ktype = "Private-Key"; + else if (ptype == 1) + ktype = "Public-Key"; + else + ktype = "DSA-Parameters"; + + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->g, &buf_len); + update_buflen(priv_key, &buf_len); + update_buflen(pub_key, &buf_len); + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (priv_key) + { + if(!BIO_indent(bp,off,128)) + goto err; + if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p)) + <= 0) goto err; + } + + if (!ASN1_bn_print(bp,"priv:",priv_key,m,off)) + goto err; + if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off)) + goto err; + if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err; + if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err; + if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err; + ret=1; +err: + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +static int dsa_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + DSA *dsa; + if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) + { + DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + } + +static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_DSAparams(pkey->pkey.dsa, pder); + } + +static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); + } + +static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); + } + + +static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); + } + +static int old_dsa_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + DSA *dsa; + if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) + { + DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + } + +static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); + } + +static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + switch (op) + { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) + { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 2; + + default: + return -2; + + } + + } + +/* NB these are sorted in pkey_id order, lowest first */ + +const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = + { + + { + EVP_PKEY_DSA2, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS + }, + + { + EVP_PKEY_DSA1, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS + }, + + { + EVP_PKEY_DSA4, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS + }, + + { + EVP_PKEY_DSA3, + EVP_PKEY_DSA, + ASN1_PKEY_ALIAS + }, + + { + EVP_PKEY_DSA, + EVP_PKEY_DSA, + 0, + + "DSA", + "OpenSSL DSA method", + + dsa_pub_decode, + dsa_pub_encode, + dsa_pub_cmp, + dsa_pub_print, + + dsa_priv_decode, + dsa_priv_encode, + dsa_priv_print, + + int_dsa_size, + dsa_bits, + + dsa_param_decode, + dsa_param_encode, + dsa_missing_parameters, + dsa_copy_parameters, + dsa_cmp_parameters, + dsa_param_print, + + int_dsa_free, + dsa_pkey_ctrl, + old_dsa_priv_decode, + old_dsa_priv_encode + } + }; + diff --git a/lib/libssl/src/crypto/dsa/dsa_locl.h b/lib/libssl/src/crypto/dsa/dsa_locl.h new file mode 100644 index 00000000000..2b8cfee3dbd --- /dev/null +++ b/lib/libssl/src/crypto/dsa/dsa_locl.h @@ -0,0 +1,59 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/dsa.h> + +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); diff --git a/lib/libssl/src/crypto/dsa/dsa_pmeth.c b/lib/libssl/src/crypto/dsa/dsa_pmeth.c new file mode 100644 index 00000000000..4ce91e20c64 --- /dev/null +++ b/lib/libssl/src/crypto/dsa/dsa_pmeth.c @@ -0,0 +1,315 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/evp.h> +#include <openssl/bn.h> +#include "evp_locl.h" +#include "dsa_locl.h" + +/* DSA pkey context structure */ + +typedef struct + { + /* Parameter gen parameters */ + int nbits; /* size of p in bits (default: 1024) */ + int qbits; /* size of q in bits (default: 160) */ + const EVP_MD *pmd; /* MD for parameter generation */ + /* Keygen callback info */ + int gentmp[2]; + /* message digest */ + const EVP_MD *md; /* MD for the signature */ + } DSA_PKEY_CTX; + +static int pkey_dsa_init(EVP_PKEY_CTX *ctx) + { + DSA_PKEY_CTX *dctx; + dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX)); + if (!dctx) + return 0; + dctx->nbits = 1024; + dctx->qbits = 160; + dctx->pmd = NULL; + dctx->md = NULL; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; + } + +static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + DSA_PKEY_CTX *dctx, *sctx; + if (!pkey_dsa_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->nbits = sctx->nbits; + dctx->qbits = sctx->qbits; + dctx->pmd = sctx->pmd; + dctx->md = sctx->md; + return 1; + } + +static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) + { + DSA_PKEY_CTX *dctx = ctx->data; + if (dctx) + OPENSSL_free(dctx); + } + +static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret, type; + unsigned int sltmp; + DSA_PKEY_CTX *dctx = ctx->data; + DSA *dsa = ctx->pkey->pkey.dsa; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); + + if (ret <= 0) + return ret; + *siglen = sltmp; + return 1; + } + +static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret, type; + DSA_PKEY_CTX *dctx = ctx->data; + DSA *dsa = ctx->pkey->pkey.dsa; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); + + return ret; + } + +static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + DSA_PKEY_CTX *dctx = ctx->data; + switch (type) + { + case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: + if (p1 < 256) + return -2; + dctx->nbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + if (p1 != 160 && p1 != 224 && p1 && p1 != 256) + return -2; + dctx->qbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) + { + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256) + { + DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + DSAerr(DSA_F_PKEY_DSA_CTRL, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + default: + return -2; + + } + } + +static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, "dsa_paramgen_bits")) + { + int nbits; + nbits = atoi(value); + return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); + } + if (!strcmp(type, "dsa_paramgen_q_bits")) + { + int qbits = atoi(value); + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); + } + if (!strcmp(type, "dsa_paramgen_md")) + { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, + (void *)EVP_get_digestbyname(value)); + } + return -2; + } + +static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DSA *dsa = NULL; + DSA_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + if (ctx->pkey_gencb) + { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } + else + pcb = NULL; + dsa = DSA_new(); + if (!dsa) + return 0; + ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + NULL, 0, NULL, NULL, pcb); + if (ret) + EVP_PKEY_assign_DSA(pkey, dsa); + else + DSA_free(dsa); + return ret; + } + +static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DSA *dsa = NULL; + if (ctx->pkey == NULL) + { + DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); + return 0; + } + dsa = DSA_new(); + if (!dsa) + return 0; + EVP_PKEY_assign_DSA(pkey, dsa); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DSA_generate_key(pkey->pkey.dsa); + } + +const EVP_PKEY_METHOD dsa_pkey_meth = + { + EVP_PKEY_DSA, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_dsa_init, + pkey_dsa_copy, + pkey_dsa_cleanup, + + 0, + pkey_dsa_paramgen, + + 0, + pkey_dsa_keygen, + + 0, + pkey_dsa_sign, + + 0, + pkey_dsa_verify, + + 0,0, + + 0,0,0,0, + + 0,0, + + 0,0, + + 0,0, + + pkey_dsa_ctrl, + pkey_dsa_ctrl_str + + + }; diff --git a/lib/libssl/src/crypto/dsa/dsa_prn.c b/lib/libssl/src/crypto/dsa/dsa_prn.c new file mode 100644 index 00000000000..6f29f5e2409 --- /dev/null +++ b/lib/libssl/src/crypto/dsa/dsa_prn.c @@ -0,0 +1,121 @@ +/* crypto/dsa/dsa_prn.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/dsa.h> + +#ifndef OPENSSL_NO_FP_API +int DSA_print_fp(FILE *fp, const DSA *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DSA_print(b,x,off); + BIO_free(b); + return(ret); + } + +int DSAparams_print_fp(FILE *fp, const DSA *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DSAparams_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +int DSA_print(BIO *bp, const DSA *x, int off) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; + } + +int DSAparams_print(BIO *bp, const DSA *x) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + return 0; + ret = EVP_PKEY_print_params(bp, pk, 4, NULL); + EVP_PKEY_free(pk); + return ret; + } + diff --git a/lib/libssl/src/crypto/dso/Makefile b/lib/libssl/src/crypto/dso/Makefile index 52f152888c4..fb2709ed63a 100644 --- a/lib/libssl/src/crypto/dso/Makefile +++ b/lib/libssl/src/crypto/dso/Makefile @@ -18,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \ - dso_openssl.c dso_win32.c dso_vms.c + dso_openssl.c dso_win32.c dso_vms.c dso_beos.c LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \ - dso_openssl.o dso_win32.o dso_vms.o + dso_openssl.o dso_win32.o dso_vms.o dso_beos.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -76,6 +76,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dso_beos.o: ../../e_os.h ../../include/openssl/bio.h +dso_beos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dso_beos.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +dso_beos.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dso_beos.o: ../../include/openssl/opensslconf.h +dso_beos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dso_beos.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dso_beos.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_beos.c dso_dl.o: ../../e_os.h ../../include/openssl/bio.h dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h diff --git a/lib/libssl/src/crypto/dso/dso_beos.c b/lib/libssl/src/crypto/dso/dso_beos.c new file mode 100644 index 00000000000..553966e6993 --- /dev/null +++ b/lib/libssl/src/crypto/dso/dso_beos.c @@ -0,0 +1,270 @@ +/* dso_beos.c */ +/* Written by Marcin Konicki (ahwayakchih@neoni.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <string.h> +#include "cryptlib.h" +#include <openssl/dso.h> + +#if !defined(OPENSSL_SYS_BEOS) +DSO_METHOD *DSO_METHOD_beos(void) + { + return NULL; + } +#else + +#include <kernel/image.h> + +static int beos_load(DSO *dso); +static int beos_unload(DSO *dso); +static void *beos_bind_var(DSO *dso, const char *symname); +static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname); +#if 0 +static int beos_unbind_var(DSO *dso, char *symname, void *symptr); +static int beos_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); +static int beos_init(DSO *dso); +static int beos_finish(DSO *dso); +static long beos_ctrl(DSO *dso, int cmd, long larg, void *parg); +#endif +static char *beos_name_converter(DSO *dso, const char *filename); + +static DSO_METHOD dso_meth_beos = { + "OpenSSL 'beos' shared library method", + beos_load, + beos_unload, + beos_bind_var, + beos_bind_func, +/* For now, "unbind" doesn't exist */ +#if 0 + NULL, /* unbind_var */ + NULL, /* unbind_func */ +#endif + NULL, /* ctrl */ + beos_name_converter, + NULL, /* init */ + NULL /* finish */ + }; + +DSO_METHOD *DSO_METHOD_beos(void) + { + return(&dso_meth_beos); + } + +/* For this DSO_METHOD, our meth_data STACK will contain; + * (i) a pointer to the handle (image_id) returned from + * load_add_on(). + */ + +static int beos_load(DSO *dso) + { + image_id id; + /* See applicable comments from dso_dl.c */ + char *filename = DSO_convert_filename(dso, NULL); + + if(filename == NULL) + { + DSOerr(DSO_F_BEOS_LOAD,DSO_R_NO_FILENAME); + goto err; + } + id = load_add_on(filename); + if(id < 1) + { + DSOerr(DSO_F_BEOS_LOAD,DSO_R_LOAD_FAILED); + ERR_add_error_data(3, "filename(", filename, ")"); + goto err; + } + if(!sk_push(dso->meth_data, (char *)id)) + { + DSOerr(DSO_F_BEOS_LOAD,DSO_R_STACK_ERROR); + goto err; + } + /* Success */ + dso->loaded_filename = filename; + return(1); +err: + /* Cleanup !*/ + if(filename != NULL) + OPENSSL_free(filename); + if(id > 0) + unload_add_on(id); + return(0); + } + +static int beos_unload(DSO *dso) + { + image_id id; + if(dso == NULL) + { + DSOerr(DSO_F_BEOS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + if(sk_num(dso->meth_data) < 1) + return(1); + id = (image_id)sk_pop(dso->meth_data); + if(id < 1) + { + DSOerr(DSO_F_BEOS_UNLOAD,DSO_R_NULL_HANDLE); + return(0); + } + if(unload_add_on(id) != B_OK) + { + DSOerr(DSO_F_BEOS_UNLOAD,DSO_R_UNLOAD_FAILED); + /* We should push the value back onto the stack in + * case of a retry. */ + sk_push(dso->meth_data, (char *)id); + return(0); + } + return(1); + } + +static void *beos_bind_var(DSO *dso, const char *symname) + { + image_id id; + void *sym; + + if((dso == NULL) || (symname == NULL)) + { + DSOerr(DSO_F_BEOS_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + if(sk_num(dso->meth_data) < 1) + { + DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_STACK_ERROR); + return(NULL); + } + id = (image_id)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + if(id < 1) + { + DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_NULL_HANDLE); + return(NULL); + } + if(get_image_symbol(id, symname, B_SYMBOL_TYPE_DATA, &sym) != B_OK) + { + DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_SYM_FAILURE); + ERR_add_error_data(3, "symname(", symname, ")"); + return(NULL); + } + return(sym); + } + +static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname) + { + image_id id; + void *sym; + + if((dso == NULL) || (symname == NULL)) + { + DSOerr(DSO_F_BEOS_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + if(sk_num(dso->meth_data) < 1) + { + DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_STACK_ERROR); + return(NULL); + } + id = (image_id)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + if(id < 1) + { + DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_NULL_HANDLE); + return(NULL); + } + if(get_image_symbol(id, symname, B_SYMBOL_TYPE_TEXT, &sym) != B_OK) + { + DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_SYM_FAILURE); + ERR_add_error_data(3, "symname(", symname, ")"); + return(NULL); + } + return((DSO_FUNC_TYPE)sym); + } + +/* This one is the same as the one in dlfcn */ +static char *beos_name_converter(DSO *dso, const char *filename) + { + char *translated; + int len, rsize, transform; + + len = strlen(filename); + rsize = len + 1; + transform = (strstr(filename, "/") == NULL); + if(transform) + { + /* We will convert this to "%s.so" or "lib%s.so" */ + rsize += 3; /* The length of ".so" */ + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + rsize += 3; /* The length of "lib" */ + } + translated = OPENSSL_malloc(rsize); + if(translated == NULL) + { + DSOerr(DSO_F_BEOS_NAME_CONVERTER, + DSO_R_NAME_TRANSLATION_FAILED); + return(NULL); + } + if(transform) + { + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + sprintf(translated, "lib%s.so", filename); + else + sprintf(translated, "%s.so", filename); + } + else + sprintf(translated, "%s", filename); + return(translated); + } + +#endif diff --git a/lib/libssl/src/crypto/ec/Makefile b/lib/libssl/src/crypto/ec/Makefile index b5bbc9faa1a..db380ed16f8 100644 --- a/lib/libssl/src/crypto/ec/Makefile +++ b/lib/libssl/src/crypto/ec/Makefile @@ -19,11 +19,11 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\ ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\ - ec2_smpl.c ec2_smpt.c ec2_mult.c + ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\ ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\ - ec2_smpl.o ec2_mult.o + ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o SRC= $(LIBSRC) @@ -38,7 +38,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -94,8 +94,22 @@ ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h -ec2_smpt.o: ec2_smpt.c +ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec_lcl.h +ec_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +ec_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ec_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +ec_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ec_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ec_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ec_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ec_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ec_ameth.o: ../../include/openssl/opensslconf.h +ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +ec_ameth.o: ec_ameth.c ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -160,6 +174,20 @@ ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c +ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ec_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ec_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ec_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ec_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +ec_pmeth.o: ec_pmeth.c ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -167,6 +195,16 @@ ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c +eck_prn.o: ../../e_os.h ../../include/openssl/asn1.h +eck_prn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eck_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eck_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eck_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eck_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eck_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eck_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eck_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eck_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h eck_prn.c ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/lib/libssl/src/crypto/ec/ec2_mult.c b/lib/libssl/src/crypto/ec/ec2_mult.c index ff368fd7d7b..ab631a50a22 100644 --- a/lib/libssl/src/crypto/ec/ec2_mult.c +++ b/lib/libssl/src/crypto/ec/ec2_mult.c @@ -76,7 +76,7 @@ * coordinates. * Uses algorithm Mdouble in appendix of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). * modified to not require precomputation of c=b^{2^{m-1}}. */ static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx) @@ -107,8 +107,8 @@ static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx /* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery * projective coordinates. * Uses algorithm Madd in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). */ static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx) @@ -140,8 +140,8 @@ static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM /* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) * using Montgomery point multiplication algorithm Mxy() in appendix of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). * Returns: * 0 on error * 1 if return value should be the point at infinity @@ -209,15 +209,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG /* Computes scalar*point and stores the result in r. * point can not equal r. * Uses algorithm 2P of - * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation". + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) { BIGNUM *x1, *x2, *z1, *z2; - int ret = 0, i, j; - BN_ULONG mask; + int ret = 0, i; + BN_ULONG mask,word; if (r == point) { @@ -251,22 +251,24 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */ /* find top most bit and go one past it */ - i = scalar->top - 1; j = BN_BITS2 - 1; + i = scalar->top - 1; mask = BN_TBIT; - while (!(scalar->d[i] & mask)) { mask >>= 1; j--; } - mask >>= 1; j--; + word = scalar->d[i]; + while (!(word & mask)) mask >>= 1; + mask >>= 1; /* if top most bit was at word break, go to next word */ if (!mask) { - i--; j = BN_BITS2 - 1; + i--; mask = BN_TBIT; } for (; i >= 0; i--) { - for (; j >= 0; j--) + word = scalar->d[i]; + while (mask) { - if (scalar->d[i] & mask) + if (word & mask) { if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; @@ -278,7 +280,6 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, } mask >>= 1; } - j = BN_BITS2 - 1; mask = BN_TBIT; } diff --git a/lib/libssl/src/crypto/ec/ec_ameth.c b/lib/libssl/src/crypto/ec/ec_ameth.c new file mode 100644 index 00000000000..c00f7d746c3 --- /dev/null +++ b/lib/libssl/src/crypto/ec/ec_ameth.c @@ -0,0 +1,659 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/ec.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_CMS +#include <openssl/cms.h> +#endif +#include "asn1_locl.h" + +static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) + { + const EC_GROUP *group; + int nid; + if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) + { + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS); + return 0; + } + if (EC_GROUP_get_asn1_flag(group) + && (nid = EC_GROUP_get_curve_name(group))) + /* we have a 'named curve' => just set the OID */ + { + *ppval = OBJ_nid2obj(nid); + *pptype = V_ASN1_OBJECT; + } + else /* explicit parameters */ + { + ASN1_STRING *pstr = NULL; + pstr = ASN1_STRING_new(); + if (!pstr) + return 0; + pstr->length = i2d_ECParameters(ec_key, &pstr->data); + if (pstr->length < 0) + { + ASN1_STRING_free(pstr); + ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); + return 0; + } + *ppval = pstr; + *pptype = V_ASN1_SEQUENCE; + } + return 1; + } + +static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + EC_KEY *ec_key = pkey->pkey.ec; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL, *p; + int penclen; + + if (!eckey_param2type(&ptype, &pval, ec_key)) + { + ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB); + return 0; + } + penclen = i2o_ECPublicKey(ec_key, NULL); + if (penclen <= 0) + goto err; + penc = OPENSSL_malloc(penclen); + if (!penc) + goto err; + p = penc; + penclen = i2o_ECPublicKey(ec_key, &p); + if (penclen <= 0) + goto err; + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), + ptype, pval, penc, penclen)) + return 1; + err: + if (ptype == V_ASN1_OBJECT) + ASN1_OBJECT_free(pval); + else + ASN1_STRING_free(pval); + if (penc) + OPENSSL_free(penc); + return 0; + } + +static EC_KEY *eckey_type2param(int ptype, void *pval) + { + EC_KEY *eckey = NULL; + if (ptype == V_ASN1_SEQUENCE) + { + ASN1_STRING *pstr = pval; + const unsigned char *pm = NULL; + int pmlen; + pm = pstr->data; + pmlen = pstr->length; + if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) + { + ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); + goto ecerr; + } + } + else if (ptype == V_ASN1_OBJECT) + { + ASN1_OBJECT *poid = pval; + EC_GROUP *group; + + /* type == V_ASN1_OBJECT => the parameters are given + * by an asn1 OID + */ + if ((eckey = EC_KEY_new()) == NULL) + { + ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); + goto ecerr; + } + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); + if (group == NULL) + goto ecerr; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(eckey, group) == 0) + goto ecerr; + EC_GROUP_free(group); + } + else + { + ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); + goto ecerr; + } + + return eckey; + + ecerr: + if (eckey) + EC_KEY_free(eckey); + return NULL; + } + +static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p = NULL; + void *pval; + int ptype, pklen; + EC_KEY *eckey = NULL; + X509_ALGOR *palg; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + eckey = eckey_type2param(ptype, pval); + + if (!eckey) + { + ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB); + return 0; + } + + /* We have parameters now set public key */ + if (!o2i_ECPublicKey(&eckey, &p, pklen)) + { + ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR); + goto ecerr; + } + + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; + + ecerr: + if (eckey) + EC_KEY_free(eckey); + return 0; + } + +static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + int r; + const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); + const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), + *pb = EC_KEY_get0_public_key(b->pkey.ec); + r = EC_POINT_cmp(group, pa, pb, NULL); + if (r == 0) + return 1; + if (r == 1) + return 0; + return -2; + } + +static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p = NULL; + void *pval; + int ptype, pklen; + EC_KEY *eckey = NULL; + X509_ALGOR *palg; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + eckey = eckey_type2param(ptype, pval); + + if (!eckey) + goto ecliberr; + + /* We have parameters now set private key */ + if (!d2i_ECPrivateKey(&eckey, &p, pklen)) + { + ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR); + goto ecerr; + } + + /* calculate public key (if necessary) */ + if (EC_KEY_get0_public_key(eckey) == NULL) + { + const BIGNUM *priv_key; + const EC_GROUP *group; + EC_POINT *pub_key; + /* the public key was not included in the SEC1 private + * key => calculate the public key */ + group = EC_KEY_get0_group(eckey); + pub_key = EC_POINT_new(group); + if (pub_key == NULL) + { + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + goto ecliberr; + } + if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) + { + EC_POINT_free(pub_key); + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + goto ecliberr; + } + priv_key = EC_KEY_get0_private_key(eckey); + if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) + { + EC_POINT_free(pub_key); + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + goto ecliberr; + } + if (EC_KEY_set_public_key(eckey, pub_key) == 0) + { + EC_POINT_free(pub_key); + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + goto ecliberr; + } + EC_POINT_free(pub_key); + } + + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; + + ecliberr: + ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + ecerr: + if (eckey) + EC_KEY_free(eckey); + return 0; + } + +static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + EC_KEY *ec_key; + unsigned char *ep, *p; + int eplen, ptype; + void *pval; + unsigned int tmp_flags, old_flags; + + ec_key = pkey->pkey.ec; + + if (!eckey_param2type(&ptype, &pval, ec_key)) + { + ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); + return 0; + } + + /* set the private key */ + + /* do not include the parameters in the SEC1 private key + * see PKCS#11 12.11 */ + old_flags = EC_KEY_get_enc_flags(ec_key); + tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; + EC_KEY_set_enc_flags(ec_key, tmp_flags); + eplen = i2d_ECPrivateKey(ec_key, NULL); + if (!eplen) + { + EC_KEY_set_enc_flags(ec_key, old_flags); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); + return 0; + } + ep = (unsigned char *) OPENSSL_malloc(eplen); + if (!ep) + { + EC_KEY_set_enc_flags(ec_key, old_flags); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + return 0; + } + p = ep; + if (!i2d_ECPrivateKey(ec_key, &p)) + { + EC_KEY_set_enc_flags(ec_key, old_flags); + OPENSSL_free(ep); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); + } + /* restore old encoding flags */ + EC_KEY_set_enc_flags(ec_key, old_flags); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, + ptype, pval, ep, eplen)) + return 0; + + return 1; +} + +static int int_ec_size(const EVP_PKEY *pkey) + { + return ECDSA_size(pkey->pkey.ec); + } + +static int ec_bits(const EVP_PKEY *pkey) + { + BIGNUM *order = BN_new(); + const EC_GROUP *group; + int ret; + + if (!order) + { + ERR_clear_error(); + return 0; + } + group = EC_KEY_get0_group(pkey->pkey.ec); + if (!EC_GROUP_get_order(group, order, NULL)) + { + ERR_clear_error(); + return 0; + } + + ret = BN_num_bits(order); + BN_free(order); + return ret; + } + +static int ec_missing_parameters(const EVP_PKEY *pkey) + { + if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) + return 1; + return 0; + } + +static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { + EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); + if (group == NULL) + return 0; + if (EC_KEY_set_group(to->pkey.ec, group) == 0) + return 0; + EC_GROUP_free(group); + return 1; + } + +static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), + *group_b = EC_KEY_get0_group(b->pkey.ec); + if (EC_GROUP_cmp(group_a, group_b, NULL)) + return 0; + else + return 1; + } + +static void int_ec_free(EVP_PKEY *pkey) + { + EC_KEY_free(pkey->pkey.ec); + } + +static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) + { + unsigned char *buffer=NULL; + const char *ecstr; + size_t buf_len=0, i; + int ret=0, reason=ERR_R_BIO_LIB; + BIGNUM *pub_key=NULL, *order=NULL; + BN_CTX *ctx=NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + const BIGNUM *priv_key; + + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (ktype > 0) + { + public_key = EC_KEY_get0_public_key(x); + if ((pub_key = EC_POINT_point2bn(group, public_key, + EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + if (pub_key) + buf_len = (size_t)BN_num_bytes(pub_key); + } + + if (ktype == 2) + { + priv_key = EC_KEY_get0_private_key(x); + if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len) + buf_len = i; + } + else + priv_key = NULL; + + if (ktype > 0) + { + buf_len += 10; + if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + } + if (ktype == 2) + ecstr = "Private-Key"; + else if (ktype == 1) + ecstr = "Public-Key"; + else + ecstr = "ECDSA-Parameters"; + + if (!BIO_indent(bp, off, 128)) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if (!EC_GROUP_get_order(group, order, NULL)) + goto err; + if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, + BN_num_bits(order)) <= 0) goto err; + + if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, + buffer, off)) + goto err; + if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key, + buffer, off)) + goto err; + if (!ECPKParameters_print(bp, group, off)) + goto err; + ret=1; +err: + if (!ret) + ECerr(EC_F_DO_EC_KEY_PRINT, reason); + if (pub_key) + BN_free(pub_key); + if (order) + BN_free(order); + if (ctx) + BN_CTX_free(ctx); + if (buffer != NULL) + OPENSSL_free(buffer); + return(ret); + } + +static int eckey_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + EC_KEY *eckey; + if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) + { + ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB); + return 0; + } + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; + } + +static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_ECParameters(pkey->pkey.ec, pder); + } + +static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0); + } + +static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1); + } + + +static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2); + } + +static int old_ec_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + EC_KEY *ec; + if (!(ec = d2i_ECPrivateKey (NULL, pder, derlen))) + { + ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR); + return 0; + } + EVP_PKEY_assign_EC_KEY(pkey, ec); + return 1; + } + +static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_ECPrivateKey(pkey->pkey.ec, pder); + } + +static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + switch (op) + { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) + { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, + &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; +#endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 2; + + default: + return -2; + + } + + } + +const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = + { + EVP_PKEY_EC, + EVP_PKEY_EC, + 0, + "EC", + "OpenSSL EC algorithm", + + eckey_pub_decode, + eckey_pub_encode, + eckey_pub_cmp, + eckey_pub_print, + + eckey_priv_decode, + eckey_priv_encode, + eckey_priv_print, + + int_ec_size, + ec_bits, + + eckey_param_decode, + eckey_param_encode, + ec_missing_parameters, + ec_copy_parameters, + ec_cmp_parameters, + eckey_param_print, + + int_ec_free, + ec_pkey_ctrl, + old_ec_priv_decode, + old_ec_priv_encode + }; diff --git a/lib/libssl/src/crypto/ec/ec_curve.c b/lib/libssl/src/crypto/ec/ec_curve.c index beac20969b7..23274e4031c 100644 --- a/lib/libssl/src/crypto/ec/ec_curve.c +++ b/lib/libssl/src/crypto/ec/ec_curve.c @@ -73,926 +73,1690 @@ #include <openssl/err.h> #include <openssl/obj_mac.h> -typedef struct ec_curve_data_st { - int field_type; /* either NID_X9_62_prime_field or +typedef struct { + int field_type, /* either NID_X9_62_prime_field or * NID_X9_62_characteristic_two_field */ - const char *p; /* either a prime number or a polynomial */ - const char *a; - const char *b; - const char *x; /* the x coordinate of the generator */ - const char *y; /* the y coordinate of the generator */ - const char *order; /* the order of the group generated by the - * generator */ - const BN_ULONG cofactor;/* the cofactor */ - const unsigned char *seed;/* the seed (optional) */ - size_t seed_len; - const char *comment; /* a short description of the curve */ + seed_len, + param_len; + unsigned int cofactor; /* promoted to BN_ULONG */ } EC_CURVE_DATA; /* the nist prime curves */ -static const unsigned char _EC_NIST_PRIME_192_SEED[] = { - 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57, - 0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5}; -static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", - "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1, - _EC_NIST_PRIME_192_SEED, 20, - "NIST/X9.62/SECG curve over a 192 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_NIST_PRIME_192 = { + { NID_X9_62_prime_field,20,24,1 }, + { 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57, /* seed */ + 0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFC, + 0x64,0x21,0x05,0x19,0xE5,0x9C,0x80,0xE7,0x0F,0xA7, /* b */ + 0xE9,0xAB,0x72,0x24,0x30,0x49,0xFE,0xB8,0xDE,0xEC, + 0xC1,0x46,0xB9,0xB1, + 0x18,0x8D,0xA8,0x0E,0xB0,0x30,0x90,0xF6,0x7C,0xBF, /* x */ + 0x20,0xEB,0x43,0xA1,0x88,0x00,0xF4,0xFF,0x0A,0xFD, + 0x82,0xFF,0x10,0x12, + 0x07,0x19,0x2b,0x95,0xff,0xc8,0xda,0x78,0x63,0x10, /* y */ + 0x11,0xed,0x6b,0x24,0xcd,0xd5,0x73,0xf9,0x77,0xa1, + 0x1e,0x79,0x48,0x11, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x99,0xDE,0xF8,0x36,0x14,0x6B,0xC9,0xB1, + 0xB4,0xD2,0x28,0x31 } }; -static const unsigned char _EC_NIST_PRIME_224_SEED[] = { - 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45, - 0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5}; -static const EC_CURVE_DATA _EC_NIST_PRIME_224 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1, - _EC_NIST_PRIME_224_SEED, 20, - "NIST/SECG curve over a 224 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+28*6]; } + _EC_NIST_PRIME_224 = { + { NID_X9_62_prime_field,20,28,1 }, + { 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45, /* seed */ + 0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41, /* b */ + 0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA, + 0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4, + 0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13, /* x */ + 0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22, + 0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21, + 0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22, /* y */ + 0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64, + 0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E, + 0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D } }; -static const unsigned char _EC_NIST_PRIME_384_SEED[] = { - 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, - 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73}; -static const EC_CURVE_DATA _EC_NIST_PRIME_384 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" - "FFF0000000000000000FFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" - "FFF0000000000000000FFFFFFFC", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563" - "98D8A2ED19D2A85C8EDD3EC2AEF", - "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F" - "25DBF55296C3A545E3872760AB7", - "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b" - "1ce1d7e819d7a431d7c90ea0e5f", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" - "DB248B0A77AECEC196ACCC52973",1, - _EC_NIST_PRIME_384_SEED, 20, - "NIST/SECG curve over a 384 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; } + _EC_NIST_PRIME_384 = { + { NID_X9_62_prime_field,20,48,1 }, + { 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, /* seed */ + 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC, + 0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E, /* b */ + 0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E, + 0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13, + 0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D, + 0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF, + 0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1, /* x */ + 0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62, + 0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54, + 0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C, + 0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7, + 0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e, /* y */ + 0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd, + 0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0, + 0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d, + 0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37, + 0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A, + 0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 } }; -static const unsigned char _EC_NIST_PRIME_521_SEED[] = { - 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, - 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA}; -static const EC_CURVE_DATA _EC_NIST_PRIME_521 = { - NID_X9_62_prime_field, - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", - "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156" - "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14" - "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", - "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9" - "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" - "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1, - _EC_NIST_PRIME_521_SEED, 20, - "NIST/SECG curve over a 521 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; } + _EC_NIST_PRIME_521 = { + { NID_X9_62_prime_field,20,66,1 }, + { 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, /* seed */ + 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA, + + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFC, + 0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F, /* b */ + 0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA, + 0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91, + 0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E, + 0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07, + 0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45, + 0x1F,0xD4,0x6B,0x50,0x3F,0x00, + 0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD, /* x */ + 0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64, + 0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60, + 0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7, + 0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE, + 0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E, + 0x7E,0x31,0xC2,0xE5,0xBD,0x66, + 0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04, /* y */ + 0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5, + 0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17, + 0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4, + 0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61, + 0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe, + 0x94,0x76,0x9f,0xd1,0x66,0x50, + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F, + 0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0, + 0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F, + 0xB7,0x1E,0x91,0x38,0x64,0x09 } }; + /* the x9.62 prime curves (minus the nist prime curves) */ -static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = { - 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B, - 0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", - "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", - "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", - "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1, - _EC_X9_62_PRIME_192V2_SEED, 20, - "X9.62 curve over a 192 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_PRIME_192V2 = { + { NID_X9_62_prime_field,20,24,1 }, + { 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B, /* seed */ + 0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFC, + 0xCC,0x22,0xD6,0xDF,0xB9,0x5C,0x6B,0x25,0xE4,0x9C, /* b */ + 0x0D,0x63,0x64,0xA4,0xE5,0x98,0x0C,0x39,0x3A,0xA2, + 0x16,0x68,0xD9,0x53, + 0xEE,0xA2,0xBA,0xE7,0xE1,0x49,0x78,0x42,0xF2,0xDE, /* x */ + 0x77,0x69,0xCF,0xE9,0xC9,0x89,0xC0,0x72,0xAD,0x69, + 0x6F,0x48,0x03,0x4A, + 0x65,0x74,0xd1,0x1d,0x69,0xb6,0xec,0x7a,0x67,0x2b, /* y */ + 0xb8,0x2a,0x08,0x3d,0xf2,0xf2,0xb0,0x84,0x7d,0xe9, + 0x70,0xb2,0xde,0x15, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFE,0x5F,0xB1,0xA7,0x24,0xDC,0x80,0x41,0x86, + 0x48,0xD8,0xDD,0x31 } }; -static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { - 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6, - 0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", - "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", - "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", - "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", - "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1, - _EC_X9_62_PRIME_192V3_SEED, 20, - "X9.62 curve over a 192 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_PRIME_192V3 = { + { NID_X9_62_prime_field,20,24,1 }, + { 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6, /* seed */ + 0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E, + + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFC, + 0x22,0x12,0x3D,0xC2,0x39,0x5A,0x05,0xCA,0xA7,0x42, /* b */ + 0x3D,0xAE,0xCC,0xC9,0x47,0x60,0xA7,0xD4,0x62,0x25, + 0x6B,0xD5,0x69,0x16, + 0x7D,0x29,0x77,0x81,0x00,0xC6,0x5A,0x1D,0xA1,0x78, /* x */ + 0x37,0x16,0x58,0x8D,0xCE,0x2B,0x8B,0x4A,0xEE,0x8E, + 0x22,0x8F,0x18,0x96, + 0x38,0xa9,0x0f,0x22,0x63,0x73,0x37,0x33,0x4b,0x49, /* y */ + 0xdc,0xb6,0x6a,0x6d,0xc8,0xf9,0x97,0x8a,0xca,0x76, + 0x48,0xa9,0x43,0xb0, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x7A,0x62,0xD0,0x31,0xC8,0x3F,0x42,0x94, + 0xF6,0x40,0xEC,0x13 } }; -static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { - 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0, - 0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { - NID_X9_62_prime_field, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", - "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", - "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1, - _EC_X9_62_PRIME_239V1_SEED, 20, - "X9.62 curve over a 239 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_PRIME_239V1 = { + { NID_X9_62_prime_field,20,30,1 }, + { 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0, /* seed */ + 0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC, + + 0x6B,0x01,0x6C,0x3B,0xDC,0xF1,0x89,0x41,0xD0,0xD6, /* b */ + 0x54,0x92,0x14,0x75,0xCA,0x71,0xA9,0xDB,0x2F,0xB2, + 0x7D,0x1D,0x37,0x79,0x61,0x85,0xC2,0x94,0x2C,0x0A, + + 0x0F,0xFA,0x96,0x3C,0xDC,0xA8,0x81,0x6C,0xCC,0x33, /* x */ + 0xB8,0x64,0x2B,0xED,0xF9,0x05,0xC3,0xD3,0x58,0x57, + 0x3D,0x3F,0x27,0xFB,0xBD,0x3B,0x3C,0xB9,0xAA,0xAF, + + 0x7d,0xeb,0xe8,0xe4,0xe9,0x0a,0x5d,0xae,0x6e,0x40, /* y */ + 0x54,0xca,0x53,0x0b,0xa0,0x46,0x54,0xb3,0x68,0x18, + 0xce,0x22,0x6b,0x39,0xfc,0xcb,0x7b,0x02,0xf1,0xae, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0x9E,0x5E,0x9A,0x9F,0x5D, + 0x90,0x71,0xFB,0xD1,0x52,0x26,0x88,0x90,0x9D,0x0B } }; -static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { - 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B, - 0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { - NID_X9_62_prime_field, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", - "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", - "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", - "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1, - _EC_X9_62_PRIME_239V2_SEED, 20, - "X9.62 curve over a 239 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_PRIME_239V2 = { + { NID_X9_62_prime_field,20,30,1 }, + { 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B, /* seed */ + 0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC, + + 0x61,0x7F,0xAB,0x68,0x32,0x57,0x6C,0xBB,0xFE,0xD5, /* b */ + 0x0D,0x99,0xF0,0x24,0x9C,0x3F,0xEE,0x58,0xB9,0x4B, + 0xA0,0x03,0x8C,0x7A,0xE8,0x4C,0x8C,0x83,0x2F,0x2C, + + 0x38,0xAF,0x09,0xD9,0x87,0x27,0x70,0x51,0x20,0xC9, /* x */ + 0x21,0xBB,0x5E,0x9E,0x26,0x29,0x6A,0x3C,0xDC,0xF2, + 0xF3,0x57,0x57,0xA0,0xEA,0xFD,0x87,0xB8,0x30,0xE7, + + 0x5b,0x01,0x25,0xe4,0xdb,0xea,0x0e,0xc7,0x20,0x6d, /* y */ + 0xa0,0xfc,0x01,0xd9,0xb0,0x81,0x32,0x9f,0xb5,0x55, + 0xde,0x6e,0xf4,0x60,0x23,0x7d,0xff,0x8b,0xe4,0xba, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x80,0x00,0x00,0xCF,0xA7,0xE8,0x59,0x43, + 0x77,0xD4,0x14,0xC0,0x38,0x21,0xBC,0x58,0x20,0x63 } }; -static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { - 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A, - 0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { - NID_X9_62_prime_field, - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", - "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", - "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", - "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", - "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1, - _EC_X9_62_PRIME_239V3_SEED, 20, - "X9.62 curve over a 239 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_PRIME_239V3 = { + { NID_X9_62_prime_field,20,30,1 }, + { 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A, /* seed */ + 0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00, + 0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC, + + 0x25,0x57,0x05,0xFA,0x2A,0x30,0x66,0x54,0xB1,0xF4, /* b */ + 0xCB,0x03,0xD6,0xA7,0x50,0xA3,0x0C,0x25,0x01,0x02, + 0xD4,0x98,0x87,0x17,0xD9,0xBA,0x15,0xAB,0x6D,0x3E, + + 0x67,0x68,0xAE,0x8E,0x18,0xBB,0x92,0xCF,0xCF,0x00, /* x */ + 0x5C,0x94,0x9A,0xA2,0xC6,0xD9,0x48,0x53,0xD0,0xE6, + 0x60,0xBB,0xF8,0x54,0xB1,0xC9,0x50,0x5F,0xE9,0x5A, + + 0x16,0x07,0xe6,0x89,0x8f,0x39,0x0c,0x06,0xbc,0x1d, /* y */ + 0x55,0x2b,0xad,0x22,0x6f,0x3b,0x6f,0xcf,0xe4,0x8b, + 0x6e,0x81,0x84,0x99,0xaf,0x18,0xe3,0xed,0x6c,0xf3, + + 0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0x7F,0xFF,0xFF,0x97,0x5D,0xEB,0x41,0xB3, + 0xA6,0x05,0x7C,0x3C,0x43,0x21,0x46,0x52,0x65,0x51 } }; -static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { - 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, - 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90}; -static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { - NID_X9_62_prime_field, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", - "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1, - _EC_X9_62_PRIME_256V1_SEED, 20, - "X9.62/SECG curve over a 256 bit prime field" + +static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; } + _EC_X9_62_PRIME_256V1 = { + { NID_X9_62_prime_field,20,32,1 }, + { 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, /* seed */ + 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90, + + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFC, + 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB, /* b */ + 0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0, + 0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2, + 0x60,0x4B, + 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC, /* x */ + 0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81, + 0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98, + 0xC2,0x96, + 0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7, /* y */ + 0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57, + 0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf, + 0x51,0xf5, + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD, + 0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63, + 0x25,0x51 } }; + /* the secg prime curves (minus the nist and x9.62 prime curves) */ -static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { - 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68, - 0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1}; -static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = { - NID_X9_62_prime_field, - "DB7C2ABF62E35E668076BEAD208B", - "DB7C2ABF62E35E668076BEAD2088", - "659EF8BA043916EEDE8911702B22", - "09487239995A5EE76B55F9C2F098", - "a89ce5af8724c0a23e0e0ff77500", - "DB7C2ABF62E35E7628DFAC6561C5",1, - _EC_SECG_PRIME_112R1_SEED, 20, - "SECG/WTLS curve over a 112 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; } + _EC_SECG_PRIME_112R1 = { + { NID_X9_62_prime_field,20,14,1 }, + { 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68, /* seed */ + 0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1, + + 0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76, /* p */ + 0xBE,0xAD,0x20,0x8B, + 0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76, /* a */ + 0xBE,0xAD,0x20,0x88, + 0x65,0x9E,0xF8,0xBA,0x04,0x39,0x16,0xEE,0xDE,0x89, /* b */ + 0x11,0x70,0x2B,0x22, + 0x09,0x48,0x72,0x39,0x99,0x5A,0x5E,0xE7,0x6B,0x55, /* x */ + 0xF9,0xC2,0xF0,0x98, + 0xa8,0x9c,0xe5,0xaf,0x87,0x24,0xc0,0xa2,0x3e,0x0e, /* y */ + 0x0f,0xf7,0x75,0x00, + 0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x76,0x28,0xDF, /* order */ + 0xAC,0x65,0x61,0xC5 } }; -static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = { - 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68, - 0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4}; -static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = { - NID_X9_62_prime_field, - "DB7C2ABF62E35E668076BEAD208B", - "6127C24C05F38A0AAAF65C0EF02C", - "51DEF1815DB5ED74FCC34C85D709", - "4BA30AB5E892B4E1649DD0928643", - "adcd46f5882e3747def36e956e97", - "36DF0AAFD8B8D7597CA10520D04B",4, - _EC_SECG_PRIME_112R2_SEED, 20, - "SECG curve over a 112 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; } + _EC_SECG_PRIME_112R2 = { + { NID_X9_62_prime_field,20,14,4 }, + { 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68, /* seed */ + 0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4, + + 0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76, /* p */ + 0xBE,0xAD,0x20,0x8B, + 0x61,0x27,0xC2,0x4C,0x05,0xF3,0x8A,0x0A,0xAA,0xF6, /* a */ + 0x5C,0x0E,0xF0,0x2C, + 0x51,0xDE,0xF1,0x81,0x5D,0xB5,0xED,0x74,0xFC,0xC3, /* b */ + 0x4C,0x85,0xD7,0x09, + 0x4B,0xA3,0x0A,0xB5,0xE8,0x92,0xB4,0xE1,0x64,0x9D, /* x */ + 0xD0,0x92,0x86,0x43, + 0xad,0xcd,0x46,0xf5,0x88,0x2e,0x37,0x47,0xde,0xf3, /* y */ + 0x6e,0x95,0x6e,0x97, + 0x36,0xDF,0x0A,0xAF,0xD8,0xB8,0xD7,0x59,0x7C,0xA1, /* order */ + 0x05,0x20,0xD0,0x4B } }; -static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = { - 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, - 0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79}; -static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = { - NID_X9_62_prime_field, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", - "E87579C11079F43DD824993C2CEE5ED3", - "161FF7528B899B2D0C28607CA52C5B86", - "cf5ac8395bafeb13c02da292dded7a83", - "FFFFFFFE0000000075A30D1B9038A115",1, - _EC_SECG_PRIME_128R1_SEED, 20, - "SECG curve over a 128 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; } + _EC_SECG_PRIME_128R1 = { + { NID_X9_62_prime_field,20,16,1 }, + { 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, /* seed */ + 0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79, + + 0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFC, + 0xE8,0x75,0x79,0xC1,0x10,0x79,0xF4,0x3D,0xD8,0x24, /* b */ + 0x99,0x3C,0x2C,0xEE,0x5E,0xD3, + 0x16,0x1F,0xF7,0x52,0x8B,0x89,0x9B,0x2D,0x0C,0x28, /* x */ + 0x60,0x7C,0xA5,0x2C,0x5B,0x86, + 0xcf,0x5a,0xc8,0x39,0x5b,0xaf,0xeb,0x13,0xc0,0x2d, /* y */ + 0xa2,0x92,0xdd,0xed,0x7a,0x83, + 0xFF,0xFF,0xFF,0xFE,0x00,0x00,0x00,0x00,0x75,0xA3, /* order */ + 0x0D,0x1B,0x90,0x38,0xA1,0x15 } }; -static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = { - 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75, - 0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4}; -static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = { - NID_X9_62_prime_field, - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "D6031998D1B3BBFEBF59CC9BBFF9AEE1", - "5EEEFCA380D02919DC2C6558BB6D8A5D", - "7B6AA5D85E572983E6FB32A7CDEBC140", - "27b6916a894d3aee7106fe805fc34b44", - "3FFFFFFF7FFFFFFFBE0024720613B5A3",4, - _EC_SECG_PRIME_128R2_SEED, 20, - "SECG curve over a 128 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; } + _EC_SECG_PRIME_128R2 = { + { NID_X9_62_prime_field,20,16,4 }, + { 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75, /* seed */ + 0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4, + + 0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xD6,0x03,0x19,0x98,0xD1,0xB3,0xBB,0xFE,0xBF,0x59, /* a */ + 0xCC,0x9B,0xBF,0xF9,0xAE,0xE1, + 0x5E,0xEE,0xFC,0xA3,0x80,0xD0,0x29,0x19,0xDC,0x2C, /* b */ + 0x65,0x58,0xBB,0x6D,0x8A,0x5D, + 0x7B,0x6A,0xA5,0xD8,0x5E,0x57,0x29,0x83,0xE6,0xFB, /* x */ + 0x32,0xA7,0xCD,0xEB,0xC1,0x40, + 0x27,0xb6,0x91,0x6a,0x89,0x4d,0x3a,0xee,0x71,0x06, /* y */ + 0xfe,0x80,0x5f,0xc3,0x4b,0x44, + 0x3F,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xBE,0x00, /* order */ + 0x24,0x72,0x06,0x13,0xB5,0xA3 } }; -static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "0", - "7", - "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", - "938cf935318fdced6bc28286531733c3f03c4fee", - "0100000000000000000001B8FA16DFAB9ACA16B6B3",1, - NULL, 0, - "SECG curve over a 160 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_SECG_PRIME_160K1 = { + { NID_X9_62_prime_field,0,21,1 }, + { /* no seed */ + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC, + 0x73, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x07, + 0x00,0x3B,0x4C,0x38,0x2C,0xE3,0x7A,0xA1,0x92,0xA4, /* x */ + 0x01,0x9E,0x76,0x30,0x36,0xF4,0xF5,0xDD,0x4D,0x7E, + 0xBB, + 0x00,0x93,0x8c,0xf9,0x35,0x31,0x8f,0xdc,0xed,0x6b, /* y */ + 0xc2,0x82,0x86,0x53,0x17,0x33,0xc3,0xf0,0x3c,0x4f, + 0xee, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x01,0xB8,0xFA,0x16,0xDF,0xAB,0x9A,0xCA,0x16,0xB6, + 0xB3 } }; -static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = { - 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45}; -static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", - "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", - "4A96B5688EF573284664698968C38BB913CBFC82", - "23a628553168947d59dcc912042351377ac5fb32", - "0100000000000000000001F4C8F927AED3CA752257",1, - _EC_SECG_PRIME_160R1_SEED, 20, - "SECG curve over a 160 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_SECG_PRIME_160R1 = { + { NID_X9_62_prime_field,20,21,1 }, + { 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45, + + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF, + 0xFF, + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF, + 0xFC, + 0x00,0x1C,0x97,0xBE,0xFC,0x54,0xBD,0x7A,0x8B,0x65, /* b */ + 0xAC,0xF8,0x9F,0x81,0xD4,0xD4,0xAD,0xC5,0x65,0xFA, + 0x45, + 0x00,0x4A,0x96,0xB5,0x68,0x8E,0xF5,0x73,0x28,0x46, /* x */ + 0x64,0x69,0x89,0x68,0xC3,0x8B,0xB9,0x13,0xCB,0xFC, + 0x82, + 0x00,0x23,0xa6,0x28,0x55,0x31,0x68,0x94,0x7d,0x59, /* y */ + 0xdc,0xc9,0x12,0x04,0x23,0x51,0x37,0x7a,0xc5,0xfb, + 0x32, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x01,0xF4,0xC8,0xF9,0x27,0xAE,0xD3,0xCA,0x75,0x22, + 0x57 } }; -static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = { - 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09, - 0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51}; -static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", - "B4E134D3FB59EB8BAB57274904664D5AF50388BA", - "52DCB034293A117E1F4FF11B30F7199D3144CE6D", - "feaffef2e331f296e071fa0df9982cfea7d43f2e", - "0100000000000000000000351EE786A818F3A1A16B",1, - _EC_SECG_PRIME_160R2_SEED, 20, - "SECG/WTLS curve over a 160 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_SECG_PRIME_160R2 = { + { NID_X9_62_prime_field,20,21,1 }, + { 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09, /* seed */ + 0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51, + + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC, + 0x73, + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC, + 0x70, + 0x00,0xB4,0xE1,0x34,0xD3,0xFB,0x59,0xEB,0x8B,0xAB, /* b */ + 0x57,0x27,0x49,0x04,0x66,0x4D,0x5A,0xF5,0x03,0x88, + 0xBA, + 0x00,0x52,0xDC,0xB0,0x34,0x29,0x3A,0x11,0x7E,0x1F, /* x */ + 0x4F,0xF1,0x1B,0x30,0xF7,0x19,0x9D,0x31,0x44,0xCE, + 0x6D, + 0x00,0xfe,0xaf,0xfe,0xf2,0xe3,0x31,0xf2,0x96,0xe0, /* y */ + 0x71,0xfa,0x0d,0xf9,0x98,0x2c,0xfe,0xa7,0xd4,0x3f, + 0x2e, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x35,0x1E,0xE7,0x86,0xA8,0x18,0xF3,0xA1,0xA1, + 0x6B } }; -static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", - "0", - "3", - "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", - "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1, - NULL, 20, - "SECG curve over a 192 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; } + _EC_SECG_PRIME_192K1 = { + { NID_X9_62_prime_field,0,24,1 }, + { /* no seed */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xFF,0xFF,0xEE,0x37, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x03, + 0xDB,0x4F,0xF1,0x0E,0xC0,0x57,0xE9,0xAE,0x26,0xB0, /* x */ + 0x7D,0x02,0x80,0xB7,0xF4,0x34,0x1D,0xA5,0xD1,0xB1, + 0xEA,0xE0,0x6C,0x7D, + 0x9b,0x2f,0x2f,0x6d,0x9c,0x56,0x28,0xa7,0x84,0x41, /* y */ + 0x63,0xd0,0x15,0xbe,0x86,0x34,0x40,0x82,0xaa,0x88, + 0xd9,0x5e,0x2f,0x9d, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFE,0x26,0xF2,0xFC,0x17,0x0F,0x69,0x46,0x6A, + 0x74,0xDE,0xFD,0x8D } }; -static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", - "0", - "5", - "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", - "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", - "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1, - NULL, 20, - "SECG curve over a 224 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+29*6]; } + _EC_SECG_PRIME_224K1 = { + { NID_X9_62_prime_field,0,29,1 }, + { /* no seed */ + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xE5,0x6D, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x05, + 0x00,0xA1,0x45,0x5B,0x33,0x4D,0xF0,0x99,0xDF,0x30, /* x */ + 0xFC,0x28,0xA1,0x69,0xA4,0x67,0xE9,0xE4,0x70,0x75, + 0xA9,0x0F,0x7E,0x65,0x0E,0xB6,0xB7,0xA4,0x5C, + 0x00,0x7e,0x08,0x9f,0xed,0x7f,0xba,0x34,0x42,0x82, /* y */ + 0xca,0xfb,0xd6,0xf7,0xe3,0x19,0xf7,0xc0,0xb0,0xbd, + 0x59,0xe2,0xca,0x4b,0xdb,0x55,0x6d,0x61,0xa5, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x01,0xDC,0xE8,0xD2,0xEC,0x61, + 0x84,0xCA,0xF0,0xA9,0x71,0x76,0x9F,0xB1,0xF7 } }; -static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", - "0", - "7", - "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1, - NULL, 20, - "SECG curve over a 256 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; } + _EC_SECG_PRIME_256K1 = { + { NID_X9_62_prime_field,0,32,1 }, + { /* no seed */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF, + 0xFC,0x2F, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x07, + 0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0, /* x */ + 0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB, + 0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8, + 0x17,0x98, + 0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4, /* y */ + 0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48, + 0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10, + 0xd4,0xb8, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6, + 0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36, + 0x41,0x41 } }; /* some wap/wtls curves */ -static const EC_CURVE_DATA _EC_WTLS_8 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", - "0", - "3", - "1", - "2", - "0100000000000001ECEA551AD837E9",1, - NULL, 20, - "WTLS curve over a 112 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; } + _EC_WTLS_8 = { + { NID_X9_62_prime_field,0,15,1 }, + { /* no seed */ + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFD,0xE7, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x03, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x */ + 0x00,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y */ + 0x00,0x00,0x00,0x00,0x02, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xEC,0xEA, /* order */ + 0x55,0x1A,0xD8,0x37,0xE9 } }; -static const EC_CURVE_DATA _EC_WTLS_9 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", - "0", - "3", - "1", - "2", - "0100000000000000000001CDC98AE0E2DE574ABF33",1, - NULL, 20, - "WTLS curve over a 160 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_WTLS_9 = { + { NID_X9_62_prime_field,0,21,1 }, + { /* no seed */ + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,0x80, + 0x8F, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x03, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x02, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x01,0xCD,0xC9,0x8A,0xE0,0xE2,0xDE,0x57,0x4A,0xBF, + 0x33 } }; -static const EC_CURVE_DATA _EC_WTLS_12 = { - NID_X9_62_prime_field, - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, - NULL, 0, - "WTLS curvs over a 224 bit prime field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; } + _EC_WTLS_12 = { + { NID_X9_62_prime_field,0,28,1 }, + { /* no seed */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, + 0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41, /* b */ + 0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA, + 0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4, + 0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13, /* x */ + 0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22, + 0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21, + 0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22, /* y */ + 0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64, + 0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E, + 0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D } }; /* characteristic two curves */ -static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = { - 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87, - 0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000201", - "003088250CA6E7C7FE649CE85820F7", - "00E8BEE4D3E2260744188BE0E9C723", - "009D73616F35F4AB1407D73562C10F", - "00A52830277958EE84D1315ED31886", - "0100000000000000D9CCEC8A39E56F", 2, - _EC_SECG_CHAR2_113R1_SEED, 20, - "SECG curve over a 113 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; } + _EC_SECG_CHAR2_113R1 = { + { NID_X9_62_characteristic_two_field,20,15,2 }, + { 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87, /* seed */ + 0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x02,0x01, + 0x00,0x30,0x88,0x25,0x0C,0xA6,0xE7,0xC7,0xFE,0x64, /* a */ + 0x9C,0xE8,0x58,0x20,0xF7, + 0x00,0xE8,0xBE,0xE4,0xD3,0xE2,0x26,0x07,0x44,0x18, /* b */ + 0x8B,0xE0,0xE9,0xC7,0x23, + 0x00,0x9D,0x73,0x61,0x6F,0x35,0xF4,0xAB,0x14,0x07, /* x */ + 0xD7,0x35,0x62,0xC1,0x0F, + 0x00,0xA5,0x28,0x30,0x27,0x79,0x58,0xEE,0x84,0xD1, /* y */ + 0x31,0x5E,0xD3,0x18,0x86, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xD9,0xCC, /* order */ + 0xEC,0x8A,0x39,0xE5,0x6F } }; -static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = { - 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, - 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000201", - "00689918DBEC7E5A0DD6DFC0AA55C7", - "0095E9A9EC9B297BD4BF36E059184F", - "01A57A6A7B26CA5EF52FCDB8164797", - "00B3ADC94ED1FE674C06E695BABA1D", - "010000000000000108789B2496AF93", 2, - _EC_SECG_CHAR2_113R2_SEED, 20, - "SECG curve over a 113 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; } + _EC_SECG_CHAR2_113R2 = { + { NID_X9_62_characteristic_two_field,20,15,2 }, + { 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, /* seed */ + 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x02,0x01, + 0x00,0x68,0x99,0x18,0xDB,0xEC,0x7E,0x5A,0x0D,0xD6, /* a */ + 0xDF,0xC0,0xAA,0x55,0xC7, + 0x00,0x95,0xE9,0xA9,0xEC,0x9B,0x29,0x7B,0xD4,0xBF, /* b */ + 0x36,0xE0,0x59,0x18,0x4F, + 0x01,0xA5,0x7A,0x6A,0x7B,0x26,0xCA,0x5E,0xF5,0x2F, /* x */ + 0xCD,0xB8,0x16,0x47,0x97, + 0x00,0xB3,0xAD,0xC9,0x4E,0xD1,0xFE,0x67,0x4C,0x06, /* y */ + 0xE6,0x95,0xBA,0xBA,0x1D, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x08,0x78, /* order */ + 0x9B,0x24,0x96,0xAF,0x93 } }; -static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = { - 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98, - 0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000010D", - "07A11B09A76B562144418FF3FF8C2570B8", - "0217C05610884B63B9C6C7291678F9D341", - "0081BAF91FDF9833C40F9C181343638399", - "078C6E7EA38C001F73C8134B1B4EF9E150", - "0400000000000000023123953A9464B54D", 2, - _EC_SECG_CHAR2_131R1_SEED, 20, - "SECG/WTLS curve over a 131 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; } + _EC_SECG_CHAR2_131R1 = { + { NID_X9_62_characteristic_two_field,20,17,2 }, + { 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98, /* seed */ + 0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x01,0x0D, + 0x07,0xA1,0x1B,0x09,0xA7,0x6B,0x56,0x21,0x44,0x41, /* a */ + 0x8F,0xF3,0xFF,0x8C,0x25,0x70,0xB8, + 0x02,0x17,0xC0,0x56,0x10,0x88,0x4B,0x63,0xB9,0xC6, /* b */ + 0xC7,0x29,0x16,0x78,0xF9,0xD3,0x41, + 0x00,0x81,0xBA,0xF9,0x1F,0xDF,0x98,0x33,0xC4,0x0F, /* x */ + 0x9C,0x18,0x13,0x43,0x63,0x83,0x99, + 0x07,0x8C,0x6E,0x7E,0xA3,0x8C,0x00,0x1F,0x73,0xC8, /* y */ + 0x13,0x4B,0x1B,0x4E,0xF9,0xE1,0x50, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x31, /* order */ + 0x23,0x95,0x3A,0x94,0x64,0xB5,0x4D } }; -static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = { - 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000010D", - "03E5A88919D7CAFCBF415F07C2176573B2", - "04B8266A46C55657AC734CE38F018F2192", - "0356DCD8F2F95031AD652D23951BB366A8", - "0648F06D867940A5366D9E265DE9EB240F", - "0400000000000000016954A233049BA98F", 2, - _EC_SECG_CHAR2_131R2_SEED, 20, - "SECG curve over a 131 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; } + _EC_SECG_CHAR2_131R2 = { + { NID_X9_62_characteristic_two_field,20,17,2 }, + { 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x01,0x0D, + 0x03,0xE5,0xA8,0x89,0x19,0xD7,0xCA,0xFC,0xBF,0x41, /* a */ + 0x5F,0x07,0xC2,0x17,0x65,0x73,0xB2, + 0x04,0xB8,0x26,0x6A,0x46,0xC5,0x56,0x57,0xAC,0x73, /* b */ + 0x4C,0xE3,0x8F,0x01,0x8F,0x21,0x92, + 0x03,0x56,0xDC,0xD8,0xF2,0xF9,0x50,0x31,0xAD,0x65, /* x */ + 0x2D,0x23,0x95,0x1B,0xB3,0x66,0xA8, + 0x06,0x48,0xF0,0x6D,0x86,0x79,0x40,0xA5,0x36,0x6D, /* y */ + 0x9E,0x26,0x5D,0xE9,0xEB,0x24,0x0F, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x69, /* order */ + 0x54,0xA2,0x33,0x04,0x9B,0xA9,0x8F } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = { - NID_X9_62_characteristic_two_field, - "0800000000000000000000000000000000000000C9", - "1", - "1", - "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", - "0289070FB05D38FF58321F2E800536D538CCDAA3D9", - "04000000000000000000020108A2E0CC0D99F8A5EF", 2, - NULL, 0, - "NIST/SECG/WTLS curve over a 163 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_NIST_CHAR2_163K = { + { NID_X9_62_characteristic_two_field,0,21,2 }, + { /* no seed */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xC9, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x01, + 0x02,0xFE,0x13,0xC0,0x53,0x7B,0xBC,0x11,0xAC,0xAA, /* x */ + 0x07,0xD7,0x93,0xDE,0x4E,0x6D,0x5E,0x5C,0x94,0xEE, + 0xE8, + 0x02,0x89,0x07,0x0F,0xB0,0x5D,0x38,0xFF,0x58,0x32, /* y */ + 0x1F,0x2E,0x80,0x05,0x36,0xD5,0x38,0xCC,0xDA,0xA3, + 0xD9, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x02,0x01,0x08,0xA2,0xE0,0xCC,0x0D,0x99,0xF8,0xA5, + 0xEF } }; -static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = { - 0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67, - 0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = { - NID_X9_62_characteristic_two_field, - "0800000000000000000000000000000000000000C9", - "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", - "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", - "0369979697AB43897789566789567F787A7876A654", - "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", - "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2, +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_SECG_CHAR2_163R1 = { + { NID_X9_62_characteristic_two_field,0,21,2 }, + { /* no seed */ +#if 0 /* The algorithm used to derive the curve parameters from * the seed used here is slightly different than the - * algorithm described in X9.62 . - */ -#if 0 - _EC_SECG_CHAR2_163R1_SEED, 20, -#else - NULL, 0, + * algorithm described in X9.62 . */ + 0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67, + 0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C, #endif - "SECG curve over a 163 bit binary field" + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xC9, + 0x07,0xB6,0x88,0x2C,0xAA,0xEF,0xA8,0x4F,0x95,0x54, /* a */ + 0xFF,0x84,0x28,0xBD,0x88,0xE2,0x46,0xD2,0x78,0x2A, + 0xE2, + 0x07,0x13,0x61,0x2D,0xCD,0xDC,0xB4,0x0A,0xAB,0x94, /* b */ + 0x6B,0xDA,0x29,0xCA,0x91,0xF7,0x3A,0xF9,0x58,0xAF, + 0xD9, + 0x03,0x69,0x97,0x96,0x97,0xAB,0x43,0x89,0x77,0x89, /* x */ + 0x56,0x67,0x89,0x56,0x7F,0x78,0x7A,0x78,0x76,0xA6, + 0x54, + 0x00,0x43,0x5E,0xDB,0x42,0xEF,0xAF,0xB2,0x98,0x9D, /* y */ + 0x51,0xFE,0xFC,0xE3,0xC8,0x09,0x88,0xF4,0x1F,0xF8, + 0x83, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0x48,0xAA,0xB6,0x89,0xC2,0x9C,0xA7,0x10,0x27, + 0x9B } }; -static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = { - 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12, - 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={ - NID_X9_62_characteristic_two_field, - "0800000000000000000000000000000000000000C9", - "1", - "020A601907B8C953CA1481EB10512F78744A3205FD", - "03F0EBA16286A2D57EA0991168D4994637E8343E36", - "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - "040000000000000000000292FE77E70C12A4234C33", 2, -/* The seed here was used to created the curve parameters in normal - * basis representation (and not the polynomial representation used here) - */ +static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; } + _EC_NIST_CHAR2_163B = { + { NID_X9_62_characteristic_two_field,0,21,2 }, + { /* no seed */ #if 0 - _EC_NIST_CHAR2_163B_SEED, 20, -#else - NULL, 0, +/* The seed here was used to created the curve parameters in normal + * basis representation (and not the polynomial representation used here) */ + 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12, + 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68, #endif - "NIST/SECG curve over a 163 bit binary field" + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xC9, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x01, + 0x02,0x0A,0x60,0x19,0x07,0xB8,0xC9,0x53,0xCA,0x14, /* b */ + 0x81,0xEB,0x10,0x51,0x2F,0x78,0x74,0x4A,0x32,0x05, + 0xFD, + 0x03,0xF0,0xEB,0xA1,0x62,0x86,0xA2,0xD5,0x7E,0xA0, /* x */ + 0x99,0x11,0x68,0xD4,0x99,0x46,0x37,0xE8,0x34,0x3E, + 0x36, + 0x00,0xD5,0x1F,0xBC,0x6C,0x71,0xA0,0x09,0x4F,0xA2, /* y */ + 0xCD,0xD5,0x45,0xB1,0x1C,0x5C,0x0C,0x79,0x73,0x24, + 0xF1, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x02,0x92,0xFE,0x77,0xE7,0x0C,0x12,0xA4,0x23,0x4C, + 0x33 } }; -static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = { - 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75, - 0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = { - NID_X9_62_characteristic_two_field, - "02000000000000000000000000000000000000000000008001", - "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", - "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", - "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", - "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", - "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, - _EC_SECG_CHAR2_193R1_SEED, 20, - "SECG curve over a 193 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; } + _EC_SECG_CHAR2_193R1 = { + { NID_X9_62_characteristic_two_field,20,25,2 }, + { 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75, /* seed */ + 0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x80,0x01, + 0x00,0x17,0x85,0x8F,0xEB,0x7A,0x98,0x97,0x51,0x69, /* a */ + 0xE1,0x71,0xF7,0x7B,0x40,0x87,0xDE,0x09,0x8A,0xC8, + 0xA9,0x11,0xDF,0x7B,0x01, + 0x00,0xFD,0xFB,0x49,0xBF,0xE6,0xC3,0xA8,0x9F,0xAC, /* b */ + 0xAD,0xAA,0x7A,0x1E,0x5B,0xBC,0x7C,0xC1,0xC2,0xE5, + 0xD8,0x31,0x47,0x88,0x14, + 0x01,0xF4,0x81,0xBC,0x5F,0x0F,0xF8,0x4A,0x74,0xAD, /* x */ + 0x6C,0xDF,0x6F,0xDE,0xF4,0xBF,0x61,0x79,0x62,0x53, + 0x72,0xD8,0xC0,0xC5,0xE1, + 0x00,0x25,0xE3,0x99,0xF2,0x90,0x37,0x12,0xCC,0xF3, /* y */ + 0xEA,0x9E,0x3A,0x1A,0xD1,0x7F,0xB0,0xB3,0x20,0x1B, + 0x6A,0xF7,0xCE,0x1B,0x05, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0xC7,0xF3,0x4A,0x77,0x8F,0x44,0x3A, + 0xCC,0x92,0x0E,0xBA,0x49 } }; -static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = { - 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15, - 0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = { - NID_X9_62_characteristic_two_field, - "02000000000000000000000000000000000000000000008001", - "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", - "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", - "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", - "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", - "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, - _EC_SECG_CHAR2_193R2_SEED, 20, - "SECG curve over a 193 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; } + _EC_SECG_CHAR2_193R2 = { + { NID_X9_62_characteristic_two_field,20,25,2 }, + { 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15, /* seed */ + 0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x80,0x01, + 0x01,0x63,0xF3,0x5A,0x51,0x37,0xC2,0xCE,0x3E,0xA6, /* a */ + 0xED,0x86,0x67,0x19,0x0B,0x0B,0xC4,0x3E,0xCD,0x69, + 0x97,0x77,0x02,0x70,0x9B, + 0x00,0xC9,0xBB,0x9E,0x89,0x27,0xD4,0xD6,0x4C,0x37, /* b */ + 0x7E,0x2A,0xB2,0x85,0x6A,0x5B,0x16,0xE3,0xEF,0xB7, + 0xF6,0x1D,0x43,0x16,0xAE, + 0x00,0xD9,0xB6,0x7D,0x19,0x2E,0x03,0x67,0xC8,0x03, /* x */ + 0xF3,0x9E,0x1A,0x7E,0x82,0xCA,0x14,0xA6,0x51,0x35, + 0x0A,0xAE,0x61,0x7E,0x8F, + 0x01,0xCE,0x94,0x33,0x56,0x07,0xC3,0x04,0xAC,0x29, /* y */ + 0xE7,0xDE,0xFB,0xD9,0xCA,0x01,0xF5,0x96,0xF9,0x27, + 0x22,0x4C,0xDE,0xCF,0x6C, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x01,0x5A,0xAB,0x56,0x1B,0x00,0x54,0x13, + 0xCC,0xD4,0xEE,0x99,0xD5 } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000000000000004000000000000000001", - "0", - "1", - "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", - "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", - "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, - NULL, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; } + _EC_NIST_CHAR2_233K = { + { NID_X9_62_characteristic_two_field,0,30,4 }, + { /* no seed */ + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x01,0x72,0x32,0xBA,0x85,0x3A,0x7E,0x73,0x1A,0xF1, /* x */ + 0x29,0xF2,0x2F,0xF4,0x14,0x95,0x63,0xA4,0x19,0xC2, + 0x6B,0xF5,0x0A,0x4C,0x9D,0x6E,0xEF,0xAD,0x61,0x26, + + 0x01,0xDB,0x53,0x7D,0xEC,0xE8,0x19,0xB7,0xF7,0x0F, /* y */ + 0x55,0x5A,0x67,0xC4,0x27,0xA8,0xCD,0x9B,0xF1,0x8A, + 0xEB,0x9B,0x56,0xE0,0xC1,0x10,0x56,0xFA,0xE6,0xA3, + + 0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x06,0x9D,0x5B,0xB9,0x15, + 0xBC,0xD4,0x6E,0xFB,0x1A,0xD5,0xF1,0x73,0xAB,0xDF } }; -static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = { - 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1, - 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000001", - "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", - "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", - "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", - "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, - _EC_NIST_CHAR2_233B_SEED, 20, - "NIST/SECG/WTLS curve over a 233 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_NIST_CHAR2_233B = { + { NID_X9_62_characteristic_two_field,20,30,2 }, + { 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1, /* seed */ + 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x66,0x64,0x7E,0xDE,0x6C,0x33,0x2C,0x7F,0x8C, /* b */ + 0x09,0x23,0xBB,0x58,0x21,0x3B,0x33,0x3B,0x20,0xE9, + 0xCE,0x42,0x81,0xFE,0x11,0x5F,0x7D,0x8F,0x90,0xAD, + + 0x00,0xFA,0xC9,0xDF,0xCB,0xAC,0x83,0x13,0xBB,0x21, /* x */ + 0x39,0xF1,0xBB,0x75,0x5F,0xEF,0x65,0xBC,0x39,0x1F, + 0x8B,0x36,0xF8,0xF8,0xEB,0x73,0x71,0xFD,0x55,0x8B, + + 0x01,0x00,0x6A,0x08,0xA4,0x19,0x03,0x35,0x06,0x78, /* y */ + 0xE5,0x85,0x28,0xBE,0xBF,0x8A,0x0B,0xEF,0xF8,0x67, + 0xA7,0xCA,0x36,0x71,0x6F,0x7E,0x01,0xF8,0x10,0x52, + + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x13,0xE9,0x74,0xE7,0x2F, + 0x8A,0x69,0x22,0x03,0x1D,0x26,0x03,0xCF,0xE0,0xD7 } }; -static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000004000000000000000000000000000000000000001", - "0", - "1", - "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", - "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", - "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, - NULL, 0, - "SECG curve over a 239 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; } + _EC_SECG_CHAR2_239K1 = { + { NID_X9_62_characteristic_two_field,0,30,4 }, + { /* no seed */ + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x29,0xA0,0xB6,0xA8,0x87,0xA9,0x83,0xE9,0x73,0x09, /* x */ + 0x88,0xA6,0x87,0x27,0xA8,0xB2,0xD1,0x26,0xC4,0x4C, + 0xC2,0xCC,0x7B,0x2A,0x65,0x55,0x19,0x30,0x35,0xDC, + + 0x76,0x31,0x08,0x04,0xF1,0x2E,0x54,0x9B,0xDB,0x01, /* y */ + 0x1C,0x10,0x30,0x89,0xE7,0x35,0x10,0xAC,0xB2,0x75, + 0xFC,0x31,0x2A,0x5D,0xC6,0xB7,0x65,0x53,0xF0,0xCA, + + 0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x5A,0x79,0xFE,0xC6,0x7C, + 0xB6,0xE9,0x1F,0x1C,0x1D,0xA8,0x00,0xE4,0x78,0xA5 } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000000000000000000000000000000001" - "0A1", - "0", - "1", - "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492" - "836", - "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2" - "259", - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" - "C61", 4, - NULL, 20, - "NIST/SECG curve over a 283 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+36*6]; } + _EC_NIST_CHAR2_283K = { + { NID_X9_62_characteristic_two_field,0,36,4 }, + { /* no seed */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x10,0xA1, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x01, + 0x05,0x03,0x21,0x3F,0x78,0xCA,0x44,0x88,0x3F,0x1A, /* x */ + 0x3B,0x81,0x62,0xF1,0x88,0xE5,0x53,0xCD,0x26,0x5F, + 0x23,0xC1,0x56,0x7A,0x16,0x87,0x69,0x13,0xB0,0xC2, + 0xAC,0x24,0x58,0x49,0x28,0x36, + 0x01,0xCC,0xDA,0x38,0x0F,0x1C,0x9E,0x31,0x8D,0x90, /* y */ + 0xF9,0x5D,0x07,0xE5,0x42,0x6F,0xE8,0x7E,0x45,0xC0, + 0xE8,0x18,0x46,0x98,0xE4,0x59,0x62,0x36,0x4E,0x34, + 0x11,0x61,0x77,0xDD,0x22,0x59, + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE9,0xAE, + 0x2E,0xD0,0x75,0x77,0x26,0x5D,0xFF,0x7F,0x94,0x45, + 0x1E,0x06,0x1E,0x16,0x3C,0x61 } }; -static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = { - 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D, - 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000000000000000000000000000000001" - "0A1", - "000000000000000000000000000000000000000000000000000000000000000000000" - "001", - "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A" - "2F5", - "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12" - "053", - "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811" - "2F4", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" - "307", 2, - _EC_NIST_CHAR2_283B_SEED, 20, - "NIST/SECG curve over a 283 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+36*6]; } + _EC_NIST_CHAR2_283B = { + { NID_X9_62_characteristic_two_field,20,36,2 }, + { 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D, /* no seed */ + 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x10,0xA1, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x01, + 0x02,0x7B,0x68,0x0A,0xC8,0xB8,0x59,0x6D,0xA5,0xA4, /* b */ + 0xAF,0x8A,0x19,0xA0,0x30,0x3F,0xCA,0x97,0xFD,0x76, + 0x45,0x30,0x9F,0xA2,0xA5,0x81,0x48,0x5A,0xF6,0x26, + 0x3E,0x31,0x3B,0x79,0xA2,0xF5, + 0x05,0xF9,0x39,0x25,0x8D,0xB7,0xDD,0x90,0xE1,0x93, /* x */ + 0x4F,0x8C,0x70,0xB0,0xDF,0xEC,0x2E,0xED,0x25,0xB8, + 0x55,0x7E,0xAC,0x9C,0x80,0xE2,0xE1,0x98,0xF8,0xCD, + 0xBE,0xCD,0x86,0xB1,0x20,0x53, + 0x03,0x67,0x68,0x54,0xFE,0x24,0x14,0x1C,0xB9,0x8F, /* y */ + 0xE6,0xD4,0xB2,0x0D,0x02,0xB4,0x51,0x6F,0xF7,0x02, + 0x35,0x0E,0xDD,0xB0,0x82,0x67,0x79,0xC8,0x13,0xF0, + 0xDF,0x45,0xBE,0x81,0x12,0xF4, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xEF,0x90, + 0x39,0x96,0x60,0xFC,0x93,0x8A,0x90,0x16,0x5B,0x04, + 0x2A,0x7C,0xEF,0xAD,0xB3,0x07 } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000000000000000000000000000000000000000000" - "00000000000008000000000000000000001", - "0", - "1", - "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601" - "89EB5AAAA62EE222EB1B35540CFE9023746", - "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6" - "C42E9C55215AA9CA27A5863EC48D8E0286B", - "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" - "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, - NULL, 0, - "NIST/SECG curve over a 409 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+52*6]; } + _EC_NIST_CHAR2_409K = { + { NID_X9_62_characteristic_two_field,0,52,4 }, + { /* no seed */ + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x00,0x60,0xF0,0x5F,0x65,0x8F,0x49,0xC1,0xAD,0x3A, /* x */ + 0xB1,0x89,0x0F,0x71,0x84,0x21,0x0E,0xFD,0x09,0x87, + 0xE3,0x07,0xC8,0x4C,0x27,0xAC,0xCF,0xB8,0xF9,0xF6, + 0x7C,0xC2,0xC4,0x60,0x18,0x9E,0xB5,0xAA,0xAA,0x62, + 0xEE,0x22,0x2E,0xB1,0xB3,0x55,0x40,0xCF,0xE9,0x02, + 0x37,0x46, + 0x01,0xE3,0x69,0x05,0x0B,0x7C,0x4E,0x42,0xAC,0xBA, /* y */ + 0x1D,0xAC,0xBF,0x04,0x29,0x9C,0x34,0x60,0x78,0x2F, + 0x91,0x8E,0xA4,0x27,0xE6,0x32,0x51,0x65,0xE9,0xEA, + 0x10,0xE3,0xDA,0x5F,0x6C,0x42,0xE9,0xC5,0x52,0x15, + 0xAA,0x9C,0xA2,0x7A,0x58,0x63,0xEC,0x48,0xD8,0xE0, + 0x28,0x6B, + 0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0x5F,0x83,0xB2, + 0xD4,0xEA,0x20,0x40,0x0E,0xC4,0x55,0x7D,0x5E,0xD3, + 0xE3,0xE7,0xCA,0x5B,0x4B,0x5C,0x83,0xB8,0xE0,0x1E, + 0x5F,0xCF } }; -static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = { - 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21, - 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000000000000000000000000000000000000000000" - "00000000000008000000000000000000001", - "000000000000000000000000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19" - "7B272822F6CD57A55AA4F50AE317B13545F", - "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255" - "A868A1180515603AEAB60794E54BB7996A7", - "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514" - "F1FDF4B4F40D2181B3681C364BA0273C706", - "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" - "7BE5FA47C3C9E052F838164CD37D9A21173", 2, - _EC_NIST_CHAR2_409B_SEED, 20, - "NIST/SECG curve over a 409 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+52*6]; } + _EC_NIST_CHAR2_409B = { + { NID_X9_62_characteristic_two_field,20,52,2 }, + { 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21, /* seed */ + 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B, + + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x00,0x21,0xA5,0xC2,0xC8,0xEE,0x9F,0xEB,0x5C,0x4B, /* b */ + 0x9A,0x75,0x3B,0x7B,0x47,0x6B,0x7F,0xD6,0x42,0x2E, + 0xF1,0xF3,0xDD,0x67,0x47,0x61,0xFA,0x99,0xD6,0xAC, + 0x27,0xC8,0xA9,0xA1,0x97,0xB2,0x72,0x82,0x2F,0x6C, + 0xD5,0x7A,0x55,0xAA,0x4F,0x50,0xAE,0x31,0x7B,0x13, + 0x54,0x5F, + 0x01,0x5D,0x48,0x60,0xD0,0x88,0xDD,0xB3,0x49,0x6B, /* x */ + 0x0C,0x60,0x64,0x75,0x62,0x60,0x44,0x1C,0xDE,0x4A, + 0xF1,0x77,0x1D,0x4D,0xB0,0x1F,0xFE,0x5B,0x34,0xE5, + 0x97,0x03,0xDC,0x25,0x5A,0x86,0x8A,0x11,0x80,0x51, + 0x56,0x03,0xAE,0xAB,0x60,0x79,0x4E,0x54,0xBB,0x79, + 0x96,0xA7, + 0x00,0x61,0xB1,0xCF,0xAB,0x6B,0xE5,0xF3,0x2B,0xBF, /* y */ + 0xA7,0x83,0x24,0xED,0x10,0x6A,0x76,0x36,0xB9,0xC5, + 0xA7,0xBD,0x19,0x8D,0x01,0x58,0xAA,0x4F,0x54,0x88, + 0xD0,0x8F,0x38,0x51,0x4F,0x1F,0xDF,0x4B,0x4F,0x40, + 0xD2,0x18,0x1B,0x36,0x81,0xC3,0x64,0xBA,0x02,0x73, + 0xC7,0x06, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xE2,0xAA,0xD6, + 0xA6,0x12,0xF3,0x33,0x07,0xBE,0x5F,0xA4,0x7C,0x3C, + 0x9E,0x05,0x2F,0x83,0x81,0x64,0xCD,0x37,0xD9,0xA2, + 0x11,0x73 } }; -static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000000000000000000000000" - "000000000000000000000000000000000000000000000000000000000000000000000" - "00425", - "0", - "1", - "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709" - "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0" - "1C8972", - "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497" - "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E" - "F1C7A3", - "020000000000000000000000000000000000000000000000000000000000000000000" - "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" - "7C1001", 4, - NULL, 0, - "NIST/SECG curve over a 571 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+72*6]; } + _EC_NIST_CHAR2_571K = { + { NID_X9_62_characteristic_two_field,0,72,4 }, + { /* no seed */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x25, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x02,0x6E,0xB7,0xA8,0x59,0x92,0x3F,0xBC,0x82,0x18, /* x */ + 0x96,0x31,0xF8,0x10,0x3F,0xE4,0xAC,0x9C,0xA2,0x97, + 0x00,0x12,0xD5,0xD4,0x60,0x24,0x80,0x48,0x01,0x84, + 0x1C,0xA4,0x43,0x70,0x95,0x84,0x93,0xB2,0x05,0xE6, + 0x47,0xDA,0x30,0x4D,0xB4,0xCE,0xB0,0x8C,0xBB,0xD1, + 0xBA,0x39,0x49,0x47,0x76,0xFB,0x98,0x8B,0x47,0x17, + 0x4D,0xCA,0x88,0xC7,0xE2,0x94,0x52,0x83,0xA0,0x1C, + 0x89,0x72, + 0x03,0x49,0xDC,0x80,0x7F,0x4F,0xBF,0x37,0x4F,0x4A, /* y */ + 0xEA,0xDE,0x3B,0xCA,0x95,0x31,0x4D,0xD5,0x8C,0xEC, + 0x9F,0x30,0x7A,0x54,0xFF,0xC6,0x1E,0xFC,0x00,0x6D, + 0x8A,0x2C,0x9D,0x49,0x79,0xC0,0xAC,0x44,0xAE,0xA7, + 0x4F,0xBE,0xBB,0xB9,0xF7,0x72,0xAE,0xDC,0xB6,0x20, + 0xB0,0x1A,0x7B,0xA7,0xAF,0x1B,0x32,0x04,0x30,0xC8, + 0x59,0x19,0x84,0xF6,0x01,0xCD,0x4C,0x14,0x3E,0xF1, + 0xC7,0xA3, + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x13,0x18,0x50,0xE1, + 0xF1,0x9A,0x63,0xE4,0xB3,0x91,0xA8,0xDB,0x91,0x7F, + 0x41,0x38,0xB6,0x30,0xD8,0x4B,0xE5,0xD6,0x39,0x38, + 0x1E,0x91,0xDE,0xB4,0x5C,0xFE,0x77,0x8F,0x63,0x7C, + 0x10,0x01 } }; -static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = { - 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B, - 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10}; -static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000000000000000000000000" - "000000000000000000000000000000000000000000000000000000000000000000000" - "00425", - "000000000000000000000000000000000000000000000000000000000000000000000" - "000000000000000000000000000000000000000000000000000000000000000000000" - "000001", - "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA" - "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29" - "55727A", - "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53" - "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E" - "EC2D19", - "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423" - "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B" - "8AC15B", - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" - "E84E47", 2, - _EC_NIST_CHAR2_571B_SEED, 20, - "NIST/SECG curve over a 571 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+72*6]; } + _EC_NIST_CHAR2_571B = { + { NID_X9_62_characteristic_two_field,20,72,2 }, + { 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B, /* seed */ + 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x25, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01, + 0x02,0xF4,0x0E,0x7E,0x22,0x21,0xF2,0x95,0xDE,0x29, /* b */ + 0x71,0x17,0xB7,0xF3,0xD6,0x2F,0x5C,0x6A,0x97,0xFF, + 0xCB,0x8C,0xEF,0xF1,0xCD,0x6B,0xA8,0xCE,0x4A,0x9A, + 0x18,0xAD,0x84,0xFF,0xAB,0xBD,0x8E,0xFA,0x59,0x33, + 0x2B,0xE7,0xAD,0x67,0x56,0xA6,0x6E,0x29,0x4A,0xFD, + 0x18,0x5A,0x78,0xFF,0x12,0xAA,0x52,0x0E,0x4D,0xE7, + 0x39,0xBA,0xCA,0x0C,0x7F,0xFE,0xFF,0x7F,0x29,0x55, + 0x72,0x7A, + 0x03,0x03,0x00,0x1D,0x34,0xB8,0x56,0x29,0x6C,0x16, /* x */ + 0xC0,0xD4,0x0D,0x3C,0xD7,0x75,0x0A,0x93,0xD1,0xD2, + 0x95,0x5F,0xA8,0x0A,0xA5,0xF4,0x0F,0xC8,0xDB,0x7B, + 0x2A,0xBD,0xBD,0xE5,0x39,0x50,0xF4,0xC0,0xD2,0x93, + 0xCD,0xD7,0x11,0xA3,0x5B,0x67,0xFB,0x14,0x99,0xAE, + 0x60,0x03,0x86,0x14,0xF1,0x39,0x4A,0xBF,0xA3,0xB4, + 0xC8,0x50,0xD9,0x27,0xE1,0xE7,0x76,0x9C,0x8E,0xEC, + 0x2D,0x19, + 0x03,0x7B,0xF2,0x73,0x42,0xDA,0x63,0x9B,0x6D,0xCC, /* y */ + 0xFF,0xFE,0xB7,0x3D,0x69,0xD7,0x8C,0x6C,0x27,0xA6, + 0x00,0x9C,0xBB,0xCA,0x19,0x80,0xF8,0x53,0x39,0x21, + 0xE8,0xA6,0x84,0x42,0x3E,0x43,0xBA,0xB0,0x8A,0x57, + 0x62,0x91,0xAF,0x8F,0x46,0x1B,0xB2,0xA8,0xB3,0x53, + 0x1D,0x2F,0x04,0x85,0xC1,0x9B,0x16,0xE2,0xF1,0x51, + 0x6E,0x23,0xDD,0x3C,0x1A,0x48,0x27,0xAF,0x1B,0x8A, + 0xC1,0x5B, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE6,0x61,0xCE,0x18, + 0xFF,0x55,0x98,0x73,0x08,0x05,0x9B,0x18,0x68,0x23, + 0x85,0x1E,0xC7,0xDD,0x9C,0xA1,0x16,0x1D,0xE9,0x3D, + 0x51,0x74,0xD6,0x6E,0x83,0x82,0xE9,0xBB,0x2F,0xE8, + 0x4E,0x47 } }; -static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = { - 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, - 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000107", - "072546B5435234A422E0789675F432C89435DE5242", - "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", - "07AF69989546103D79329FCC3D74880F33BBE803CB", - "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", - "0400000000000000000001E60FC8821CC74DAEAFC1", 2, - _EC_X9_62_CHAR2_163V1_SEED, 20, - "X9.62 curve over a 163 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_X9_62_CHAR2_163V1 = { + { NID_X9_62_characteristic_two_field,20,21,2 }, + { 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, + 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54, /* seed */ + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x07, + 0x07,0x25,0x46,0xB5,0x43,0x52,0x34,0xA4,0x22,0xE0, /* a */ + 0x78,0x96,0x75,0xF4,0x32,0xC8,0x94,0x35,0xDE,0x52, + 0x42, + 0x00,0xC9,0x51,0x7D,0x06,0xD5,0x24,0x0D,0x3C,0xFF, /* b */ + 0x38,0xC7,0x4B,0x20,0xB6,0xCD,0x4D,0x6F,0x9D,0xD4, + 0xD9, + 0x07,0xAF,0x69,0x98,0x95,0x46,0x10,0x3D,0x79,0x32, /* x */ + 0x9F,0xCC,0x3D,0x74,0x88,0x0F,0x33,0xBB,0xE8,0x03, + 0xCB, + 0x01,0xEC,0x23,0x21,0x1B,0x59,0x66,0xAD,0xEA,0x1D, /* y */ + 0x3F,0x87,0xF7,0xEA,0x58,0x48,0xAE,0xF0,0xB7,0xCA, + 0x9F, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x01,0xE6,0x0F,0xC8,0x82,0x1C,0xC7,0x4D,0xAE,0xAF, + 0xC1 } }; -static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { - 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000107", - "0108B39E77C4B108BED981ED0E890E117C511CF072", - "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", - "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", - "079F684DDF6684C5CD258B3890021B2386DFD19FC5", - "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, - _EC_X9_62_CHAR2_163V2_SEED, 20, - "X9.62 curve over a 163 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_X9_62_CHAR2_163V2 = { + { NID_X9_62_characteristic_two_field,20,21,2 }, + { 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x07, + 0x01,0x08,0xB3,0x9E,0x77,0xC4,0xB1,0x08,0xBE,0xD9, /* a */ + 0x81,0xED,0x0E,0x89,0x0E,0x11,0x7C,0x51,0x1C,0xF0, + 0x72, + 0x06,0x67,0xAC,0xEB,0x38,0xAF,0x4E,0x48,0x8C,0x40, /* b */ + 0x74,0x33,0xFF,0xAE,0x4F,0x1C,0x81,0x16,0x38,0xDF, + 0x20, + 0x00,0x24,0x26,0x6E,0x4E,0xB5,0x10,0x6D,0x0A,0x96, /* x */ + 0x4D,0x92,0xC4,0x86,0x0E,0x26,0x71,0xDB,0x9B,0x6C, + 0xC5, + 0x07,0x9F,0x68,0x4D,0xDF,0x66,0x84,0xC5,0xCD,0x25, /* y */ + 0x8B,0x38,0x90,0x02,0x1B,0x23,0x86,0xDF,0xD1,0x9F, + 0xC5, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFD,0xF6,0x4D,0xE1,0x15,0x1A,0xDB,0xB7,0x8F,0x10, + 0xA7 } }; -static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { - 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67, - 0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { - NID_X9_62_characteristic_two_field, - "080000000000000000000000000000000000000107", - "07A526C63D3E25A256A007699F5447E32AE456B50E", - "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", - "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", - "05B935590C155E17EA48EB3FF3718B893DF59A05D0", - "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, - _EC_X9_62_CHAR2_163V3_SEED, 20, - "X9.62 curve over a 163 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } + _EC_X9_62_CHAR2_163V3 = { + { NID_X9_62_characteristic_two_field,20,21,2 }, + { 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67, /* seed */ + 0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8, + + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x07, + 0x07,0xA5,0x26,0xC6,0x3D,0x3E,0x25,0xA2,0x56,0xA0, /* a */ + 0x07,0x69,0x9F,0x54,0x47,0xE3,0x2A,0xE4,0x56,0xB5, + 0x0E, + 0x03,0xF7,0x06,0x17,0x98,0xEB,0x99,0xE2,0x38,0xFD, /* b */ + 0x6F,0x1B,0xF9,0x5B,0x48,0xFE,0xEB,0x48,0x54,0x25, + 0x2B, + 0x02,0xF9,0xF8,0x7B,0x7C,0x57,0x4D,0x0B,0xDE,0xCF, /* x */ + 0x8A,0x22,0xE6,0x52,0x47,0x75,0xF9,0x8C,0xDE,0xBD, + 0xCB, + 0x05,0xB9,0x35,0x59,0x0C,0x15,0x5E,0x17,0xEA,0x48, /* y */ + 0xEB,0x3F,0xF3,0x71,0x8B,0x89,0x3D,0xF5,0x9A,0x05, + 0xD0, + 0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFE,0x1A,0xEE,0x14,0x0F,0x11,0x0A,0xFF,0x96,0x13, + 0x09 } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { - NID_X9_62_characteristic_two_field, - "0100000000000000000000000000000000080000000007", - "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", - "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", - "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", - "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", - "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, - NULL, 0, - "X9.62 curve over a 176 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+23*6]; } + _EC_X9_62_CHAR2_176V1 = { + { NID_X9_62_characteristic_two_field,0,23,0xFF6E }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00, + 0x00,0x00,0x07, + 0x00,0xE4,0xE6,0xDB,0x29,0x95,0x06,0x5C,0x40,0x7D, /* a */ + 0x9D,0x39,0xB8,0xD0,0x96,0x7B,0x96,0x70,0x4B,0xA8, + 0xE9,0xC9,0x0B, + 0x00,0x5D,0xDA,0x47,0x0A,0xBE,0x64,0x14,0xDE,0x8E, /* b */ + 0xC1,0x33,0xAE,0x28,0xE9,0xBB,0xD7,0xFC,0xEC,0x0A, + 0xE0,0xFF,0xF2, + 0x00,0x8D,0x16,0xC2,0x86,0x67,0x98,0xB6,0x00,0xF9, /* x */ + 0xF0,0x8B,0xB4,0xA8,0xE8,0x60,0xF3,0x29,0x8C,0xE0, + 0x4A,0x57,0x98, + 0x00,0x6F,0xA4,0x53,0x9C,0x2D,0xAD,0xDD,0xD6,0xBA, /* y */ + 0xB5,0x16,0x7D,0x61,0xB4,0x36,0xE1,0xD9,0x2B,0xB1, + 0x6A,0x56,0x2C, + 0x00,0x00,0x01,0x00,0x92,0x53,0x73,0x97,0xEC,0xA4, /* order */ + 0xF6,0x14,0x57,0x99,0xD6,0x2B,0x0A,0x19,0xCE,0x06, + 0xFE,0x26,0xAD } }; -static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { - 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000201", - "2866537B676752636A68F56554E12640276B649EF7526267", - "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", - "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", - "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", - "40000000000000000000000004A20E90C39067C893BBB9A5", 2, - _EC_X9_62_CHAR2_191V1_SEED, 20, - "X9.62 curve over a 191 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_CHAR2_191V1 = { + { NID_X9_62_characteristic_two_field,20,24,2 }, + { 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x02,0x01, + 0x28,0x66,0x53,0x7B,0x67,0x67,0x52,0x63,0x6A,0x68, /* a */ + 0xF5,0x65,0x54,0xE1,0x26,0x40,0x27,0x6B,0x64,0x9E, + 0xF7,0x52,0x62,0x67, + 0x2E,0x45,0xEF,0x57,0x1F,0x00,0x78,0x6F,0x67,0xB0, /* b */ + 0x08,0x1B,0x94,0x95,0xA3,0xD9,0x54,0x62,0xF5,0xDE, + 0x0A,0xA1,0x85,0xEC, + 0x36,0xB3,0xDA,0xF8,0xA2,0x32,0x06,0xF9,0xC4,0xF2, /* x */ + 0x99,0xD7,0xB2,0x1A,0x9C,0x36,0x91,0x37,0xF2,0xC8, + 0x4A,0xE1,0xAA,0x0D, + 0x76,0x5B,0xE7,0x34,0x33,0xB3,0xF9,0x5E,0x33,0x29, /* y */ + 0x32,0xE7,0x0E,0xA2,0x45,0xCA,0x24,0x18,0xEA,0x0E, + 0xF9,0x80,0x18,0xFB, + 0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x04,0xA2,0x0E,0x90,0xC3,0x90,0x67,0xC8, + 0x93,0xBB,0xB9,0xA5 } }; -static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { - 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000201", - "401028774D7777C7B7666D1366EA432071274F89FF01E718", - "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", - "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", - "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", - "20000000000000000000000050508CB89F652824E06B8173", 4, - _EC_X9_62_CHAR2_191V2_SEED, 20, - "X9.62 curve over a 191 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_CHAR2_191V2 = { + { NID_X9_62_characteristic_two_field,20,24,4 }, + { 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x02,0x01, + 0x40,0x10,0x28,0x77,0x4D,0x77,0x77,0xC7,0xB7,0x66, /* a */ + 0x6D,0x13,0x66,0xEA,0x43,0x20,0x71,0x27,0x4F,0x89, + 0xFF,0x01,0xE7,0x18, + 0x06,0x20,0x04,0x8D,0x28,0xBC,0xBD,0x03,0xB6,0x24, /* b */ + 0x9C,0x99,0x18,0x2B,0x7C,0x8C,0xD1,0x97,0x00,0xC3, + 0x62,0xC4,0x6A,0x01, + 0x38,0x09,0xB2,0xB7,0xCC,0x1B,0x28,0xCC,0x5A,0x87, /* x */ + 0x92,0x6A,0xAD,0x83,0xFD,0x28,0x78,0x9E,0x81,0xE2, + 0xC9,0xE3,0xBF,0x10, + 0x17,0x43,0x43,0x86,0x62,0x6D,0x14,0xF3,0xDB,0xF0, /* y */ + 0x17,0x60,0xD9,0x21,0x3A,0x3E,0x1C,0xF3,0x7A,0xEC, + 0x43,0x7D,0x66,0x8A, + 0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x50,0x50,0x8C,0xB8,0x9F,0x65,0x28,0x24, + 0xE0,0x6B,0x81,0x73 } }; -static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { - 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000201", - "6C01074756099122221056911C77D77E77A777E7E7E77FCB", - "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", - "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", - "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", - "155555555555555555555555610C0B196812BFB6288A3EA3", 6, - _EC_X9_62_CHAR2_191V3_SEED, 20, - "X9.62 curve over a 191 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; } + _EC_X9_62_CHAR2_191V3 = { + { NID_X9_62_characteristic_two_field,20,24,6 }, + { 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x02,0x01, + 0x6C,0x01,0x07,0x47,0x56,0x09,0x91,0x22,0x22,0x10, /* a */ + 0x56,0x91,0x1C,0x77,0xD7,0x7E,0x77,0xA7,0x77,0xE7, + 0xE7,0xE7,0x7F,0xCB, + 0x71,0xFE,0x1A,0xF9,0x26,0xCF,0x84,0x79,0x89,0xEF, /* b */ + 0xEF,0x8D,0xB4,0x59,0xF6,0x63,0x94,0xD9,0x0F,0x32, + 0xAD,0x3F,0x15,0xE8, + 0x37,0x5D,0x4C,0xE2,0x4F,0xDE,0x43,0x44,0x89,0xDE, /* x */ + 0x87,0x46,0xE7,0x17,0x86,0x01,0x50,0x09,0xE6,0x6E, + 0x38,0xA9,0x26,0xDD, + 0x54,0x5A,0x39,0x17,0x61,0x96,0x57,0x5D,0x98,0x59, /* y */ + 0x99,0x36,0x6E,0x6A,0xD3,0x4C,0xE0,0xA7,0x7C,0xD7, + 0x12,0x7B,0x06,0xBE, + 0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55, /* order */ + 0x55,0x55,0x61,0x0C,0x0B,0x19,0x68,0x12,0xBF,0xB6, + 0x28,0x8A,0x3E,0xA3 } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { - NID_X9_62_characteristic_two_field, - "010000000000000000000000000000000800000000000000000007", - "0000000000000000000000000000000000000000000000000000", - "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", - "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", - "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", - "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, - NULL, 0, - "X9.62 curve over a 208 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+27*6]; } + _EC_X9_62_CHAR2_208W1 = { + { NID_X9_62_characteristic_two_field,0,27,0xFE48 }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x07, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0xC8,0x61,0x9E,0xD4,0x5A,0x62,0xE6,0x21,0x2E, /* b */ + 0x11,0x60,0x34,0x9E,0x2B,0xFA,0x84,0x44,0x39,0xFA, + 0xFC,0x2A,0x3F,0xD1,0x63,0x8F,0x9E, + 0x00,0x89,0xFD,0xFB,0xE4,0xAB,0xE1,0x93,0xDF,0x95, /* x */ + 0x59,0xEC,0xF0,0x7A,0xC0,0xCE,0x78,0x55,0x4E,0x27, + 0x84,0xEB,0x8C,0x1E,0xD1,0xA5,0x7A, + 0x00,0x0F,0x55,0xB5,0x1A,0x06,0xE7,0x8E,0x9A,0xC3, /* y */ + 0x8A,0x03,0x5F,0xF5,0x20,0xD8,0xB0,0x17,0x81,0xBE, + 0xB1,0xA6,0xBB,0x08,0x61,0x7D,0xE3, + 0x00,0x00,0x01,0x01,0xBA,0xF9,0x5C,0x97,0x23,0xC5, /* order */ + 0x7B,0x6C,0x21,0xDA,0x2E,0xFF,0x2D,0x5E,0xD5,0x88, + 0xBD,0xD5,0x71,0x7E,0x21,0x2F,0x9D } }; -static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { - 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, - 0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000001000000001", - "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", - "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", - "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", - "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", - "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, - _EC_X9_62_CHAR2_239V1_SEED, 20, - "X9.62 curve over a 239 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_CHAR2_239V1 = { + { NID_X9_62_characteristic_two_field,20,30,4 }, + { 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, /* seed */ + 0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01, + + 0x32,0x01,0x08,0x57,0x07,0x7C,0x54,0x31,0x12,0x3A, /* a */ + 0x46,0xB8,0x08,0x90,0x67,0x56,0xF5,0x43,0x42,0x3E, + 0x8D,0x27,0x87,0x75,0x78,0x12,0x57,0x78,0xAC,0x76, + + 0x79,0x04,0x08,0xF2,0xEE,0xDA,0xF3,0x92,0xB0,0x12, /* b */ + 0xED,0xEF,0xB3,0x39,0x2F,0x30,0xF4,0x32,0x7C,0x0C, + 0xA3,0xF3,0x1F,0xC3,0x83,0xC4,0x22,0xAA,0x8C,0x16, + + 0x57,0x92,0x70,0x98,0xFA,0x93,0x2E,0x7C,0x0A,0x96, /* x */ + 0xD3,0xFD,0x5B,0x70,0x6E,0xF7,0xE5,0xF5,0xC1,0x56, + 0xE1,0x6B,0x7E,0x7C,0x86,0x03,0x85,0x52,0xE9,0x1D, + + 0x61,0xD8,0xEE,0x50,0x77,0xC3,0x3F,0xEC,0xF6,0xF1, /* y */ + 0xA1,0x6B,0x26,0x8D,0xE4,0x69,0xC3,0xC7,0x74,0x4E, + 0xA9,0xA9,0x71,0x64,0x9F,0xC7,0xA9,0x61,0x63,0x05, + + 0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* order */ + 0x00,0x00,0x00,0x00,0x00,0x0F,0x4D,0x42,0xFF,0xE1, + 0x49,0x2A,0x49,0x93,0xF1,0xCA,0xD6,0x66,0xE4,0x47 } }; -static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { - 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000001000000001", - "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", - "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", - "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", - "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", - "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, - _EC_X9_62_CHAR2_239V2_SEED, 20, - "X9.62 curve over a 239 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_CHAR2_239V2 = { + { NID_X9_62_characteristic_two_field,20,30,6 }, + { 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01, + + 0x42,0x30,0x01,0x77,0x57,0xA7,0x67,0xFA,0xE4,0x23, /* a */ + 0x98,0x56,0x9B,0x74,0x63,0x25,0xD4,0x53,0x13,0xAF, + 0x07,0x66,0x26,0x64,0x79,0xB7,0x56,0x54,0xE6,0x5F, + + 0x50,0x37,0xEA,0x65,0x41,0x96,0xCF,0xF0,0xCD,0x82, /* b */ + 0xB2,0xC1,0x4A,0x2F,0xCF,0x2E,0x3F,0xF8,0x77,0x52, + 0x85,0xB5,0x45,0x72,0x2F,0x03,0xEA,0xCD,0xB7,0x4B, + + 0x28,0xF9,0xD0,0x4E,0x90,0x00,0x69,0xC8,0xDC,0x47, /* x */ + 0xA0,0x85,0x34,0xFE,0x76,0xD2,0xB9,0x00,0xB7,0xD7, + 0xEF,0x31,0xF5,0x70,0x9F,0x20,0x0C,0x4C,0xA2,0x05, + + 0x56,0x67,0x33,0x4C,0x45,0xAF,0xF3,0xB5,0xA0,0x3B, /* y */ + 0xAD,0x9D,0xD7,0x5E,0x2C,0x71,0xA9,0x93,0x62,0x56, + 0x7D,0x54,0x53,0xF7,0xFA,0x6E,0x22,0x7E,0xC8,0x33, + + 0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55, /* order */ + 0x55,0x55,0x55,0x55,0x55,0x3C,0x6F,0x28,0x85,0x25, + 0x9C,0x31,0xE3,0xFC,0xDF,0x15,0x46,0x24,0x52,0x2D } }; -static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { - 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, - 0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000001000000001", - "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", - "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", - "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", - "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", - "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, - _EC_X9_62_CHAR2_239V3_SEED, 20, - "X9.62 curve over a 239 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; } + _EC_X9_62_CHAR2_239V3 = { + { NID_X9_62_characteristic_two_field,20,30,0xA }, + { 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, /* seed */ + 0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01, + + 0x01,0x23,0x87,0x74,0x66,0x6A,0x67,0x76,0x6D,0x66, /* a */ + 0x76,0xF7,0x78,0xE6,0x76,0xB6,0x69,0x99,0x17,0x66, + 0x66,0xE6,0x87,0x66,0x6D,0x87,0x66,0xC6,0x6A,0x9F, + + 0x6A,0x94,0x19,0x77,0xBA,0x9F,0x6A,0x43,0x51,0x99, /* b */ + 0xAC,0xFC,0x51,0x06,0x7E,0xD5,0x87,0xF5,0x19,0xC5, + 0xEC,0xB5,0x41,0xB8,0xE4,0x41,0x11,0xDE,0x1D,0x40, + + 0x70,0xF6,0xE9,0xD0,0x4D,0x28,0x9C,0x4E,0x89,0x91, /* x */ + 0x3C,0xE3,0x53,0x0B,0xFD,0xE9,0x03,0x97,0x7D,0x42, + 0xB1,0x46,0xD5,0x39,0xBF,0x1B,0xDE,0x4E,0x9C,0x92, + + 0x2E,0x5A,0x0E,0xAF,0x6E,0x5E,0x13,0x05,0xB9,0x00, /* y */ + 0x4D,0xCE,0x5C,0x0E,0xD7,0xFE,0x59,0xA3,0x56,0x08, + 0xF3,0x38,0x37,0xC8,0x16,0xD8,0x0B,0x79,0xF4,0x61, + + 0x0C,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC, /* order */ + 0xCC,0xCC,0xCC,0xCC,0xCC,0xAC,0x49,0x12,0xD2,0xD9, + 0xDF,0x90,0x3E,0xF9,0x88,0x8B,0x8A,0x0E,0x4C,0xFF } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { - NID_X9_62_characteristic_two_field, - "010000000000000000000000000000000000000000000000000000010000000000000" - "B", - "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", - "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", - "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", - "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", - "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", - 0xFF06, - NULL, 0, - "X9.62 curve over a 272 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+35*6]; } + _EC_X9_62_CHAR2_272W1 = { + { NID_X9_62_characteristic_two_field,0,35,0xFF06 }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, + 0x00,0x00,0x00,0x00,0x0B, + 0x00,0x91,0xA0,0x91,0xF0,0x3B,0x5F,0xBA,0x4A,0xB2, /* a */ + 0xCC,0xF4,0x9C,0x4E,0xDD,0x22,0x0F,0xB0,0x28,0x71, + 0x2D,0x42,0xBE,0x75,0x2B,0x2C,0x40,0x09,0x4D,0xBA, + 0xCD,0xB5,0x86,0xFB,0x20, + 0x00,0x71,0x67,0xEF,0xC9,0x2B,0xB2,0xE3,0xCE,0x7C, /* b */ + 0x8A,0xAA,0xFF,0x34,0xE1,0x2A,0x9C,0x55,0x70,0x03, + 0xD7,0xC7,0x3A,0x6F,0xAF,0x00,0x3F,0x99,0xF6,0xCC, + 0x84,0x82,0xE5,0x40,0xF7, + 0x00,0x61,0x08,0xBA,0xBB,0x2C,0xEE,0xBC,0xF7,0x87, /* x */ + 0x05,0x8A,0x05,0x6C,0xBE,0x0C,0xFE,0x62,0x2D,0x77, + 0x23,0xA2,0x89,0xE0,0x8A,0x07,0xAE,0x13,0xEF,0x0D, + 0x10,0xD1,0x71,0xDD,0x8D, + 0x00,0x10,0xC7,0x69,0x57,0x16,0x85,0x1E,0xEF,0x6B, /* y */ + 0xA7,0xF6,0x87,0x2E,0x61,0x42,0xFB,0xD2,0x41,0xB8, + 0x30,0xFF,0x5E,0xFC,0xAC,0xEC,0xCA,0xB0,0x5E,0x02, + 0x00,0x5D,0xDE,0x9D,0x23, + 0x00,0x00,0x01,0x00,0xFA,0xF5,0x13,0x54,0xE0,0xE3, /* order */ + 0x9E,0x48,0x92,0xDF,0x6E,0x31,0x9C,0x72,0xC8,0x16, + 0x16,0x03,0xFA,0x45,0xAA,0x7B,0x99,0x8A,0x16,0x7B, + 0x8F,0x1E,0x62,0x95,0x21 } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { - NID_X9_62_characteristic_two_field, - "010000000000000000000000000000000000000000000000000000000000000000000" - "000000807", - "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039" - "6C8E681", - "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558" - "27340BE", - "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7" - "40A2614", - "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1" - "B92C03B", - "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" - "443051D", 0xFE2E, - NULL, 0, - "X9.62 curve over a 304 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+39*6]; } + _EC_X9_62_CHAR2_304W1 = { + { NID_X9_62_characteristic_two_field,0,39,0xFE2E }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x07, + 0x00,0xFD,0x0D,0x69,0x31,0x49,0xA1,0x18,0xF6,0x51, /* a */ + 0xE6,0xDC,0xE6,0x80,0x20,0x85,0x37,0x7E,0x5F,0x88, + 0x2D,0x1B,0x51,0x0B,0x44,0x16,0x00,0x74,0xC1,0x28, + 0x80,0x78,0x36,0x5A,0x03,0x96,0xC8,0xE6,0x81, + 0x00,0xBD,0xDB,0x97,0xE5,0x55,0xA5,0x0A,0x90,0x8E, /* b */ + 0x43,0xB0,0x1C,0x79,0x8E,0xA5,0xDA,0xA6,0x78,0x8F, + 0x1E,0xA2,0x79,0x4E,0xFC,0xF5,0x71,0x66,0xB8,0xC1, + 0x40,0x39,0x60,0x1E,0x55,0x82,0x73,0x40,0xBE, + 0x00,0x19,0x7B,0x07,0x84,0x5E,0x9B,0xE2,0xD9,0x6A, /* x */ + 0xDB,0x0F,0x5F,0x3C,0x7F,0x2C,0xFF,0xBD,0x7A,0x3E, + 0xB8,0xB6,0xFE,0xC3,0x5C,0x7F,0xD6,0x7F,0x26,0xDD, + 0xF6,0x28,0x5A,0x64,0x4F,0x74,0x0A,0x26,0x14, + 0x00,0xE1,0x9F,0xBE,0xB7,0x6E,0x0D,0xA1,0x71,0x51, /* y */ + 0x7E,0xCF,0x40,0x1B,0x50,0x28,0x9B,0xF0,0x14,0x10, + 0x32,0x88,0x52,0x7A,0x9B,0x41,0x6A,0x10,0x5E,0x80, + 0x26,0x0B,0x54,0x9F,0xDC,0x1B,0x92,0xC0,0x3B, + 0x00,0x00,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC, /* order */ + 0x80,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC,0x80, + 0x01,0x02,0x2D,0x5C,0x91,0xDD,0x17,0x3F,0x8F,0xB5, + 0x61,0xDA,0x68,0x99,0x16,0x44,0x43,0x05,0x1D } }; -static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { - 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76, - 0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6}; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000000000000000000000000" - "000100000000000000001", - "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05" - "656FB549016A96656A557", - "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968" - "7742B6329E70680231988", - "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9" - "8E8E707C07A2239B1B097", - "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E" - "4AE2DE211305A407104BD", - "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" - "64FE7719E74F490758D3B", 0x4C, - _EC_X9_62_CHAR2_359V1_SEED, 20, - "X9.62 curve over a 359 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[20+45*6]; } + _EC_X9_62_CHAR2_359V1 = { + { NID_X9_62_characteristic_two_field,20,45,0x4C }, + { 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76, /* seed */ + 0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6, + + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x01, + 0x56,0x67,0x67,0x6A,0x65,0x4B,0x20,0x75,0x4F,0x35, /* a */ + 0x6E,0xA9,0x20,0x17,0xD9,0x46,0x56,0x7C,0x46,0x67, + 0x55,0x56,0xF1,0x95,0x56,0xA0,0x46,0x16,0xB5,0x67, + 0xD2,0x23,0xA5,0xE0,0x56,0x56,0xFB,0x54,0x90,0x16, + 0xA9,0x66,0x56,0xA5,0x57, + 0x24,0x72,0xE2,0xD0,0x19,0x7C,0x49,0x36,0x3F,0x1F, /* b */ + 0xE7,0xF5,0xB6,0xDB,0x07,0x5D,0x52,0xB6,0x94,0x7D, + 0x13,0x5D,0x8C,0xA4,0x45,0x80,0x5D,0x39,0xBC,0x34, + 0x56,0x26,0x08,0x96,0x87,0x74,0x2B,0x63,0x29,0xE7, + 0x06,0x80,0x23,0x19,0x88, + 0x3C,0x25,0x8E,0xF3,0x04,0x77,0x67,0xE7,0xED,0xE0, /* x */ + 0xF1,0xFD,0xAA,0x79,0xDA,0xEE,0x38,0x41,0x36,0x6A, + 0x13,0x2E,0x16,0x3A,0xCE,0xD4,0xED,0x24,0x01,0xDF, + 0x9C,0x6B,0xDC,0xDE,0x98,0xE8,0xE7,0x07,0xC0,0x7A, + 0x22,0x39,0xB1,0xB0,0x97, + 0x53,0xD7,0xE0,0x85,0x29,0x54,0x70,0x48,0x12,0x1E, /* y */ + 0x9C,0x95,0xF3,0x79,0x1D,0xD8,0x04,0x96,0x39,0x48, + 0xF3,0x4F,0xAE,0x7B,0xF4,0x4E,0xA8,0x23,0x65,0xDC, + 0x78,0x68,0xFE,0x57,0xE4,0xAE,0x2D,0xE2,0x11,0x30, + 0x5A,0x40,0x71,0x04,0xBD, + 0x01,0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1, /* order */ + 0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1,0xAF, + 0x28,0x6B,0xC9,0xFB,0x8F,0x6B,0x85,0xC5,0x56,0x89, + 0x2C,0x20,0xA7,0xEB,0x96,0x4F,0xE7,0x71,0x9E,0x74, + 0xF4,0x90,0x75,0x8D,0x3B } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { - NID_X9_62_characteristic_two_field, - "010000000000000000000000000000000000000000000000000000000000000000000" - "0002000000000000000000007", - "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62" - "F0AB7519CCD2A1A906AE30D", - "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112" - "D84D164F444F8F74786046A", - "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78" - "9E927BE216F02E1FB136A5F", - "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855" - "ADAA81E2A0750B80FDA2310", - "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" - "9AE40A6F131E9CFCE5BD967", 0xFF70, - NULL, 0, - "X9.62 curve over a 368 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+47*6]; } + _EC_X9_62_CHAR2_368W1 = { + { NID_X9_62_characteristic_two_field,0,47,0xFF70 }, + { /* no seed */ + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x07, + 0x00,0xE0,0xD2,0xEE,0x25,0x09,0x52,0x06,0xF5,0xE2, /* a */ + 0xA4,0xF9,0xED,0x22,0x9F,0x1F,0x25,0x6E,0x79,0xA0, + 0xE2,0xB4,0x55,0x97,0x0D,0x8D,0x0D,0x86,0x5B,0xD9, + 0x47,0x78,0xC5,0x76,0xD6,0x2F,0x0A,0xB7,0x51,0x9C, + 0xCD,0x2A,0x1A,0x90,0x6A,0xE3,0x0D, + 0x00,0xFC,0x12,0x17,0xD4,0x32,0x0A,0x90,0x45,0x2C, /* b */ + 0x76,0x0A,0x58,0xED,0xCD,0x30,0xC8,0xDD,0x06,0x9B, + 0x3C,0x34,0x45,0x38,0x37,0xA3,0x4E,0xD5,0x0C,0xB5, + 0x49,0x17,0xE1,0xC2,0x11,0x2D,0x84,0xD1,0x64,0xF4, + 0x44,0xF8,0xF7,0x47,0x86,0x04,0x6A, + 0x00,0x10,0x85,0xE2,0x75,0x53,0x81,0xDC,0xCC,0xE3, /* x */ + 0xC1,0x55,0x7A,0xFA,0x10,0xC2,0xF0,0xC0,0xC2,0x82, + 0x56,0x46,0xC5,0xB3,0x4A,0x39,0x4C,0xBC,0xFA,0x8B, + 0xC1,0x6B,0x22,0xE7,0xE7,0x89,0xE9,0x27,0xBE,0x21, + 0x6F,0x02,0xE1,0xFB,0x13,0x6A,0x5F, + 0x00,0x7B,0x3E,0xB1,0xBD,0xDC,0xBA,0x62,0xD5,0xD8, /* y */ + 0xB2,0x05,0x9B,0x52,0x57,0x97,0xFC,0x73,0x82,0x2C, + 0x59,0x05,0x9C,0x62,0x3A,0x45,0xFF,0x38,0x43,0xCE, + 0xE8,0xF8,0x7C,0xD1,0x85,0x5A,0xDA,0xA8,0x1E,0x2A, + 0x07,0x50,0xB8,0x0F,0xDA,0x23,0x10, + 0x00,0x00,0x01,0x00,0x90,0x51,0x2D,0xA9,0xAF,0x72, /* order */ + 0xB0,0x83,0x49,0xD9,0x8A,0x5D,0xD4,0xC7,0xB0,0x53, + 0x2E,0xCA,0x51,0xCE,0x03,0xE2,0xD1,0x0F,0x3B,0x7A, + 0xC5,0x79,0xBD,0x87,0xE9,0x09,0xAE,0x40,0xA6,0xF1, + 0x31,0xE9,0xCF,0xCE,0x5B,0xD9,0x67 } }; -static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { - NID_X9_62_characteristic_two_field, - "800000000000000000000000000000000000000000000000000000000000000000000" - "000000001000000000000000000000000000001", - "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E" - "B9906D0957F6C6FEACD615468DF104DE296CD8F", - "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6" - "26D4E50A8DD731B107A9962381FB5D807BF2618", - "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2" - "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", - "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6" - "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", - "0340340340340340340340340340340340340340340340340340340323C313FAB5058" - "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, - NULL, 0, - "X9.62 curve over a 431 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+54*6]; } + _EC_X9_62_CHAR2_431R1 = { + { NID_X9_62_characteristic_two_field,0,54,0x2760 }, + { /* no seed */ + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x01, + 0x1A,0x82,0x7E,0xF0,0x0D,0xD6,0xFC,0x0E,0x23,0x4C, /* a */ + 0xAF,0x04,0x6C,0x6A,0x5D,0x8A,0x85,0x39,0x5B,0x23, + 0x6C,0xC4,0xAD,0x2C,0xF3,0x2A,0x0C,0xAD,0xBD,0xC9, + 0xDD,0xF6,0x20,0xB0,0xEB,0x99,0x06,0xD0,0x95,0x7F, + 0x6C,0x6F,0xEA,0xCD,0x61,0x54,0x68,0xDF,0x10,0x4D, + 0xE2,0x96,0xCD,0x8F, + 0x10,0xD9,0xB4,0xA3,0xD9,0x04,0x7D,0x8B,0x15,0x43, /* b */ + 0x59,0xAB,0xFB,0x1B,0x7F,0x54,0x85,0xB0,0x4C,0xEB, + 0x86,0x82,0x37,0xDD,0xC9,0xDE,0xDA,0x98,0x2A,0x67, + 0x9A,0x5A,0x91,0x9B,0x62,0x6D,0x4E,0x50,0xA8,0xDD, + 0x73,0x1B,0x10,0x7A,0x99,0x62,0x38,0x1F,0xB5,0xD8, + 0x07,0xBF,0x26,0x18, + 0x12,0x0F,0xC0,0x5D,0x3C,0x67,0xA9,0x9D,0xE1,0x61, /* x */ + 0xD2,0xF4,0x09,0x26,0x22,0xFE,0xCA,0x70,0x1B,0xE4, + 0xF5,0x0F,0x47,0x58,0x71,0x4E,0x8A,0x87,0xBB,0xF2, + 0xA6,0x58,0xEF,0x8C,0x21,0xE7,0xC5,0xEF,0xE9,0x65, + 0x36,0x1F,0x6C,0x29,0x99,0xC0,0xC2,0x47,0xB0,0xDB, + 0xD7,0x0C,0xE6,0xB7, + 0x20,0xD0,0xAF,0x89,0x03,0xA9,0x6F,0x8D,0x5F,0xA2, /* y */ + 0xC2,0x55,0x74,0x5D,0x3C,0x45,0x1B,0x30,0x2C,0x93, + 0x46,0xD9,0xB7,0xE4,0x85,0xE7,0xBC,0xE4,0x1F,0x6B, + 0x59,0x1F,0x3E,0x8F,0x6A,0xDD,0xCB,0xB0,0xBC,0x4C, + 0x2F,0x94,0x7A,0x7D,0xE1,0xA8,0x9B,0x62,0x5D,0x6A, + 0x59,0x8B,0x37,0x60, + 0x00,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34, /* order */ + 0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03, + 0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x23, + 0xC3,0x13,0xFA,0xB5,0x05,0x89,0x70,0x3B,0x5E,0xC6, + 0x8D,0x35,0x87,0xFE,0xC6,0x0D,0x16,0x1C,0xC1,0x49, + 0xC1,0xAD,0x4A,0x91 } }; -static const EC_CURVE_DATA _EC_WTLS_1 = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000201", - "1", - "1", - "01667979A40BA497E5D5C270780617", - "00F44B4AF1ECC2630E08785CEBCC15", - "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, - NULL, 0, - "WTLS curve over a 113 bit binary field" +static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; } + _EC_WTLS_1 = { + { NID_X9_62_characteristic_two_field,0,15,2 }, + { /* no seed */ + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x02,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x01, + 0x01,0x66,0x79,0x79,0xA4,0x0B,0xA4,0x97,0xE5,0xD5, /* x */ + 0xC2,0x70,0x78,0x06,0x17, + 0x00,0xF4,0x4B,0x4A,0xF1,0xEC,0xC2,0x63,0x0E,0x08, /* y */ + 0x78,0x5C,0xEB,0xCC,0x15, + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFD,0xBF, /* order */ + 0x91,0xAF,0x6D,0xEA,0x73 } }; /* IPSec curves */ @@ -1001,17 +1765,27 @@ static const EC_CURVE_DATA _EC_WTLS_1 = { * As the group order is not a prime this curve is not suitable * for ECDSA. */ -static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { - NID_X9_62_characteristic_two_field, - "0800000000000000000000004000000000000001", - "0", - "07338f", - "7b", - "1c8", - "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3, - NULL, 0, - "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" - "\tNot suitable for ECDSA.\n\tQuestionable extension field!" +static const struct { EC_CURVE_DATA h; unsigned char data[0+20*6]; } + _EC_IPSEC_155_ID3 = { + { NID_X9_62_characteristic_two_field,0,20,3 }, + { /* no seed */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x07,0x33,0x8f, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7b, + + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xc8, + + 0x02,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA, /* order */ + 0xC7,0xF3,0xC7,0x88,0x1B,0xD0,0x86,0x8F,0xA8,0x6C } }; /* NOTE: The of curves over a extension field of non prime degree @@ -1019,106 +1793,118 @@ static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { * As the group order is not a prime this curve is not suitable * for ECDSA. */ -static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { - NID_X9_62_characteristic_two_field, - "020000000000000000000000000000200000000000000001", - "0", - "1ee9", - "18", - "0d", - "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2, - NULL, 0, - "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" - "\tNot suitable for ECDSA.\n\tQuestionable extension field!" +static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; } + _EC_IPSEC_185_ID4 = { + { NID_X9_62_characteristic_two_field,0,24,2 }, + { /* no seed */ + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x1e,0xe9, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x18, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y */ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x0d, + 0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xED,0xF9,0x7C,0x44,0xDB,0x9F,0x24,0x20, + 0xBA,0xFC,0xA7,0x5E } }; typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; + const char *comment; } ec_list_element; static const ec_list_element curve_list[] = { /* prime field curves */ /* secg curves */ - { NID_secp112r1, &_EC_SECG_PRIME_112R1}, - { NID_secp112r2, &_EC_SECG_PRIME_112R2}, - { NID_secp128r1, &_EC_SECG_PRIME_128R1}, - { NID_secp128r2, &_EC_SECG_PRIME_128R2}, - { NID_secp160k1, &_EC_SECG_PRIME_160K1}, - { NID_secp160r1, &_EC_SECG_PRIME_160R1}, - { NID_secp160r2, &_EC_SECG_PRIME_160R2}, + { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"}, + { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, "SECG curve over a 112 bit prime field"}, + { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, "SECG curve over a 128 bit prime field"}, + { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, "SECG curve over a 128 bit prime field"}, + { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, "SECG curve over a 160 bit prime field"}, + { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, "SECG curve over a 160 bit prime field"}, + { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"}, /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ - { NID_secp192k1, &_EC_SECG_PRIME_192K1}, - { NID_secp224k1, &_EC_SECG_PRIME_224K1}, - { NID_secp224r1, &_EC_NIST_PRIME_224}, - { NID_secp256k1, &_EC_SECG_PRIME_256K1}, + { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, "SECG curve over a 192 bit prime field"}, + { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, "SECG curve over a 224 bit prime field"}, + { NID_secp224r1, &_EC_NIST_PRIME_224.h, "NIST/SECG curve over a 224 bit prime field"}, + { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, "SECG curve over a 256 bit prime field"}, /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - { NID_secp384r1, &_EC_NIST_PRIME_384}, - { NID_secp521r1, &_EC_NIST_PRIME_521}, + { NID_secp384r1, &_EC_NIST_PRIME_384.h, "NIST/SECG curve over a 384 bit prime field"}, + { NID_secp521r1, &_EC_NIST_PRIME_521.h, "NIST/SECG curve over a 521 bit prime field"}, /* X9.62 curves */ - { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, - { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, - { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, - { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, - { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2}, - { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, - { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, + { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, "NIST/X9.62/SECG curve over a 192 bit prime field"}, + { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, "X9.62 curve over a 192 bit prime field"}, + { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, "X9.62 curve over a 192 bit prime field"}, + { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, "X9.62 curve over a 239 bit prime field"}, + { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, "X9.62 curve over a 239 bit prime field"}, + { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, "X9.62 curve over a 239 bit prime field"}, + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, "X9.62/SECG curve over a 256 bit prime field"}, /* characteristic two field curves */ /* NIST/SECG curves */ - { NID_sect113r1, &_EC_SECG_CHAR2_113R1}, - { NID_sect113r2, &_EC_SECG_CHAR2_113R2}, - { NID_sect131r1, &_EC_SECG_CHAR2_131R1}, - { NID_sect131r2, &_EC_SECG_CHAR2_131R2}, - { NID_sect163k1, &_EC_NIST_CHAR2_163K }, - { NID_sect163r1, &_EC_SECG_CHAR2_163R1}, - { NID_sect163r2, &_EC_NIST_CHAR2_163B }, - { NID_sect193r1, &_EC_SECG_CHAR2_193R1}, - { NID_sect193r2, &_EC_SECG_CHAR2_193R2}, - { NID_sect233k1, &_EC_NIST_CHAR2_233K }, - { NID_sect233r1, &_EC_NIST_CHAR2_233B }, - { NID_sect239k1, &_EC_SECG_CHAR2_239K1}, - { NID_sect283k1, &_EC_NIST_CHAR2_283K }, - { NID_sect283r1, &_EC_NIST_CHAR2_283B }, - { NID_sect409k1, &_EC_NIST_CHAR2_409K }, - { NID_sect409r1, &_EC_NIST_CHAR2_409B }, - { NID_sect571k1, &_EC_NIST_CHAR2_571K }, - { NID_sect571r1, &_EC_NIST_CHAR2_571B }, + { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"}, + { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, "SECG curve over a 113 bit binary field"}, + { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, "SECG/WTLS curve over a 131 bit binary field"}, + { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, "SECG curve over a 131 bit binary field"}, + { NID_sect163k1, &_EC_NIST_CHAR2_163K.h, "NIST/SECG/WTLS curve over a 163 bit binary field" }, + { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, "SECG curve over a 163 bit binary field"}, + { NID_sect163r2, &_EC_NIST_CHAR2_163B.h, "NIST/SECG curve over a 163 bit binary field" }, + { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, "SECG curve over a 193 bit binary field"}, + { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, "SECG curve over a 193 bit binary field"}, + { NID_sect233k1, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect233r1, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, "SECG curve over a 239 bit binary field"}, + { NID_sect283k1, &_EC_NIST_CHAR2_283K.h, "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect283r1, &_EC_NIST_CHAR2_283B.h, "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect409k1, &_EC_NIST_CHAR2_409K.h, "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect409r1, &_EC_NIST_CHAR2_409B.h, "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect571k1, &_EC_NIST_CHAR2_571K.h, "NIST/SECG curve over a 571 bit binary field" }, + { NID_sect571r1, &_EC_NIST_CHAR2_571B.h, "NIST/SECG curve over a 571 bit binary field" }, /* X9.62 curves */ - { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, - { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, - { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3}, - { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1}, - { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1}, - { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2}, - { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3}, - { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1}, - { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1}, - { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2}, - { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3}, - { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1}, - { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1}, - { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, - { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, - { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, + { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"}, + { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, "X9.62 curve over a 163 bit binary field"}, + { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, "X9.62 curve over a 163 bit binary field"}, + { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, "X9.62 curve over a 176 bit binary field"}, + { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, "X9.62 curve over a 191 bit binary field"}, + { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, "X9.62 curve over a 191 bit binary field"}, + { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, "X9.62 curve over a 191 bit binary field"}, + { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, "X9.62 curve over a 208 bit binary field"}, + { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, "X9.62 curve over a 239 bit binary field"}, + { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, "X9.62 curve over a 239 bit binary field"}, + { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, "X9.62 curve over a 239 bit binary field"}, + { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, "X9.62 curve over a 272 bit binary field"}, + { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, "X9.62 curve over a 304 bit binary field"}, + { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, "X9.62 curve over a 359 bit binary field"}, + { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, "X9.62 curve over a 368 bit binary field"}, + { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, "X9.62 curve over a 431 bit binary field"}, /* the WAP/WTLS curves * [unlike SECG, spec has its own OIDs for curves from X9.62] */ - { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, - { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, - { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, - { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, - { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, - { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, - { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, - { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 }, - { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, - { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, - { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, + { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, "WTLS curve over a 113 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, "NIST/SECG/WTLS curve over a 163 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"}, + { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"}, + { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, "WTLS curve over a 112 bit prime field"}, + { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, "WTLS curve over a 160 bit prime field" }, + { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field"}, + { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, "WTLS curvs over a 224 bit prime field"}, /* IPSec curves */ - { NID_ipsec3, &_EC_IPSEC_155_ID3}, - { NID_ipsec4, &_EC_IPSEC_185_ID4}, + { NID_ipsec3, &_EC_IPSEC_155_ID3.h, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, + { NID_ipsec4, &_EC_IPSEC_185_ID4.h, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, }; -static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element); +#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element)) static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) { @@ -1127,22 +1913,23 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) BN_CTX *ctx=NULL; BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL; int ok=0; + int seed_len,param_len; + const unsigned char *params; if ((ctx = BN_CTX_new()) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); goto err; } - if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || - (b = BN_new()) == NULL || (x = BN_new()) == NULL || - (y = BN_new()) == NULL || (order = BN_new()) == NULL) - { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a) - || !BN_hex2bn(&b, data->b)) + + seed_len = data->seed_len; + param_len = data->param_len; + params = (const unsigned char *)(data+1); /* skip header */ + params += seed_len; /* skip seed */ + + if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL)) + || !(a = BN_bin2bn(params+1*param_len, param_len, NULL)) + || !(b = BN_bin2bn(params+2*param_len, param_len, NULL))) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; @@ -1156,8 +1943,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) goto err; } } - else - { /* field_type == NID_X9_62_characteristic_two_field */ + else /* field_type == NID_X9_62_characteristic_two_field */ + { if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); @@ -1171,7 +1958,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) goto err; } - if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) + if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL)) + || !(y = BN_bin2bn(params+4*param_len, param_len, NULL))) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; @@ -1181,7 +1969,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } - if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) + if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL)) + || !BN_set_word(x, (BN_ULONG)data->cofactor)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; @@ -1191,9 +1980,9 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } - if (data->seed) + if (seed_len) { - if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) + if (!EC_GROUP_set_seed(group, params-seed_len, seed_len)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -1263,7 +2052,7 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) for (i = 0; i < min; i++) { r[i].nid = curve_list[i].nid; - r[i].comment = curve_list[i].data->comment; + r[i].comment = curve_list[i].comment; } return curve_list_length; diff --git a/lib/libssl/src/crypto/ec/ec_pmeth.c b/lib/libssl/src/crypto/ec/ec_pmeth.c new file mode 100644 index 00000000000..f433076ca12 --- /dev/null +++ b/lib/libssl/src/crypto/ec/ec_pmeth.c @@ -0,0 +1,340 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/ec.h> +#include <openssl/ecdsa.h> +#include <openssl/evp.h> +#include "evp_locl.h" + +/* EC pkey context structure */ + +typedef struct + { + /* Key and paramgen group */ + EC_GROUP *gen_group; + /* message digest */ + const EVP_MD *md; + } EC_PKEY_CTX; + +static int pkey_ec_init(EVP_PKEY_CTX *ctx) + { + EC_PKEY_CTX *dctx; + dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX)); + if (!dctx) + return 0; + dctx->gen_group = NULL; + dctx->md = NULL; + + ctx->data = dctx; + + return 1; + } + +static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + EC_PKEY_CTX *dctx, *sctx; + if (!pkey_ec_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + if (sctx->gen_group) + { + dctx->gen_group = EC_GROUP_dup(sctx->gen_group); + if (!dctx->gen_group) + return 0; + } + dctx->md = sctx->md; + return 1; + } + +static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) + { + EC_PKEY_CTX *dctx = ctx->data; + if (dctx) + { + if (dctx->gen_group) + EC_GROUP_free(dctx->gen_group); + OPENSSL_free(dctx); + } + } + +static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret, type; + unsigned int sltmp; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + + if (!sig) + { + *siglen = ECDSA_size(ec); + return 1; + } + else if(*siglen < (size_t)ECDSA_size(ec)) + { + ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); + return 0; + } + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + + ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); + + if (ret <= 0) + return ret; + *siglen = (size_t)sltmp; + return 1; + } + +static int pkey_ec_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret, type; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); + + return ret; + } + +static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) + { + int ret; + size_t outlen; + const EC_POINT *pubkey = NULL; + if (!ctx->pkey || !ctx->peerkey) + { + ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET); + return 0; + } + + if (!key) + { + const EC_GROUP *group; + group = EC_KEY_get0_group(ctx->pkey->pkey.ec); + *keylen = (EC_GROUP_get_degree(group) + 7)/8; + return 1; + } + + pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); + + /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is + * not an error, the result is truncated. + */ + + outlen = *keylen; + + ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0); + if (ret < 0) + return ret; + *keylen = ret; + return 1; + } + +static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + EC_PKEY_CTX *dctx = ctx->data; + EC_GROUP *group; + switch (type) + { + case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: + group = EC_GROUP_new_by_curve_name(p1); + if (group == NULL) + { + ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE); + return 0; + } + if (dctx->gen_group) + EC_GROUP_free(dctx->gen_group); + dctx->gen_group = group; + return 1; + + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) + { + ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: + return 1; + + default: + return -2; + + } + } + +static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, "ec_paramgen_curve")) + { + int nid; + nid = OBJ_sn2nid(value); + if (nid == NID_undef) + nid = OBJ_ln2nid(value); + if (nid == NID_undef) + { + ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE); + return 0; + } + return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); + } + return -2; + } + +static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + EC_KEY *ec = NULL; + EC_PKEY_CTX *dctx = ctx->data; + int ret = 0; + if (dctx->gen_group == NULL) + { + ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET); + return 0; + } + ec = EC_KEY_new(); + if (!ec) + return 0; + ret = EC_KEY_set_group(ec, dctx->gen_group); + if (ret) + EVP_PKEY_assign_EC_KEY(pkey, ec); + else + EC_KEY_free(ec); + return ret; + } + +static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + EC_KEY *ec = NULL; + if (ctx->pkey == NULL) + { + ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET); + return 0; + } + ec = EC_KEY_new(); + if (!ec) + return 0; + EVP_PKEY_assign_EC_KEY(pkey, ec); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return EC_KEY_generate_key(pkey->pkey.ec); + } + +const EVP_PKEY_METHOD ec_pkey_meth = + { + EVP_PKEY_EC, + 0, + pkey_ec_init, + pkey_ec_copy, + pkey_ec_cleanup, + + 0, + pkey_ec_paramgen, + + 0, + pkey_ec_keygen, + + 0, + pkey_ec_sign, + + 0, + pkey_ec_verify, + + 0,0, + + 0,0,0,0, + + 0,0, + + 0,0, + + 0, + pkey_ec_derive, + + pkey_ec_ctrl, + pkey_ec_ctrl_str + + }; diff --git a/lib/libssl/src/crypto/ec/eck_prn.c b/lib/libssl/src/crypto/ec/eck_prn.c new file mode 100644 index 00000000000..7d3e175ae75 --- /dev/null +++ b/lib/libssl/src/crypto/ec/eck_prn.c @@ -0,0 +1,391 @@ +/* crypto/ec/eck_prn.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions originally developed by SUN MICROSYSTEMS, INC., and + * contributed to the OpenSSL project. + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/ec.h> +#include <openssl/bn.h> + +#ifndef OPENSSL_NO_FP_API +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECPKParameters_print(b, x, off); + BIO_free(b); + return(ret); + } + +int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = EC_KEY_print(b, x, off); + BIO_free(b); + return(ret); + } + +int ECParameters_print_fp(FILE *fp, const EC_KEY *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); + return(0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECParameters_print(b, x); + BIO_free(b); + return(ret); + } +#endif + +int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; + } + +int ECParameters_print(BIO *bp, const EC_KEY *x) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x)) + return 0; + ret = EVP_PKEY_print_params(bp, pk, 4, NULL); + EVP_PKEY_free(pk); + return ret; + } + +static int print_bin(BIO *fp, const char *str, const unsigned char *num, + size_t len, int off); + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) + { + unsigned char *buffer=NULL; + size_t buf_len=0, i; + int ret=0, reason=ERR_R_BIO_LIB; + BN_CTX *ctx=NULL; + const EC_POINT *point=NULL; + BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, + *order=NULL, *cofactor=NULL; + const unsigned char *seed; + size_t seed_len=0; + + static const char *gen_compressed = "Generator (compressed):"; + static const char *gen_uncompressed = "Generator (uncompressed):"; + static const char *gen_hybrid = "Generator (hybrid):"; + + if (!x) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (EC_GROUP_get_asn1_flag(x)) + { + /* the curve parameter are given by an asn1 OID */ + int nid; + + if (!BIO_indent(bp, off, 128)) + goto err; + + nid = EC_GROUP_get_curve_name(x); + if (nid == 0) + goto err; + + if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) + goto err; + if (BIO_printf(bp, "\n") <= 0) + goto err; + } + else + { + /* explicit parameters */ + int is_char_two = 0; + point_conversion_form_t form; + int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); + + if (tmp_nid == NID_X9_62_characteristic_two_field) + is_char_two = 1; + + if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || + (b = BN_new()) == NULL || (order = BN_new()) == NULL || + (cofactor = BN_new()) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (is_char_two) + { + if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + else /* prime field */ + { + if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + + if ((point = EC_GROUP_get0_generator(x)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + if (!EC_GROUP_get_order(x, order, NULL) || + !EC_GROUP_get_cofactor(x, cofactor, NULL)) + { + reason = ERR_R_EC_LIB; + goto err; + } + + form = EC_GROUP_get_point_conversion_form(x); + + if ((gen = EC_POINT_point2bn(x, point, + form, NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + + buf_len = (size_t)BN_num_bytes(p); + if (buf_len < (i = (size_t)BN_num_bytes(a))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(b))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(gen))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(order))) + buf_len = i; + if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) + buf_len = i; + + if ((seed = EC_GROUP_get0_seed(x)) != NULL) + seed_len = EC_GROUP_get_seed_len(x); + + buf_len += 10; + if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + if (!BIO_indent(bp, off, 128)) + goto err; + + /* print the 'short name' of the field type */ + if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) + <= 0) + goto err; + + if (is_char_two) + { + /* print the 'short name' of the base type OID */ + int basis_type = EC_GROUP_get_basis_type(x); + if (basis_type == 0) + goto err; + + if (!BIO_indent(bp, off, 128)) + goto err; + + if (BIO_printf(bp, "Basis Type: %s\n", + OBJ_nid2sn(basis_type)) <= 0) + goto err; + + /* print the polynomial */ + if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer, + off)) + goto err; + } + else + { + if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer,off)) + goto err; + } + if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, buffer, off)) + goto err; + if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, buffer, off)) + goto err; + if (form == POINT_CONVERSION_COMPRESSED) + { + if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen, + buffer, off)) + goto err; + } + else if (form == POINT_CONVERSION_UNCOMPRESSED) + { + if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen, + buffer, off)) + goto err; + } + else /* form == POINT_CONVERSION_HYBRID */ + { + if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen, + buffer, off)) + goto err; + } + if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, + buffer, off)) goto err; + if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, + buffer, off)) goto err; + if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) + goto err; + } + ret=1; +err: + if (!ret) + ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); + if (p) + BN_free(p); + if (a) + BN_free(a); + if (b) + BN_free(b); + if (gen) + BN_free(gen); + if (order) + BN_free(order); + if (cofactor) + BN_free(cofactor); + if (ctx) + BN_CTX_free(ctx); + if (buffer != NULL) + OPENSSL_free(buffer); + return(ret); + } + +static int print_bin(BIO *fp, const char *name, const unsigned char *buf, + size_t len, int off) + { + size_t i; + char str[128]; + + if (buf == NULL) + return 1; + if (off) + { + if (off > 128) + off=128; + memset(str,' ',off); + if (BIO_write(fp, str, off) <= 0) + return 0; + } + + if (BIO_printf(fp,"%s", name) <= 0) + return 0; + + for (i=0; i<len; i++) + { + if ((i%15) == 0) + { + str[0]='\n'; + memset(&(str[1]),' ',off+4); + if (BIO_write(fp, str, off+1+4) <= 0) + return 0; + } + if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0) + return 0; + } + if (BIO_write(fp,"\n",1) <= 0) + return 0; + + return 1; + } diff --git a/lib/libssl/src/crypto/ecdh/ecdhtest.c b/lib/libssl/src/crypto/ecdh/ecdhtest.c index 1575006b516..212a87efa4e 100644 --- a/lib/libssl/src/crypto/ecdh/ecdhtest.c +++ b/lib/libssl/src/crypto/ecdh/ecdhtest.c @@ -343,7 +343,7 @@ err: if (ctx) BN_CTX_free(ctx); BIO_free(out); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); EXIT(ret); return(ret); diff --git a/lib/libssl/src/crypto/ecdh/ech_err.c b/lib/libssl/src/crypto/ecdh/ech_err.c index 4d2ede75bd3..6f4b0c99536 100644 --- a/lib/libssl/src/crypto/ecdh/ech_err.c +++ b/lib/libssl/src/crypto/ecdh/ech_err.c @@ -1,6 +1,6 @@ /* crypto/ecdh/ech_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,7 +71,7 @@ static ERR_STRING_DATA ECDH_str_functs[]= { {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, -{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"}, +{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"}, {0,NULL} }; diff --git a/lib/libssl/src/crypto/ecdsa/ecdsa.h b/lib/libssl/src/crypto/ecdsa/ecdsa.h index f20c8ee7381..e61c539812a 100644 --- a/lib/libssl/src/crypto/ecdsa/ecdsa.h +++ b/lib/libssl/src/crypto/ecdsa/ecdsa.h @@ -4,7 +4,7 @@ * \author Written by Nils Larsch for the OpenSSL project */ /* ==================================================================== - * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -81,156 +81,143 @@ typedef struct ECDSA_SIG_st BIGNUM *s; } ECDSA_SIG; -/** ECDSA_SIG *ECDSA_SIG_new(void) - * allocates and initialize a ECDSA_SIG structure - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_SIG_new(void); -/** ECDSA_SIG_free - * frees a ECDSA_SIG structure - * \param a pointer to the ECDSA_SIG structure +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure */ -void ECDSA_SIG_free(ECDSA_SIG *a); +void ECDSA_SIG_free(ECDSA_SIG *sig); -/** i2d_ECDSA_SIG - * DER encode content of ECDSA_SIG object (note: this function modifies *pp - * (*pp += length of the DER encoded signature)). - * \param a pointer to the ECDSA_SIG object - * \param pp pointer to a unsigned char pointer for the output or NULL - * \return the length of the DER encoded ECDSA_SIG object or 0 +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 */ -int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); -/** d2i_ECDSA_SIG - * decodes a DER encoded ECDSA signature (note: this function changes *pp - * (*pp += len)). - * \param v pointer to ECDSA_SIG pointer (may be NULL) - * \param pp buffer with the DER encoded signature - * \param len bufferlength - * \return pointer to the decoded ECDSA_SIG structure (or NULL) +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) */ -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len); +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); -/** ECDSA_do_sign - * computes the ECDSA signature of the given hash value using - * the supplied private key and returns the created signature. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); -/** ECDSA_do_sign_ex - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param kinv optional pointer to a pre-computed inverse k - * \param rp optional pointer to the pre-computed rp value (see - * ECDSA_sign_setup - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -/** ECDSA_do_verify - * verifies that the supplied signature is a valid ECDSA - * signature of the supplied hash value using the supplied public key. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param sig pointer to the ECDSA_SIG structure - * \param eckey pointer to the EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error */ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY* eckey); const ECDSA_METHOD *ECDSA_OpenSSL(void); -/** ECDSA_set_default_method - * sets the default ECDSA method - * \param meth the new default ECDSA_METHOD +/** Sets the default ECDSA method + * \param meth new default ECDSA_METHOD */ void ECDSA_set_default_method(const ECDSA_METHOD *meth); -/** ECDSA_get_default_method - * returns the default ECDSA method - * \return pointer to ECDSA_METHOD structure containing the default method +/** Returns the default ECDSA method + * \return pointer to ECDSA_METHOD structure containing the default method */ const ECDSA_METHOD *ECDSA_get_default_method(void); -/** ECDSA_set_method - * sets method to be used for the ECDSA operations - * \param eckey pointer to the EC_KEY object - * \param meth pointer to the new method - * \return 1 on success and 0 otherwise +/** Sets method to be used for the ECDSA operations + * \param eckey EC_KEY object + * \param meth new method + * \return 1 on success and 0 otherwise */ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); -/** ECDSA_size - * returns the maximum length of the DER encoded signature - * \param eckey pointer to a EC_KEY object - * \return numbers of bytes required for the DER encoded signature +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature */ int ECDSA_size(const EC_KEY *eckey); -/** ECDSA_sign_setup - * precompute parts of the signing operation. - * \param eckey pointer to the EC_KEY object containing a private EC key - * \param ctx pointer to a BN_CTX object (may be NULL) - * \param kinv pointer to a BIGNUM pointer for the inverse of k - * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator - * \return 1 on success and 0 otherwise +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise */ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -/** ECDSA_sign - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise */ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -/** ECDSA_sign_ex - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param kinv optional pointer to a pre-computed inverse k - * \param rp optional pointer to the pre-computed rp value (see - * ECDSA_sign_setup - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise */ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -/** ECDSA_verify - * verifies that the given signature is valid ECDSA signature - * of the supplied hash value using the specified public key. - * \param type this parameter is ignored - * \param dgst pointer to the hash value - * \param dgstlen length of the hash value - * \param sig pointer to the DER encoded signature - * \param siglen length of the DER encoded signature - * \param eckey pointer to the EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error */ int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *eckey); diff --git a/lib/libssl/src/crypto/ecdsa/ecdsatest.c b/lib/libssl/src/crypto/ecdsa/ecdsatest.c index b07e31252b9..aa4e1481a8f 100644 --- a/lib/libssl/src/crypto/ecdsa/ecdsatest.c +++ b/lib/libssl/src/crypto/ecdsa/ecdsatest.c @@ -490,7 +490,7 @@ err: if (ret) ERR_print_errors(out); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(out); if (out != NULL) diff --git a/lib/libssl/src/crypto/ecdsa/ecs_err.c b/lib/libssl/src/crypto/ecdsa/ecs_err.c index d2a53730ea5..98e38d537f2 100644 --- a/lib/libssl/src/crypto/ecdsa/ecs_err.c +++ b/lib/libssl/src/crypto/ecdsa/ecs_err.c @@ -1,6 +1,6 @@ /* crypto/ecdsa/ecs_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libssl/src/crypto/ecdsa/ecs_ossl.c b/lib/libssl/src/crypto/ecdsa/ecs_ossl.c index 3ead1af94e7..551cf5068fa 100644 --- a/lib/libssl/src/crypto/ecdsa/ecs_ossl.c +++ b/lib/libssl/src/crypto/ecdsa/ecs_ossl.c @@ -212,7 +212,7 @@ err: static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) { - int ok = 0; + int ok = 0, i; BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; const BIGNUM *ckinv; BN_CTX *ctx = NULL; @@ -251,22 +251,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } - if (8 * dgst_len > BN_num_bits(order)) + i = BN_num_bits(order); + /* Need to truncate digest if it is too long: first truncate whole + * bytes. + */ + if (8 * dgst_len > i) + dgst_len = (i + 7)/8; + if (!BN_bin2bn(dgst, dgst_len, m)) { - /* XXX - * - * Should provide for optional hash truncation: - * Keep the BN_num_bits(order) leftmost bits of dgst - * (see March 2006 FIPS 186-3 draft, which has a few - * confusing errors in this part though) - */ - - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, - ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - - if (!BN_bin2bn(dgst, dgst_len, m)) + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; @@ -346,7 +343,7 @@ err: static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { - int ret = -1; + int ret = -1, i; BN_CTX *ctx; BIGNUM *order, *u1, *u2, *m, *X; EC_POINT *point = NULL; @@ -384,21 +381,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); goto err; } - if (8 * dgst_len > BN_num_bits(order)) - { - /* XXX - * - * Should provide for optional hash truncation: - * Keep the BN_num_bits(order) leftmost bits of dgst - * (see March 2006 FIPS 186-3 draft, which has a few - * confusing errors in this part though) - */ - - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, - ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - ret = 0; - goto err; - } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || @@ -415,11 +397,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, goto err; } /* digest -> m */ + i = BN_num_bits(order); + /* Need to truncate digest if it is too long: first truncate whole + * bytes. + */ + if (8 * dgst_len > i) + dgst_len = (i + 7)/8; if (!BN_bin2bn(dgst, dgst_len, m)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } /* u1 = m * tmp mod order */ if (!BN_mod_mul(u1, m, u2, order, ctx)) { diff --git a/lib/libssl/src/crypto/ecdsa/ecs_sign.c b/lib/libssl/src/crypto/ecdsa/ecs_sign.c index 74b1fe8caff..353d5af5146 100644 --- a/lib/libssl/src/crypto/ecdsa/ecs_sign.c +++ b/lib/libssl/src/crypto/ecdsa/ecs_sign.c @@ -57,6 +57,7 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#include <openssl/rand.h> ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { @@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char EC_KEY *eckey) { ECDSA_SIG *s; + RAND_seed(dgst, dlen); s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); if (s == NULL) { diff --git a/lib/libssl/src/crypto/engine/tb_asnmth.c b/lib/libssl/src/crypto/engine/tb_asnmth.c new file mode 100644 index 00000000000..75090339f7a --- /dev/null +++ b/lib/libssl/src/crypto/engine/tb_asnmth.c @@ -0,0 +1,246 @@ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" +#include "asn1_locl.h" +#include <openssl/evp.h> + +/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the + * function that is used by EVP to hook in pkey_asn1_meth code and cache + * defaults (etc), will display brief debugging summaries to stderr with the + * 'nid'. */ +/* #define ENGINE_PKEY_ASN1_METH_DEBUG */ + +static ENGINE_TABLE *pkey_asn1_meth_table = NULL; + +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e) + { + engine_table_unregister(&pkey_asn1_meth_table, e); + } + +static void engine_unregister_all_pkey_asn1_meths(void) + { + engine_table_cleanup(&pkey_asn1_meth_table); + } + +int ENGINE_register_pkey_asn1_meths(ENGINE *e) + { + if(e->pkey_asn1_meths) + { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 0); + } + return 1; + } + +void ENGINE_register_all_pkey_asn1_meths(void) + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_pkey_asn1_meths(e); + } + +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e) + { + if(e->pkey_asn1_meths) + { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 1); + } + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_asn1_meth 'nid' */ +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid) + { + return engine_table_select(&pkey_asn1_meth_table, nid); + } + +/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid) + { + EVP_PKEY_ASN1_METHOD *ret; + ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e); + if(!fn || !fn(e, &ret, NULL, nid)) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, + ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; + } + +/* Gets the pkey_asn1_meth callback from an ENGINE structure */ +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e) + { + return e->pkey_asn1_meths; + } + +/* Sets the pkey_asn1_meth callback in an ENGINE structure */ +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) + { + e->pkey_asn1_meths = f; + return 1; + } + +/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an + * ENGINE is destroyed + */ + +void engine_pkey_asn1_meths_free(ENGINE *e) + { + int i; + EVP_PKEY_ASN1_METHOD *pkm; + if (e->pkey_asn1_meths) + { + const int *pknids; + int npknids; + npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) + { + if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) + { + EVP_PKEY_asn1_free(pkm); + } + } + } + } + +/* Find a method based on a string. This does a linear search through + * all implemented algorithms. This is OK in practice because only + * a small number of algorithms are likely to be implemented in an engine + * and it is not used for speed critical operations. + */ + +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, int len) + { + int i, nidcount; + const int *nids; + EVP_PKEY_ASN1_METHOD *ameth; + if (!e->pkey_asn1_meths) + return NULL; + if (len == -1) + len = strlen(str); + nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); + for (i = 0; i < nidcount; i++) + { + e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); + if (((int)strlen(ameth->pem_str) == len) && + !strncasecmp(ameth->pem_str, str, len)) + return ameth; + } + return NULL; + } + +typedef struct + { + ENGINE *e; + const EVP_PKEY_ASN1_METHOD *ameth; + const char *str; + int len; + } ENGINE_FIND_STR; + +static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) + { + ENGINE_FIND_STR *lk = arg; + int i; + if (lk->ameth) + return; + for (i = 0; i < sk_ENGINE_num(sk); i++) + { + ENGINE *e = sk_ENGINE_value(sk, i); + EVP_PKEY_ASN1_METHOD *ameth; + e->pkey_asn1_meths(e, &ameth, NULL, nid); + if (((int)strlen(ameth->pem_str) == lk->len) && + !strncasecmp(ameth->pem_str, lk->str, lk->len)) + { + lk->e = e; + lk->ameth = ameth; + return; + } + } + } + +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len) + { + ENGINE_FIND_STR fstr; + fstr.e = NULL; + fstr.ameth = NULL; + fstr.str = str; + fstr.len = len; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr); + /* If found obtain a structural reference to engine */ + if (fstr.e) + { + fstr.e->struct_ref++; + engine_ref_debug(fstr.e, 0, 1) + } + *pe = fstr.e; + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return fstr.ameth; + } diff --git a/lib/libssl/src/crypto/engine/tb_pkmeth.c b/lib/libssl/src/crypto/engine/tb_pkmeth.c new file mode 100644 index 00000000000..1cdb967f253 --- /dev/null +++ b/lib/libssl/src/crypto/engine/tb_pkmeth.c @@ -0,0 +1,167 @@ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" +#include <openssl/evp.h> + +/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function + * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_PKEY_METH_DEBUG */ + +static ENGINE_TABLE *pkey_meth_table = NULL; + +void ENGINE_unregister_pkey_meths(ENGINE *e) + { + engine_table_unregister(&pkey_meth_table, e); + } + +static void engine_unregister_all_pkey_meths(void) + { + engine_table_cleanup(&pkey_meth_table); + } + +int ENGINE_register_pkey_meths(ENGINE *e) + { + if(e->pkey_meths) + { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 0); + } + return 1; + } + +void ENGINE_register_all_pkey_meths() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_pkey_meths(e); + } + +int ENGINE_set_default_pkey_meths(ENGINE *e) + { + if(e->pkey_meths) + { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if(num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 1); + } + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_meth 'nid' */ +ENGINE *ENGINE_get_pkey_meth_engine(int nid) + { + return engine_table_select(&pkey_meth_table, nid); + } + +/* Obtains a pkey_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid) + { + EVP_PKEY_METHOD *ret; + ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e); + if(!fn || !fn(e, &ret, NULL, nid)) + { + ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH, + ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; + } + +/* Gets the pkey_meth callback from an ENGINE structure */ +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e) + { + return e->pkey_meths; + } + +/* Sets the pkey_meth callback in an ENGINE structure */ +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f) + { + e->pkey_meths = f; + return 1; + } + +/* Internal function to free up EVP_PKEY_METHOD structures before an + * ENGINE is destroyed + */ + +void engine_pkey_meths_free(ENGINE *e) + { + int i; + EVP_PKEY_METHOD *pkm; + if (e->pkey_meths) + { + const int *pknids; + int npknids; + npknids = e->pkey_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) + { + if (e->pkey_meths(e, &pkm, NULL, pknids[i])) + { + EVP_PKEY_meth_free(pkm); + } + } + } + } diff --git a/lib/libssl/src/crypto/err/Makefile b/lib/libssl/src/crypto/err/Makefile index 91d1379d410..862b23ba176 100644 --- a/lib/libssl/src/crypto/err/Makefile +++ b/lib/libssl/src/crypto/err/Makefile @@ -17,8 +17,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=err.c err_def.c err_all.c err_prn.c err_str.c err_bio.c -LIBOBJ=err.o err_def.o err_all.o err_prn.o err_str.o err_bio.o +LIBSRC=err.c err_all.c err_prn.c +LIBOBJ=err.o err_all.o err_prn.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -83,37 +83,24 @@ err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h err.o: ../cryptlib.h err.c err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -err_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h +err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h err_all.o: ../../include/openssl/x509v3.h err_all.c -err_bio.o: ../../e_os.h ../../include/openssl/bio.h -err_bio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_bio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_bio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_bio.o: ../../include/openssl/symhacks.h ../cryptlib.h err_bio.c -err_def.o: ../../e_os.h ../../include/openssl/bio.h -err_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_def.o: ../../include/openssl/symhacks.h ../cryptlib.h err_def.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -121,10 +108,3 @@ err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c -err_str.o: ../../e_os.h ../../include/openssl/bio.h -err_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_str.o: ../../include/openssl/symhacks.h ../cryptlib.h err_str.c diff --git a/lib/libssl/src/crypto/evp/e_camellia.c b/lib/libssl/src/crypto/evp/e_camellia.c index 365d3971645..a7b40d1c600 100644 --- a/lib/libssl/src/crypto/evp/e_camellia.c +++ b/lib/libssl/src/crypto/evp/e_camellia.c @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, EVP_CIPHER_get_asn1_iv, NULL) -#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0) +#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) diff --git a/lib/libssl/src/crypto/evp/e_seed.c b/lib/libssl/src/crypto/evp/e_seed.c index 8c1ec0d43a6..2d1759d2766 100644 --- a/lib/libssl/src/crypto/evp/e_seed.c +++ b/lib/libssl/src/crypto/evp/e_seed.c @@ -54,11 +54,11 @@ */ #include <openssl/opensslconf.h> +#ifndef OPENSSL_NO_SEED #include <openssl/evp.h> #include <openssl/err.h> #include <string.h> #include <assert.h> -#ifndef OPENSSL_NO_SEED #include <openssl/seed.h> #include "evp_locl.h" diff --git a/lib/libssl/src/crypto/evp/m_ecdsa.c b/lib/libssl/src/crypto/evp/m_ecdsa.c index fad270faca2..8d87a49ebe9 100644 --- a/lib/libssl/src/crypto/evp/m_ecdsa.c +++ b/lib/libssl/src/crypto/evp/m_ecdsa.c @@ -130,7 +130,7 @@ static const EVP_MD ecdsa_md= NID_ecdsa_with_SHA1, NID_ecdsa_with_SHA1, SHA_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_DIGEST, init, update, final, diff --git a/lib/libssl/src/crypto/evp/m_sigver.c b/lib/libssl/src/crypto/evp/m_sigver.c new file mode 100644 index 00000000000..f0b7f95059e --- /dev/null +++ b/lib/libssl/src/crypto/evp/m_sigver.c @@ -0,0 +1,200 @@ +/* m_sigver.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#include "evp_locl.h" + +static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, + int ver) + { + if (ctx->pctx == NULL) + ctx->pctx = EVP_PKEY_CTX_new(pkey, e); + if (ctx->pctx == NULL) + return 0; + + if (type == NULL) + { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) + type = EVP_get_digestbynid(def_nid); + } + + if (type == NULL) + { + EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST); + return 0; + } + + if (ver) + { + if (ctx->pctx->pmeth->verifyctx_init) + { + if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <=0) + return 0; + ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; + } + else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) + return 0; + } + else + { + if (ctx->pctx->pmeth->signctx_init) + { + if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) + return 0; + ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; + } + else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) + return 0; + } + if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) + return 0; + if (pctx) + *pctx = ctx->pctx; + if (!EVP_DigestInit_ex(ctx, type, e)) + return 0; + return 1; + } + +int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) + { + return do_sigver_init(ctx, pctx, type, e, pkey, 0); + } + +int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) + { + return do_sigver_init(ctx, pctx, type, e, pkey, 1); + } + +int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) + { + int sctx, r = 0; + if (ctx->pctx->pmeth->signctx) + sctx = 1; + else + sctx = 0; + if (sigret) + { + MS_STATIC EVP_MD_CTX tmp_ctx; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen; + EVP_MD_CTX_init(&tmp_ctx); + if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx)) + return 0; + if (sctx) + r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, + sigret, siglen, &tmp_ctx); + else + r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen); + EVP_MD_CTX_cleanup(&tmp_ctx); + if (sctx || !r) + return r; + if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) + return 0; + } + else + { + if (sctx) + { + if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0) + return 0; + } + else + { + int s = EVP_MD_size(ctx->digest); + if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0) + return 0; + } + } + return 1; + } + +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen) + { + MS_STATIC EVP_MD_CTX tmp_ctx; + unsigned char md[EVP_MAX_MD_SIZE]; + int r; + unsigned int mdlen; + int vctx; + + if (ctx->pctx->pmeth->verifyctx) + vctx = 1; + else + vctx = 0; + EVP_MD_CTX_init(&tmp_ctx); + if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx)) + return -1; + if (vctx) + { + r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, + sig, siglen, &tmp_ctx); + } + else + r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen); + EVP_MD_CTX_cleanup(&tmp_ctx); + if (vctx || !r) + return r; + return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); + } diff --git a/lib/libssl/src/crypto/evp/m_wp.c b/lib/libssl/src/crypto/evp/m_wp.c new file mode 100644 index 00000000000..1ce47c040bc --- /dev/null +++ b/lib/libssl/src/crypto/evp/m_wp.c @@ -0,0 +1,42 @@ +/* crypto/evp/m_wp.c */ + +#include <stdio.h> +#include "cryptlib.h" + +#ifndef OPENSSL_NO_WHIRLPOOL + +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#include <openssl/whrlpool.h> + +static int init(EVP_MD_CTX *ctx) + { return WHIRLPOOL_Init(ctx->md_data); } + +static int update(EVP_MD_CTX *ctx,const void *data,size_t count) + { return WHIRLPOOL_Update(ctx->md_data,data,count); } + +static int final(EVP_MD_CTX *ctx,unsigned char *md) + { return WHIRLPOOL_Final(md,ctx->md_data); } + +static const EVP_MD whirlpool_md= + { + NID_whirlpool, + 0, + WHIRLPOOL_DIGEST_LENGTH, + 0, + init, + update, + final, + NULL, + NULL, + EVP_PKEY_NULL_method, + WHIRLPOOL_BBLOCK/8, + sizeof(EVP_MD *)+sizeof(WHIRLPOOL_CTX), + }; + +const EVP_MD *EVP_whirlpool(void) + { + return(&whirlpool_md); + } +#endif diff --git a/lib/libssl/src/crypto/evp/pmeth_fn.c b/lib/libssl/src/crypto/evp/pmeth_fn.c new file mode 100644 index 00000000000..c4676f2f8df --- /dev/null +++ b/lib/libssl/src/crypto/evp/pmeth_fn.c @@ -0,0 +1,368 @@ +/* pmeth_fn.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/evp.h> +#include "evp_locl.h" + +#define M_check_autoarg(ctx, arg, arglen, err) \ + if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ + { \ + size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ + if (!arg) \ + { \ + *arglen = pksize; \ + return 1; \ + } \ + else if (*arglen < pksize) \ + { \ + EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\ + return 0; \ + } \ + } + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) + { + EVPerr(EVP_F_EVP_PKEY_SIGN_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_SIGN; + if (!ctx->pmeth->sign_init) + return 1; + ret = ctx->pmeth->sign_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) + { + EVPerr(EVP_F_EVP_PKEY_SIGN, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_SIGN) + { + EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) + return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); + } + +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_VERIFY; + if (!ctx->pmeth->verify_init) + return 1; + ret = ctx->pmeth->verify_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_VERIFY) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); + } + +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_VERIFYRECOVER; + if (!ctx->pmeth->verify_recover_init) + return 1; + ret = ctx->pmeth->verify_recover_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) + { + EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) + return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); + } + +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) + { + EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_ENCRYPT; + if (!ctx->pmeth->encrypt_init) + return 1; + ret = ctx->pmeth->encrypt_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) + { + EVPerr(EVP_F_EVP_PKEY_ENCRYPT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_ENCRYPT) + { + EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) + return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); + } + +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) + { + EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_DECRYPT; + if (!ctx->pmeth->decrypt_init) + return 1; + ret = ctx->pmeth->decrypt_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) + { + EVPerr(EVP_F_EVP_PKEY_DECRYPT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DECRYPT) + { + EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) + return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); + } + + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_DERIVE; + if (!ctx->pmeth->derive_init) + return 1; + ret = ctx->pmeth->derive_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) + { + int ret; + if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive||ctx->pmeth->encrypt||ctx->pmeth->decrypt) || !ctx->pmeth->ctrl) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DERIVE && ctx->operation != EVP_PKEY_OP_ENCRYPT && ctx->operation != EVP_PKEY_OP_DECRYPT) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); + + if (ret <= 0) + return ret; + + if (ret == 2) + return 1; + + if (!ctx->pkey) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET); + return -1; + } + + if (ctx->pkey->type != peer->type) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_DIFFERENT_KEY_TYPES); + return -1; + } + + /* ran@cryptocom.ru: For clarity. The error is if parameters in peer are + * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return + * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 + * (different key types) is impossible here because it is checked earlier. + * -2 is OK for us here, as well as 1, so we can check for 0 only. */ + if (!EVP_PKEY_missing_parameters(peer) && + !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, + EVP_R_DIFFERENT_PARAMETERS); + return -1; + } + + if (ctx->peerkey) + EVP_PKEY_free(ctx->peerkey); + ctx->peerkey = peer; + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); + + if (ret <= 0) + { + ctx->peerkey = NULL; + return ret; + } + + CRYPTO_add(&peer->references,1,CRYPTO_LOCK_EVP_PKEY); + return 1; + } + + +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DERIVE) + { + EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) + return ctx->pmeth->derive(ctx, key, pkeylen); + } + diff --git a/lib/libssl/src/crypto/evp/pmeth_gn.c b/lib/libssl/src/crypto/evp/pmeth_gn.c new file mode 100644 index 00000000000..5d74161a09a --- /dev/null +++ b/lib/libssl/src/crypto/evp/pmeth_gn.c @@ -0,0 +1,220 @@ +/* pmeth_gn.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/evp.h> +#include <openssl/bn.h> +#include "evp_locl.h" + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) + { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_PARAMGEN; + if (!ctx->pmeth->paramgen_init) + return 1; + ret = ctx->pmeth->paramgen_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) + { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->operation != EVP_PKEY_OP_PARAMGEN) + { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (!ppkey) + return -1; + + if (!*ppkey) + *ppkey = EVP_PKEY_new(); + + ret = ctx->pmeth->paramgen(ctx, *ppkey); + if (ret <= 0) + { + EVP_PKEY_free(*ppkey); + *ppkey = NULL; + } + return ret; + } + +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) + { + EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_KEYGEN; + if (!ctx->pmeth->keygen_init) + return 1; + ret = ctx->pmeth->keygen_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; + } + +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) + { + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) + { + EVPerr(EVP_F_EVP_PKEY_KEYGEN, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_KEYGEN) + { + EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (!ppkey) + return -1; + + if (!*ppkey) + *ppkey = EVP_PKEY_new(); + + ret = ctx->pmeth->keygen(ctx, *ppkey); + if (ret <= 0) + { + EVP_PKEY_free(*ppkey); + *ppkey = NULL; + } + return ret; + } + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb) + { + ctx->pkey_gencb = cb; + } + +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) + { + return ctx->pkey_gencb; + } + +/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB + * style callbacks. + */ + +static int trans_cb(int a, int b, BN_GENCB *gcb) + { + EVP_PKEY_CTX *ctx = gcb->arg; + ctx->keygen_info[0] = a; + ctx->keygen_info[1] = b; + return ctx->pkey_gencb(ctx); + } + +void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) + { + BN_GENCB_set(cb, trans_cb, ctx) + } + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) + { + if (idx == -1) + return ctx->keygen_info_count; + if (idx < 0 || idx > ctx->keygen_info_count) + return 0; + return ctx->keygen_info[idx]; + } + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + unsigned char *key, int keylen) + { + EVP_PKEY_CTX *mac_ctx = NULL; + EVP_PKEY *mac_key = NULL; + mac_ctx = EVP_PKEY_CTX_new_id(type, e); + if (!mac_ctx) + return NULL; + if (EVP_PKEY_keygen_init(mac_ctx) <= 0) + goto merr; + if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key) <= 0) + goto merr; + if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) + goto merr; + merr: + if (mac_ctx) + EVP_PKEY_CTX_free(mac_ctx); + return mac_key; + } diff --git a/lib/libssl/src/crypto/evp/pmeth_lib.c b/lib/libssl/src/crypto/evp/pmeth_lib.c new file mode 100644 index 00000000000..b2d8de3a8de --- /dev/null +++ b/lib/libssl/src/crypto/evp/pmeth_lib.c @@ -0,0 +1,538 @@ +/* pmeth_lib.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif +#include "asn1_locl.h" +#include "evp_locl.h" + +typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); + +DECLARE_STACK_OF(EVP_PKEY_METHOD) +STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; + +extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; +extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth; + +static const EVP_PKEY_METHOD *standard_methods[] = + { +#ifndef OPENSSL_NO_RSA + &rsa_pkey_meth, +#endif +#ifndef OPENSSL_NO_DH + &dh_pkey_meth, +#endif +#ifndef OPENSSL_NO_DSA + &dsa_pkey_meth, +#endif +#ifndef OPENSSL_NO_EC + &ec_pkey_meth, +#endif + &hmac_pkey_meth, + }; + +DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, + pmeth); + +static int pmeth_cmp(const EVP_PKEY_METHOD * const *a, + const EVP_PKEY_METHOD * const *b) + { + return ((*a)->pkey_id - (*b)->pkey_id); + } + +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, + pmeth); + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) + { + EVP_PKEY_METHOD tmp; + const EVP_PKEY_METHOD *t = &tmp, **ret; + tmp.pkey_id = type; + if (app_pkey_methods) + { + int idx; + idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp); + if (idx >= 0) + return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); + } + ret = OBJ_bsearch_pmeth(&t, standard_methods, + sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *)); + if (!ret || !*ret) + return NULL; + return *ret; + } + +static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) + { + EVP_PKEY_CTX *ret; + const EVP_PKEY_METHOD *pmeth; + if (id == -1) + { + if (!pkey || !pkey->ameth) + return NULL; + id = pkey->ameth->pkey_id; + } +#ifndef OPENSSL_NO_ENGINE + /* Try to find an ENGINE which implements this method */ + if (e) + { + if (!ENGINE_init(e)) + { + EVPerr(EVP_F_INT_CTX_NEW,ERR_R_ENGINE_LIB); + return NULL; + } + } + else + e = ENGINE_get_pkey_meth_engine(id); + + /* If an ENGINE handled this method look it up. Othewise + * use internal tables. + */ + + if (e) + pmeth = ENGINE_get_pkey_meth(e, id); + else +#endif + pmeth = EVP_PKEY_meth_find(id); + + if (pmeth == NULL) + { + EVPerr(EVP_F_INT_CTX_NEW,EVP_R_UNSUPPORTED_ALGORITHM); + return NULL; + } + + ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + if (!ret) + { +#ifndef OPENSSL_NO_ENGINE + if (e) + ENGINE_finish(e); +#endif + EVPerr(EVP_F_INT_CTX_NEW,ERR_R_MALLOC_FAILURE); + return NULL; + } + ret->engine = e; + ret->pmeth = pmeth; + ret->operation = EVP_PKEY_OP_UNDEFINED; + ret->pkey = pkey; + ret->peerkey = NULL; + ret->pkey_gencb = 0; + if (pkey) + CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); + ret->data = NULL; + + if (pmeth->init) + { + if (pmeth->init(ret) <= 0) + { + EVP_PKEY_CTX_free(ret); + return NULL; + } + } + + return ret; + } + +EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags) + { + EVP_PKEY_METHOD *pmeth; + pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); + if (!pmeth) + return NULL; + + pmeth->pkey_id = id; + pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; + + pmeth->init = 0; + pmeth->copy = 0; + pmeth->cleanup = 0; + pmeth->paramgen_init = 0; + pmeth->paramgen = 0; + pmeth->keygen_init = 0; + pmeth->keygen = 0; + pmeth->sign_init = 0; + pmeth->sign = 0; + pmeth->verify_init = 0; + pmeth->verify = 0; + pmeth->verify_recover_init = 0; + pmeth->verify_recover = 0; + pmeth->signctx_init = 0; + pmeth->signctx = 0; + pmeth->verifyctx_init = 0; + pmeth->verifyctx = 0; + pmeth->encrypt_init = 0; + pmeth->encrypt = 0; + pmeth->decrypt_init = 0; + pmeth->decrypt = 0; + pmeth->derive_init = 0; + pmeth->derive = 0; + pmeth->ctrl = 0; + pmeth->ctrl_str = 0; + + return pmeth; + } + +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) + { + if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) + OPENSSL_free(pmeth); + } + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) + { + return int_ctx_new(pkey, e, -1); + } + +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) + { + return int_ctx_new(NULL, e, id); + } + +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) + { + EVP_PKEY_CTX *rctx; + if (!pctx->pmeth || !pctx->pmeth->copy) + return NULL; +#ifndef OPENSSL_NO_ENGINE + /* Make sure it's safe to copy a pkey context using an ENGINE */ + if (pctx->engine && !ENGINE_init(pctx->engine)) + { + EVPerr(EVP_F_EVP_PKEY_CTX_DUP,ERR_R_ENGINE_LIB); + return 0; + } +#endif + rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + if (!rctx) + return NULL; + + rctx->pmeth = pctx->pmeth; +#ifndef OPENSSL_NO_ENGINE + rctx->engine = pctx->engine; +#endif + + if (pctx->pkey) + CRYPTO_add(&pctx->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); + + rctx->pkey = pctx->pkey; + + if (pctx->peerkey) + CRYPTO_add(&pctx->peerkey->references,1,CRYPTO_LOCK_EVP_PKEY); + + rctx->peerkey = pctx->peerkey; + + rctx->data = NULL; + rctx->app_data = NULL; + rctx->operation = pctx->operation; + + if (pctx->pmeth->copy(rctx, pctx) > 0) + return rctx; + + EVP_PKEY_CTX_free(rctx); + return NULL; + + } + +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) + { + if (app_pkey_methods == NULL) + { + app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); + if (!app_pkey_methods) + return 0; + } + if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) + return 0; + sk_EVP_PKEY_METHOD_sort(app_pkey_methods); + return 1; + } + +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) + { + if (ctx == NULL) + return; + if (ctx->pmeth && ctx->pmeth->cleanup) + ctx->pmeth->cleanup(ctx); + if (ctx->pkey) + EVP_PKEY_free(ctx->pkey); + if (ctx->peerkey) + EVP_PKEY_free(ctx->peerkey); +#ifndef OPENSSL_NO_ENGINE + if(ctx->engine) + /* The EVP_PKEY_CTX we used belongs to an ENGINE, release the + * functional reference we held for this reason. */ + ENGINE_finish(ctx->engine); +#endif + OPENSSL_free(ctx); + } + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2) + { + int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) + return -1; + + if (ctx->operation == EVP_PKEY_OP_UNDEFINED) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET); + return -1; + } + + if ((optype != -1) && !(ctx->operation & optype)) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION); + return -1; + } + + ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); + + if (ret == -2) + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); + + return ret; + + } + +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, + const char *name, const char *value) + { + if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, + EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + if (!strcmp(name, "digest")) + { + const EVP_MD *md; + if (!value || !(md = EVP_get_digestbyname(value))) + { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, + EVP_R_INVALID_DIGEST); + return 0; + } + return EVP_PKEY_CTX_set_signature_md(ctx, md); + } + return ctx->pmeth->ctrl_str(ctx, name, value); + } + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) + { + return ctx->operation; + } + +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) + { + ctx->keygen_info = dat; + ctx->keygen_info_count = datlen; + } + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) + { + ctx->data = data; + } + +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx) + { + return ctx->data; + } + +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) + { + return ctx->pkey; + } + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) + { + return ctx->peerkey; + } + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) + { + ctx->app_data = data; + } + +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) + { + return ctx->app_data; + } + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init)(EVP_PKEY_CTX *ctx)) + { + pmeth->init = init; + } + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)) + { + pmeth->copy = copy; + } + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup)(EVP_PKEY_CTX *ctx)) + { + pmeth->cleanup = cleanup; + } + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init)(EVP_PKEY_CTX *ctx), + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) + { + pmeth->paramgen_init = paramgen_init; + pmeth->paramgen = paramgen; + } + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init)(EVP_PKEY_CTX *ctx), + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) + { + pmeth->keygen_init = keygen_init; + pmeth->keygen = keygen; + } + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init)(EVP_PKEY_CTX *ctx), + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) + { + pmeth->sign_init = sign_init; + pmeth->sign = sign; + } + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init)(EVP_PKEY_CTX *ctx), + int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)) + { + pmeth->verify_init = verify_init; + pmeth->verify = verify; + } + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init)(EVP_PKEY_CTX *ctx), + int (*verify_recover)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) + { + pmeth->verify_recover_init = verify_recover_init; + pmeth->verify_recover = verify_recover; + } + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)) + { + pmeth->signctx_init = signctx_init; + pmeth->signctx = signctx; + } + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen, + EVP_MD_CTX *mctx)) + { + pmeth->verifyctx_init = verifyctx_init; + pmeth->verifyctx = verifyctx; + } + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init)(EVP_PKEY_CTX *ctx), + int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)) + { + pmeth->encrypt_init = encrypt_init; + pmeth->encrypt = encryptfn; + } + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init)(EVP_PKEY_CTX *ctx), + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)) + { + pmeth->decrypt_init = decrypt_init; + pmeth->decrypt = decrypt; + } + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init)(EVP_PKEY_CTX *ctx), + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)) + { + pmeth->derive_init = derive_init; + pmeth->derive = derive; + } + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)) + { + pmeth->ctrl = ctrl; + pmeth->ctrl_str = ctrl_str; + } diff --git a/lib/libssl/src/crypto/hmac/Makefile b/lib/libssl/src/crypto/hmac/Makefile index 5cfa37d99c2..0e91709f64c 100644 --- a/lib/libssl/src/crypto/hmac/Makefile +++ b/lib/libssl/src/crypto/hmac/Makefile @@ -17,8 +17,8 @@ TEST=hmactest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=hmac.c -LIBOBJ=hmac.o +LIBSRC=hmac.c hm_ameth.c hm_pmeth.c +LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,13 +74,37 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +hm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +hm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +hm_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +hm_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h +hm_ameth.o: hm_ameth.c +hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +hm_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +hm_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +hm_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hm_pmeth.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +hm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hm_pmeth.o: ../../include/openssl/opensslconf.h +hm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +hm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h hm_pmeth.c hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -hmac.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hmac.o: ../cryptlib.h hmac.c +hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c diff --git a/lib/libssl/src/crypto/hmac/hm_ameth.c b/lib/libssl/src/crypto/hmac/hm_ameth.c new file mode 100644 index 00000000000..6d8a89149ee --- /dev/null +++ b/lib/libssl/src/crypto/hmac/hm_ameth.c @@ -0,0 +1,167 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include "asn1_locl.h" + +#define HMAC_TEST_PRIVATE_KEY_FORMAT + +/* HMAC "ASN1" method. This is just here to indicate the + * maximum HMAC output length and to free up an HMAC + * key. + */ + +static int hmac_size(const EVP_PKEY *pkey) + { + return EVP_MAX_MD_SIZE; + } + +static void hmac_key_free(EVP_PKEY *pkey) + { + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + if (os) + { + if (os->data) + OPENSSL_cleanse(os->data, os->length); + ASN1_OCTET_STRING_free(os); + } + } + + +static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + switch (op) + { + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 1; + + default: + return -2; + } + } + +#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT +/* A bogus private key format for test purposes. This is simply the + * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the + * genpkey utility can be used to "generate" HMAC keys. + */ + +static int old_hmac_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + ASN1_OCTET_STRING *os; + os = ASN1_OCTET_STRING_new(); + if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os); + return 1; + } + +static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + int inc; + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + if (pder) + { + if (!*pder) + { + *pder = OPENSSL_malloc(os->length); + inc = 0; + } + else inc = 1; + + memcpy(*pder, os->data, os->length); + + if (inc) + *pder += os->length; + } + + return os->length; + } + +#endif + +const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = + { + EVP_PKEY_HMAC, + EVP_PKEY_HMAC, + 0, + + "HMAC", + "OpenSSL HMAC method", + + 0,0,0,0, + + 0,0,0, + + hmac_size, + 0, + 0,0,0,0,0,0, + + hmac_key_free, + hmac_pkey_ctrl, +#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT + old_hmac_decode, + old_hmac_encode +#else + 0,0 +#endif + }; + diff --git a/lib/libssl/src/crypto/hmac/hm_pmeth.c b/lib/libssl/src/crypto/hmac/hm_pmeth.c new file mode 100644 index 00000000000..985921ca1ae --- /dev/null +++ b/lib/libssl/src/crypto/hmac/hm_pmeth.c @@ -0,0 +1,265 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include "evp_locl.h" + +/* HMAC pkey context structure */ + +typedef struct + { + const EVP_MD *md; /* MD for HMAC use */ + ASN1_OCTET_STRING ktmp; /* Temp storage for key */ + HMAC_CTX ctx; + } HMAC_PKEY_CTX; + +static int pkey_hmac_init(EVP_PKEY_CTX *ctx) + { + HMAC_PKEY_CTX *hctx; + hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); + if (!hctx) + return 0; + hctx->md = NULL; + hctx->ktmp.data = NULL; + hctx->ktmp.length = 0; + hctx->ktmp.flags = 0; + hctx->ktmp.type = V_ASN1_OCTET_STRING; + HMAC_CTX_init(&hctx->ctx); + + ctx->data = hctx; + ctx->keygen_info_count = 0; + + return 1; + } + +static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + HMAC_PKEY_CTX *sctx, *dctx; + if (!pkey_hmac_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->md = sctx->md; + HMAC_CTX_init(&dctx->ctx); + HMAC_CTX_copy(&dctx->ctx, &sctx->ctx); + if (sctx->ktmp.data) + { + if (!ASN1_OCTET_STRING_set(&dctx->ktmp, + sctx->ktmp.data, sctx->ktmp.length)) + return 0; + } + return 1; + } + +static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) + { + HMAC_PKEY_CTX *hctx = ctx->data; + HMAC_CTX_cleanup(&hctx->ctx); + if (hctx->ktmp.data) + { + if (hctx->ktmp.length) + OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); + OPENSSL_free(hctx->ktmp.data); + hctx->ktmp.data = NULL; + } + OPENSSL_free(hctx); + } + +static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + ASN1_OCTET_STRING *hkey = NULL; + HMAC_PKEY_CTX *hctx = ctx->data; + if (!hctx->ktmp.data) + return 0; + hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); + if (!hkey) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); + + return 1; + } + +static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count) + { + HMAC_PKEY_CTX *hctx = ctx->pctx->data; + HMAC_Update(&hctx->ctx, data, count); + return 1; + } + +static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) + { + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); + mctx->update = int_update; + return 1; + } + +static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx) + { + unsigned int hlen; + HMAC_PKEY_CTX *hctx = ctx->data; + int l = EVP_MD_CTX_size(mctx); + + if (l < 0) + return 0; + *siglen = l; + if (!sig) + return 1; + + HMAC_Final(&hctx->ctx, sig, &hlen); + *siglen = (size_t)hlen; + return 1; + } + +static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + HMAC_PKEY_CTX *hctx = ctx->data; + ASN1_OCTET_STRING *key; + switch (type) + { + + case EVP_PKEY_CTRL_SET_MAC_KEY: + if ((!p2 && p1 > 0) || (p1 < -1)) + return 0; + if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) + return 0; + break; + + case EVP_PKEY_CTRL_MD: + hctx->md = p2; + break; + + case EVP_PKEY_CTRL_DIGESTINIT: + key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; + HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, + ctx->engine); + break; + + default: + return -2; + + } + return 1; + } + +static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!value) + { + return 0; + } + if (!strcmp(type, "key")) + { + void *p = (void *)value; + return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, + -1, p); + } + if (!strcmp(type, "hexkey")) + { + unsigned char *key; + int r; + long keylen; + key = string_to_hex(value, &keylen); + if (!key) + return 0; + r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); + OPENSSL_free(key); + return r; + } + return -2; + } + +const EVP_PKEY_METHOD hmac_pkey_meth = + { + EVP_PKEY_HMAC, + 0, + pkey_hmac_init, + pkey_hmac_copy, + pkey_hmac_cleanup, + + 0, 0, + + 0, + pkey_hmac_keygen, + + 0, 0, + + 0, 0, + + 0,0, + + hmac_signctx_init, + hmac_signctx, + + 0,0, + + 0,0, + + 0,0, + + 0,0, + + pkey_hmac_ctrl, + pkey_hmac_ctrl_str + + }; diff --git a/lib/libssl/src/crypto/ia64cpuid.S b/lib/libssl/src/crypto/ia64cpuid.S index 04fbb3439eb..d705fff7ee7 100644 --- a/lib/libssl/src/crypto/ia64cpuid.S +++ b/lib/libssl/src/crypto/ia64cpuid.S @@ -1,6 +1,13 @@ // Works on all IA-64 platforms: Linux, HP-UX, Win64i... // On Win64i compile with ias.exe. .text + +.global OPENSSL_cpuid_setup# +.proc OPENSSL_cpuid_setup# +OPENSSL_cpuid_setup: +{ .mib; br.ret.sptk.many b0 };; +.endp OPENSSL_cpuid_setup# + .global OPENSSL_rdtsc# .proc OPENSSL_rdtsc# OPENSSL_rdtsc: @@ -119,3 +126,42 @@ OPENSSL_wipe_cpu: mov ar.lc=r3 br.ret.sptk b0 };; .endp OPENSSL_wipe_cpu# + +.global OPENSSL_cleanse# +.proc OPENSSL_cleanse# +OPENSSL_cleanse: +{ .mib; cmp.eq p6,p0=0,r33 // len==0 +#if defined(_HPUX_SOURCE) && !defined(_LP64) + addp4 r32=0,r32 +#endif +(p6) br.ret.spnt b0 };; +{ .mib; and r2=7,r32 + cmp.leu p6,p0=15,r33 // len>=15 +(p6) br.cond.dptk .Lot };; + +.Little: +{ .mib; st1 [r32]=r0,1 + cmp.ltu p6,p7=1,r33 } // len>1 +{ .mbb; add r33=-1,r33 // len-- +(p6) br.cond.dptk .Little +(p7) br.ret.sptk.many b0 };; + +.Lot: +{ .mib; cmp.eq p6,p0=0,r2 +(p6) br.cond.dptk .Laligned };; +{ .mmi; st1 [r32]=r0,1;; + and r2=7,r32 } +{ .mib; add r33=-1,r33 + br .Lot };; + +.Laligned: +{ .mmi; st8 [r32]=r0,8 + and r2=-8,r33 // len&~7 + add r33=-8,r33 };; // len-=8 +{ .mib; cmp.ltu p6,p0=8,r2 // ((len+8)&~7)>8 +(p6) br.cond.dptk .Laligned };; + +{ .mbb; cmp.eq p6,p7=r0,r33 +(p7) br.cond.dpnt .Little +(p6) br.ret.sptk.many b0 };; +.endp OPENSSL_cleanse# diff --git a/lib/libssl/src/crypto/idea/Makefile b/lib/libssl/src/crypto/idea/Makefile index 55c0d4dbff4..b2e7add666a 100644 --- a/lib/libssl/src/crypto/idea/Makefile +++ b/lib/libssl/src/crypto/idea/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -82,9 +82,5 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_ofb64.o: i_ofb64.c idea_lcl.h -i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h -i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_skey.o: i_skey.c idea_lcl.h diff --git a/lib/libssl/src/crypto/jpake/Makefile b/lib/libssl/src/crypto/jpake/Makefile index a4a1402f2ec..110c49ce0b4 100644 --- a/lib/libssl/src/crypto/jpake/Makefile +++ b/lib/libssl/src/crypto/jpake/Makefile @@ -16,7 +16,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libssl/src/crypto/jpake/jpake.c b/lib/libssl/src/crypto/jpake/jpake.c index 577b7ef375c..086d9f47e06 100644 --- a/lib/libssl/src/crypto/jpake/jpake.c +++ b/lib/libssl/src/crypto/jpake/jpake.c @@ -4,7 +4,6 @@ #include <openssl/sha.h> #include <openssl/err.h> #include <memory.h> -#include <assert.h> /* * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or @@ -134,7 +133,7 @@ static void hashlength(SHA_CTX *sha, size_t l) { unsigned char b[2]; - assert(l <= 0xffff); + OPENSSL_assert(l <= 0xffff); b[0] = l >> 8; b[1] = l&0xff; SHA1_Update(sha, b, 2); @@ -172,7 +171,7 @@ static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, */ SHA1_Init(&sha); hashbn(&sha, zkpg); - assert(!BN_is_zero(p->zkpx.gr)); + OPENSSL_assert(!BN_is_zero(p->zkpx.gr)); hashbn(&sha, p->zkpx.gr); hashbn(&sha, p->gx); hashstring(&sha, proof_name); diff --git a/lib/libssl/src/crypto/jpake/jpaketest.c b/lib/libssl/src/crypto/jpake/jpaketest.c index 792fc49eb46..eaba75ed8ab 100644 --- a/lib/libssl/src/crypto/jpake/jpaketest.c +++ b/lib/libssl/src/crypto/jpake/jpaketest.c @@ -182,7 +182,7 @@ int main(int argc, char **argv) BN_free(p); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(bio_err); diff --git a/lib/libssl/src/crypto/krb5/Makefile b/lib/libssl/src/crypto/krb5/Makefile index 8efb9e8910a..14077390d69 100644 --- a/lib/libssl/src/crypto/krb5/Makefile +++ b/lib/libssl/src/crypto/krb5/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libssl/src/crypto/lhash/Makefile b/lib/libssl/src/crypto/lhash/Makefile index 35f09329715..82bddac4745 100644 --- a/lib/libssl/src/crypto/lhash/Makefile +++ b/lib/libssl/src/crypto/lhash/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libssl/src/crypto/md2/Makefile b/lib/libssl/src/crypto/md2/Makefile index 7f43321ab2f..17f878aeb7d 100644 --- a/lib/libssl/src/crypto/md2/Makefile +++ b/lib/libssl/src/crypto/md2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,9 +74,7 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h diff --git a/lib/libssl/src/crypto/md4/Makefile b/lib/libssl/src/crypto/md4/Makefile index 0bc48965851..c94a1398ed0 100644 --- a/lib/libssl/src/crypto/md4/Makefile +++ b/lib/libssl/src/crypto/md4/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -69,19 +69,16 @@ depend: dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) + rm -f ../../include/openssl/$(EXHEADER) ../../test/$(TEST) ../../apps/$(APPS) clean: rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h -md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c +md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h +md4_dgst.o: ../../include/openssl/opensslconf.h +md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c md4_dgst.o: md4_locl.h md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h diff --git a/lib/libssl/src/crypto/md5/Makefile b/lib/libssl/src/crypto/md5/Makefile index 3c450fcfc09..9858d53d31e 100644 --- a/lib/libssl/src/crypto/md5/Makefile +++ b/lib/libssl/src/crypto/md5/Makefile @@ -38,21 +38,19 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@) -# COFF -mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@) -# a.out -mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@) +md5-586.s: asm/md5-586.pl ../perlasm/x86asm.pl + $(PERL) asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -md5-x86_64.s: asm/md5-x86_64.pl; $(PERL) asm/md5-x86_64.pl $@ +md5-x86_64.s: asm/md5-x86_64.pl + $(PERL) asm/md5-x86_64.pl $(PERLASM_SCHEME) > $@ + +md5-ia64.s: asm/md5-ia64.S + $(CC) $(CFLAGS) -E asm/md5-ia64.S | \ + $(PERL) -ne 's/;\s+/;\n/g; print;' > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -91,13 +89,9 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h -md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c +md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h +md5_dgst.o: ../../include/openssl/opensslconf.h +md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c md5_dgst.o: md5_locl.h md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h diff --git a/lib/libssl/src/crypto/md5/asm/md5-ia64.S b/lib/libssl/src/crypto/md5/asm/md5-ia64.S new file mode 100644 index 00000000000..e7de08d46a2 --- /dev/null +++ b/lib/libssl/src/crypto/md5/asm/md5-ia64.S @@ -0,0 +1,992 @@ +/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P. + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + +// Common registers are assigned as follows: +// +// COMMON +// +// t0 Const Tbl Ptr TPtr +// t1 Round Constant TRound +// t4 Block residual LenResid +// t5 Residual Data DTmp +// +// {in,out}0 Block 0 Cycle RotateM0 +// {in,out}1 Block Value 12 M12 +// {in,out}2 Block Value 8 M8 +// {in,out}3 Block Value 4 M4 +// {in,out}4 Block Value 0 M0 +// {in,out}5 Block 1 Cycle RotateM1 +// {in,out}6 Block Value 13 M13 +// {in,out}7 Block Value 9 M9 +// {in,out}8 Block Value 5 M5 +// {in,out}9 Block Value 1 M1 +// {in,out}10 Block 2 Cycle RotateM2 +// {in,out}11 Block Value 14 M14 +// {in,out}12 Block Value 10 M10 +// {in,out}13 Block Value 6 M6 +// {in,out}14 Block Value 2 M2 +// {in,out}15 Block 3 Cycle RotateM3 +// {in,out}16 Block Value 15 M15 +// {in,out}17 Block Value 11 M11 +// {in,out}18 Block Value 7 M7 +// {in,out}19 Block Value 3 M3 +// {in,out}20 Scratch Z +// {in,out}21 Scratch Y +// {in,out}22 Scratch X +// {in,out}23 Scratch W +// {in,out}24 Digest A A +// {in,out}25 Digest B B +// {in,out}26 Digest C C +// {in,out}27 Digest D D +// {in,out}28 Active Data Ptr DPtr +// in28 Dummy Value - +// out28 Dummy Value - +// bt0 Coroutine Link QUICK_RTN +// +/// These predicates are used for computing the padding block(s) and +/// are shared between the driver and digest co-routines +// +// pt0 Extra Pad Block pExtra +// pt1 Load next word pLoad +// pt2 Skip next word pSkip +// pt3 Search for Pad pNoPad +// pt4 Pad Word 0 pPad0 +// pt5 Pad Word 1 pPad1 +// pt6 Pad Word 2 pPad2 +// pt7 Pad Word 3 pPad3 + +#define DTmp r19 +#define LenResid r18 +#define QUICK_RTN b6 +#define TPtr r14 +#define TRound r15 +#define pExtra p6 +#define pLoad p7 +#define pNoPad p9 +#define pPad0 p10 +#define pPad1 p11 +#define pPad2 p12 +#define pPad3 p13 +#define pSkip p8 + +#define A_ out24 +#define B_ out25 +#define C_ out26 +#define D_ out27 +#define DPtr_ out28 +#define M0_ out4 +#define M1_ out9 +#define M10_ out12 +#define M11_ out17 +#define M12_ out1 +#define M13_ out6 +#define M14_ out11 +#define M15_ out16 +#define M2_ out14 +#define M3_ out19 +#define M4_ out3 +#define M5_ out8 +#define M6_ out13 +#define M7_ out18 +#define M8_ out2 +#define M9_ out7 +#define RotateM0_ out0 +#define RotateM1_ out5 +#define RotateM2_ out10 +#define RotateM3_ out15 +#define W_ out23 +#define X_ out22 +#define Y_ out21 +#define Z_ out20 + +#define A in24 +#define B in25 +#define C in26 +#define D in27 +#define DPtr in28 +#define M0 in4 +#define M1 in9 +#define M10 in12 +#define M11 in17 +#define M12 in1 +#define M13 in6 +#define M14 in11 +#define M15 in16 +#define M2 in14 +#define M3 in19 +#define M4 in3 +#define M5 in8 +#define M6 in13 +#define M7 in18 +#define M8 in2 +#define M9 in7 +#define RotateM0 in0 +#define RotateM1 in5 +#define RotateM2 in10 +#define RotateM3 in15 +#define W in23 +#define X in22 +#define Y in21 +#define Z in20 + +/* register stack configuration for md5_block_asm_data_order(): */ +#define MD5_NINP 3 +#define MD5_NLOC 0 +#define MD5_NOUT 29 +#define MD5_NROT 0 + +/* register stack configuration for helpers: */ +#define _NINPUTS MD5_NOUT +#define _NLOCALS 0 +#define _NOUTPUT 0 +#define _NROTATE 24 /* this must be <= _NINPUTS */ + +#if defined(_HPUX_SOURCE) && !defined(_LP64) +#define ADDP addp4 +#else +#define ADDP add +#endif + +#if defined(_HPUX_SOURCE) || defined(B_ENDIAN) +#define HOST_IS_BIG_ENDIAN +#endif + +// Macros for getting the left and right portions of little-endian words + +#define GETLW(dst, src, align) dep.z dst = src, 32 - 8 * align, 8 * align +#define GETRW(dst, src, align) extr.u dst = src, 8 * align, 32 - 8 * align + +// MD5 driver +// +// Reads an input block, then calls the digest block +// subroutine and adds the results to the accumulated +// digest. It allocates 32 outs which the subroutine +// uses as it's inputs and rotating +// registers. Initializes the round constant pointer and +// takes care of saving/restoring ar.lc +// +/// INPUT +// +// in0 Context Ptr CtxPtr0 +// in1 Input Data Ptr DPtrIn +// in2 Integral Blocks BlockCount +// rp Return Address - +// +/// CODE +// +// v2 Input Align InAlign +// t0 Shared w/digest - +// t1 Shared w/digest - +// t2 Shared w/digest - +// t3 Shared w/digest - +// t4 Shared w/digest - +// t5 Shared w/digest - +// t6 PFS Save PFSSave +// t7 ar.lc Save LCSave +// t8 Saved PR PRSave +// t9 2nd CtxPtr CtxPtr1 +// t10 Table Base CTable +// t11 Table[0] CTable0 +// t13 Accumulator A AccumA +// t14 Accumulator B AccumB +// t15 Accumulator C AccumC +// t16 Accumulator D AccumD +// pt0 Shared w/digest - +// pt1 Shared w/digest - +// pt2 Shared w/digest - +// pt3 Shared w/digest - +// pt4 Shared w/digest - +// pt5 Shared w/digest - +// pt6 Shared w/digest - +// pt7 Shared w/digest - +// pt8 Not Aligned pOff +// pt8 Blocks Left pAgain + +#define AccumA r27 +#define AccumB r28 +#define AccumC r29 +#define AccumD r30 +#define CTable r24 +#define CTable0 r25 +#define CtxPtr0 in0 +#define CtxPtr1 r23 +#define DPtrIn in1 +#define BlockCount in2 +#define InAlign r10 +#define LCSave r21 +#define PFSSave r20 +#define PRSave r22 +#define pAgain p63 +#define pOff p63 + + .text + +/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num) + + where: + c: a pointer to a structure of this type: + + typedef struct MD5state_st + { + MD5_LONG A,B,C,D; + MD5_LONG Nl,Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; + } + MD5_CTX; + + data: a pointer to the input data (may be misaligned) + num: the number of 16-byte blocks to hash (i.e., the length + of DATA is 16*NUM. + + */ + + .type md5_block_asm_data_order, @function + .global md5_block_asm_data_order + .align 32 + .proc md5_block_asm_data_order +md5_block_asm_data_order: +.md5_block: + .prologue +{ .mmi + .save ar.pfs, PFSSave + alloc PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT + ADDP CtxPtr1 = 8, CtxPtr0 + mov CTable = ip +} +{ .mmi + ADDP DPtrIn = 0, DPtrIn + ADDP CtxPtr0 = 0, CtxPtr0 + .save ar.lc, LCSave + mov LCSave = ar.lc +} +;; +{ .mmi + add CTable = .md5_tbl_data_order#-.md5_block#, CTable + and InAlign = 0x3, DPtrIn +} + +{ .mmi + ld4 AccumA = [CtxPtr0], 4 + ld4 AccumC = [CtxPtr1], 4 + .save pr, PRSave + mov PRSave = pr + .body +} +;; +{ .mmi + ld4 AccumB = [CtxPtr0] + ld4 AccumD = [CtxPtr1] + dep DPtr_ = 0, DPtrIn, 0, 2 +} ;; +#ifdef HOST_IS_BIG_ENDIAN + rum psr.be;; // switch to little-endian +#endif +{ .mmb + ld4 CTable0 = [CTable], 4 + cmp.ne pOff, p0 = 0, InAlign +(pOff) br.cond.spnt.many .md5_unaligned +} ;; + +// The FF load/compute loop rotates values three times, so that +// loading into M12 here produces the M0 value, M13 -> M1, etc. + +.md5_block_loop0: +{ .mmi + ld4 M12_ = [DPtr_], 4 + mov TPtr = CTable + mov TRound = CTable0 +} ;; +{ .mmi + ld4 M13_ = [DPtr_], 4 + mov A_ = AccumA + mov B_ = AccumB +} ;; +{ .mmi + ld4 M14_ = [DPtr_], 4 + mov C_ = AccumC + mov D_ = AccumD +} ;; +{ .mmb + ld4 M15_ = [DPtr_], 4 + add BlockCount = -1, BlockCount + br.call.sptk.many QUICK_RTN = md5_digest_block0 +} ;; + +// Now, we add the new digest values and do some clean-up +// before checking if there's another full block to process + +{ .mmi + add AccumA = AccumA, A_ + add AccumB = AccumB, B_ + cmp.ne pAgain, p0 = 0, BlockCount +} +{ .mib + add AccumC = AccumC, C_ + add AccumD = AccumD, D_ +(pAgain) br.cond.dptk.many .md5_block_loop0 +} ;; + +.md5_exit: +#ifdef HOST_IS_BIG_ENDIAN + sum psr.be;; // switch back to big-endian mode +#endif +{ .mmi + st4 [CtxPtr0] = AccumB, -4 + st4 [CtxPtr1] = AccumD, -4 + mov pr = PRSave, 0x1ffff ;; +} +{ .mmi + st4 [CtxPtr0] = AccumA + st4 [CtxPtr1] = AccumC + mov ar.lc = LCSave +} ;; +{ .mib + mov ar.pfs = PFSSave + br.ret.sptk.few rp +} ;; + +#define MD5UNALIGNED(offset) \ +.md5_process##offset: \ +{ .mib ; \ + nop 0x0 ; \ + GETRW(DTmp, DTmp, offset) ; \ +} ;; \ +.md5_block_loop##offset: \ +{ .mmi ; \ + ld4 Y_ = [DPtr_], 4 ; \ + mov TPtr = CTable ; \ + mov TRound = CTable0 ; \ +} ;; \ +{ .mmi ; \ + ld4 M13_ = [DPtr_], 4 ; \ + mov A_ = AccumA ; \ + mov B_ = AccumB ; \ +} ;; \ +{ .mii ; \ + ld4 M14_ = [DPtr_], 4 ; \ + GETLW(W_, Y_, offset) ; \ + mov C_ = AccumC ; \ +} \ +{ .mmi ; \ + mov D_ = AccumD ;; \ + or M12_ = W_, DTmp ; \ + GETRW(DTmp, Y_, offset) ; \ +} \ +{ .mib ; \ + ld4 M15_ = [DPtr_], 4 ; \ + add BlockCount = -1, BlockCount ; \ + br.call.sptk.many QUICK_RTN = md5_digest_block##offset; \ +} ;; \ +{ .mmi ; \ + add AccumA = AccumA, A_ ; \ + add AccumB = AccumB, B_ ; \ + cmp.ne pAgain, p0 = 0, BlockCount ; \ +} \ +{ .mib ; \ + add AccumC = AccumC, C_ ; \ + add AccumD = AccumD, D_ ; \ +(pAgain) br.cond.dptk.many .md5_block_loop##offset ; \ +} ;; \ +{ .mib ; \ + nop 0x0 ; \ + nop 0x0 ; \ + br.cond.sptk.many .md5_exit ; \ +} ;; + + .align 32 +.md5_unaligned: +// +// Because variable shifts are expensive, we special case each of +// the four alignements. In practice, this won't hurt too much +// since only one working set of code will be loaded. +// +{ .mib + ld4 DTmp = [DPtr_], 4 + cmp.eq pOff, p0 = 1, InAlign +(pOff) br.cond.dpnt.many .md5_process1 +} ;; +{ .mib + cmp.eq pOff, p0 = 2, InAlign + nop 0x0 +(pOff) br.cond.dpnt.many .md5_process2 +} ;; + MD5UNALIGNED(3) + MD5UNALIGNED(1) + MD5UNALIGNED(2) + + .endp md5_block_asm_data_order + + +// MD5 Perform the F function and load +// +// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values, +// computes the FF() round of functions, then branches to the common +// digest code to finish up with GG(), HH, and II(). +// +// INPUT +// +// rp Return Address - +// +// CODE +// +// v0 PFS bit bucket PFS +// v1 Loop Trip Count LTrip +// pt0 Load next word pMore + +/* For F round: */ +#define LTrip r9 +#define PFS r8 +#define pMore p6 + +/* For GHI rounds: */ +#define T r9 +#define U r10 +#define V r11 + +#define COMPUTE(a, b, s, M, R) \ +{ \ + .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + dep.z Y = Z, 32, 32 ;; \ + shrp Z = Z, Y, 64 - s ; \ +} ;; \ +{ \ + .mmi ; \ + add a = Z, b ; \ + mov R = M ; \ + nop 0x0 ; \ +} ;; + +#define LOOP(a, b, s, M, R, label) \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + dep.z Y = Z, 32, 32 ;; \ + shrp Z = Z, Y, 64 - s ; \ +} ;; \ +{ .mib ; \ + add a = Z, b ; \ + mov R = M ; \ + br.ctop.sptk.many label ; \ +} ;; + +// G(B, C, D) = (B & D) | (C & ~D) + +#define G(a, b, c, d, M) \ +{ .mmi ; \ + add Z = M, TRound ; \ + and Y = b, d ; \ + andcm X = c, d ; \ +} ;; \ +{ .mii ; \ + add Z = Z, a ; \ + or Y = Y, X ;; \ + add Z = Z, Y ; \ +} ;; + +// H(B, C, D) = B ^ C ^ D + +#define H(a, b, c, d, M) \ +{ .mmi ; \ + add Z = M, TRound ; \ + xor Y = b, c ; \ + nop 0x0 ; \ +} ;; \ +{ .mii ; \ + add Z = Z, a ; \ + xor Y = Y, d ;; \ + add Z = Z, Y ; \ +} ;; + +// I(B, C, D) = C ^ (B | ~D) +// +// However, since we have an andcm operator, we use the fact that +// +// Y ^ Z == ~Y ^ ~Z +// +// to rewrite the expression as +// +// I(B, C, D) = ~C ^ (~B & D) + +#define I(a, b, c, d, M) \ +{ .mmi ; \ + add Z = M, TRound ; \ + andcm Y = d, b ; \ + andcm X = -1, c ; \ +} ;; \ +{ .mii ; \ + add Z = Z, a ; \ + xor Y = Y, X ;; \ + add Z = Z, Y ; \ +} ;; + +#define GG4(label) \ + G(A, B, C, D, M0) \ + COMPUTE(A, B, 5, M0, RotateM0) \ + G(D, A, B, C, M1) \ + COMPUTE(D, A, 9, M1, RotateM1) \ + G(C, D, A, B, M2) \ + COMPUTE(C, D, 14, M2, RotateM2) \ + G(B, C, D, A, M3) \ + LOOP(B, C, 20, M3, RotateM3, label) + +#define HH4(label) \ + H(A, B, C, D, M0) \ + COMPUTE(A, B, 4, M0, RotateM0) \ + H(D, A, B, C, M1) \ + COMPUTE(D, A, 11, M1, RotateM1) \ + H(C, D, A, B, M2) \ + COMPUTE(C, D, 16, M2, RotateM2) \ + H(B, C, D, A, M3) \ + LOOP(B, C, 23, M3, RotateM3, label) + +#define II4(label) \ + I(A, B, C, D, M0) \ + COMPUTE(A, B, 6, M0, RotateM0) \ + I(D, A, B, C, M1) \ + COMPUTE(D, A, 10, M1, RotateM1) \ + I(C, D, A, B, M2) \ + COMPUTE(C, D, 15, M2, RotateM2) \ + I(B, C, D, A, M3) \ + LOOP(B, C, 21, M3, RotateM3, label) + +#define FFLOAD(a, b, c, d, M, N, s) \ +{ .mii ; \ +(pMore) ld4 N = [DPtr], 4 ; \ + add Z = M, TRound ; \ + and Y = c, b ; \ +} \ +{ .mmi ; \ + andcm X = d, b ;; \ + add Z = Z, a ; \ + or Y = Y, X ; \ +} ;; \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + add Z = Z, Y ;; \ + dep.z Y = Z, 32, 32 ; \ +} ;; \ +{ .mii ; \ + nop 0x0 ; \ + shrp Z = Z, Y, 64 - s ;; \ + add a = Z, b ; \ +} ;; + +#define FFLOOP(a, b, c, d, M, N, s, dest) \ +{ .mii ; \ +(pMore) ld4 N = [DPtr], 4 ; \ + add Z = M, TRound ; \ + and Y = c, b ; \ +} \ +{ .mmi ; \ + andcm X = d, b ;; \ + add Z = Z, a ; \ + or Y = Y, X ; \ +} ;; \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + add Z = Z, Y ;; \ + dep.z Y = Z, 32, 32 ; \ +} ;; \ +{ .mii ; \ + nop 0x0 ; \ + shrp Z = Z, Y, 64 - s ;; \ + add a = Z, b ; \ +} \ +{ .mib ; \ + cmp.ne pMore, p0 = 0, LTrip ; \ + add LTrip = -1, LTrip ; \ + br.ctop.dptk.many dest ; \ +} ;; + + .type md5_digest_block0, @function + .align 32 + + .proc md5_digest_block0 + .prologue +md5_digest_block0: + .altrp QUICK_RTN + .body +{ .mmi + alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE + mov LTrip = 2 + mov ar.lc = 3 +} ;; +{ .mii + cmp.eq pMore, p0 = r0, r0 + mov ar.ec = 0 + nop 0x0 +} ;; + +.md5_FF_round0: + FFLOAD(A, B, C, D, M12, RotateM0, 7) + FFLOAD(D, A, B, C, M13, RotateM1, 12) + FFLOAD(C, D, A, B, M14, RotateM2, 17) + FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0) + // + // !!! Fall through to md5_digest_GHI + // + .endp md5_digest_block0 + + .type md5_digest_GHI, @function + .align 32 + + .proc md5_digest_GHI + .prologue + .regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE +md5_digest_GHI: + .altrp QUICK_RTN + .body +// +// The following sequence shuffles the block counstants round for the +// next round: +// +// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 +// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12 +// +{ .mmi + mov Z = M0 + mov Y = M15 + mov ar.lc = 3 +} +{ .mmi + mov X = M2 + mov W = M9 + mov V = M4 +} ;; + +{ .mmi + mov M0 = M1 + mov M15 = M12 + mov ar.ec = 1 +} +{ .mmi + mov M2 = M11 + mov M9 = M14 + mov M4 = M5 +} ;; + +{ .mmi + mov M1 = M6 + mov M12 = M13 + mov U = M3 +} +{ .mmi + mov M11 = M8 + mov M14 = M7 + mov M5 = M10 +} ;; + +{ .mmi + mov M6 = Y + mov M13 = X + mov M3 = Z +} +{ .mmi + mov M8 = W + mov M7 = V + mov M10 = U +} ;; + +.md5_GG_round: + GG4(.md5_GG_round) + +// The following sequence shuffles the block constants round for the +// next round: +// +// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12 +// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2 + +{ .mmi + mov Z = M0 + mov Y = M1 + mov ar.lc = 3 +} +{ .mmi + mov X = M3 + mov W = M5 + mov V = M6 +} ;; + +{ .mmi + mov M0 = M4 + mov M1 = M11 + mov ar.ec = 1 +} +{ .mmi + mov M3 = M9 + mov U = M8 + mov T = M13 +} ;; + +{ .mmi + mov M4 = Z + mov M11 = Y + mov M5 = M7 +} +{ .mmi + mov M6 = M14 + mov M8 = M12 + mov M13 = M15 +} ;; + +{ .mmi + mov M7 = W + mov M14 = V + nop 0x0 +} +{ .mmi + mov M9 = X + mov M12 = U + mov M15 = T +} ;; + +.md5_HH_round: + HH4(.md5_HH_round) + +// The following sequence shuffles the block constants round for the +// next round: +// +// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2 +// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9 + +{ .mmi + mov Z = M0 + mov Y = M15 + mov ar.lc = 3 +} +{ .mmi + mov X = M10 + mov W = M1 + mov V = M4 +} ;; + +{ .mmi + mov M0 = M9 + mov M15 = M12 + mov ar.ec = 1 +} +{ .mmi + mov M10 = M11 + mov M1 = M6 + mov M4 = M13 +} ;; + +{ .mmi + mov M9 = M14 + mov M12 = M5 + mov U = M3 +} +{ .mmi + mov M11 = M8 + mov M6 = M7 + mov M13 = M2 +} ;; + +{ .mmi + mov M14 = Y + mov M5 = X + mov M3 = Z +} +{ .mmi + mov M8 = W + mov M7 = V + mov M2 = U +} ;; + +.md5_II_round: + II4(.md5_II_round) + +{ .mib + nop 0x0 + nop 0x0 + br.ret.sptk.many QUICK_RTN +} ;; + + .endp md5_digest_GHI + +#define FFLOADU(a, b, c, d, M, P, N, s, offset) \ +{ .mii ; \ +(pMore) ld4 N = [DPtr], 4 ; \ + add Z = M, TRound ; \ + and Y = c, b ; \ +} \ +{ .mmi ; \ + andcm X = d, b ;; \ + add Z = Z, a ; \ + or Y = Y, X ; \ +} ;; \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ + GETLW(W, P, offset) ; \ + add Z = Z, Y ; \ +} ;; \ +{ .mii ; \ + or W = W, DTmp ; \ + dep.z Y = Z, 32, 32 ;; \ + shrp Z = Z, Y, 64 - s ; \ +} ;; \ +{ .mii ; \ + add a = Z, b ; \ + GETRW(DTmp, P, offset) ; \ + mov P = W ; \ +} ;; + +#define FFLOOPU(a, b, c, d, M, P, N, s, offset) \ +{ .mii ; \ +(pMore) ld4 N = [DPtr], 4 ; \ + add Z = M, TRound ; \ + and Y = c, b ; \ +} \ +{ .mmi ; \ + andcm X = d, b ;; \ + add Z = Z, a ; \ + or Y = Y, X ; \ +} ;; \ +{ .mii ; \ + ld4 TRound = [TPtr], 4 ; \ +(pMore) GETLW(W, P, offset) ; \ + add Z = Z, Y ; \ +} ;; \ +{ .mii ; \ +(pMore) or W = W, DTmp ; \ + dep.z Y = Z, 32, 32 ;; \ + shrp Z = Z, Y, 64 - s ; \ +} ;; \ +{ .mii ; \ + add a = Z, b ; \ +(pMore) GETRW(DTmp, P, offset) ; \ +(pMore) mov P = W ; \ +} \ +{ .mib ; \ + cmp.ne pMore, p0 = 0, LTrip ; \ + add LTrip = -1, LTrip ; \ + br.ctop.sptk.many .md5_FF_round##offset ; \ +} ;; + +#define MD5FBLOCK(offset) \ + .type md5_digest_block##offset, @function ; \ + \ + .align 32 ; \ + .proc md5_digest_block##offset ; \ + .prologue ; \ + .altrp QUICK_RTN ; \ + .body ; \ +md5_digest_block##offset: \ +{ .mmi ; \ + alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ; \ + mov LTrip = 2 ; \ + mov ar.lc = 3 ; \ +} ;; \ +{ .mii ; \ + cmp.eq pMore, p0 = r0, r0 ; \ + mov ar.ec = 0 ; \ + nop 0x0 ; \ +} ;; \ + \ + .pred.rel "mutex", pLoad, pSkip ; \ +.md5_FF_round##offset: \ + FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset) \ + FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset) \ + FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset) \ + FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset) \ + \ +{ .mib ; \ + nop 0x0 ; \ + nop 0x0 ; \ + br.cond.sptk.many md5_digest_GHI ; \ +} ;; \ + .endp md5_digest_block##offset + +MD5FBLOCK(1) +MD5FBLOCK(2) +MD5FBLOCK(3) + + .align 64 + .type md5_constants, @object +md5_constants: +.md5_tbl_data_order: // To ensure little-endian data + // order, code as bytes. + data1 0x78, 0xa4, 0x6a, 0xd7 // 0 + data1 0x56, 0xb7, 0xc7, 0xe8 // 1 + data1 0xdb, 0x70, 0x20, 0x24 // 2 + data1 0xee, 0xce, 0xbd, 0xc1 // 3 + data1 0xaf, 0x0f, 0x7c, 0xf5 // 4 + data1 0x2a, 0xc6, 0x87, 0x47 // 5 + data1 0x13, 0x46, 0x30, 0xa8 // 6 + data1 0x01, 0x95, 0x46, 0xfd // 7 + data1 0xd8, 0x98, 0x80, 0x69 // 8 + data1 0xaf, 0xf7, 0x44, 0x8b // 9 + data1 0xb1, 0x5b, 0xff, 0xff // 10 + data1 0xbe, 0xd7, 0x5c, 0x89 // 11 + data1 0x22, 0x11, 0x90, 0x6b // 12 + data1 0x93, 0x71, 0x98, 0xfd // 13 + data1 0x8e, 0x43, 0x79, 0xa6 // 14 + data1 0x21, 0x08, 0xb4, 0x49 // 15 + data1 0x62, 0x25, 0x1e, 0xf6 // 16 + data1 0x40, 0xb3, 0x40, 0xc0 // 17 + data1 0x51, 0x5a, 0x5e, 0x26 // 18 + data1 0xaa, 0xc7, 0xb6, 0xe9 // 19 + data1 0x5d, 0x10, 0x2f, 0xd6 // 20 + data1 0x53, 0x14, 0x44, 0x02 // 21 + data1 0x81, 0xe6, 0xa1, 0xd8 // 22 + data1 0xc8, 0xfb, 0xd3, 0xe7 // 23 + data1 0xe6, 0xcd, 0xe1, 0x21 // 24 + data1 0xd6, 0x07, 0x37, 0xc3 // 25 + data1 0x87, 0x0d, 0xd5, 0xf4 // 26 + data1 0xed, 0x14, 0x5a, 0x45 // 27 + data1 0x05, 0xe9, 0xe3, 0xa9 // 28 + data1 0xf8, 0xa3, 0xef, 0xfc // 29 + data1 0xd9, 0x02, 0x6f, 0x67 // 30 + data1 0x8a, 0x4c, 0x2a, 0x8d // 31 + data1 0x42, 0x39, 0xfa, 0xff // 32 + data1 0x81, 0xf6, 0x71, 0x87 // 33 + data1 0x22, 0x61, 0x9d, 0x6d // 34 + data1 0x0c, 0x38, 0xe5, 0xfd // 35 + data1 0x44, 0xea, 0xbe, 0xa4 // 36 + data1 0xa9, 0xcf, 0xde, 0x4b // 37 + data1 0x60, 0x4b, 0xbb, 0xf6 // 38 + data1 0x70, 0xbc, 0xbf, 0xbe // 39 + data1 0xc6, 0x7e, 0x9b, 0x28 // 40 + data1 0xfa, 0x27, 0xa1, 0xea // 41 + data1 0x85, 0x30, 0xef, 0xd4 // 42 + data1 0x05, 0x1d, 0x88, 0x04 // 43 + data1 0x39, 0xd0, 0xd4, 0xd9 // 44 + data1 0xe5, 0x99, 0xdb, 0xe6 // 45 + data1 0xf8, 0x7c, 0xa2, 0x1f // 46 + data1 0x65, 0x56, 0xac, 0xc4 // 47 + data1 0x44, 0x22, 0x29, 0xf4 // 48 + data1 0x97, 0xff, 0x2a, 0x43 // 49 + data1 0xa7, 0x23, 0x94, 0xab // 50 + data1 0x39, 0xa0, 0x93, 0xfc // 51 + data1 0xc3, 0x59, 0x5b, 0x65 // 52 + data1 0x92, 0xcc, 0x0c, 0x8f // 53 + data1 0x7d, 0xf4, 0xef, 0xff // 54 + data1 0xd1, 0x5d, 0x84, 0x85 // 55 + data1 0x4f, 0x7e, 0xa8, 0x6f // 56 + data1 0xe0, 0xe6, 0x2c, 0xfe // 57 + data1 0x14, 0x43, 0x01, 0xa3 // 58 + data1 0xa1, 0x11, 0x08, 0x4e // 59 + data1 0x82, 0x7e, 0x53, 0xf7 // 60 + data1 0x35, 0xf2, 0x3a, 0xbd // 61 + data1 0xbb, 0xd2, 0xd7, 0x2a // 62 + data1 0x91, 0xd3, 0x86, 0xeb // 63 +.size md5_constants#,64*4 diff --git a/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl b/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl index 9a6fa67224e..867885435e2 100755 --- a/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl +++ b/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl @@ -15,7 +15,7 @@ my $code; # dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s) # %r10d = X[k_next] # %r11d = z' (copy of z for the next step) -# Each round1_step() takes about 5.71 clocks (9 instructions, 1.58 IPC) +# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC) sub round1_step { my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; @@ -37,22 +37,26 @@ EOF # round2_step() does: # dst = x + ((dst + G(x,y,z) + X[k] + T_i) <<< s) # %r10d = X[k_next] -# %r11d = y' (copy of y for the next step) -# Each round2_step() takes about 6.22 clocks (9 instructions, 1.45 IPC) +# %r11d = z' (copy of z for the next step) +# %r12d = z' (copy of z for the next step) +# Each round2_step() takes about 5.4 clocks (11 instructions, 2.0 IPC) sub round2_step { my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; $code .= " mov 1*4(%rsi), %r10d /* (NEXT STEP) X[1] */\n" if ($pos == -1); - $code .= " mov %ecx, %r11d /* (NEXT STEP) y' = %ecx */\n" if ($pos == -1); + $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); + $code .= " mov %edx, %r12d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); $code .= <<EOF; - xor $x, %r11d /* x ^ ... */ + not %r11d /* not z */ lea $T_i($dst,%r10d),$dst /* Const + dst + ... */ - and $z, %r11d /* z & ... */ - xor $y, %r11d /* y ^ ... */ + and $x, %r12d /* x & z */ + and $y, %r11d /* y & (not z) */ mov $k_next*4(%rsi),%r10d /* (NEXT STEP) X[$k_next] */ - add %r11d, $dst /* dst += ... */ + or %r11d, %r12d /* (y & (not z)) | (x & z) */ + mov $y, %r11d /* (NEXT STEP) z' = $y */ + add %r12d, $dst /* dst += ... */ + mov $y, %r12d /* (NEXT STEP) z' = $y */ rol \$$s, $dst /* dst <<< s */ - mov $x, %r11d /* (NEXT STEP) y' = $x */ add $x, $dst /* dst += x */ EOF } @@ -61,7 +65,7 @@ EOF # dst = x + ((dst + H(x,y,z) + X[k] + T_i) <<< s) # %r10d = X[k_next] # %r11d = y' (copy of y for the next step) -# Each round3_step() takes about 4.26 clocks (8 instructions, 1.88 IPC) +# Each round3_step() takes about 4.2 clocks (8 instructions, 1.9 IPC) sub round3_step { my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; @@ -83,7 +87,7 @@ EOF # dst = x + ((dst + I(x,y,z) + X[k] + T_i) <<< s) # %r10d = X[k_next] # %r11d = not z' (copy of not z for the next step) -# Each round4_step() takes about 5.27 clocks (9 instructions, 1.71 IPC) +# Each round4_step() takes about 5.2 clocks (9 instructions, 1.7 IPC) sub round4_step { my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; @@ -104,8 +108,19 @@ sub round4_step EOF } -my $output = shift; -open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output"; +my $flavour = shift; +my $output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +no warnings qw(uninitialized); +open STDOUT,"| $^X $xlate $flavour $output"; $code .= <<EOF; .text @@ -116,8 +131,10 @@ $code .= <<EOF; md5_block_asm_data_order: push %rbp push %rbx + push %r12 push %r14 push %r15 +.Lprologue: # rdi = arg #1 (ctx, MD5_CTX pointer) # rsi = arg #2 (ptr, data pointer) @@ -232,13 +249,120 @@ $code .= <<EOF; mov %ecx, 2*4(%rbp) # ctx->C = C mov %edx, 3*4(%rbp) # ctx->D = D + mov (%rsp),%r15 + mov 8(%rsp),%r14 + mov 16(%rsp),%r12 + mov 24(%rsp),%rbx + mov 32(%rsp),%rbp + add \$40,%rsp +.Lepilogue: + ret +.size md5_block_asm_data_order,.-md5_block_asm_data_order +EOF + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +my $rec="%rcx"; +my $frame="%rdx"; +my $context="%r8"; +my $disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + lea 40(%rax),%rax + + mov -8(%rax),%rbp + mov -16(%rax),%rbx + mov -24(%rax),%r12 + mov -32(%rax),%r14 + mov -40(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq pop %r15 pop %r14 - pop %rbx + pop %r13 + pop %r12 pop %rbp + pop %rbx + pop %rdi + pop %rsi ret -.size md5_block_asm_data_order,.-md5_block_asm_data_order -EOF +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_md5_block_asm_data_order + .rva .LSEH_end_md5_block_asm_data_order + .rva .LSEH_info_md5_block_asm_data_order + +.section .xdata +.align 8 +.LSEH_info_md5_block_asm_data_order: + .byte 9,0,0,0 + .rva se_handler +___ +} print $code; diff --git a/lib/libssl/src/crypto/modes/Makefile b/lib/libssl/src/crypto/modes/Makefile new file mode 100644 index 00000000000..6c85861b6c5 --- /dev/null +++ b/lib/libssl/src/crypto/modes/Makefile @@ -0,0 +1,82 @@ +# +# OpenSSL/crypto/modes/Makefile +# + +DIR= modes +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c +LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o + +SRC= $(LIBSRC) + +#EXHEADER= store.h str_compat.h +EXHEADER= modes.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +cbc128.o: cbc128.c modes.h +cfb128.o: cfb128.c modes.h +ctr128.o: ctr128.c modes.h +cts128.o: cts128.c modes.h +ofb128.o: modes.h ofb128.c diff --git a/lib/libssl/src/crypto/modes/cbc128.c b/lib/libssl/src/crypto/modes/cbc128.c new file mode 100644 index 00000000000..8f8bd563b96 --- /dev/null +++ b/lib/libssl/src/crypto/modes/cbc128.c @@ -0,0 +1,206 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +#define STRICT_ALIGNMENT 1 +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +# define STRICT_ALIGNMENT 0 +#endif + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ + size_t n; + const unsigned char *iv = ivec; + + assert(in && out && key && ivec); + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (STRICT_ALIGNMENT && + ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { + while (len>=16) { + for(n=0; n<16; ++n) + out[n] = in[n] ^ iv[n]; + (*block)(out, out, key); + iv = out; + len -= 16; + in += 16; + out += 16; + } + } else { + while (len>=16) { + for(n=0; n<16; n+=sizeof(size_t)) + *(size_t*)(out+n) = + *(size_t*)(in+n) ^ *(size_t*)(iv+n); + (*block)(out, out, key); + iv = out; + len -= 16; + in += 16; + out += 16; + } + } +#endif + while (len) { + for(n=0; n<16 && n<len; ++n) + out[n] = in[n] ^ iv[n]; + for(; n<16; ++n) + out[n] = iv[n]; + (*block)(out, out, key); + iv = out; + if (len<=16) break; + len -= 16; + in += 16; + out += 16; + } + memcpy(ivec,iv,16); +} + +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ + size_t n; + union { size_t align; unsigned char c[16]; } tmp; + + assert(in && out && key && ivec); + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (in != out) { + const unsigned char *iv = ivec; + + if (STRICT_ALIGNMENT && + ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { + while (len>=16) { + (*block)(in, out, key); + for(n=0; n<16; ++n) + out[n] ^= iv[n]; + iv = in; + len -= 16; + in += 16; + out += 16; + } + } + else { + while (len>=16) { + (*block)(in, out, key); + for(n=0; n<16; n+=sizeof(size_t)) + *(size_t *)(out+n) ^= *(size_t *)(iv+n); + iv = in; + len -= 16; + in += 16; + out += 16; + } + } + memcpy(ivec,iv,16); + } else { + if (STRICT_ALIGNMENT && + ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { + unsigned char c; + while (len>=16) { + (*block)(in, tmp.c, key); + for(n=0; n<16; ++n) { + c = in[n]; + out[n] = tmp.c[n] ^ ivec[n]; + ivec[n] = c; + } + len -= 16; + in += 16; + out += 16; + } + } + else { + size_t c; + while (len>=16) { + (*block)(in, tmp.c, key); + for(n=0; n<16; n+=sizeof(size_t)) { + c = *(size_t *)(in+n); + *(size_t *)(out+n) = + *(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n); + *(size_t *)(ivec+n) = c; + } + len -= 16; + in += 16; + out += 16; + } + } + } +#endif + while (len) { + unsigned char c; + (*block)(in, tmp.c, key); + for(n=0; n<16 && n<len; ++n) { + c = in[n]; + out[n] = tmp.c[n] ^ ivec[n]; + ivec[n] = c; + } + if (len<=16) { + for (; n<16; ++n) + ivec[n] = in[n]; + break; + } + len -= 16; + in += 16; + out += 16; + } +} diff --git a/lib/libssl/src/crypto/modes/cfb128.c b/lib/libssl/src/crypto/modes/cfb128.c new file mode 100644 index 00000000000..e5938c6137c --- /dev/null +++ b/lib/libssl/src/crypto/modes/cfb128.c @@ -0,0 +1,249 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +#define STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +#endif + +/* The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + unsigned int n; + size_t l = 0; + + assert(in && out && key && ivec && num); + + n = *num; + + if (enc) { +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = ivec[n] ^= *(in++); + --len; + n = (n+1) % 16; + } +#if defined(STRICT_ALIGNMENT) + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) { + *(size_t*)(out+n) = + *(size_t*)(ivec+n) ^= *(size_t*)(in+n); + } + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + out[n] = ivec[n] ^= in[n]; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l<len) { + if (n == 0) { + (*block)(ivec, ivec, key); + } + out[l] = ivec[n] ^= in[l]; + ++l; + n = (n+1) % 16; + } + *num = n; + } else { +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + unsigned char c; + *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c; + --len; + n = (n+1) % 16; + } +#if defined(STRICT_ALIGNMENT) + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) { + size_t t = *(size_t*)(in+n); + *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t; + *(size_t*)(ivec+n) = t; + } + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + unsigned char c; + out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l<len) { + unsigned char c; + if (n == 0) { + (*block)(ivec, ivec, key); + } + out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; + ++l; + n = (n+1) % 16; + } + *num=n; + } +} + +/* This expects a single block of size nbits for both in and out. Note that + it corrupts any extra bits in the last byte of out */ +static void cfbr_encrypt_block(const unsigned char *in,unsigned char *out, + int nbits,const void *key, + unsigned char ivec[16],int enc, + block128_f block) +{ + int n,rem,num; + unsigned char ovec[16*2 + 1]; /* +1 because we dererefence (but don't use) one byte off the end */ + + if (nbits<=0 || nbits>128) return; + + /* fill in the first half of the new IV with the current IV */ + memcpy(ovec,ivec,16); + /* construct the new IV */ + (*block)(ivec,ivec,key); + num = (nbits+7)/8; + if (enc) /* encrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[16+n] = in[n] ^ ivec[n]); + else /* decrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[16+n] = in[n]) ^ ivec[n]; + /* shift ovec left... */ + rem = nbits%8; + num = nbits/8; + if(rem==0) + memcpy(ivec,ovec+num,16); + else + for(n=0 ; n < 16 ; ++n) + ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem); + + /* it is not necessary to cleanse ovec, since the IV is not secret */ +} + +/* N.B. This expects the input to be packed, MS bit first */ +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + size_t n; + unsigned char c[1],d[1]; + + assert(in && out && key && ivec && num); + assert(*num == 0); + + for(n=0 ; n<bits ; ++n) + { + c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; + cfbr_encrypt_block(c,d,1,key,ivec,enc,block); + out[n/8]=(out[n/8]&~(1 << (unsigned int)(7-n%8))) | + ((d[0]&0x80) >> (unsigned int)(n%8)); + } +} + +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + size_t n; + + assert(in && out && key && ivec && num); + assert(*num == 0); + + for(n=0 ; n<length ; ++n) + cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc,block); +} + diff --git a/lib/libssl/src/crypto/modes/ctr128.c b/lib/libssl/src/crypto/modes/ctr128.c new file mode 100644 index 00000000000..932037f5514 --- /dev/null +++ b/lib/libssl/src/crypto/modes/ctr128.c @@ -0,0 +1,184 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +typedef unsigned int u32; +typedef unsigned char u8; + +#define STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +#endif + +/* NOTE: the IV/counter CTR mode is big-endian. The code itself + * is endian-neutral. */ + +/* increment counter (128-bit int) by 1 */ +static void ctr128_inc(unsigned char *counter) { + u32 n=16; + u8 c; + + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) return; + } while (n); +} + +#if !defined(OPENSSL_SMALL_FOOTPRINT) +static void ctr128_inc_aligned(unsigned char *counter) { + size_t *data,c,n; + const union { long one; char little; } is_endian = {1}; + + if (is_endian.little) { + ctr128_inc(counter); + return; + } + + data = (size_t *)counter; + n = 16/sizeof(size_t); + do { + --n; + c = data[n]; + ++c; + data[n] = c; + if (c) return; + } while (n); +} +#endif + +/* The input encrypted as though 128bit counter mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num, and the + * encrypted counter is kept in ecount_buf. Both *num and + * ecount_buf must be initialised with zeros before the first + * call to CRYPTO_ctr128_encrypt(). + * + * This algorithm assumes that the counter is in the x lower bits + * of the IV (ivec), and that the application has full control over + * overflow and the rest of the IV. This implementation takes NO + * responsability for checking that the counter doesn't overflow + * into the rest of the IV when incremented. + */ +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, block128_f block) +{ + unsigned int n; + size_t l=0; + + assert(in && out && key && ecount_buf && num); + assert(*num < 16); + + n = *num; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = *(in++) ^ ecount_buf[n]; + --len; + n = (n+1) % 16; + } + +#if defined(STRICT_ALIGNMENT) + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ecount_buf, key); + ctr128_inc_aligned(ivec); + for (; n<16; n+=sizeof(size_t)) + *(size_t *)(out+n) = + *(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n); + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ecount_buf, key); + ctr128_inc_aligned(ivec); + while (len--) { + out[n] = in[n] ^ ecount_buf[n]; + ++n; + } + } + *num = n; + return; + } while(0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l<len) { + if (n==0) { + (*block)(ivec, ecount_buf, key); + ctr128_inc(ivec); + } + out[l] = in[l] ^ ecount_buf[n]; + ++l; + n = (n+1) % 16; + } + + *num=n; +} diff --git a/lib/libssl/src/crypto/modes/cts128.c b/lib/libssl/src/crypto/modes/cts128.c new file mode 100644 index 00000000000..e0430f9fdcb --- /dev/null +++ b/lib/libssl/src/crypto/modes/cts128.c @@ -0,0 +1,259 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +/* + * Trouble with Ciphertext Stealing, CTS, mode is that there is no + * common official specification, but couple of cipher/application + * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to + * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which + * deviates from mentioned RFCs. Most notably it allows input to be + * of block length and it doesn't flip the order of the last two + * blocks. CTS is being discussed even in ECB context, but it's not + * adopted for any known application. This implementation complies + * with mentioned RFCs and [as such] extends CBC mode. + */ + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ size_t residue, n; + + assert (in && out && key && ivec); + + if (len <= 16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= residue; + + CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block); + + in += len; + out += len; + + for (n=0; n<residue; ++n) + ivec[n] ^= in[n]; + (*block)(ivec,ivec,key); + memcpy(out,out-16,residue); + memcpy(out-16,ivec,16); + + return len+residue; +} + +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc) +{ size_t residue; + union { size_t align; unsigned char c[16]; } tmp; + + assert (in && out && key && ivec); + + if (len <= 16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= residue; + + (*cbc)(in,out,len,key,ivec,1); + + in += len; + out += len; + +#if defined(CBC_HANDLES_TRUNCATED_IO) + memcpy(tmp.c,out-16,16); + (*cbc)(in,out-16,residue,key,ivec,1); + memcpy(out,tmp.c,residue); +#else + { + size_t n; + for (n=0; n<16; n+=sizeof(size_t)) + *(size_t *)(tmp.c+n) = 0; + memcpy(tmp.c,in,residue); + } + memcpy(out,out-16,residue); + (*cbc)(tmp.c,out-16,16,key,ivec,1); +#endif + return len+residue; +} + +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ size_t residue, n; + union { size_t align; unsigned char c[32]; } tmp; + + assert (in && out && key && ivec); + + if (len<=16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= 16+residue; + + if (len) { + CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block); + in += len; + out += len; + } + + (*block)(in,tmp.c+16,key); + + for (n=0; n<16; n+=sizeof(size_t)) + *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n); + memcpy(tmp.c,in+16,residue); + (*block)(tmp.c,tmp.c,key); + + for(n=0; n<16; ++n) { + unsigned char c = in[n]; + out[n] = tmp.c[n] ^ ivec[n]; + ivec[n] = c; + } + for(residue+=16; n<residue; ++n) + out[n] = tmp.c[n] ^ in[n]; + + return len+residue-16; +} + +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc) +{ size_t residue, n; + union { size_t align; unsigned char c[32]; } tmp; + + assert (in && out && key && ivec); + + if (len<=16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= 16+residue; + + if (len) { + (*cbc)(in,out,len,key,ivec,0); + in += len; + out += len; + } + + for (n=16; n<32; n+=sizeof(size_t)) + *(size_t *)(tmp.c+n) = 0; + /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */ + (*cbc)(in,tmp.c,16,key,tmp.c+16,0); + + memcpy(tmp.c,in+16,residue); +#if defined(CBC_HANDLES_TRUNCATED_IO) + (*cbc)(tmp.c,out,16+residue,key,ivec,0); +#else + (*cbc)(tmp.c,tmp.c,32,key,ivec,0); + memcpy(out,tmp.c,16+residue); +#endif + return len+residue; +} + +#if defined(SELFTEST) +#include <stdio.h> +#include <openssl/aes.h> + +/* test vectors from RFC 3962 */ +static const unsigned char test_key[16] = "chicken teriyaki"; +static const unsigned char test_input[64] = + "I would like the" " General Gau's C" + "hicken, please, " "and wonton soup."; +static const unsigned char test_iv[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + +static const unsigned char vector_17[17] = +{0xc6,0x35,0x35,0x68,0xf2,0xbf,0x8c,0xb4, 0xd8,0xa5,0x80,0x36,0x2d,0xa7,0xff,0x7f, + 0x97}; +static const unsigned char vector_31[31] = +{0xfc,0x00,0x78,0x3e,0x0e,0xfd,0xb2,0xc1, 0xd4,0x45,0xd4,0xc8,0xef,0xf7,0xed,0x22, + 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5}; +static const unsigned char vector_32[32] = +{0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8, + 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84}; +static const unsigned char vector_47[47] = +{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, + 0xb3,0xff,0xfd,0x94,0x0c,0x16,0xa1,0x8c, 0x1b,0x55,0x49,0xd2,0xf8,0x38,0x02,0x9e, + 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5}; +static const unsigned char vector_48[48] = +{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, + 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8, + 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8}; +static const unsigned char vector_64[64] = +{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84, + 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8, + 0x48,0x07,0xef,0xe8,0x36,0xee,0x89,0xa5, 0x26,0x73,0x0d,0xbc,0x2f,0x7b,0xc8,0x40, + 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8}; + +static AES_KEY encks, decks; + +void test_vector(const unsigned char *vector,size_t len) +{ unsigned char cleartext[64]; + unsigned char iv[sizeof(test_iv)]; + unsigned char ciphertext[64]; + size_t tail; + + printf("vector_%d\n",len); fflush(stdout); + + if ((tail=len%16) == 0) tail = 16; + tail += 16; + + /* test block-based encryption */ + memcpy(iv,test_iv,sizeof(test_iv)); + CRYPTO_cts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt); + if (memcmp(ciphertext,vector,len)) + fprintf(stderr,"output_%d mismatch\n",len), exit(1); + if (memcmp(iv,vector+len-tail,sizeof(iv))) + fprintf(stderr,"iv_%d mismatch\n",len), exit(1); + + /* test block-based decryption */ + memcpy(iv,test_iv,sizeof(test_iv)); + CRYPTO_cts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt); + if (memcmp(cleartext,test_input,len)) + fprintf(stderr,"input_%d mismatch\n",len), exit(2); + if (memcmp(iv,vector+len-tail,sizeof(iv))) + fprintf(stderr,"iv_%d mismatch\n",len), exit(2); + + /* test streamed encryption */ + memcpy(iv,test_iv,sizeof(test_iv)); + CRYPTO_cts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt); + if (memcmp(ciphertext,vector,len)) + fprintf(stderr,"output_%d mismatch\n",len), exit(3); + if (memcmp(iv,vector+len-tail,sizeof(iv))) + fprintf(stderr,"iv_%d mismatch\n",len), exit(3); + + /* test streamed decryption */ + memcpy(iv,test_iv,sizeof(test_iv)); + CRYPTO_cts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt); + if (memcmp(cleartext,test_input,len)) + fprintf(stderr,"input_%d mismatch\n",len), exit(4); + if (memcmp(iv,vector+len-tail,sizeof(iv))) + fprintf(stderr,"iv_%d mismatch\n",len), exit(4); +} + +main() +{ + AES_set_encrypt_key(test_key,128,&encks); + AES_set_decrypt_key(test_key,128,&decks); + + test_vector(vector_17,sizeof(vector_17)); + test_vector(vector_31,sizeof(vector_31)); + test_vector(vector_32,sizeof(vector_32)); + test_vector(vector_47,sizeof(vector_47)); + test_vector(vector_48,sizeof(vector_48)); + test_vector(vector_64,sizeof(vector_64)); + exit(0); +} +#endif diff --git a/lib/libssl/src/crypto/modes/modes.h b/lib/libssl/src/crypto/modes/modes.h new file mode 100644 index 00000000000..af8d97d7958 --- /dev/null +++ b/lib/libssl/src/crypto/modes/modes.h @@ -0,0 +1,59 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include <stddef.h> + +typedef void (*block128_f)(const unsigned char in[16], + unsigned char out[16], + const void *key); + +typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, block128_f block); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); diff --git a/lib/libssl/src/crypto/modes/ofb128.c b/lib/libssl/src/crypto/modes/ofb128.c new file mode 100644 index 00000000000..c732e2ec58e --- /dev/null +++ b/lib/libssl/src/crypto/modes/ofb128.c @@ -0,0 +1,128 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "modes.h" +#include <string.h> + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include <assert.h> + +#define STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +#endif + +/* The input and output encrypted as though 128bit ofb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block) +{ + unsigned int n; + size_t l=0; + + assert(in && out && key && ivec && num); + + n = *num; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = *(in++) ^ ivec[n]; + --len; + n = (n+1) % 16; + } +#if defined(STRICT_ALIGNMENT) + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) + *(size_t*)(out+n) = + *(size_t*)(in+n) ^ *(size_t*)(ivec+n); + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + out[n] = in[n] ^ ivec[n]; + ++n; + } + } + *num = n; + return; + } while(0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l<len) { + if (n==0) { + (*block)(ivec, ivec, key); + } + out[l] = in[l] ^ ivec[n]; + ++l; + n = (n+1) % 16; + } + + *num=n; +} diff --git a/lib/libssl/src/crypto/o_str.c b/lib/libssl/src/crypto/o_str.c index 59cc25094b5..56104a6c34b 100644 --- a/lib/libssl/src/crypto/o_str.c +++ b/lib/libssl/src/crypto/o_str.c @@ -60,7 +60,9 @@ #include <e_os.h> #include "o_str.h" -#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32) +#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \ + !defined(OPENSSL_SYSNAME_WIN32) && \ + !defined(NETWARE_CLIB) # include <strings.h> #endif diff --git a/lib/libssl/src/crypto/objects/Makefile b/lib/libssl/src/crypto/objects/Makefile index 25e8b23b5d0..a8aedbd4228 100644 --- a/lib/libssl/src/crypto/objects/Makefile +++ b/lib/libssl/src/crypto/objects/Makefile @@ -18,23 +18,23 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c -LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o +LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c +LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o SRC= $(LIBSRC) EXHEADER= objects.h obj_mac.h -HEADER= $(EXHEADER) obj_dat.h +HEADER= $(EXHEADER) obj_dat.h obj_xref.h ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) -all: obj_dat.h lib +all: obj_dat.h obj_xref.h lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -46,6 +46,10 @@ obj_mac.h: objects.pl objects.txt obj_mac.num $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h @sleep 1; touch obj_mac.h; sleep 1 +obj_xref.h: objxref.pl obj_xref.txt obj_mac.num + $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h + @sleep 1; touch obj_xref.h; sleep 1 + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -117,3 +121,10 @@ obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h obj_lib.o: ../cryptlib.h obj_lib.c +obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +obj_xref.o: ../../include/openssl/opensslconf.h +obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h diff --git a/lib/libssl/src/crypto/objects/obj_xref.c b/lib/libssl/src/crypto/objects/obj_xref.c new file mode 100644 index 00000000000..152eca5c671 --- /dev/null +++ b/lib/libssl/src/crypto/objects/obj_xref.c @@ -0,0 +1,231 @@ +/* crypto/objects/obj_xref.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/objects.h> +#include "obj_xref.h" + +DECLARE_STACK_OF(nid_triple) +STACK_OF(nid_triple) *sig_app, *sigx_app; + +static int sig_cmp(const nid_triple *a, const nid_triple *b) + { + return a->sign_id - b->sign_id; + } + +DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig); + +static int sig_sk_cmp(const nid_triple * const *a, const nid_triple * const *b) + { + return (*a)->sign_id - (*b)->sign_id; + } + +DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx); + +static int sigx_cmp(const nid_triple * const *a, const nid_triple * const *b) + { + int ret; + ret = (*a)->hash_id - (*b)->hash_id; + if (ret) + return ret; + return (*a)->pkey_id - (*b)->pkey_id; + } + +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) + { + nid_triple tmp; + const nid_triple *rv = NULL; + tmp.sign_id = signid; + + if (sig_app) + { + int idx = sk_nid_triple_find(sig_app, &tmp); + if (idx >= 0) + rv = sk_nid_triple_value(sig_app, idx); + } + +#ifndef OBJ_XREF_TEST2 + if (rv == NULL) + { + rv = OBJ_bsearch_sig(&tmp, sigoid_srt, + sizeof(sigoid_srt) / sizeof(nid_triple)); + } +#endif + if (rv == NULL) + return 0; + *pdig_nid = rv->hash_id; + *ppkey_nid = rv->pkey_id; + return 1; + } + +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) + { + nid_triple tmp; + const nid_triple *t=&tmp; + const nid_triple **rv = NULL; + + tmp.hash_id = dig_nid; + tmp.pkey_id = pkey_nid; + + if (sigx_app) + { + int idx = sk_nid_triple_find(sigx_app, &tmp); + if (idx >= 0) + { + t = sk_nid_triple_value(sigx_app, idx); + rv = &t; + } + } + +#ifndef OBJ_XREF_TEST2 + if (rv == NULL) + { + rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, + sizeof(sigoid_srt_xref) / sizeof(nid_triple *) + ); + } +#endif + if (rv == NULL) + return 0; + *psignid = (*rv)->sign_id; + return 1; + } + +int OBJ_add_sigid(int signid, int dig_id, int pkey_id) + { + nid_triple *ntr; + if (!sig_app) + sig_app = sk_nid_triple_new(sig_sk_cmp); + if (!sig_app) + return 0; + if (!sigx_app) + sigx_app = sk_nid_triple_new(sigx_cmp); + if (!sigx_app) + return 0; + ntr = OPENSSL_malloc(sizeof(int) * 3); + if (!ntr) + return 0; + ntr->sign_id = signid; + ntr->hash_id = dig_id; + ntr->pkey_id = pkey_id; + + if (!sk_nid_triple_push(sig_app, ntr)) + { + OPENSSL_free(ntr); + return 0; + } + + if (!sk_nid_triple_push(sigx_app, ntr)) + return 0; + + sk_nid_triple_sort(sig_app); + sk_nid_triple_sort(sigx_app); + + return 1; + } + +static void sid_free(nid_triple *tt) + { + OPENSSL_free(tt); + } + +void OBJ_sigid_free(void) + { + if (sig_app) + { + sk_nid_triple_pop_free(sig_app, sid_free); + sig_app = NULL; + } + if (sigx_app) + { + sk_nid_triple_free(sigx_app); + sigx_app = NULL; + } + } + +#ifdef OBJ_XREF_TEST + +main() + { + int n1, n2, n3; + + int i, rv; +#ifdef OBJ_XREF_TEST2 + for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) + { + OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], + sigoid_srt[i][2]); + } +#endif + + for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) + { + n1 = sigoid_srt[i][0]; + rv = OBJ_find_sigid_algs(n1, &n2, &n3); + printf("Forward: %d, %s %s %s\n", rv, + OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); + n1=0; + rv = OBJ_find_sigid_by_algs(&n1, n2, n3); + printf("Reverse: %d, %s %s %s\n", rv, + OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); + } + } + +#endif diff --git a/lib/libssl/src/crypto/objects/obj_xref.h b/lib/libssl/src/crypto/objects/obj_xref.h new file mode 100644 index 00000000000..d5b9b8e1983 --- /dev/null +++ b/lib/libssl/src/crypto/objects/obj_xref.h @@ -0,0 +1,75 @@ +/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ + +typedef struct + { + int sign_id; + int hash_id; + int pkey_id; + } nid_triple; + +static const nid_triple sigoid_srt[] = + { + {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, + {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, + {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, + {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, + {NID_dsaWithSHA, NID_sha, NID_dsa}, + {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, + {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, + {NID_md5WithRSA, NID_md5, NID_rsa}, + {NID_dsaWithSHA1, NID_sha1, NID_dsa}, + {NID_sha1WithRSA, NID_sha1, NID_rsa}, + {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, + {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, + {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, + {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, + {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, + {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, + {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, + {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, + {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, + {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, + {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001}, + {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94}, + {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc}, + {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc}, + }; + +static const nid_triple * const sigoid_srt_xref[] = + { + &sigoid_srt[17], + &sigoid_srt[18], + &sigoid_srt[0], + &sigoid_srt[1], + &sigoid_srt[7], + &sigoid_srt[2], + &sigoid_srt[4], + &sigoid_srt[3], + &sigoid_srt[9], + &sigoid_srt[5], + &sigoid_srt[8], + &sigoid_srt[12], + &sigoid_srt[6], + &sigoid_srt[10], + &sigoid_srt[11], + &sigoid_srt[13], + &sigoid_srt[24], + &sigoid_srt[20], + &sigoid_srt[14], + &sigoid_srt[21], + &sigoid_srt[15], + &sigoid_srt[22], + &sigoid_srt[16], + &sigoid_srt[23], + &sigoid_srt[19], + &sigoid_srt[25], + &sigoid_srt[26], + &sigoid_srt[27], + &sigoid_srt[28], + }; + diff --git a/lib/libssl/src/crypto/objects/obj_xref.txt b/lib/libssl/src/crypto/objects/obj_xref.txt new file mode 100644 index 00000000000..e45b3d34b9b --- /dev/null +++ b/lib/libssl/src/crypto/objects/obj_xref.txt @@ -0,0 +1,42 @@ +# OID cross reference table. +# Links signatures OIDs to their corresponding public key algorithms +# and digests. + +md2WithRSAEncryption md2 rsaEncryption +md5WithRSAEncryption md5 rsaEncryption +shaWithRSAEncryption sha rsaEncryption +sha1WithRSAEncryption sha1 rsaEncryption +md4WithRSAEncryption md4 rsaEncryption +sha256WithRSAEncryption sha256 rsaEncryption +sha384WithRSAEncryption sha384 rsaEncryption +sha512WithRSAEncryption sha512 rsaEncryption +sha224WithRSAEncryption sha224 rsaEncryption +mdc2WithRSA mdc2 rsaEncryption +ripemd160WithRSA ripemd160 rsaEncryption + +# Alternative deprecated OIDs. By using the older "rsa" OID this +# type will be recognized by not normally used. + +md5WithRSA md5 rsa +sha1WithRSA sha1 rsa + +dsaWithSHA sha dsa +dsaWithSHA1 sha1 dsa + +dsaWithSHA1_2 sha1 dsa_2 + +ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey +ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey +ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey +ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey +ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey +ecdsa_with_Recommended undef X9_62_id_ecPublicKey +ecdsa_with_Specified undef X9_62_id_ecPublicKey + +dsa_with_SHA224 sha224 dsa +dsa_with_SHA256 sha256 dsa + +id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001 +id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94 +id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc +id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc diff --git a/lib/libssl/src/crypto/objects/objxref.pl b/lib/libssl/src/crypto/objects/objxref.pl new file mode 100644 index 00000000000..731d3ae22c2 --- /dev/null +++ b/lib/libssl/src/crypto/objects/objxref.pl @@ -0,0 +1,107 @@ +#!/usr/local/bin/perl + +use strict; + +my %xref_tbl; +my %oid_tbl; + +my ($mac_file, $xref_file) = @ARGV; + +open(IN, $mac_file) || die "Can't open $mac_file"; + +# Read in OID nid values for a lookup table. + +while (<IN>) + { + chomp; + my ($name, $num) = /^(\S+)\s+(\S+)$/; + $oid_tbl{$name} = $num; + } +close IN; + +open(IN, $xref_file) || die "Can't open $xref_file"; + +my $ln = 1; + +while (<IN>) + { + chomp; + s/#.*$//; + next if (/^\S*$/); + my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/; + check_oid($xr); + check_oid($p1); + check_oid($p2); + $xref_tbl{$xr} = [$p1, $p2, $ln]; + } + +my @xrkeys = keys %xref_tbl; + +my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys; + +for(my $i = 0; $i <= $#srt1; $i++) + { + $xref_tbl{$srt1[$i]}[2] = $i; + } + +my @srt2 = sort + { + my$ap1 = $oid_tbl{$xref_tbl{$a}[0]}; + my$bp1 = $oid_tbl{$xref_tbl{$b}[0]}; + return $ap1 - $bp1 if ($ap1 != $bp1); + my$ap2 = $oid_tbl{$xref_tbl{$a}[1]}; + my$bp2 = $oid_tbl{$xref_tbl{$b}[1]}; + + return $ap2 - $bp2; + } @xrkeys; + +my $pname = $0; + +$pname =~ s|^.[^/]/||; + +print <<EOF; +/* AUTOGENERATED BY $pname, DO NOT EDIT */ + +typedef struct + { + int sign_id; + int hash_id; + int pkey_id; + } nid_triple; + +static const nid_triple sigoid_srt[] = + { +EOF + +foreach (@srt1) + { + my $xr = $_; + my ($p1, $p2) = @{$xref_tbl{$_}}; + print "\t{NID_$xr, NID_$p1, NID_$p2},\n"; + } + +print "\t};"; +print <<EOF; + + +static const nid_triple * const sigoid_srt_xref[] = + { +EOF + +foreach (@srt2) + { + my $x = $xref_tbl{$_}[2]; + print "\t\&sigoid_srt\[$x\],\n"; + } + +print "\t};\n\n"; + +sub check_oid + { + my ($chk) = @_; + if (!exists $oid_tbl{$chk}) + { + die "Not Found \"$chk\"\n"; + } + } + diff --git a/lib/libssl/src/crypto/ocsp/Makefile b/lib/libssl/src/crypto/ocsp/Makefile index 30a00b33726..60c414cf4da 100644 --- a/lib/libssl/src/crypto/ocsp/Makefile +++ b/lib/libssl/src/crypto/ocsp/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -82,10 +82,9 @@ ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_asn.o: ../../include/openssl/opensslconf.h +ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -98,25 +97,24 @@ ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_cl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c +ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_cl.o: ../cryptlib.h ocsp_cl.c ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_err.o: ../../include/openssl/opensslconf.h +ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -129,9 +127,9 @@ ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h +ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_ext.o: ../../include/openssl/opensslconf.h ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -144,22 +142,21 @@ ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ht.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_ht.o: ocsp_ht.c +ocsp_ht.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_ht.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_ht.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ocsp_ht.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h -ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ocsp_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ocsp_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ocsp_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -174,10 +171,9 @@ ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_prn.o: ../../include/openssl/opensslconf.h +ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -191,9 +187,9 @@ ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_srv.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h +ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_srv.o: ../../include/openssl/opensslconf.h ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -206,10 +202,9 @@ ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_vfy.o: ../../include/openssl/opensslconf.h +ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libssl/src/crypto/pem/Makefile b/lib/libssl/src/crypto/pem/Makefile index 669f36612c4..2cc7801529e 100644 --- a/lib/libssl/src/crypto/pem/Makefile +++ b/lib/libssl/src/crypto/pem/Makefile @@ -18,10 +18,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \ - pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c + pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \ - pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o + pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o SRC= $(LIBSRC) @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -83,39 +83,36 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_all.o: ../cryptlib.h pem_all.c +pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_err.o: pem_err.c +pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c pem_info.o: ../../e_os.h ../../include/openssl/asn1.h pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_info.o: ../../include/openssl/opensslconf.h +pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h @@ -128,8 +125,8 @@ pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -139,43 +136,43 @@ pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c +pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pem_lib.o: pem_lib.c pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_oth.o: ../cryptlib.h pem_oth.c +pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c +pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h +pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_pk8.o: ../cryptlib.h pem_pk8.c pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -184,15 +181,16 @@ pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c +pem_pkey.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pem_pkey.o: pem_pkey.c pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_seal.o: ../../include/openssl/opensslconf.h pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -205,9 +203,9 @@ pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_sign.o: ../../include/openssl/opensslconf.h pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -220,9 +218,9 @@ pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_x509.o: ../../include/openssl/opensslconf.h pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -234,12 +232,27 @@ pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_xaux.o: ../../include/openssl/opensslconf.h pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c +pvkfmt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +pvkfmt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +pvkfmt.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +pvkfmt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pvkfmt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pvkfmt.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pvkfmt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pvkfmt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pvkfmt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pvkfmt.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +pvkfmt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +pvkfmt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pvkfmt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pvkfmt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pvkfmt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pvkfmt.c diff --git a/lib/libssl/src/crypto/pem/pvkfmt.c b/lib/libssl/src/crypto/pem/pvkfmt.c new file mode 100644 index 00000000000..d998a67fa52 --- /dev/null +++ b/lib/libssl/src/crypto/pem/pvkfmt.c @@ -0,0 +1,942 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB + * and PRIVATEKEYBLOB). + */ + +#include "cryptlib.h" +#include <openssl/pem.h> +#include <openssl/rand.h> +#include <openssl/bn.h> +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) +#include <openssl/dsa.h> +#include <openssl/rsa.h> + +/* Utility function: read a DWORD (4 byte unsigned integer) in little endian + * format + */ + +static unsigned int read_ledword(const unsigned char **in) + { + const unsigned char *p = *in; + unsigned int ret; + ret = *p++; + ret |= (*p++ << 8); + ret |= (*p++ << 16); + ret |= (*p++ << 24); + *in = p; + return ret; + } + +/* Read a BIGNUM in little endian format. The docs say that this should take up + * bitlen/8 bytes. + */ + +static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) + { + const unsigned char *p; + unsigned char *tmpbuf, *q; + unsigned int i; + p = *in + nbyte - 1; + tmpbuf = OPENSSL_malloc(nbyte); + if (!tmpbuf) + return 0; + q = tmpbuf; + for (i = 0; i < nbyte; i++) + *q++ = *p--; + *r = BN_bin2bn(tmpbuf, nbyte, NULL); + OPENSSL_free(tmpbuf); + if (*r) + { + *in += nbyte; + return 1; + } + else + return 0; + } + + +/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ + +#define MS_PUBLICKEYBLOB 0x6 +#define MS_PRIVATEKEYBLOB 0x7 +#define MS_RSA1MAGIC 0x31415352L +#define MS_RSA2MAGIC 0x32415352L +#define MS_DSS1MAGIC 0x31535344L +#define MS_DSS2MAGIC 0x32535344L + +#define MS_KEYALG_RSA_KEYX 0xa400 +#define MS_KEYALG_DSS_SIGN 0x2200 + +#define MS_KEYTYPE_KEYX 0x1 +#define MS_KEYTYPE_SIGN 0x2 + +/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ +#define MS_PVKMAGIC 0xb0b5f11eL +/* Salt length for PVK files */ +#define PVK_SALTLEN 0x10 + +static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); +static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); + +static int do_blob_header(const unsigned char **in, unsigned int length, + unsigned int *pmagic, unsigned int *pbitlen, + int *pisdss, int *pispub) + { + const unsigned char *p = *in; + if (length < 16) + return 0; + /* bType */ + if (*p == MS_PUBLICKEYBLOB) + { + if (*pispub == 0) + { + PEMerr(PEM_F_DO_BLOB_HEADER, + PEM_R_EXPECTING_PRIVATE_KEY_BLOB); + return 0; + } + *pispub = 1; + } + else if (*p == MS_PRIVATEKEYBLOB) + { + if (*pispub == 1) + { + PEMerr(PEM_F_DO_BLOB_HEADER, + PEM_R_EXPECTING_PUBLIC_KEY_BLOB); + return 0; + } + *pispub = 0; + } + else + return 0; + p++; + /* Version */ + if (*p++ != 0x2) + { + PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER); + return 0; + } + /* Ignore reserved, aiKeyAlg */ + p+= 6; + *pmagic = read_ledword(&p); + *pbitlen = read_ledword(&p); + *pisdss = 0; + switch (*pmagic) + { + + case MS_DSS1MAGIC: + *pisdss = 1; + case MS_RSA1MAGIC: + if (*pispub == 0) + { + PEMerr(PEM_F_DO_BLOB_HEADER, + PEM_R_EXPECTING_PRIVATE_KEY_BLOB); + return 0; + } + break; + + case MS_DSS2MAGIC: + *pisdss = 1; + case MS_RSA2MAGIC: + if (*pispub == 1) + { + PEMerr(PEM_F_DO_BLOB_HEADER, + PEM_R_EXPECTING_PUBLIC_KEY_BLOB); + return 0; + } + break; + + default: + PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER); + return -1; + } + *in = p; + return 1; + } + +static unsigned int blob_length(unsigned bitlen, int isdss, int ispub) + { + unsigned int nbyte, hnbyte; + nbyte = (bitlen + 7) >> 3; + hnbyte = (bitlen + 15) >> 4; + if (isdss) + { + + /* Expected length: 20 for q + 3 components bitlen each + 24 + * for seed structure. + */ + if (ispub) + return 44 + 3 * nbyte; + /* Expected length: 20 for q, priv, 2 bitlen components + 24 + * for seed structure. + */ + else + return 64 + 2 * nbyte; + } + else + { + /* Expected length: 4 for 'e' + 'n' */ + if (ispub) + return 4 + nbyte; + else + /* Expected length: 4 for 'e' and 7 other components. + * 2 components are bitlen size, 5 are bitlen/2 + */ + return 4 + 2*nbyte + 5*hnbyte; + } + + } + +static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, + int ispub) + { + const unsigned char *p = *in; + unsigned int bitlen, magic; + int isdss; + if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) + { + PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); + return NULL; + } + length -= 16; + if (length < blob_length(bitlen, isdss, ispub)) + { + PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT); + return NULL; + } + if (isdss) + return b2i_dss(&p, length, bitlen, ispub); + else + return b2i_rsa(&p, length, bitlen, ispub); + } + +static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) + { + const unsigned char *p; + unsigned char hdr_buf[16], *buf = NULL; + unsigned int bitlen, magic, length; + int isdss; + EVP_PKEY *ret = NULL; + if (BIO_read(in, hdr_buf, 16) != 16) + { + PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); + return NULL; + } + p = hdr_buf; + if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) + return NULL; + + length = blob_length(bitlen, isdss, ispub); + buf = OPENSSL_malloc(length); + if (!buf) + { + PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } + p = buf; + if (BIO_read(in, buf, length) != (int)length) + { + PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); + goto err; + } + + if (isdss) + ret = b2i_dss(&p, length, bitlen, ispub); + else + ret = b2i_rsa(&p, length, bitlen, ispub); + + err: + if (buf) + OPENSSL_free(buf); + return ret; + } + +static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub) + { + const unsigned char *p = *in; + EVP_PKEY *ret = NULL; + DSA *dsa = NULL; + BN_CTX *ctx = NULL; + unsigned int nbyte; + nbyte = (bitlen + 7) >> 3; + + dsa = DSA_new(); + ret = EVP_PKEY_new(); + if (!dsa || !ret) + goto memerr; + if (!read_lebn(&p, nbyte, &dsa->p)) + goto memerr; + if (!read_lebn(&p, 20, &dsa->q)) + goto memerr; + if (!read_lebn(&p, nbyte, &dsa->g)) + goto memerr; + if (ispub) + { + if (!read_lebn(&p, nbyte, &dsa->pub_key)) + goto memerr; + } + else + { + if (!read_lebn(&p, 20, &dsa->priv_key)) + goto memerr; + /* Calculate public key */ + if (!(dsa->pub_key = BN_new())) + goto memerr; + if (!(ctx = BN_CTX_new())) + goto memerr; + + if (!BN_mod_exp(dsa->pub_key, dsa->g, + dsa->priv_key, dsa->p, ctx)) + + goto memerr; + BN_CTX_free(ctx); + } + + EVP_PKEY_set1_DSA(ret, dsa); + DSA_free(dsa); + *in = p; + return ret; + + memerr: + PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); + if (dsa) + DSA_free(dsa); + if (ret) + EVP_PKEY_free(ret); + if (ctx) + BN_CTX_free(ctx); + return NULL; + } + +static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub) + + { + const unsigned char *p = *in; + EVP_PKEY *ret = NULL; + RSA *rsa = NULL; + unsigned int nbyte, hnbyte; + nbyte = (bitlen + 7) >> 3; + hnbyte = (bitlen + 15) >> 4; + rsa = RSA_new(); + ret = EVP_PKEY_new(); + if (!rsa || !ret) + goto memerr; + rsa->e = BN_new(); + if (!rsa->e) + goto memerr; + if (!BN_set_word(rsa->e, read_ledword(&p))) + goto memerr; + if (!read_lebn(&p, nbyte, &rsa->n)) + goto memerr; + if (!ispub) + { + if (!read_lebn(&p, hnbyte, &rsa->p)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->q)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->dmp1)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->dmq1)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->iqmp)) + goto memerr; + if (!read_lebn(&p, nbyte, &rsa->d)) + goto memerr; + } + + EVP_PKEY_set1_RSA(ret, rsa); + RSA_free(rsa); + *in = p; + return ret; + memerr: + PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); + if (rsa) + RSA_free(rsa); + if (ret) + EVP_PKEY_free(ret); + return NULL; + } + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length) + { + return do_b2i(in, length, 0); + } + +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length) + { + return do_b2i(in, length, 1); + } + + +EVP_PKEY *b2i_PrivateKey_bio(BIO *in) + { + return do_b2i_bio(in, 0); + } + +EVP_PKEY *b2i_PublicKey_bio(BIO *in) + { + return do_b2i_bio(in, 1); + } + +static void write_ledword(unsigned char **out, unsigned int dw) + { + unsigned char *p = *out; + *p++ = dw & 0xff; + *p++ = (dw>>8) & 0xff; + *p++ = (dw>>16) & 0xff; + *p++ = (dw>>24) & 0xff; + *out = p; + } + +static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) + { + int nb, i; + unsigned char *p = *out, *q, c; + nb = BN_num_bytes(bn); + BN_bn2bin(bn, p); + q = p + nb - 1; + /* In place byte order reversal */ + for (i = 0; i < nb/2; i++) + { + c = *p; + *p++ = *q; + *q-- = c; + } + *out += nb; + /* Pad with zeroes if we have to */ + if (len > 0) + { + len -= nb; + if (len > 0) + { + memset(*out, 0, len); + *out += len; + } + } + } + + +static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); +static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic); + +static void write_rsa(unsigned char **out, RSA *rsa, int ispub); +static void write_dsa(unsigned char **out, DSA *dsa, int ispub); + +static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) + { + unsigned char *p; + unsigned int bitlen, magic = 0, keyalg; + int outlen, noinc = 0; + if (pk->type == EVP_PKEY_DSA) + { + bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); + keyalg = MS_KEYALG_DSS_SIGN; + } + else if (pk->type == EVP_PKEY_RSA) + { + bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); + keyalg = MS_KEYALG_RSA_KEYX; + } + else + return -1; + if (bitlen == 0) + return -1; + outlen = 16 + blob_length(bitlen, + keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub); + if (out == NULL) + return outlen; + if (*out) + p = *out; + else + { + p = OPENSSL_malloc(outlen); + if (!p) + return -1; + *out = p; + noinc = 1; + } + if (ispub) + *p++ = MS_PUBLICKEYBLOB; + else + *p++ = MS_PRIVATEKEYBLOB; + *p++ = 0x2; + *p++ = 0; + *p++ = 0; + write_ledword(&p, keyalg); + write_ledword(&p, magic); + write_ledword(&p, bitlen); + if (keyalg == MS_KEYALG_DSS_SIGN) + write_dsa(&p, pk->pkey.dsa, ispub); + else + write_rsa(&p, pk->pkey.rsa, ispub); + if (!noinc) + *out += outlen; + return outlen; + } + +static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) + { + unsigned char *tmp = NULL; + int outlen, wrlen; + outlen = do_i2b(&tmp, pk, ispub); + if (outlen < 0) + return -1; + wrlen = BIO_write(out, tmp, outlen); + OPENSSL_free(tmp); + if (wrlen == outlen) + return outlen; + return -1; + } + +static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) + { + int bitlen; + bitlen = BN_num_bits(dsa->p); + if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) + || (BN_num_bits(dsa->g) > bitlen)) + goto badkey; + if (ispub) + { + if (BN_num_bits(dsa->pub_key) > bitlen) + goto badkey; + *pmagic = MS_DSS1MAGIC; + } + else + { + if (BN_num_bits(dsa->priv_key) > 160) + goto badkey; + *pmagic = MS_DSS2MAGIC; + } + + return bitlen; + badkey: + PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); + return 0; + } + +static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) + { + int nbyte, hnbyte, bitlen; + if (BN_num_bits(rsa->e) > 32) + goto badkey; + bitlen = BN_num_bits(rsa->n); + nbyte = BN_num_bytes(rsa->n); + hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; + if (ispub) + { + *pmagic = MS_RSA1MAGIC; + return bitlen; + } + else + { + *pmagic = MS_RSA2MAGIC; + /* For private key each component must fit within nbyte or + * hnbyte. + */ + if (BN_num_bytes(rsa->d) > nbyte) + goto badkey; + if ((BN_num_bytes(rsa->iqmp) > hnbyte) + || (BN_num_bytes(rsa->p) > hnbyte) + || (BN_num_bytes(rsa->q) > hnbyte) + || (BN_num_bytes(rsa->dmp1) > hnbyte) + || (BN_num_bytes(rsa->dmq1) > hnbyte)) + goto badkey; + } + return bitlen; + badkey: + PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); + return 0; + } + + +static void write_rsa(unsigned char **out, RSA *rsa, int ispub) + { + int nbyte, hnbyte; + nbyte = BN_num_bytes(rsa->n); + hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; + write_lebn(out, rsa->e, 4); + write_lebn(out, rsa->n, -1); + if (ispub) + return; + write_lebn(out, rsa->p, hnbyte); + write_lebn(out, rsa->q, hnbyte); + write_lebn(out, rsa->dmp1, hnbyte); + write_lebn(out, rsa->dmq1, hnbyte); + write_lebn(out, rsa->iqmp, hnbyte); + write_lebn(out, rsa->d, nbyte); + } + + +static void write_dsa(unsigned char **out, DSA *dsa, int ispub) + { + int nbyte; + nbyte = BN_num_bytes(dsa->p); + write_lebn(out, dsa->p, nbyte); + write_lebn(out, dsa->q, 20); + write_lebn(out, dsa->g, nbyte); + if (ispub) + write_lebn(out, dsa->pub_key, nbyte); + else + write_lebn(out, dsa->priv_key, 20); + /* Set "invalid" for seed structure values */ + memset(*out, 0xff, 24); + *out += 24; + return; + } + + +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk) + { + return do_i2b_bio(out, pk, 0); + } + +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk) + { + return do_i2b_bio(out, pk, 1); + } + +#ifndef OPENSSL_NO_RC4 + +static int do_PVK_header(const unsigned char **in, unsigned int length, + int skip_magic, + unsigned int *psaltlen, unsigned int *pkeylen) + + { + const unsigned char *p = *in; + unsigned int pvk_magic, keytype, is_encrypted; + if (skip_magic) + { + if (length < 20) + { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); + return 0; + } + length -= 20; + } + else + { + if (length < 24) + { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); + return 0; + } + length -= 24; + pvk_magic = read_ledword(&p); + if (pvk_magic != MS_PVKMAGIC) + { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); + return 0; + } + } + /* Skip reserved */ + p += 4; + keytype = read_ledword(&p); + is_encrypted = read_ledword(&p); + *psaltlen = read_ledword(&p); + *pkeylen = read_ledword(&p); + + if (is_encrypted && !*psaltlen) + { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); + return 0; + } + + *in = p; + return 1; + } + +static int derive_pvk_key(unsigned char *key, + const unsigned char *salt, unsigned int saltlen, + const unsigned char *pass, int passlen) + { + EVP_MD_CTX mctx; + EVP_MD_CTX_init(&mctx); + EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL); + EVP_DigestUpdate(&mctx, salt, saltlen); + EVP_DigestUpdate(&mctx, pass, passlen); + EVP_DigestFinal_ex(&mctx, key, NULL); + EVP_MD_CTX_cleanup(&mctx); + return 1; + } + + +static EVP_PKEY *do_PVK_body(const unsigned char **in, + unsigned int saltlen, unsigned int keylen, + pem_password_cb *cb, void *u) + { + EVP_PKEY *ret = NULL; + const unsigned char *p = *in; + unsigned int magic; + unsigned char *enctmp = NULL, *q; + if (saltlen) + { + char psbuf[PEM_BUFSIZE]; + unsigned char keybuf[20]; + EVP_CIPHER_CTX cctx; + int enctmplen, inlen; + if (cb) + inlen=cb(psbuf,PEM_BUFSIZE,0,u); + else + inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); + if (inlen <= 0) + { + PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ); + return NULL; + } + enctmp = OPENSSL_malloc(keylen + 8); + if (!enctmp) + { + PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!derive_pvk_key(keybuf, p, saltlen, + (unsigned char *)psbuf, inlen)) + return NULL; + p += saltlen; + /* Copy BLOBHEADER across, decrypt rest */ + memcpy(enctmp, p, 8); + p += 8; + inlen = keylen - 8; + q = enctmp + 8; + EVP_CIPHER_CTX_init(&cctx); + EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); + EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); + EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen); + magic = read_ledword((const unsigned char **)&q); + if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) + { + q = enctmp + 8; + memset(keybuf + 5, 0, 11); + EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, + NULL); + OPENSSL_cleanse(keybuf, 20); + EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); + EVP_DecryptFinal_ex(&cctx, q + enctmplen, + &enctmplen); + magic = read_ledword((const unsigned char **)&q); + if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) + { + EVP_CIPHER_CTX_cleanup(&cctx); + PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); + goto err; + } + } + else + OPENSSL_cleanse(keybuf, 20); + EVP_CIPHER_CTX_cleanup(&cctx); + p = enctmp; + } + + ret = b2i_PrivateKey(&p, keylen); + err: + if (enctmp && saltlen) + OPENSSL_free(enctmp); + return ret; + } + + +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) + { + unsigned char pvk_hdr[24], *buf = NULL; + const unsigned char *p; + int buflen; + EVP_PKEY *ret = NULL; + unsigned int saltlen, keylen; + if (BIO_read(in, pvk_hdr, 24) != 24) + { + PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); + return NULL; + } + p = pvk_hdr; + + if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) + return 0; + buflen = (int) keylen + saltlen; + buf = OPENSSL_malloc(buflen); + if (!buf) + { + PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); + return 0; + } + p = buf; + if (BIO_read(in, buf, buflen) != buflen) + { + PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); + goto err; + } + ret = do_PVK_body(&p, saltlen, keylen, cb, u); + + err: + if (buf) + { + OPENSSL_cleanse(buf, buflen); + OPENSSL_free(buf); + } + return ret; + } + + + +static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, + pem_password_cb *cb, void *u) + { + int outlen = 24, noinc, pklen; + unsigned char *p, *salt = NULL; + if (enclevel) + outlen += PVK_SALTLEN; + pklen = do_i2b(NULL, pk, 0); + if (pklen < 0) + return -1; + outlen += pklen; + if (!out) + return outlen; + if (*out) + { + p = *out; + noinc = 0; + } + else + { + p = OPENSSL_malloc(outlen); + if (!p) + { + PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE); + return -1; + } + *out = p; + noinc = 1; + } + + write_ledword(&p, MS_PVKMAGIC); + write_ledword(&p, 0); + if (pk->type == EVP_PKEY_DSA) + write_ledword(&p, MS_KEYTYPE_SIGN); + else + write_ledword(&p, MS_KEYTYPE_KEYX); + write_ledword(&p, enclevel ? 1 : 0); + write_ledword(&p, enclevel ? PVK_SALTLEN: 0); + write_ledword(&p, pklen); + if (enclevel) + { + if (RAND_bytes(p, PVK_SALTLEN) <= 0) + goto error; + salt = p; + p += PVK_SALTLEN; + } + do_i2b(&p, pk, 0); + if (enclevel == 0) + return outlen; + else + { + char psbuf[PEM_BUFSIZE]; + unsigned char keybuf[20]; + EVP_CIPHER_CTX cctx; + int enctmplen, inlen; + if (cb) + inlen=cb(psbuf,PEM_BUFSIZE,1,u); + else + inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u); + if (inlen <= 0) + { + PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ); + goto error; + } + if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, + (unsigned char *)psbuf, inlen)) + goto error; + if (enclevel == 1) + memset(keybuf + 5, 0, 11); + p = salt + PVK_SALTLEN + 8; + EVP_CIPHER_CTX_init(&cctx); + EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); + OPENSSL_cleanse(keybuf, 20); + EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8); + EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen); + EVP_CIPHER_CTX_cleanup(&cctx); + } + return outlen; + + error: + return -1; + } + +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u) + { + unsigned char *tmp = NULL; + int outlen, wrlen; + outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); + if (outlen < 0) + return -1; + wrlen = BIO_write(out, tmp, outlen); + OPENSSL_free(tmp); + if (wrlen == outlen) + { + PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); + return outlen; + } + return -1; + } + +#endif + +#endif diff --git a/lib/libssl/src/crypto/perlasm/ppc-xlate.pl b/lib/libssl/src/crypto/perlasm/ppc-xlate.pl new file mode 100755 index 00000000000..4579671c970 --- /dev/null +++ b/lib/libssl/src/crypto/perlasm/ppc-xlate.pl @@ -0,0 +1,152 @@ +#!/usr/bin/env perl + +# PowerPC assembler distiller by <appro>. + +my $flavour = shift; +my $output = shift; +open STDOUT,">$output" || die "can't open $output: $!"; + +my %GLOBALS; +my $dotinlocallabels=($flavour=~/linux/)?1:0; + +################################################################ +# directives which need special treatment on different platforms +################################################################ +my $globl = sub { + my $junk = shift; + my $name = shift; + my $global = \$GLOBALS{$name}; + my $ret; + + $name =~ s|^[\.\_]||; + + SWITCH: for ($flavour) { + /aix/ && do { $name = ".$name"; + last; + }; + /osx/ && do { $name = "_$name"; + last; + }; + /linux.*32/ && do { $ret .= ".globl $name\n"; + $ret .= ".type $name,\@function"; + last; + }; + /linux.*64/ && do { $ret .= ".globl .$name\n"; + $ret .= ".type .$name,\@function\n"; + $ret .= ".section \".opd\",\"aw\"\n"; + $ret .= ".globl $name\n"; + $ret .= ".align 3\n"; + $ret .= "$name:\n"; + $ret .= ".quad .$name,.TOC.\@tocbase,0\n"; + $ret .= ".size $name,24\n"; + $ret .= ".previous\n"; + + $name = ".$name"; + last; + }; + } + + $ret = ".globl $name" if (!$ret); + $$global = $name; + $ret; +}; +my $text = sub { + ($flavour =~ /aix/) ? ".csect" : ".text"; +}; +my $machine = sub { + my $junk = shift; + my $arch = shift; + if ($flavour =~ /osx/) + { $arch =~ s/\"//g; + $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any"); + } + ".machine $arch"; +}; +my $asciz = sub { + shift; + my $line = join(",",@_); + if ($line =~ /^"(.*)"$/) + { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } + else + { ""; } +}; + +################################################################ +# simplified mnemonics not handled by at least one assembler +################################################################ +my $cmplw = sub { + my $f = shift; + my $cr = 0; $cr = shift if ($#_>1); + # Some out-of-date 32-bit GNU assembler just can't handle cmplw... + ($flavour =~ /linux.*32/) ? + " .long ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 : + " cmplw ".join(',',$cr,@_); +}; +my $bdnz = sub { + my $f = shift; + my $bo = $f=~/[\+\-]/ ? 16+9 : 16; # optional "to be taken" hint + " bc $bo,0,".shift; +} if ($flavour!~/linux/); +my $bltlr = sub { + my $f = shift; + my $bo = $f=~/\-/ ? 12+2 : 12; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%x",19<<26|$bo<<21|16<<1 : + " bclr $bo,0"; +}; +my $bnelr = sub { + my $f = shift; + my $bo = $f=~/\-/ ? 4+2 : 4; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 : + " bclr $bo,2"; +}; +my $beqlr = sub { + my $f = shift; + my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 : + " bclr $bo,2"; +}; +# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two +# arguments is 64, with "operand out of range" error. +my $extrdi = sub { + my ($f,$ra,$rs,$n,$b) = @_; + $b = ($b+$n)&63; $n = 64-$n; + " rldicl $ra,$rs,$b,$n"; +}; + +while($line=<>) { + + $line =~ s|[#!;].*$||; # get rid of asm-style comments... + $line =~ s|/\*.*\*/||; # ... and C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|\s+$||; # ... and at the end + + { + $line =~ s|\b\.L(\w+)|L$1|g; # common denominator for Locallabel + $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels); + } + + { + $line =~ s|(^[\.\w]+)\:\s*||; + my $label = $1; + printf "%s:",($GLOBALS{$label} or $label) if ($label); + } + + { + $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||; + my $c = $1; $c = "\t" if ($c eq ""); + my $mnemonic = $2; + my $f = $3; + my $opcode = eval("\$$mnemonic"); + $line =~ s|\bc?[rf]([0-9]+)\b|$1|g if ($c ne "." and $flavour !~ /osx/); + if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); } + elsif ($mnemonic) { $line = $c.$mnemonic.$f."\t".$line; } + } + + print $line if ($line); + print "\n"; +} + +close STDOUT; diff --git a/lib/libssl/src/crypto/perlasm/x86gas.pl b/lib/libssl/src/crypto/perlasm/x86gas.pl new file mode 100644 index 00000000000..6eab727fd4e --- /dev/null +++ b/lib/libssl/src/crypto/perlasm/x86gas.pl @@ -0,0 +1,247 @@ +#!/usr/bin/env perl + +package x86gas; + +*out=\@::out; + +$::lbdecor=$::aout?"L":".L"; # local label decoration +$nmdecor=($::aout or $::coff)?"_":""; # external name decoration + +$initseg=""; + +$align=16; +$align=log($align)/log(2) if ($::aout); +$com_start="#" if ($::aout or $::coff); + +sub opsize() +{ my $reg=shift; + if ($reg =~ m/^%e/o) { "l"; } + elsif ($reg =~ m/^%[a-d][hl]$/o) { "b"; } + elsif ($reg =~ m/^%[xm]/o) { undef; } + else { "w"; } +} + +# swap arguments; +# expand opcode with size suffix; +# prefix numeric constants with $; +sub ::generic +{ my($opcode,@arg)=@_; + my($suffix,$dst,$src); + + @arg=reverse(@arg); + + for (@arg) + { s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o; # gp registers + s/^([xy]?mm[0-7])$/%$1/o; # xmm/mmx registers + s/^(\-?[0-9]+)$/\$$1/o; # constants + s/^(\-?0x[0-9a-f]+)$/\$$1/o; # constants + } + + $dst = $arg[$#arg] if ($#arg>=0); + $src = $arg[$#arg-1] if ($#arg>=1); + if ($dst =~ m/^%/o) { $suffix=&opsize($dst); } + elsif ($src =~ m/^%/o) { $suffix=&opsize($src); } + else { $suffix="l"; } + undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o); + + if ($#_==0) { &::emit($opcode); } + elsif ($opcode =~ m/^j/o && $#_==1) { &::emit($opcode,@arg); } + elsif ($opcode eq "call" && $#_==1) { &::emit($opcode,@arg); } + elsif ($opcode =~ m/^set/&& $#_==1) { &::emit($opcode,@arg); } + else { &::emit($opcode.$suffix,@arg);} + + 1; +} +# +# opcodes not covered by ::generic above, mostly inconsistent namings... +# +sub ::movzx { &::movzb(@_); } +sub ::pushfd { &::pushfl; } +sub ::popfd { &::popfl; } +sub ::cpuid { &::emit(".byte\t0x0f,0xa2"); } +sub ::rdtsc { &::emit(".byte\t0x0f,0x31"); } + +sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } +sub ::call_ptr { &::generic("call","*$_[0]"); } +sub ::jmp_ptr { &::generic("jmp","*$_[0]"); } + +*::bswap = sub { &::emit("bswap","%$_[0]"); } if (!$::i386); + +sub ::DWP +{ my($addr,$reg1,$reg2,$idx)=@_; + my $ret=""; + + $addr =~ s/^\s+//; + # prepend global references with optional underscore + $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige; + + $reg1 = "%$reg1" if ($reg1); + $reg2 = "%$reg2" if ($reg2); + + $ret .= $addr if (($addr ne "") && ($addr ne 0)); + + if ($reg2) + { $idx!= 0 or $idx=1; + $ret .= "($reg1,$reg2,$idx)"; + } + elsif ($reg1) + { $ret .= "($reg1)"; } + + $ret; +} +sub ::QWP { &::DWP(@_); } +sub ::BP { &::DWP(@_); } +sub ::BC { @_; } +sub ::DWC { @_; } + +sub ::file +{ push(@out,".file\t\"$_[0].s\"\n.text\n"); } + +sub ::function_begin_B +{ my $func=shift; + my $global=($func !~ /^_/); + my $begin="${::lbdecor}_${func}_begin"; + + &::LABEL($func,$global?"$begin":"$nmdecor$func"); + $func=$nmdecor.$func; + + push(@out,".globl\t$func\n") if ($global); + if ($::coff) + { push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); } + elsif (($::aout and !$::pic) or $::macosx) + { } + else + { push(@out,".type $func,\@function\n"); } + push(@out,".align\t$align\n"); + push(@out,"$func:\n"); + push(@out,"$begin:\n") if ($global); + $::stack=4; +} + +sub ::function_end_B +{ my $func=shift; + push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf); + $::stack=0; + &::wipe_labels(); +} + +sub ::comment + { + if (!defined($com_start) or $::elf) + { # Regarding $::elf above... + # GNU and SVR4 as'es use different comment delimiters, + push(@out,"\n"); # so we just skip ELF comments... + return; + } + foreach (@_) + { + if (/^\s*$/) + { push(@out,"\n"); } + else + { push(@out,"\t$com_start $_ $com_end\n"); } + } + } + +sub ::external_label +{ foreach(@_) { &::LABEL($_,$nmdecor.$_); } } + +sub ::public_label +{ push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } + +sub ::file_end +{ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) { + my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,4"; + if ($::elf) { push (@out,"$tmp,4\n"); } + else { push (@out,"$tmp\n"); } + } + if ($::macosx) + { if (%non_lazy_ptr) + { push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n"); + foreach $i (keys %non_lazy_ptr) + { push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n"); } + } + } + push(@out,$initseg) if ($initseg); +} + +sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); } +sub ::data_word { push(@out,".long\t".join(',',@_)."\n"); } + +sub ::align +{ my $val=$_[0],$p2,$i; + if ($::aout) + { for ($p2=0;$val!=0;$val>>=1) { $p2++; } + $val=$p2-1; + $val.=",0x90"; + } + push(@out,".align\t$val\n"); +} + +sub ::picmeup +{ my($dst,$sym,$base,$reflabel)=@_; + + if ($::pic && ($::elf || $::aout)) + { if (!defined($base)) + { &::call(&::label("PIC_me_up")); + &::set_label("PIC_me_up"); + &::blindpop($dst); + $base=$dst; + $reflabel=&::label("PIC_me_up"); + } + if ($::macosx) + { my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr"); + &::mov($dst,&::DWP("$indirect-$reflabel",$base)); + $non_lazy_ptr{"$nmdecor$sym"}=$indirect; + } + else + { &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]", + $base)); + &::mov($dst,&::DWP("$sym\@GOT",$dst)); + } + } + else + { &::lea($dst,&::DWP($sym)); } +} + +sub ::initseg +{ my $f=$nmdecor.shift; + + if ($::elf) + { $initseg.=<<___; +.section .init + call $f + jmp .Linitalign +.align $align +.Linitalign: +___ + } + elsif ($::coff) + { $initseg.=<<___; # applies to both Cygwin and Mingw +.section .ctors +.long $f +___ + } + elsif ($::macosx) + { $initseg.=<<___; +.mod_init_func +.align 2 +.long $f +___ + } + elsif ($::aout) + { my $ctor="${nmdecor}_GLOBAL_\$I\$$f"; + $initseg.=".text\n"; + $initseg.=".type $ctor,\@function\n" if ($::pic); + $initseg.=<<___; # OpenBSD way... +.globl $ctor +.align 2 +$ctor: + jmp $f +___ + } +} + +sub ::dataseg +{ push(@out,".data\n"); } + +1; diff --git a/lib/libssl/src/crypto/perlasm/x86masm.pl b/lib/libssl/src/crypto/perlasm/x86masm.pl new file mode 100644 index 00000000000..3d50e4a7865 --- /dev/null +++ b/lib/libssl/src/crypto/perlasm/x86masm.pl @@ -0,0 +1,184 @@ +#!/usr/bin/env perl + +package x86masm; + +*out=\@::out; + +$::lbdecor="\$L"; # local label decoration +$nmdecor="_"; # external name decoration + +$initseg=""; +$segment=""; + +sub ::generic +{ my ($opcode,@arg)=@_; + + # fix hexadecimal constants + for (@arg) { s/0x([0-9a-f]+)/0$1h/oi; } + + if ($opcode !~ /movq/) + { # fix xmm references + $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i); + $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); + } + + &::emit($opcode,@arg); + 1; +} +# +# opcodes not covered by ::generic above, mostly inconsistent namings... +# +sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } +sub ::call_ptr { &::emit("call",@_); } +sub ::jmp_ptr { &::emit("jmp",@_); } + +sub get_mem +{ my($size,$addr,$reg1,$reg2,$idx)=@_; + my($post,$ret); + + $ret .= "$size PTR " if ($size ne ""); + + $addr =~ s/^\s+//; + # prepend global references with optional underscore + $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige; + # put address arithmetic expression in parenthesis + $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/); + + if (($addr ne "") && ($addr ne 0)) + { if ($addr !~ /^-/) { $ret .= "$addr"; } + else { $post=$addr; } + } + $ret .= "["; + + if ($reg2 ne "") + { $idx!=0 or $idx=1; + $ret .= "$reg2*$idx"; + $ret .= "+$reg1" if ($reg1 ne ""); + } + else + { $ret .= "$reg1"; } + + $ret .= "$post]"; + $ret =~ s/\+\]/]/; # in case $addr was the only argument + $ret =~ s/\[\s*\]//; + + $ret; +} +sub ::BP { &get_mem("BYTE",@_); } +sub ::DWP { &get_mem("DWORD",@_); } +sub ::QWP { &get_mem("QWORD",@_); } +sub ::BC { "@_"; } +sub ::DWC { "@_"; } + +sub ::file +{ my $tmp=<<___; +TITLE $_[0].asm +IF \@Version LT 800 +ECHO MASM version 8.00 or later is strongly recommended. +ENDIF +.486 +.MODEL FLAT +OPTION DOTNAME +IF \@Version LT 800 +.text\$ SEGMENT PAGE 'CODE' +ELSE +.text\$ SEGMENT ALIGN(64) 'CODE' +ENDIF +___ + push(@out,$tmp); + $segment = ".text\$"; +} + +sub ::function_begin_B +{ my $func=shift; + my $global=($func !~ /^_/); + my $begin="${::lbdecor}_${func}_begin"; + + &::LABEL($func,$global?"$begin":"$nmdecor$func"); + $func="ALIGN\t16\n".$nmdecor.$func."\tPROC"; + + if ($global) { $func.=" PUBLIC\n${begin}::\n"; } + else { $func.=" PRIVATE\n"; } + push(@out,$func); + $::stack=4; +} +sub ::function_end_B +{ my $func=shift; + + push(@out,"$nmdecor$func ENDP\n"); + $::stack=0; + &::wipe_labels(); +} + +sub ::file_end +{ my $xmmheader=<<___; +.686 +.XMM +IF \@Version LT 800 +XMMWORD STRUCT 16 +DQ 2 dup (?) +XMMWORD ENDS +ENDIF +___ + if (grep {/\b[x]?mm[0-7]\b/i} @out) { + grep {s/\.[3-7]86/$xmmheader/} @out; + } + + push(@out,"$segment ENDS\n"); + + if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) + { my $comm=<<___; +.bss SEGMENT 'BSS' +COMM ${nmdecor}OPENSSL_ia32cap_P:DWORD +.bss ENDS +___ + # comment out OPENSSL_ia32cap_P declarations + grep {s/(^EXTERN\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; + push (@out,$comm); + } + push (@out,$initseg) if ($initseg); + push (@out,"END\n"); +} + +sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } } + +*::set_label_B = sub +{ my $l=shift; push(@out,$l.($l=~/^\Q${::lbdecor}\E[0-9]{3}/?":\n":"::\n")); }; + +sub ::external_label +{ foreach(@_) + { push(@out, "EXTERN\t".&::LABEL($_,$nmdecor.$_).":NEAR\n"); } +} + +sub ::public_label +{ push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } + +sub ::data_byte +{ push(@out,("DB\t").join(',',@_)."\n"); } + +sub ::data_word +{ push(@out,("DD\t").join(',',@_)."\n"); } + +sub ::align +{ push(@out,"ALIGN\t$_[0]\n"); } + +sub ::picmeup +{ my($dst,$sym)=@_; + &::lea($dst,&::DWP($sym)); +} + +sub ::initseg +{ my $f=$nmdecor.shift; + + $initseg.=<<___; +.CRT\$XCU SEGMENT DWORD PUBLIC 'DATA' +EXTERN $f:NEAR +DD $f +.CRT\$XCU ENDS +___ +} + +sub ::dataseg +{ push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA"; } + +1; diff --git a/lib/libssl/src/crypto/pkcs12/Makefile b/lib/libssl/src/crypto/pkcs12/Makefile index eed226b30d3..3a7498fe7ad 100644 --- a/lib/libssl/src/crypto/pkcs12/Makefile +++ b/lib/libssl/src/crypto/pkcs12/Makefile @@ -39,7 +39,7 @@ test: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -85,37 +85,36 @@ p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_add.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_add.o: ../cryptlib.h p12_add.c +p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_asn.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c +p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_asn.o: ../cryptlib.h p12_asn.c p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_attr.o: ../../include/openssl/opensslconf.h p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -127,9 +126,9 @@ p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_crpt.o: ../../include/openssl/opensslconf.h p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -141,23 +140,22 @@ p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_crt.o: ../cryptlib.h p12_crt.c +p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_decr.o: ../../include/openssl/opensslconf.h p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -169,9 +167,9 @@ p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_init.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_init.o: ../../include/openssl/opensslconf.h p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -184,22 +182,22 @@ p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c +p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_key.o: ../cryptlib.h p12_key.c p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_kiss.o: ../../include/openssl/opensslconf.h p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -211,10 +209,9 @@ p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_mutl.o: ../../include/openssl/opensslconf.h +p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -226,9 +223,8 @@ p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_npas.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_npas.o: ../../include/openssl/opensslconf.h +p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h @@ -241,53 +237,50 @@ p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8d.o: ../cryptlib.h p12_p8d.c +p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8e.o: ../cryptlib.h p12_p8e.c +p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_utl.o: ../cryptlib.h p12_utl.c +p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk12err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c +pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk12err.o: pk12err.c diff --git a/lib/libssl/src/crypto/pkcs7/Makefile b/lib/libssl/src/crypto/pkcs7/Makefile index 790d8edf36e..56dc6823d12 100644 --- a/lib/libssl/src/crypto/pkcs7/Makefile +++ b/lib/libssl/src/crypto/pkcs7/Makefile @@ -21,9 +21,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \ - pk7_mime.c + pk7_mime.c bio_pk7.c LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \ - pk7_mime.o + pk7_mime.o bio_pk7.o SRC= $(LIBSRC) @@ -54,7 +54,7 @@ verify: verify.o example.o lib $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -95,26 +95,31 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +bio_pk7.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_pk7.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bio_pk7.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_pk7.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +bio_pk7.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_pk7.o: ../../include/openssl/symhacks.h bio_pk7.c pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_asn1.o: ../../include/openssl/opensslconf.h +pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c -pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_attr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pk7_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pk7_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_attr.o: ../../include/openssl/opensslconf.h pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -129,9 +134,8 @@ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_doit.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_doit.o: ../../include/openssl/opensslconf.h +pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -143,22 +147,22 @@ pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c +pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_lib.o: ../asn1/asn1_locl.h ../cryptlib.h pk7_lib.c pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_mime.o: ../../include/openssl/opensslconf.h pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -171,8 +175,8 @@ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_smime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_smime.o: ../../include/openssl/objects.h pk7_smime.o: ../../include/openssl/opensslconf.h pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h diff --git a/lib/libssl/src/crypto/pkcs7/bio_pk7.c b/lib/libssl/src/crypto/pkcs7/bio_pk7.c new file mode 100644 index 00000000000..c8d06d6cdc8 --- /dev/null +++ b/lib/libssl/src/crypto/pkcs7/bio_pk7.c @@ -0,0 +1,69 @@ +/* bio_pk7.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include <openssl/asn1.h> +#include <openssl/pkcs7.h> +#include <openssl/bio.h> + +#ifndef OPENSSL_SYSNAME_NETWARE +#include <memory.h> +#endif +#include <stdio.h> + +/* Streaming encode support for PKCS#7 */ + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) + { + return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); + } diff --git a/lib/libssl/src/crypto/ppccpuid.pl b/lib/libssl/src/crypto/ppccpuid.pl index fe44ff07bc6..369e1d0df93 100755 --- a/lib/libssl/src/crypto/ppccpuid.pl +++ b/lib/libssl/src/crypto/ppccpuid.pl @@ -67,6 +67,8 @@ Loop: lwarx r5,0,r3 $CMPLI r4,7 li r0,0 bge Lot + $CMPLI r4,0 + beqlr- Little: mtctr r4 stb r0,0(r3) addi r3,r3,1 diff --git a/lib/libssl/src/crypto/pqueue/Makefile b/lib/libssl/src/crypto/pqueue/Makefile index 36bfc349aab..fb36a0c876e 100644 --- a/lib/libssl/src/crypto/pqueue/Makefile +++ b/lib/libssl/src/crypto/pqueue/Makefile @@ -22,7 +22,7 @@ LIBOBJ=pqueue.o SRC= $(LIBSRC) -EXHEADER= pqueue.h pq_compat.h +EXHEADER= pqueue.h HEADER= $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -79,6 +79,5 @@ pqueue.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pqueue.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pqueue.o: ../../include/openssl/pq_compat.h ../../include/openssl/safestack.h -pqueue.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pqueue.o: ../cryptlib.h pqueue.c pqueue.h +pqueue.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +pqueue.o: ../../include/openssl/symhacks.h ../cryptlib.h pqueue.c pqueue.h diff --git a/lib/libssl/src/crypto/pqueue/pqueue.c b/lib/libssl/src/crypto/pqueue/pqueue.c index 5cc18527f8d..99a6fb874dc 100644 --- a/lib/libssl/src/crypto/pqueue/pqueue.c +++ b/lib/libssl/src/crypto/pqueue/pqueue.c @@ -68,13 +68,12 @@ typedef struct _pqueue } pqueue_s; pitem * -pitem_new(PQ_64BIT priority, void *data) +pitem_new(unsigned char *prio64be, void *data) { pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem)); if (item == NULL) return NULL; - pq_64bit_init(&(item->priority)); - pq_64bit_assign(&item->priority, &priority); + memcpy(item->priority,prio64be,sizeof(item->priority)); item->data = data; item->next = NULL; @@ -87,7 +86,6 @@ pitem_free(pitem *item) { if (item == NULL) return; - pq_64bit_free(&(item->priority)); OPENSSL_free(item); } @@ -124,7 +122,10 @@ pqueue_insert(pqueue_s *pq, pitem *item) next != NULL; curr = next, next = next->next) { - if (pq_64bit_gt(&(next->priority), &(item->priority))) + /* we can compare 64-bit value in big-endian encoding + * with memcmp:-) */ + int cmp = memcmp(next->priority, item->priority,8); + if (cmp > 0) /* next > item */ { item->next = next; @@ -135,8 +136,8 @@ pqueue_insert(pqueue_s *pq, pitem *item) return item; } - /* duplicates not allowed */ - if (pq_64bit_eq(&(item->priority), &(next->priority))) + + else if (cmp == 0) /* duplicates not allowed */ return NULL; } @@ -164,7 +165,7 @@ pqueue_pop(pqueue_s *pq) } pitem * -pqueue_find(pqueue_s *pq, PQ_64BIT priority) +pqueue_find(pqueue_s *pq, unsigned char *prio64be) { pitem *next, *prev = NULL; pitem *found = NULL; @@ -175,7 +176,7 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority) for ( next = pq->items; next->next != NULL; prev = next, next = next->next) { - if ( pq_64bit_eq(&(next->priority), &priority)) + if ( memcmp(next->priority, prio64be,8) == 0) { found = next; break; @@ -183,7 +184,7 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority) } /* check the one last node */ - if ( pq_64bit_eq(&(next->priority), &priority)) + if ( memcmp(next->priority, prio64be,8) ==0) found = next; if ( ! found) @@ -199,7 +200,6 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority) return found; } -#if PQ_64BIT_IS_INTEGER void pqueue_print(pqueue_s *pq) { @@ -207,11 +207,14 @@ pqueue_print(pqueue_s *pq) while(item != NULL) { - printf("item\t" PQ_64BIT_PRINT "\n", item->priority); + printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n", + item->priority[0],item->priority[1], + item->priority[2],item->priority[3], + item->priority[4],item->priority[5], + item->priority[6],item->priority[7]); item = item->next; } } -#endif pitem * pqueue_iterator(pqueue_s *pq) @@ -234,3 +237,17 @@ pqueue_next(pitem **item) return ret; } + +int +pqueue_size(pqueue_s *pq) +{ + pitem *item = pq->items; + int count = 0; + + while(item != NULL) + { + count++; + item = item->next; + } + return count; +} diff --git a/lib/libssl/src/crypto/pqueue/pqueue.h b/lib/libssl/src/crypto/pqueue/pqueue.h index 02386d130e9..87fc9037c8f 100644 --- a/lib/libssl/src/crypto/pqueue/pqueue.h +++ b/lib/libssl/src/crypto/pqueue/pqueue.h @@ -64,20 +64,18 @@ #include <stdlib.h> #include <string.h> -#include <openssl/pq_compat.h> - typedef struct _pqueue *pqueue; typedef struct _pitem { - PQ_64BIT priority; + unsigned char priority[8]; /* 64-bit value in big-endian encoding */ void *data; struct _pitem *next; } pitem; typedef struct _pitem *piterator; -pitem *pitem_new(PQ_64BIT priority, void *data); +pitem *pitem_new(unsigned char *prio64be, void *data); void pitem_free(pitem *item); pqueue pqueue_new(void); @@ -86,10 +84,11 @@ void pqueue_free(pqueue pq); pitem *pqueue_insert(pqueue pq, pitem *item); pitem *pqueue_peek(pqueue pq); pitem *pqueue_pop(pqueue pq); -pitem *pqueue_find(pqueue pq, PQ_64BIT priority); +pitem *pqueue_find(pqueue pq, unsigned char *prio64be); pitem *pqueue_iterator(pqueue pq); pitem *pqueue_next(piterator *iter); void pqueue_print(pqueue pq); +int pqueue_size(pqueue pq); #endif /* ! HEADER_PQUEUE_H */ diff --git a/lib/libssl/src/crypto/rc2/Makefile b/lib/libssl/src/crypto/rc2/Makefile index 4b6292b65f5..73eac347e7f 100644 --- a/lib/libssl/src/crypto/rc2/Makefile +++ b/lib/libssl/src/crypto/rc2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -78,11 +78,7 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2_cbc.o: rc2_cbc.c rc2_locl.h rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h -rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h -rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2_skey.o: rc2_locl.h rc2_skey.c rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2cfb64.o: rc2_locl.h rc2cfb64.c diff --git a/lib/libssl/src/crypto/rc4/Makefile b/lib/libssl/src/crypto/rc4/Makefile index f0bd7678fc9..264451a213f 100644 --- a/lib/libssl/src/crypto/rc4/Makefile +++ b/lib/libssl/src/crypto/rc4/Makefile @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=rc4_skey.c rc4_enc.c rc4_fblk.c -LIBOBJ=$(RC4_ENC) rc4_fblk.o +LIBSRC=rc4_skey.c rc4_enc.c +LIBOBJ=$(RC4_ENC) SRC= $(LIBSRC) @@ -37,26 +37,26 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@) -# COFF -rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@) -# a.out -rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@) +rc4-586.s: asm/rc4-586.pl ../perlasm/x86asm.pl + $(PERL) asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -rc4-x86_64.s: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@ +rc4-x86_64.s: asm/rc4-x86_64.pl + $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) > $@ -rc4-ia64.s: asm/rc4-ia64.S +rc4-ia64.S: asm/rc4-ia64.pl + $(PERL) asm/rc4-ia64.pl $(CFLAGS) > $@ + +rc4-s390x.s: asm/rc4-s390x.pl + $(PERL) asm/rc4-s390x.pl > $@ + +rc4-ia64.s: rc4-ia64.S @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \ - int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \ - char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \ + int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E rc4-ia64.S > $@ ;; \ + char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E rc4-ia64.S > $@ ;; \ *) exit 1 ;; \ esac @@ -105,20 +105,10 @@ rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h -rc4_fblk.o: ../../e_os.h ../../include/openssl/bio.h -rc4_fblk.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rc4_fblk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rc4_fblk.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rc4_fblk.o: ../../include/openssl/opensslconf.h -rc4_fblk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rc4_fblk.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h -rc4_fblk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rc4_fblk.o: ../cryptlib.h rc4_fblk.c rc4_locl.h rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rc4_skey.o: ../../include/openssl/opensslconf.h +rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --git a/lib/libssl/src/crypto/rc4/asm/rc4-ia64.pl b/lib/libssl/src/crypto/rc4/asm/rc4-ia64.pl new file mode 100644 index 00000000000..49cd5b5e694 --- /dev/null +++ b/lib/libssl/src/crypto/rc4/asm/rc4-ia64.pl @@ -0,0 +1,755 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by David Mosberger <David.Mosberger@acm.org> based on the +# Itanium optimized Crypto code which was released by HP Labs at +# http://www.hpl.hp.com/research/linux/crypto/. +# +# Copyright (c) 2005 Hewlett-Packard Development Company, L.P. +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + + + +# This is a little helper program which generates a software-pipelined +# for RC4 encryption. The basic algorithm looks like this: +# +# for (counter = 0; counter < len; ++counter) +# { +# in = inp[counter]; +# SI = S[I]; +# J = (SI + J) & 0xff; +# SJ = S[J]; +# T = (SI + SJ) & 0xff; +# S[I] = SJ, S[J] = SI; +# ST = S[T]; +# outp[counter] = in ^ ST; +# I = (I + 1) & 0xff; +# } +# +# Pipelining this loop isn't easy, because the stores to the S[] array +# need to be observed in the right order. The loop generated by the +# code below has the following pipeline diagram: +# +# cycle +# | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 | +# iter +# 1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx +# 2: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx +# 3: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx +# +# where: +# LDI = load of S[I] +# LDJ = load of S[J] +# SWP = swap of S[I] and S[J] +# LDT = load of S[T] +# +# Note that in the above diagram, the major trouble-spot is that LDI +# of the 2nd iteration is performed BEFORE the SWP of the first +# iteration. Fortunately, this is easy to detect (I of the 1st +# iteration will be equal to J of the 2nd iteration) and when this +# happens, we simply forward the proper value from the 1st iteration +# to the 2nd one. The proper value in this case is simply the value +# of S[I] from the first iteration (thanks to the fact that SWP +# simply swaps the contents of S[I] and S[J]). +# +# Another potential trouble-spot is in cycle 7, where SWP of the 1st +# iteration issues at the same time as the LDI of the 3rd iteration. +# However, thanks to IA-64 execution semantics, this can be taken +# care of simply by placing LDI later in the instruction-group than +# SWP. IA-64 CPUs will automatically forward the value if they +# detect that the SWP and LDI are accessing the same memory-location. + +# The core-loop that can be pipelined then looks like this (annotated +# with McKinley/Madison issue port & latency numbers, assuming L1 +# cache hits for the most part): + +# operation: instruction: issue-ports: latency +# ------------------ ----------------------------- ------------- ------- + +# Data = *inp++ ld1 data = [inp], 1 M0-M1 1 cyc c0 +# shladd Iptr = I, KeyTable, 3 M0-M3, I0, I1 1 cyc +# I = (I + 1) & 0xff padd1 nextI = I, one M0-M3, I0, I1 3 cyc +# ;; +# SI = S[I] ld8 SI = [Iptr] M0-M1 1 cyc c1 * after SWAP! +# ;; +# cmp.eq.unc pBypass = I, J * after J is valid! +# J = SI + J add J = J, SI M0-M3, I0, I1 1 cyc c2 +# (pBypass) br.cond.spnt Bypass +# ;; +# --------------------------------------------------------------------------------------- +# J = J & 0xff zxt1 J = J I0, I1, 1 cyc c3 +# ;; +# shladd Jptr = J, KeyTable, 3 M0-M3, I0, I1 1 cyc c4 +# ;; +# SJ = S[J] ld8 SJ = [Jptr] M0-M1 1 cyc c5 +# ;; +# --------------------------------------------------------------------------------------- +# T = (SI + SJ) add T = SI, SJ M0-M3, I0, I1 1 cyc c6 +# ;; +# T = T & 0xff zxt1 T = T I0, I1 1 cyc +# S[I] = SJ st8 [Iptr] = SJ M2-M3 c7 +# S[J] = SI st8 [Jptr] = SI M2-M3 +# ;; +# shladd Tptr = T, KeyTable, 3 M0-M3, I0, I1 1 cyc c8 +# ;; +# --------------------------------------------------------------------------------------- +# T = S[T] ld8 T = [Tptr] M0-M1 1 cyc c9 +# ;; +# data ^= T xor data = data, T M0-M3, I0, I1 1 cyc c10 +# ;; +# *out++ = Data ^ T dep word = word, data, 8, POS I0, I1 1 cyc c11 +# ;; +# --------------------------------------------------------------------------------------- + +# There are several points worth making here: + +# - Note that due to the bypass/forwarding-path, the first two +# phases of the loop are strangly mingled together. In +# particular, note that the first stage of the pipeline is +# using the value of "J", as calculated by the second stage. +# - Each bundle-pair will have exactly 6 instructions. +# - Pipelined, the loop can execute in 3 cycles/iteration and +# 4 stages. However, McKinley/Madison can issue "st1" to +# the same bank at a rate of at most one per 4 cycles. Thus, +# instead of storing each byte, we accumulate them in a word +# and then write them back at once with a single "st8" (this +# implies that the setup code needs to ensure that the output +# buffer is properly aligned, if need be, by encoding the +# first few bytes separately). +# - There is no space for a "br.ctop" instruction. For this +# reason we can't use module-loop support in IA-64 and have +# to do a traditional, purely software-pipelined loop. +# - We can't replace any of the remaining "add/zxt1" pairs with +# "padd1" because the latency for that instruction is too high +# and would push the loop to the point where more bypasses +# would be needed, which we don't have space for. +# - The above loop runs at around 3.26 cycles/byte, or roughly +# 440 MByte/sec on a 1.5GHz Madison. This is well below the +# system bus bandwidth and hence with judicious use of +# "lfetch" this loop can run at (almost) peak speed even when +# the input and output data reside in memory. The +# max. latency that can be tolerated is (PREFETCH_DISTANCE * +# L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at +# least) 1-ahead prefetching of 128 byte cache-lines. Note +# that we do NOT prefetch into L1, since that would only +# interfere with the S[] table values stored there. This is +# acceptable because there is a 10 cycle latency between +# load and first use of the input data. +# - We use a branch to out-of-line bypass-code of cycle-pressure: +# we calculate the next J, check for the need to activate the +# bypass path, and activate the bypass path ALL IN THE SAME +# CYCLE. If we didn't have these constraints, we could do +# the bypass with a simple conditional move instruction. +# Fortunately, the bypass paths get activated relatively +# infrequently, so the extra branches don't cost all that much +# (about 0.04 cycles/byte, measured on a 16396 byte file with +# random input data). +# + +$phases = 4; # number of stages/phases in the pipelined-loop +$unroll_count = 6; # number of times we unrolled it +$pComI = (1 << 0); +$pComJ = (1 << 1); +$pComT = (1 << 2); +$pOut = (1 << 3); + +$NData = 4; +$NIP = 3; +$NJP = 2; +$NI = 2; +$NSI = 3; +$NSJ = 2; +$NT = 2; +$NOutWord = 2; + +# +# $threshold is the minimum length before we attempt to use the +# big software-pipelined loop. It MUST be greater-or-equal +# to: +# PHASES * (UNROLL_COUNT + 1) + 7 +# +# The "+ 7" comes from the fact we may have to encode up to +# 7 bytes separately before the output pointer is aligned. +# +$threshold = (3 * ($phases * ($unroll_count + 1)) + 7); + +sub I { + local *code = shift; + local $format = shift; + $code .= sprintf ("\t\t".$format."\n", @_); +} + +sub P { + local *code = shift; + local $format = shift; + $code .= sprintf ($format."\n", @_); +} + +sub STOP { + local *code = shift; + $code .=<<___; + ;; +___ +} + +sub emit_body { + local *c = shift; + local *bypass = shift; + local ($iteration, $p) = @_; + + local $i0 = $iteration; + local $i1 = $iteration - 1; + local $i2 = $iteration - 2; + local $i3 = $iteration - 3; + local $iw0 = ($iteration - 3) / 8; + local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1; + local $byte_num = ($iteration - 3) % 8; + local $label = $iteration + 1; + local $pAny = ($p & 0xf) == 0xf; + local $pByp = (($p & $pComI) && ($iteration > 0)); + + $c.=<<___; +////////////////////////////////////////////////// +___ + + if (($p & 0xf) == 0) { + $c.="#ifdef HOST_IS_BIG_ENDIAN\n"; + &I(\$c,"shr.u OutWord[%u] = OutWord[%u], 32;;", + $iw1 % $NOutWord, $iw1 % $NOutWord); + $c.="#endif\n"; + &I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord); + return; + } + + # Cycle 0 + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "ld1 Data[%u] = [InPtr], 1", $i0 % $NData) if ($p & $pComI); + &I(\$c, "padd1 I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI); + &I(\$c, "zxt1 J = J") if ($p & $pComJ); + &I(\$c, "}") if ($pAny); + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "LKEY T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT) if ($p & $pOut); + &I(\$c, "add T[%u] = SI[%u], SJ[%u]", + $i0 % $NT, $i2 % $NSI, $i1 % $NSJ) if ($p & $pComT); + &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI); + &I(\$c, "}") if ($pAny); + &STOP(\$c); + + # Cycle 1 + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "SKEY [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT); + &I(\$c, "SKEY [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT); + &I(\$c, "zxt1 T[%u] = T[%u]", $i0 % $NT, $i0 % $NT) if ($p & $pComT); + &I(\$c, "}") if ($pAny); + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "LKEY SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI); + &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP) if ($p & $pComJ); + &I(\$c, "xor Data[%u] = Data[%u], T[%u]", + $i3 % $NData, $i3 % $NData, $i1 % $NT) if ($p & $pOut); + &I(\$c, "}") if ($pAny); + &STOP(\$c); + + # Cycle 2 + &I(\$c, "{ .mmi") if ($pAny); + &I(\$c, "LKEY SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ); + &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI) if ($pByp); + &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8", + $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut); + &I(\$c, "}") if ($pAny); + &I(\$c, "{ .mmb") if ($pAny); + &I(\$c, "add J = J, SI[%u]", $i0 % $NSI) if ($p & $pComI); + &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT) if ($p & $pComT); + &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp); + &I(\$c, "}") if ($pAny); + &STOP(\$c); + + &P(\$c, ".rc4Resume%u:", $label) if ($pByp); + if ($byte_num == 0 && $iteration >= $phases) { + &I(\$c, "st8 [OutPtr] = OutWord[%u], 8", + $iw1 % $NOutWord) if ($p & $pOut); + if ($iteration == (1 + $unroll_count) * $phases - 1) { + if ($unroll_count == 6) { + &I(\$c, "mov OutWord[%u] = OutWord[%u]", + $iw1 % $NOutWord, $iw0 % $NOutWord); + } + &I(\$c, "lfetch.nt1 [InPrefetch], %u", + $unroll_count * $phases); + &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u", + $unroll_count * $phases); + &I(\$c, "br.cloop.sptk.few .rc4Loop"); + } + } + + if ($pByp) { + &P(\$bypass, ".rc4Bypass%u:", $label); + &I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI); + &I(\$bypass, "nop 0"); + &I(\$bypass, "nop 0"); + &I(\$bypass, ";;"); + &I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI); + &I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI); + &I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label); + &I(\$bypass, ";;"); + } +} + +$code=<<___; +.ident \"rc4-ia64.s, version 3.0\" +.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\" + +#define LCSave r8 +#define PRSave r9 + +/* Inputs become invalid once rotation begins! */ + +#define StateTable in0 +#define DataLen in1 +#define InputBuffer in2 +#define OutputBuffer in3 + +#define KTable r14 +#define J r15 +#define InPtr r16 +#define OutPtr r17 +#define InPrefetch r18 +#define OutPrefetch r19 +#define One r20 +#define LoopCount r21 +#define Remainder r22 +#define IFinal r23 +#define EndPtr r24 + +#define tmp0 r25 +#define tmp1 r26 + +#define pBypass p6 +#define pDone p7 +#define pSmall p8 +#define pAligned p9 +#define pUnaligned p10 + +#define pComputeI pPhase[0] +#define pComputeJ pPhase[1] +#define pComputeT pPhase[2] +#define pOutput pPhase[3] + +#define RetVal r8 +#define L_OK p7 +#define L_NOK p8 + +#define _NINPUTS 4 +#define _NOUTPUT 0 + +#define _NROTATE 24 +#define _NLOCALS (_NROTATE - _NINPUTS - _NOUTPUT) + +#ifndef SZ +# define SZ 4 // this must be set to sizeof(RC4_INT) +#endif + +#if SZ == 1 +# define LKEY ld1 +# define SKEY st1 +# define KEYADDR(dst, i) add dst = i, KTable +#elif SZ == 2 +# define LKEY ld2 +# define SKEY st2 +# define KEYADDR(dst, i) shladd dst = i, 1, KTable +#elif SZ == 4 +# define LKEY ld4 +# define SKEY st4 +# define KEYADDR(dst, i) shladd dst = i, 2, KTable +#else +# define LKEY ld8 +# define SKEY st8 +# define KEYADDR(dst, i) shladd dst = i, 3, KTable +#endif + +#if defined(_HPUX_SOURCE) && !defined(_LP64) +# define ADDP addp4 +#else +# define ADDP add +#endif + +/* Define a macro for the bit number of the n-th byte: */ + +#if defined(_HPUX_SOURCE) || defined(B_ENDIAN) +# define HOST_IS_BIG_ENDIAN +# define BYTE_POS(n) (56 - (8 * (n))) +#else +# define BYTE_POS(n) (8 * (n)) +#endif + +/* + We must perform the first phase of the pipeline explicitly since + we will always load from the stable the first time. The br.cexit + will never be taken since regardless of the number of bytes because + the epilogue count is 4. +*/ +/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX + assembler failed on original macro with syntax error. <appro> */ +#define MODSCHED_RC4_PROLOGUE \\ + { \\ + ld1 Data[0] = [InPtr], 1; \\ + add IFinal = 1, I[1]; \\ + KEYADDR(IPr[0], I[1]); \\ + } ;; \\ + { \\ + LKEY SI[0] = [IPr[0]]; \\ + mov pr.rot = 0x10000; \\ + mov ar.ec = 4; \\ + } ;; \\ + { \\ + add J = J, SI[0]; \\ + zxt1 I[0] = IFinal; \\ + br.cexit.spnt.few .+16; /* never taken */ \\ + } ;; +#define MODSCHED_RC4_LOOP(label) \\ +label: \\ + { .mmi; \\ + (pComputeI) ld1 Data[0] = [InPtr], 1; \\ + (pComputeI) add IFinal = 1, I[1]; \\ + (pComputeJ) zxt1 J = J; \\ + }{ .mmi; \\ + (pOutput) LKEY T[1] = [T[1]]; \\ + (pComputeT) add T[0] = SI[2], SJ[1]; \\ + (pComputeI) KEYADDR(IPr[0], I[1]); \\ + } ;; \\ + { .mmi; \\ + (pComputeT) SKEY [IPr[2]] = SJ[1]; \\ + (pComputeT) SKEY [JP[1]] = SI[2]; \\ + (pComputeT) zxt1 T[0] = T[0]; \\ + }{ .mmi; \\ + (pComputeI) LKEY SI[0] = [IPr[0]]; \\ + (pComputeJ) KEYADDR(JP[0], J); \\ + (pComputeI) cmp.eq.unc pBypass, p0 = I[1], J; \\ + } ;; \\ + { .mmi; \\ + (pComputeJ) LKEY SJ[0] = [JP[0]]; \\ + (pOutput) xor Data[3] = Data[3], T[1]; \\ + nop 0x0; \\ + }{ .mmi; \\ + (pComputeT) KEYADDR(T[0], T[0]); \\ + (pBypass) mov SI[0] = SI[1]; \\ + (pComputeI) zxt1 I[0] = IFinal; \\ + } ;; \\ + { .mmb; \\ + (pOutput) st1 [OutPtr] = Data[3], 1; \\ + (pComputeI) add J = J, SI[0]; \\ + br.ctop.sptk.few label; \\ + } ;; + + .text + + .align 32 + + .type RC4, \@function + .global RC4 + + .proc RC4 + .prologue + +RC4: + { + .mmi + alloc r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE + + .rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\ + OutWord[2] + .rotp pPhase[4] + + ADDP InPrefetch = 0, InputBuffer + ADDP KTable = 0, StateTable + } + { + .mmi + ADDP InPtr = 0, InputBuffer + ADDP OutPtr = 0, OutputBuffer + mov RetVal = r0 + } + ;; + { + .mmi + lfetch.nt1 [InPrefetch], 0x80 + ADDP OutPrefetch = 0, OutputBuffer + } + { // Return 0 if the input length is nonsensical + .mib + ADDP StateTable = 0, StateTable + cmp.ge.unc L_NOK, L_OK = r0, DataLen + (L_NOK) br.ret.sptk.few rp + } + ;; + { + .mib + cmp.eq.or L_NOK, L_OK = r0, InPtr + cmp.eq.or L_NOK, L_OK = r0, OutPtr + nop 0x0 + } + { + .mib + cmp.eq.or L_NOK, L_OK = r0, StateTable + nop 0x0 + (L_NOK) br.ret.sptk.few rp + } + ;; + LKEY I[1] = [KTable], SZ +/* Prefetch the state-table. It contains 256 elements of size SZ */ + +#if SZ == 1 + ADDP tmp0 = 1*128, StateTable +#elif SZ == 2 + ADDP tmp0 = 3*128, StateTable + ADDP tmp1 = 2*128, StateTable +#elif SZ == 4 + ADDP tmp0 = 7*128, StateTable + ADDP tmp1 = 6*128, StateTable +#elif SZ == 8 + ADDP tmp0 = 15*128, StateTable + ADDP tmp1 = 14*128, StateTable +#endif + ;; +#if SZ >= 8 + lfetch.fault.nt1 [tmp0], -256 // 15 + lfetch.fault.nt1 [tmp1], -256;; + lfetch.fault.nt1 [tmp0], -256 // 13 + lfetch.fault.nt1 [tmp1], -256;; + lfetch.fault.nt1 [tmp0], -256 // 11 + lfetch.fault.nt1 [tmp1], -256;; + lfetch.fault.nt1 [tmp0], -256 // 9 + lfetch.fault.nt1 [tmp1], -256;; +#endif +#if SZ >= 4 + lfetch.fault.nt1 [tmp0], -256 // 7 + lfetch.fault.nt1 [tmp1], -256;; + lfetch.fault.nt1 [tmp0], -256 // 5 + lfetch.fault.nt1 [tmp1], -256;; +#endif +#if SZ >= 2 + lfetch.fault.nt1 [tmp0], -256 // 3 + lfetch.fault.nt1 [tmp1], -256;; +#endif + { + .mii + lfetch.fault.nt1 [tmp0] // 1 + add I[1]=1,I[1];; + zxt1 I[1]=I[1] + } + { + .mmi + lfetch.nt1 [InPrefetch], 0x80 + lfetch.excl.nt1 [OutPrefetch], 0x80 + .save pr, PRSave + mov PRSave = pr + } ;; + { + .mmi + lfetch.excl.nt1 [OutPrefetch], 0x80 + LKEY J = [KTable], SZ + ADDP EndPtr = DataLen, InPtr + } ;; + { + .mmi + ADDP EndPtr = -1, EndPtr // Make it point to + // last data byte. + mov One = 1 + .save ar.lc, LCSave + mov LCSave = ar.lc + .body + } ;; + { + .mmb + sub Remainder = 0, OutPtr + cmp.gtu pSmall, p0 = $threshold, DataLen +(pSmall) br.cond.dpnt .rc4Remainder // Data too small for + // big loop. + } ;; + { + .mmi + and Remainder = 0x7, Remainder + ;; + cmp.eq pAligned, pUnaligned = Remainder, r0 + nop 0x0 + } ;; + { + .mmb +.pred.rel "mutex",pUnaligned,pAligned +(pUnaligned) add Remainder = -1, Remainder +(pAligned) sub Remainder = EndPtr, InPtr +(pAligned) br.cond.dptk.many .rc4Aligned + } ;; + { + .mmi + nop 0x0 + nop 0x0 + mov.i ar.lc = Remainder + } + +/* Do the initial few bytes via the compact, modulo-scheduled loop + until the output pointer is 8-byte-aligned. */ + + MODSCHED_RC4_PROLOGUE + MODSCHED_RC4_LOOP(.RC4AlignLoop) + + { + .mib + sub Remainder = EndPtr, InPtr + zxt1 IFinal = IFinal + clrrrb // Clear CFM.rrb.pr so + ;; // next "mov pr.rot = N" + // does the right thing. + } + { + .mmi + mov I[1] = IFinal + nop 0x0 + nop 0x0 + } ;; + + +.rc4Aligned: + +/* + Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases) + */ + + { + .mlx + add LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder + movl Remainder = 0xaaaaaaaaaaaaaaab + } ;; + { + .mmi + setf.sig f6 = LoopCount // M2, M3 6 cyc + setf.sig f7 = Remainder // M2, M3 6 cyc + nop 0x0 + } ;; + { + .mfb + nop 0x0 + xmpy.hu f6 = f6, f7 + nop 0x0 + } ;; + { + .mmi + getf.sig LoopCount = f6;; // M2 5 cyc + nop 0x0 + shr.u LoopCount = LoopCount, 4 + } ;; + { + .mmi + nop 0x0 + nop 0x0 + mov.i ar.lc = LoopCount + } ;; + +/* Now comes the unrolled loop: */ + +.rc4Prologue: +___ + +$iteration = 0; + +# Generate the prologue: +$predicates = 1; +for ($i = 0; $i < $phases; ++$i) { + &emit_body (\$code, \$bypass, $iteration++, $predicates); + $predicates = ($predicates << 1) | 1; +} + +$code.=<<___; +.rc4Loop: +___ + +# Generate the body: +for ($i = 0; $i < $unroll_count*$phases; ++$i) { + &emit_body (\$code, \$bypass, $iteration++, $predicates); +} + +$code.=<<___; +.rc4Epilogue: +___ + +# Generate the epilogue: +for ($i = 0; $i < $phases; ++$i) { + $predicates <<= 1; + &emit_body (\$code, \$bypass, $iteration++, $predicates); +} + +$code.=<<___; + { + .mmi + lfetch.nt1 [EndPtr] // fetch line with last byte + mov IFinal = I[1] + nop 0x0 + } + +.rc4Remainder: + { + .mmi + sub Remainder = EndPtr, InPtr // Calculate + // # of bytes + // left - 1 + nop 0x0 + nop 0x0 + } ;; + { + .mib + cmp.eq pDone, p0 = -1, Remainder // done already? + mov.i ar.lc = Remainder +(pDone) br.cond.dptk.few .rc4Complete + } + +/* Do the remaining bytes via the compact, modulo-scheduled loop */ + + MODSCHED_RC4_PROLOGUE + MODSCHED_RC4_LOOP(.RC4RestLoop) + +.rc4Complete: + { + .mmi + add KTable = -SZ, KTable + add IFinal = -1, IFinal + mov ar.lc = LCSave + } ;; + { + .mii + SKEY [KTable] = J,-SZ + zxt1 IFinal = IFinal + mov pr = PRSave, 0x1FFFF + } ;; + { + .mib + SKEY [KTable] = IFinal + add RetVal = 1, r0 + br.ret.sptk.few rp + } ;; +___ + +# Last but not least, emit the code for the bypass-code of the unrolled loop: + +$code.=$bypass; + +$code.=<<___; + .endp RC4 +___ + +print $code; diff --git a/lib/libssl/src/crypto/rc4/asm/rc4-s390x.pl b/lib/libssl/src/crypto/rc4/asm/rc4-s390x.pl new file mode 100644 index 00000000000..96681fa05ec --- /dev/null +++ b/lib/libssl/src/crypto/rc4/asm/rc4-s390x.pl @@ -0,0 +1,205 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# February 2009 +# +# Performance is 2x of gcc 3.4.6 on z10. Coding "secret" is to +# "cluster" Address Generation Interlocks, so that one pipeline stall +# resolves several dependencies. + +$rp="%r14"; +$sp="%r15"; +$code=<<___; +.text + +___ + +# void RC4(RC4_KEY *key,size_t len,const void *inp,void *out) +{ +$acc="%r0"; +$cnt="%r1"; +$key="%r2"; +$len="%r3"; +$inp="%r4"; +$out="%r5"; + +@XX=("%r6","%r7"); +@TX=("%r8","%r9"); +$YY="%r10"; +$TY="%r11"; + +$code.=<<___; +.globl RC4 +.type RC4,\@function +.align 64 +RC4: + stmg %r6,%r11,48($sp) + llgc $XX[0],0($key) + llgc $YY,1($key) + la $XX[0],1($XX[0]) + nill $XX[0],0xff + srlg $cnt,$len,3 + ltgr $cnt,$cnt + llgc $TX[0],2($XX[0],$key) + jz .Lshort + j .Loop8 + +.align 64 +.Loop8: +___ +for ($i=0;$i<8;$i++) { +$code.=<<___; + la $YY,0($YY,$TX[0]) # $i + nill $YY,255 + la $XX[1],1($XX[0]) + nill $XX[1],255 +___ +$code.=<<___ if ($i==1); + llgc $acc,2($TY,$key) +___ +$code.=<<___ if ($i>1); + sllg $acc,$acc,8 + ic $acc,2($TY,$key) +___ +$code.=<<___; + llgc $TY,2($YY,$key) + stc $TX[0],2($YY,$key) + llgc $TX[1],2($XX[1],$key) + stc $TY,2($XX[0],$key) + cr $XX[1],$YY + jne .Lcmov$i + la $TX[1],0($TX[0]) +.Lcmov$i: + la $TY,0($TY,$TX[0]) + nill $TY,255 +___ +push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers +} + +$code.=<<___; + lg $TX[1],0($inp) + sllg $acc,$acc,8 + la $inp,8($inp) + ic $acc,2($TY,$key) + xgr $acc,$TX[1] + stg $acc,0($out) + la $out,8($out) + brct $cnt,.Loop8 + +.Lshort: + lghi $acc,7 + ngr $len,$acc + jz .Lexit + j .Loop1 + +.align 16 +.Loop1: + la $YY,0($YY,$TX[0]) + nill $YY,255 + llgc $TY,2($YY,$key) + stc $TX[0],2($YY,$key) + stc $TY,2($XX[0],$key) + ar $TY,$TX[0] + ahi $XX[0],1 + nill $TY,255 + nill $XX[0],255 + llgc $acc,0($inp) + la $inp,1($inp) + llgc $TY,2($TY,$key) + llgc $TX[0],2($XX[0],$key) + xr $acc,$TY + stc $acc,0($out) + la $out,1($out) + brct $len,.Loop1 + +.Lexit: + ahi $XX[0],-1 + stc $XX[0],0($key) + stc $YY,1($key) + lmg %r6,%r11,48($sp) + br $rp +.size RC4,.-RC4 +.string "RC4 for s390x, CRYPTOGAMS by <appro\@openssl.org>" + +___ +} + +# void RC4_set_key(RC4_KEY *key,unsigned int len,const void *inp) +{ +$cnt="%r0"; +$idx="%r1"; +$key="%r2"; +$len="%r3"; +$inp="%r4"; +$acc="%r5"; +$dat="%r6"; +$ikey="%r7"; +$iinp="%r8"; + +$code.=<<___; +.globl RC4_set_key +.type RC4_set_key,\@function +.align 64 +RC4_set_key: + stmg %r6,%r8,48($sp) + lhi $cnt,256 + la $idx,0(%r0) + sth $idx,0($key) +.align 4 +.L1stloop: + stc $idx,2($idx,$key) + la $idx,1($idx) + brct $cnt,.L1stloop + + lghi $ikey,-256 + lr $cnt,$len + la $iinp,0(%r0) + la $idx,0(%r0) +.align 16 +.L2ndloop: + llgc $acc,2+256($ikey,$key) + llgc $dat,0($iinp,$inp) + la $idx,0($idx,$acc) + la $ikey,1($ikey) + la $idx,0($idx,$dat) + nill $idx,255 + la $iinp,1($iinp) + tml $ikey,255 + llgc $dat,2($idx,$key) + stc $dat,2+256-1($ikey,$key) + stc $acc,2($idx,$key) + jz .Ldone + brct $cnt,.L2ndloop + lr $cnt,$len + la $iinp,0(%r0) + j .L2ndloop +.Ldone: + lmg %r6,%r8,48($sp) + br $rp +.size RC4_set_key,.-RC4_set_key + +___ +} + +# const char *RC4_options() +$code.=<<___; +.globl RC4_options +.type RC4_options,\@function +.align 16 +RC4_options: + larl %r2,.Loptions + br %r14 +.size RC4_options,.-RC4_options +.section .rodata +.Loptions: +.align 8 +.string "rc4(8x,char)" +___ + +print $code; diff --git a/lib/libssl/src/crypto/rc5/Makefile b/lib/libssl/src/crypto/rc5/Makefile index b4e21c9bb23..8a8b00eb89e 100644 --- a/lib/libssl/src/crypto/rc5/Makefile +++ b/lib/libssl/src/crypto/rc5/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r RC5_ENC= rc5_enc.o -# or use -#DES_ENC= r586-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -40,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > ../$@) -# COFF -r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@) -# a.out -r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@) +rc5-586.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/lib/libssl/src/crypto/ripemd/Makefile b/lib/libssl/src/crypto/ripemd/Makefile index 6145f136992..d5b1067dbeb 100644 --- a/lib/libssl/src/crypto/ripemd/Makefile +++ b/lib/libssl/src/crypto/ripemd/Makefile @@ -38,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@) -# COFF -rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@) -# a.out -rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@) +rmd-586.s: asm/rmd-586.pl ../perlasm/x86asm.pl + $(PERL) asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -89,13 +82,8 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rmd_dgst.o: ../../include/openssl/opensslconf.h -rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h -rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/lib/libssl/src/crypto/rsa/rsa_ameth.c b/lib/libssl/src/crypto/rsa/rsa_ameth.c new file mode 100644 index 00000000000..8c3209885ea --- /dev/null +++ b/lib/libssl/src/crypto/rsa/rsa_ameth.c @@ -0,0 +1,349 @@ +/* crypto/rsa/rsa_ameth.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> +#ifndef OPENSSL_NO_CMS +#include <openssl/cms.h> +#endif +#include "asn1_locl.h" + +static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + unsigned char *penc = NULL; + int penclen; + penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); + if (penclen <= 0) + return 0; + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), + V_ASN1_NULL, NULL, penc, penclen)) + return 1; + + OPENSSL_free(penc); + return 0; + } + +static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p; + int pklen; + RSA *rsa = NULL; + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) + return 0; + if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) + { + RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); + return 0; + } + EVP_PKEY_assign_RSA (pkey, rsa); + return 1; + } + +static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 + || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) + return 0; + return 1; + } + +static int old_rsa_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + RSA *rsa; + if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) + { + RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); + return 0; + } + EVP_PKEY_assign_RSA(pkey, rsa); + return 1; + } + +static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); + } + +static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) + { + unsigned char *rk = NULL; + int rklen; + rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); + + if (rklen <= 0) + { + RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, + V_ASN1_NULL, NULL, rk, rklen)) + { + RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + return 0; + } + + return 1; + } + +static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p; + int pklen; + if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) + return 0; + return old_rsa_priv_decode(pkey, &p, pklen); + } + +static int int_rsa_size(const EVP_PKEY *pkey) + { + return RSA_size(pkey->pkey.rsa); + } + +static int rsa_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.rsa->n); + } + +static void int_rsa_free(EVP_PKEY *pkey) + { + RSA_free(pkey->pkey.rsa); + } + + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + +static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) + { + char *str; + const char *s; + unsigned char *m=NULL; + int ret=0, mod_len = 0; + size_t buf_len=0; + + update_buflen(x->n, &buf_len); + update_buflen(x->e, &buf_len); + + if (priv) + { + update_buflen(x->d, &buf_len); + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->dmp1, &buf_len); + update_buflen(x->dmq1, &buf_len); + update_buflen(x->iqmp, &buf_len); + } + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (x->n != NULL) + mod_len = BN_num_bits(x->n); + + if(!BIO_indent(bp,off,128)) + goto err; + + if (priv && x->d) + { + if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) + <= 0) goto err; + str = "modulus:"; + s = "publicExponent:"; + } + else + { + if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len) + <= 0) goto err; + str = "Modulus:"; + s= "Exponent:"; + } + if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err; + if (!ASN1_bn_print(bp,s,x->e,m,off)) + goto err; + if (priv) + { + if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off)) + goto err; + if (!ASN1_bn_print(bp,"prime1:",x->p,m,off)) + goto err; + if (!ASN1_bn_print(bp,"prime2:",x->q,m,off)) + goto err; + if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off)) + goto err; + if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off)) + goto err; + if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off)) + goto err; + } + ret=1; +err: + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); + } + + +static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); + } + + +static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + X509_ALGOR *alg = NULL; + switch (op) + { + + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); + break; + + case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (arg1 == 0) + PKCS7_RECIP_INFO_get0_alg(arg2, &alg); + break; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg); + break; + + case ASN1_PKEY_CTRL_CMS_ENVELOPE: + if (arg1 == 0) + CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg); + break; +#endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 1; + + default: + return -2; + + } + + if (alg) + X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, 0); + + return 1; + + } + + +const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = + { + { + EVP_PKEY_RSA, + EVP_PKEY_RSA, + ASN1_PKEY_SIGPARAM_NULL, + + "RSA", + "OpenSSL RSA method", + + rsa_pub_decode, + rsa_pub_encode, + rsa_pub_cmp, + rsa_pub_print, + + rsa_priv_decode, + rsa_priv_encode, + rsa_priv_print, + + int_rsa_size, + rsa_bits, + + 0,0,0,0,0,0, + + int_rsa_free, + rsa_pkey_ctrl, + old_rsa_priv_decode, + old_rsa_priv_encode + }, + + { + EVP_PKEY_RSA2, + EVP_PKEY_RSA, + ASN1_PKEY_ALIAS + } + }; diff --git a/lib/libssl/src/crypto/rsa/rsa_locl.h b/lib/libssl/src/crypto/rsa/rsa_locl.h new file mode 100644 index 00000000000..f5d2d566284 --- /dev/null +++ b/lib/libssl/src/crypto/rsa/rsa_locl.h @@ -0,0 +1,4 @@ +extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, + unsigned char *rm, size_t *prm_len, + const unsigned char *sigbuf, size_t siglen, + RSA *rsa); diff --git a/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/lib/libssl/src/crypto/rsa/rsa_pmeth.c new file mode 100644 index 00000000000..c6892ecd09c --- /dev/null +++ b/lib/libssl/src/crypto/rsa/rsa_pmeth.c @@ -0,0 +1,587 @@ +/* crypto/rsa/rsa_pmeth.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> +#include <openssl/evp.h> +#include "evp_locl.h" +#include "rsa_locl.h" + +/* RSA pkey context structure */ + +typedef struct + { + /* Key gen parameters */ + int nbits; + BIGNUM *pub_exp; + /* Keygen callback info */ + int gentmp[2]; + /* RSA padding mode */ + int pad_mode; + /* message digest */ + const EVP_MD *md; + /* PSS/OAEP salt length */ + int saltlen; + /* Temp buffer */ + unsigned char *tbuf; + } RSA_PKEY_CTX; + +static int pkey_rsa_init(EVP_PKEY_CTX *ctx) + { + RSA_PKEY_CTX *rctx; + rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); + if (!rctx) + return 0; + rctx->nbits = 1024; + rctx->pub_exp = NULL; + rctx->pad_mode = RSA_PKCS1_PADDING; + rctx->md = NULL; + rctx->tbuf = NULL; + + rctx->saltlen = -2; + + ctx->data = rctx; + ctx->keygen_info = rctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; + } + +static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + RSA_PKEY_CTX *dctx, *sctx; + if (!pkey_rsa_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->nbits = sctx->nbits; + if (sctx->pub_exp) + { + dctx->pub_exp = BN_dup(sctx->pub_exp); + if (!dctx->pub_exp) + return 0; + } + dctx->pad_mode = sctx->pad_mode; + dctx->md = sctx->md; + return 1; + } + +static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) + { + if (ctx->tbuf) + return 1; + ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); + if (!ctx->tbuf) + return 0; + return 1; + } + +static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) + { + RSA_PKEY_CTX *rctx = ctx->data; + if (rctx) + { + if (rctx->pub_exp) + BN_free(rctx->pub_exp); + if (rctx->tbuf) + OPENSSL_free(rctx->tbuf); + OPENSSL_free(rctx); + } + } + +static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) + { + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + RSA *rsa = ctx->pkey->pkey.rsa; + + if (rctx->md) + { + if (tbslen != (size_t)EVP_MD_size(rctx->md)) + { + RSAerr(RSA_F_PKEY_RSA_SIGN, + RSA_R_INVALID_DIGEST_LENGTH); + return -1; + } + if (rctx->pad_mode == RSA_X931_PADDING) + { + if (!setup_tbuf(rctx, ctx)) + return -1; + memcpy(rctx->tbuf, tbs, tbslen); + rctx->tbuf[tbslen] = + RSA_X931_hash_id(EVP_MD_type(rctx->md)); + ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, + sig, rsa, RSA_X931_PADDING); + } + else if (rctx->pad_mode == RSA_PKCS1_PADDING) + { + unsigned int sltmp; + ret = RSA_sign(EVP_MD_type(rctx->md), + tbs, tbslen, sig, &sltmp, rsa); + if (ret <= 0) + return ret; + ret = sltmp; + } + else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) + { + if (!setup_tbuf(rctx, ctx)) + return -1; + if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs, + rctx->md, rctx->saltlen)) + return -1; + ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, + sig, rsa, RSA_NO_PADDING); + } + else + return -1; + } + else + ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *siglen = ret; + return 1; + } + + +static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen) + { + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + + if (rctx->md) + { + if (rctx->pad_mode == RSA_X931_PADDING) + { + if (!setup_tbuf(rctx, ctx)) + return -1; + ret = RSA_public_decrypt(siglen, sig, + rctx->tbuf, ctx->pkey->pkey.rsa, + RSA_X931_PADDING); + if (ret < 1) + return 0; + ret--; + if (rctx->tbuf[ret] != + RSA_X931_hash_id(EVP_MD_type(rctx->md))) + { + RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, + RSA_R_ALGORITHM_MISMATCH); + return 0; + } + if (ret != EVP_MD_size(rctx->md)) + { + RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, + RSA_R_INVALID_DIGEST_LENGTH); + return 0; + } + if (rout) + memcpy(rout, rctx->tbuf, ret); + } + else if (rctx->pad_mode == RSA_PKCS1_PADDING) + { + size_t sltmp; + ret = int_rsa_verify(EVP_MD_type(rctx->md), + NULL, 0, rout, &sltmp, + sig, siglen, ctx->pkey->pkey.rsa); + if (ret <= 0) + return 0; + ret = sltmp; + } + else + return -1; + } + else + ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *routlen = ret; + return 1; + } + +static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) + { + RSA_PKEY_CTX *rctx = ctx->data; + RSA *rsa = ctx->pkey->pkey.rsa; + size_t rslen; + if (rctx->md) + { + if (rctx->pad_mode == RSA_PKCS1_PADDING) + return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, + sig, siglen, rsa); + if (rctx->pad_mode == RSA_X931_PADDING) + { + if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, + sig, siglen) <= 0) + return 0; + } + else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) + { + int ret; + if (!setup_tbuf(rctx, ctx)) + return -1; + ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, + rsa, RSA_NO_PADDING); + if (ret <= 0) + return 0; + ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md, + rctx->tbuf, rctx->saltlen); + if (ret <= 0) + return 0; + return 1; + } + else + return -1; + } + else + { + if (!setup_tbuf(rctx, ctx)) + return -1; + rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, + rsa, rctx->pad_mode); + if (rslen == 0) + return 0; + } + + if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) + return 0; + + return 1; + + } + + +static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) + { + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *outlen = ret; + return 1; + } + +static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) + { + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *outlen = ret; + return 1; + } + +static int check_padding_md(const EVP_MD *md, int padding) + { + if (!md) + return 1; + + if (padding == RSA_NO_PADDING) + { + RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); + return 0; + } + + if (padding == RSA_X931_PADDING) + { + if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) + { + RSAerr(RSA_F_CHECK_PADDING_MD, + RSA_R_INVALID_X931_DIGEST); + return 0; + } + return 1; + } + + return 1; + } + + +static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + RSA_PKEY_CTX *rctx = ctx->data; + switch (type) + { + case EVP_PKEY_CTRL_RSA_PADDING: + if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) + { + if (!check_padding_md(rctx->md, p1)) + return 0; + if (p1 == RSA_PKCS1_PSS_PADDING) + { + if (!(ctx->operation & + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) + goto bad_pad; + if (!rctx->md) + rctx->md = EVP_sha1(); + } + if (p1 == RSA_PKCS1_OAEP_PADDING) + { + if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) + goto bad_pad; + if (!rctx->md) + rctx->md = EVP_sha1(); + } + rctx->pad_mode = p1; + return 1; + } + bad_pad: + RSAerr(RSA_F_PKEY_RSA_CTRL, + RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); + return -2; + + case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: + if (p1 < -2) + return -2; + if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) + { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); + return -2; + } + rctx->saltlen = p1; + return 1; + + case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: + if (p1 < 256) + { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); + return -2; + } + rctx->nbits = p1; + return 1; + + case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: + if (!p2) + return -2; + rctx->pub_exp = p2; + return 1; + + case EVP_PKEY_CTRL_MD: + if (!check_padding_md(p2, rctx->pad_mode)) + return 0; + rctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: + case EVP_PKEY_CTRL_PKCS7_DECRYPT: + case EVP_PKEY_CTRL_PKCS7_SIGN: +#ifndef OPENSSL_NO_CMS + case EVP_PKEY_CTRL_CMS_ENCRYPT: + case EVP_PKEY_CTRL_CMS_DECRYPT: + case EVP_PKEY_CTRL_CMS_SIGN: +#endif + return 1; + case EVP_PKEY_CTRL_PEER_KEY: + RSAerr(RSA_F_PKEY_RSA_CTRL, + RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + + default: + return -2; + + } + } + +static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!value) + { + RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); + return 0; + } + if (!strcmp(type, "rsa_padding_mode")) + { + int pm; + if (!strcmp(value, "pkcs1")) + pm = RSA_PKCS1_PADDING; + else if (!strcmp(value, "sslv23")) + pm = RSA_SSLV23_PADDING; + else if (!strcmp(value, "none")) + pm = RSA_NO_PADDING; + else if (!strcmp(value, "oeap")) + pm = RSA_PKCS1_OAEP_PADDING; + else if (!strcmp(value, "x931")) + pm = RSA_X931_PADDING; + else if (!strcmp(value, "pss")) + pm = RSA_PKCS1_PSS_PADDING; + else + { + RSAerr(RSA_F_PKEY_RSA_CTRL_STR, + RSA_R_UNKNOWN_PADDING_TYPE); + return -2; + } + return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); + } + + if (!strcmp(type, "rsa_pss_saltlen")) + { + int saltlen; + saltlen = atoi(value); + return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); + } + + if (!strcmp(type, "rsa_keygen_bits")) + { + int nbits; + nbits = atoi(value); + return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); + } + + if (!strcmp(type, "rsa_keygen_pubexp")) + { + int ret; + BIGNUM *pubexp = NULL; + if (!BN_asc2bn(&pubexp, value)) + return 0; + ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); + if (ret <= 0) + BN_free(pubexp); + return ret; + } + + return -2; + } + +static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + RSA *rsa = NULL; + RSA_PKEY_CTX *rctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + if (!rctx->pub_exp) + { + rctx->pub_exp = BN_new(); + if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) + return 0; + } + rsa = RSA_new(); + if (!rsa) + return 0; + if (ctx->pkey_gencb) + { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } + else + pcb = NULL; + ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); + if (ret > 0) + EVP_PKEY_assign_RSA(pkey, rsa); + else + RSA_free(rsa); + return ret; + } + +const EVP_PKEY_METHOD rsa_pkey_meth = + { + EVP_PKEY_RSA, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_rsa_init, + pkey_rsa_copy, + pkey_rsa_cleanup, + + 0,0, + + 0, + pkey_rsa_keygen, + + 0, + pkey_rsa_sign, + + 0, + pkey_rsa_verify, + + 0, + pkey_rsa_verifyrecover, + + + 0,0,0,0, + + 0, + pkey_rsa_encrypt, + + 0, + pkey_rsa_decrypt, + + 0,0, + + pkey_rsa_ctrl, + pkey_rsa_ctrl_str + + + }; diff --git a/lib/libssl/src/crypto/rsa/rsa_prn.c b/lib/libssl/src/crypto/rsa/rsa_prn.c new file mode 100644 index 00000000000..224db0fae52 --- /dev/null +++ b/lib/libssl/src/crypto/rsa/rsa_prn.c @@ -0,0 +1,93 @@ +/* crypto/rsa/rsa_prn.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/rsa.h> +#include <openssl/evp.h> + +#ifndef OPENSSL_NO_FP_API +int RSA_print_fp(FILE *fp, const RSA *x, int off) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=RSA_print(b,x,off); + BIO_free(b); + return(ret); + } +#endif + +int RSA_print(BIO *bp, const RSA *x, int off) + { + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; + } + diff --git a/lib/libssl/src/crypto/rsa/rsa_pss.c b/lib/libssl/src/crypto/rsa/rsa_pss.c index 9b993aca498..ac211e2ffe0 100644 --- a/lib/libssl/src/crypto/rsa/rsa_pss.c +++ b/lib/libssl/src/crypto/rsa/rsa_pss.c @@ -81,7 +81,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, EVP_MD_CTX ctx; unsigned char H_[EVP_MAX_MD_SIZE]; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); + if (hLen < 0) + goto err; /* * Negative sLen has special meanings: * -1 sLen == hLen @@ -126,7 +128,8 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); goto err; } - PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); + if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0) + goto err; for (i = 0; i < maskedDBLen; i++) DB[i] ^= EM[i]; if (MSBits) @@ -176,7 +179,9 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, unsigned char *H, *salt = NULL, *p; EVP_MD_CTX ctx; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); + if (hLen < 0) + goto err; /* * Negative sLen has special meanings: * -1 sLen == hLen @@ -217,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, ERR_R_MALLOC_FAILURE); goto err; } - if (!RAND_bytes(salt, sLen)) + if (RAND_bytes(salt, sLen) <= 0) goto err; } maskedDBLen = emLen - hLen - 1; @@ -232,7 +237,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, EVP_MD_CTX_cleanup(&ctx); /* Generate dbMask in place then perform XOR on it */ - PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); + if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash)) + goto err; p = EM; diff --git a/lib/libssl/src/crypto/s390xcap.c b/lib/libssl/src/crypto/s390xcap.c new file mode 100644 index 00000000000..ffbe0235f99 --- /dev/null +++ b/lib/libssl/src/crypto/s390xcap.c @@ -0,0 +1,37 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <setjmp.h> +#include <signal.h> + +extern unsigned long OPENSSL_s390xcap_P; + +static sigjmp_buf ill_jmp; +static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } + +unsigned long OPENSSL_s390x_facilities(void); + +void OPENSSL_cpuid_setup(void) + { + sigset_t oset; + struct sigaction ill_act,oact; + + if (OPENSSL_s390xcap_P) return; + + memset(&ill_act,0,sizeof(ill_act)); + ill_act.sa_handler = ill_handler; + sigfillset(&ill_act.sa_mask); + sigdelset(&ill_act.sa_mask,SIGILL); + sigdelset(&ill_act.sa_mask,SIGTRAP); + sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset); + sigaction (SIGILL,&ill_act,&oact); + + /* protection against missing store-facility-list-extended */ + if (sigsetjmp(ill_jmp,0) == 0) + OPENSSL_s390xcap_P = OPENSSL_s390x_facilities(); + else + OPENSSL_s390xcap_P = 1UL<<63; + + sigaction (SIGILL,&oact,NULL); + sigprocmask(SIG_SETMASK,&oset,NULL); + } diff --git a/lib/libssl/src/crypto/s390xcpuid.S b/lib/libssl/src/crypto/s390xcpuid.S index 8500133ad0f..b053c6a2819 100644 --- a/lib/libssl/src/crypto/s390xcpuid.S +++ b/lib/libssl/src/crypto/s390xcpuid.S @@ -1,12 +1,5 @@ .text -.globl OPENSSL_cpuid_setup -.type OPENSSL_cpuid_setup,@function -.align 16 -OPENSSL_cpuid_setup: - br %r14 # reserved for future -.size OPENSSL_cpuid_setup,.-OPENSSL_cpuid_setup - .globl OPENSSL_s390x_facilities .type OPENSSL_s390x_facilities,@function .align 16 @@ -14,6 +7,8 @@ OPENSSL_s390x_facilities: lghi %r0,0 .long 0xb2b0f010 # stfle 16(%r15) lg %r2,16(%r15) + larl %r1,OPENSSL_s390xcap_P + stg %r2,0(%r1) br %r14 .size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities @@ -67,6 +62,8 @@ OPENSSL_cleanse: lghi %r0,0 clgr %r3,%r4 jh .Lot + clgr %r3,%r0 + bcr 8,%r14 .Little: stc %r0,0(%r2) la %r2,1(%r2) @@ -88,3 +85,8 @@ OPENSSL_cleanse: jnz .Little br %r14 .size OPENSSL_cleanse,.-OPENSSL_cleanse + +.section .init + brasl %r14,OPENSSL_cpuid_setup + +.comm OPENSSL_s390xcap_P,8,8 diff --git a/lib/libssl/src/crypto/seed/Makefile b/lib/libssl/src/crypto/seed/Makefile index ffaeb84218d..4bc55e49164 100644 --- a/lib/libssl/src/crypto/seed/Makefile +++ b/lib/libssl/src/crypto/seed/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -75,13 +75,32 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -seed.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -seed.o: ../../include/openssl/seed.h seed.c seed_locl.h -seed_cbc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -seed_cbc.o: ../../include/openssl/seed.h seed_cbc.c seed_locl.h -seed_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -seed_cfb.o: ../../include/openssl/seed.h seed_cfb.c seed_locl.h -seed_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/seed.h +seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +seed.o: ../../include/openssl/seed.h ../../include/openssl/stack.h +seed.o: ../../include/openssl/symhacks.h seed.c seed_locl.h +seed_cbc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed_cbc.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +seed_cbc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +seed_cbc.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h +seed_cbc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +seed_cbc.o: seed_cbc.c +seed_cfb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed_cfb.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +seed_cfb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +seed_cfb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h +seed_cfb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +seed_cfb.o: seed_cfb.c +seed_ecb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed_ecb.o: ../../include/openssl/opensslconf.h +seed_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +seed_ecb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h +seed_ecb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h seed_ecb.o: seed_ecb.c -seed_ofb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -seed_ofb.o: ../../include/openssl/seed.h seed_locl.h seed_ofb.c +seed_ofb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +seed_ofb.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h +seed_ofb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +seed_ofb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h +seed_ofb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +seed_ofb.o: seed_ofb.c diff --git a/lib/libssl/src/crypto/seed/seed.c b/lib/libssl/src/crypto/seed/seed.c index 125dd7d66f6..2bc384a19f0 100644 --- a/lib/libssl/src/crypto/seed/seed.c +++ b/lib/libssl/src/crypto/seed/seed.c @@ -35,7 +35,7 @@ #include <openssl/seed.h> #include "seed_locl.h" -static seed_word SS[4][256] = { { +static const seed_word SS[4][256] = { { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314, @@ -187,6 +187,11 @@ static seed_word SS[4][256] = { { #define KC14 0xde6e678d #define KC15 0xbcdccf1b +#if defined(OPENSSL_SMALL_FOOTPRINT) +static const seed_word KC[] = { + KC0, KC1, KC2, KC3, KC4, KC5, KC6, KC7, + KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15 }; +#endif void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks) { @@ -201,6 +206,8 @@ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE t0 = (x1 + x3 - KC0) & 0xffffffff; t1 = (x2 - x4 + KC0) & 0xffffffff; KEYUPDATE_TEMP(t0, t1, &ks->data[0]); KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1); KEYUPDATE_TEMP(t0, t1, &ks->data[2]); + +#if !defined(OPENSSL_SMALL_FOOTPRINT) KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2); KEYUPDATE_TEMP(t0, t1, &ks->data[4]); KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3); KEYUPDATE_TEMP(t0, t1, &ks->data[6]); KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4); KEYUPDATE_TEMP(t0, t1, &ks->data[8]); @@ -215,6 +222,17 @@ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13); KEYUPDATE_TEMP(t0, t1, &ks->data[26]); KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14); KEYUPDATE_TEMP(t0, t1, &ks->data[28]); KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15); KEYUPDATE_TEMP(t0, t1, &ks->data[30]); +#else + { + int i; + for (i=2; i<16; i+=2) { + KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC[i]); + KEYUPDATE_TEMP(t0, t1, &ks->data[i*2]); + KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC[i+1]); + KEYUPDATE_TEMP(t0, t1, &ks->data[i*2+2]); + } + } +#endif } void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks) @@ -226,7 +244,8 @@ void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_B char2word(s+4, x2); char2word(s+8, x3); char2word(s+12, x4); - + +#if !defined(OPENSSL_SMALL_FOOTPRINT) E_SEED(t0, t1, x1, x2, x3, x4, 0); E_SEED(t0, t1, x3, x4, x1, x2, 2); E_SEED(t0, t1, x1, x2, x3, x4, 4); @@ -243,6 +262,15 @@ void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_B E_SEED(t0, t1, x3, x4, x1, x2, 26); E_SEED(t0, t1, x1, x2, x3, x4, 28); E_SEED(t0, t1, x3, x4, x1, x2, 30); +#else + { + int i; + for (i=0;i<30;i+=4) { + E_SEED(t0,t1,x1,x2,x3,x4,i); + E_SEED(t0,t1,x3,x4,x1,x2,i+2); + } + } +#endif word2char(x3, d); word2char(x4, d+4); @@ -259,7 +287,8 @@ void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_B char2word(s+4, x2); char2word(s+8, x3); char2word(s+12, x4); - + +#if !defined(OPENSSL_SMALL_FOOTPRINT) E_SEED(t0, t1, x1, x2, x3, x4, 30); E_SEED(t0, t1, x3, x4, x1, x2, 28); E_SEED(t0, t1, x1, x2, x3, x4, 26); @@ -276,6 +305,16 @@ void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_B E_SEED(t0, t1, x3, x4, x1, x2, 4); E_SEED(t0, t1, x1, x2, x3, x4, 2); E_SEED(t0, t1, x3, x4, x1, x2, 0); +#else + { + int i; + for (i=30; i>0; i-=4) { + E_SEED(t0, t1, x1, x2, x3, x4, i); + E_SEED(t0, t1, x3, x4, x1, x2, i-2); + + } + } +#endif word2char(x3, d); word2char(x4, d+4); diff --git a/lib/libssl/src/crypto/seed/seed.h b/lib/libssl/src/crypto/seed/seed.h index 427915ed9a9..6ffa5f024e8 100644 --- a/lib/libssl/src/crypto/seed/seed.h +++ b/lib/libssl/src/crypto/seed/seed.h @@ -82,6 +82,8 @@ #define HEADER_SEED_H #include <openssl/opensslconf.h> +#include <openssl/e_os2.h> +#include <openssl/crypto.h> #ifdef OPENSSL_NO_SEED #error SEED is disabled. diff --git a/lib/libssl/src/crypto/seed/seed_cbc.c b/lib/libssl/src/crypto/seed/seed_cbc.c index 4f718ccb44e..6c3f9b527af 100644 --- a/lib/libssl/src/crypto/seed/seed_cbc.c +++ b/lib/libssl/src/crypto/seed/seed_cbc.c @@ -49,81 +49,15 @@ * */ -#include "seed_locl.h" -#include <string.h> +#include <openssl/seed.h> +#include <openssl/modes.h> void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc) { - size_t n; - unsigned char tmp[SEED_BLOCK_SIZE]; - const unsigned char *iv = ivec; - if (enc) - { - while (len >= SEED_BLOCK_SIZE) - { - for (n = 0; n < SEED_BLOCK_SIZE; ++n) - out[n] = in[n] ^ iv[n]; - SEED_encrypt(out, out, ks); - iv = out; - len -= SEED_BLOCK_SIZE; - in += SEED_BLOCK_SIZE; - out += SEED_BLOCK_SIZE; - } - if (len) - { - for (n = 0; n < len; ++n) - out[n] = in[n] ^ iv[n]; - for (n = len; n < SEED_BLOCK_SIZE; ++n) - out[n] = iv[n]; - SEED_encrypt(out, out, ks); - iv = out; - } - memcpy(ivec, iv, SEED_BLOCK_SIZE); - } - else if (in != out) /* decrypt */ - { - while (len >= SEED_BLOCK_SIZE) - { - SEED_decrypt(in, out, ks); - for (n = 0; n < SEED_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - iv = in; - len -= SEED_BLOCK_SIZE; - in += SEED_BLOCK_SIZE; - out += SEED_BLOCK_SIZE; - } - if (len) - { - SEED_decrypt(in, tmp, ks); - for (n = 0; n < len; ++n) - out[n] = tmp[n] ^ iv[n]; - iv = in; - } - memcpy(ivec, iv, SEED_BLOCK_SIZE); - } - else /* decrypt, overlap */ - { - while (len >= SEED_BLOCK_SIZE) - { - memcpy(tmp, in, SEED_BLOCK_SIZE); - SEED_decrypt(in, out, ks); - for (n = 0; n < SEED_BLOCK_SIZE; ++n) - out[n] ^= ivec[n]; - memcpy(ivec, tmp, SEED_BLOCK_SIZE); - len -= SEED_BLOCK_SIZE; - in += SEED_BLOCK_SIZE; - out += SEED_BLOCK_SIZE; - } - if (len) - { - memcpy(tmp, in, SEED_BLOCK_SIZE); - SEED_decrypt(tmp, tmp, ks); - for (n = 0; n < len; ++n) - out[n] = tmp[n] ^ ivec[n]; - memcpy(ivec, tmp, SEED_BLOCK_SIZE); - } - } + CRYPTO_cbc128_encrypt(in,out,len,ks,ivec,(block128_f)SEED_encrypt); + else + CRYPTO_cbc128_decrypt(in,out,len,ks,ivec,(block128_f)SEED_decrypt); } diff --git a/lib/libssl/src/crypto/seed/seed_cfb.c b/lib/libssl/src/crypto/seed/seed_cfb.c index 07d878a7888..694597dd06e 100644 --- a/lib/libssl/src/crypto/seed/seed_cfb.c +++ b/lib/libssl/src/crypto/seed/seed_cfb.c @@ -105,40 +105,12 @@ * [including the GNU Public Licence.] */ -#include "seed_locl.h" -#include <string.h> +#include <openssl/seed.h> +#include <openssl/modes.h> void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc) { - int n; - unsigned char c; - - n = *num; - - if (enc) - { - while (len--) - { - if (n == 0) - SEED_encrypt(ivec, ivec, ks); - ivec[n] = *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % SEED_BLOCK_SIZE; - } - } - else - { - while (len--) - { - if (n == 0) - SEED_encrypt(ivec, ivec, ks); - c = *(in); - *(out++) = *(in++) ^ ivec[n]; - ivec[n] = c; - n = (n+1) % SEED_BLOCK_SIZE; - } - } - - *num = n; + CRYPTO_cfb128_encrypt(in,out,len,ks,ivec,num,enc,(block128_f)SEED_encrypt); } diff --git a/lib/libssl/src/crypto/seed/seed_ofb.c b/lib/libssl/src/crypto/seed/seed_ofb.c index e2f3f57a38c..3c8ba33bb9f 100644 --- a/lib/libssl/src/crypto/seed/seed_ofb.c +++ b/lib/libssl/src/crypto/seed/seed_ofb.c @@ -105,24 +105,12 @@ * [including the GNU Public Licence.] */ -#include "seed_locl.h" -#include <string.h> +#include <openssl/seed.h> +#include <openssl/modes.h> void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num) { - int n; - - n = *num; - - while (len--) - { - if (n == 0) - SEED_encrypt(ivec, ivec, ks); - *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % SEED_BLOCK_SIZE; - } - - *num = n; + CRYPTO_ofb128_encrypt(in,out,len,ks,ivec,num,(block128_f)SEED_encrypt); } diff --git a/lib/libssl/src/crypto/sha/Makefile b/lib/libssl/src/crypto/sha/Makefile index f4741b9ee63..e6eccb05f97 100644 --- a/lib/libssl/src/crypto/sha/Makefile +++ b/lib/libssl/src/crypto/sha/Makefile @@ -38,25 +38,16 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -# COFF -sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-cof.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -# a.out -sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-out.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +sha1-586.s: asm/sha1-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha256-586.s: asm/sha256-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha512-586.s: asm/sha512-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ sha1-ia64.s: asm/sha1-ia64.pl (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS)) @@ -65,10 +56,25 @@ sha256-ia64.s: asm/sha512-ia64.pl sha512-ia64.s: asm/sha512-ia64.pl (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) +sha256-armv4.s: asm/sha256-armv4.pl + $(PERL) $< $@ + # Solaris make has to be explicitly told -sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $@ -sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ -sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ +sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@ +sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha1-sparcv9.s: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS) +sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) +sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) + +sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@ +sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ +sha512-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +sha1-%.s: asm/sha1-%.pl; $(PERL) $< $@ +sha256-%.s: asm/sha512-%.pl; $(PERL) $< $@ +sha512-%.s: asm/sha512-%.pl; $(PERL) $< $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -113,31 +119,24 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sha1_one.o: sha1_one.c -sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -sha1dgst.o: ../../include/openssl/opensslconf.h +sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha256.o: ../md32_common.h sha256.c +sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c sha512.o: ../../e_os.h ../../include/openssl/bio.h sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c -sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha_dgst.o: ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../cryptlib.h sha512.c +sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl b/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl new file mode 100644 index 00000000000..88861af6411 --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl @@ -0,0 +1,234 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# sha1_block procedure for ARMv4. +# +# January 2007. + +# Size/performance trade-off +# ==================================================================== +# impl size in bytes comp cycles[*] measured performance +# ==================================================================== +# thumb 304 3212 4420 +# armv4-small 392/+29% 1958/+64% 2250/+96% +# armv4-compact 740/+89% 1552/+26% 1840/+22% +# armv4-large 1420/+92% 1307/+19% 1370/+34%[***] +# full unroll ~5100/+260% ~1260/+4% ~1300/+5% +# ==================================================================== +# thumb = same as 'small' but in Thumb instructions[**] and +# with recurring code in two private functions; +# small = detached Xload/update, loops are folded; +# compact = detached Xload/update, 5x unroll; +# large = interleaved Xload/update, 5x unroll; +# full unroll = interleaved Xload/update, full unroll, estimated[!]; +# +# [*] Manually counted instructions in "grand" loop body. Measured +# performance is affected by prologue and epilogue overhead, +# i-cache availability, branch penalties, etc. +# [**] While each Thumb instruction is twice smaller, they are not as +# diverse as ARM ones: e.g., there are only two arithmetic +# instructions with 3 arguments, no [fixed] rotate, addressing +# modes are limited. As result it takes more instructions to do +# the same job in Thumb, therefore the code is never twice as +# small and always slower. +# [***] which is also ~35% better than compiler generated code. + +$output=shift; +open STDOUT,">$output"; + +$ctx="r0"; +$inp="r1"; +$len="r2"; +$a="r3"; +$b="r4"; +$c="r5"; +$d="r6"; +$e="r7"; +$K="r8"; +$t0="r9"; +$t1="r10"; +$t2="r11"; +$t3="r12"; +$Xi="r14"; +@V=($a,$b,$c,$d,$e); + +# One can optimize this for aligned access on big-endian architecture, +# but code's endian neutrality makes it too pretty:-) +sub Xload { +my ($a,$b,$c,$d,$e)=@_; +$code.=<<___; + ldrb $t0,[$inp],#4 + ldrb $t1,[$inp,#-3] + ldrb $t2,[$inp,#-2] + ldrb $t3,[$inp,#-1] + add $e,$K,$e,ror#2 @ E+=K_00_19 + orr $t0,$t1,$t0,lsl#8 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + orr $t0,$t2,$t0,lsl#8 + eor $t1,$c,$d @ F_xx_xx + orr $t0,$t3,$t0,lsl#8 + add $e,$e,$t0 @ E+=X[i] + str $t0,[$Xi,#-4]! +___ +} +sub Xupdate { +my ($a,$b,$c,$d,$e,$flag)=@_; +$code.=<<___; + ldr $t0,[$Xi,#15*4] + ldr $t1,[$Xi,#13*4] + ldr $t2,[$Xi,#7*4] + ldr $t3,[$Xi,#2*4] + add $e,$K,$e,ror#2 @ E+=K_xx_xx + eor $t0,$t0,$t1 + eor $t0,$t0,$t2 + eor $t0,$t0,$t3 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) +___ +$code.=<<___ if (!defined($flag)); + eor $t1,$c,$d @ F_xx_xx, but not in 40_59 +___ +$code.=<<___; + mov $t0,$t0,ror#31 + add $e,$e,$t0 @ E+=X[i] + str $t0,[$Xi,#-4]! +___ +} + +sub BODY_00_15 { +my ($a,$b,$c,$d,$e)=@_; + &Xload(@_); +$code.=<<___; + and $t1,$b,$t1,ror#2 + eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) + add $e,$e,$t1 @ E+=F_00_19(B,C,D) +___ +} + +sub BODY_16_19 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_); +$code.=<<___; + and $t1,$b,$t1,ror#2 + eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) + add $e,$e,$t1 @ E+=F_00_19(B,C,D) +___ +} + +sub BODY_20_39 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_); +$code.=<<___; + eor $t1,$b,$t1,ror#2 @ F_20_39(B,C,D) + add $e,$e,$t1 @ E+=F_20_39(B,C,D) +___ +} + +sub BODY_40_59 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_,1); +$code.=<<___; + and $t1,$b,$c,ror#2 + orr $t2,$b,$c,ror#2 + and $t2,$t2,$d,ror#2 + orr $t1,$t1,$t2 @ F_40_59(B,C,D) + add $e,$e,$t1 @ E+=F_40_59(B,C,D) +___ +} + +$code=<<___; +.text + +.global sha1_block_data_order +.type sha1_block_data_order,%function + +.align 2 +sha1_block_data_order: + stmdb sp!,{r4-r12,lr} + add $len,$inp,$len,lsl#6 @ $len to point at the end of $inp + ldmia $ctx,{$a,$b,$c,$d,$e} +.Lloop: + ldr $K,.LK_00_19 + mov $Xi,sp + sub sp,sp,#15*4 + mov $c,$c,ror#30 + mov $d,$d,ror#30 + mov $e,$e,ror#30 @ [6] +.L_00_15: +___ +for($i=0;$i<5;$i++) { + &BODY_00_15(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp + bne .L_00_15 @ [((11+4)*5+2)*3] +___ + &BODY_00_15(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); +$code.=<<___; + + ldr $K,.LK_20_39 @ [+15+16*4] + sub sp,sp,#25*4 + cmn sp,#0 @ [+3], clear carry to denote 20_39 +.L_20_39_or_60_79: +___ +for($i=0;$i<5;$i++) { + &BODY_20_39(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp @ preserve carry + bne .L_20_39_or_60_79 @ [+((12+3)*5+2)*4] + bcs .L_done @ [+((12+3)*5+2)*4], spare 300 bytes + + ldr $K,.LK_40_59 + sub sp,sp,#20*4 @ [+2] +.L_40_59: +___ +for($i=0;$i<5;$i++) { + &BODY_40_59(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp + bne .L_40_59 @ [+((12+5)*5+2)*4] + + ldr $K,.LK_60_79 + sub sp,sp,#20*4 + cmp sp,#0 @ set carry to denote 60_79 + b .L_20_39_or_60_79 @ [+4], spare 300 bytes +.L_done: + add sp,sp,#80*4 @ "deallocate" stack frame + ldmia $ctx,{$K,$t0,$t1,$t2,$t3} + add $a,$K,$a + add $b,$t0,$b + add $c,$t1,$c,ror#2 + add $d,$t2,$d,ror#2 + add $e,$t3,$e,ror#2 + stmia $ctx,{$a,$b,$c,$d,$e} + teq $inp,$len + bne .Lloop @ [+18], total 1307 + + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +.align 2 +.LK_00_19: .word 0x5a827999 +.LK_20_39: .word 0x6ed9eba1 +.LK_40_59: .word 0x8f1bbcdc +.LK_60_79: .word 0xca62c1d6 +.size sha1_block_data_order,.-sha1_block_data_order +.asciz "SHA1 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 +___ + +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl b/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl new file mode 100755 index 00000000000..dcd0fcdfcfa --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl @@ -0,0 +1,319 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# I let hardware handle unaligned input(*), except on page boundaries +# (see below for details). Otherwise straightforward implementation +# with X vector in register bank. The module is big-endian [which is +# not big deal as there're no little-endian targets left around]. +# +# (*) this means that this module is inappropriate for PPC403? Does +# anybody know if pre-POWER3 can sustain unaligned load? + +# -m64 -m32 +# ---------------------------------- +# PPC970,gcc-4.0.0 +76% +59% +# Power6,xlc-7 +68% +33% + +$flavour = shift; + +if ($flavour =~ /64/) { + $SIZE_T =8; + $UCMP ="cmpld"; + $STU ="stdu"; + $POP ="ld"; + $PUSH ="std"; +} elsif ($flavour =~ /32/) { + $SIZE_T =4; + $UCMP ="cmplw"; + $STU ="stwu"; + $POP ="lwz"; + $PUSH ="stw"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$FRAME=24*$SIZE_T; + +$K ="r0"; +$sp ="r1"; +$toc="r2"; +$ctx="r3"; +$inp="r4"; +$num="r5"; +$t0 ="r15"; +$t1 ="r6"; + +$A ="r7"; +$B ="r8"; +$C ="r9"; +$D ="r10"; +$E ="r11"; +$T ="r12"; + +@V=($A,$B,$C,$D,$E,$T); +@X=("r16","r17","r18","r19","r20","r21","r22","r23", + "r24","r25","r26","r27","r28","r29","r30","r31"); + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___ if ($i==0); + lwz @X[$i],`$i*4`($inp) +___ +$code.=<<___ if ($i<15); + lwz @X[$j],`$j*4`($inp) + add $f,$K,$e + rotlwi $e,$a,5 + add $f,$f,@X[$i] + and $t0,$c,$b + add $f,$f,$e + andc $t1,$d,$b + rotlwi $b,$b,30 + or $t0,$t0,$t1 + add $f,$f,$t0 +___ +$code.=<<___ if ($i>=15); + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + and $t0,$c,$b + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + andc $t1,$d,$b + rotlwi $b,$b,30 + or $t0,$t0,$t1 + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + add $f,$f,$t0 + rotlwi @X[$j%16],@X[$j%16],1 +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___ if ($i<79); + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + xor $t0,$b,$c + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + rotlwi $b,$b,30 + xor $t0,$t0,$d + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + add $f,$f,$t0 + rotlwi @X[$j%16],@X[$j%16],1 +___ +$code.=<<___ if ($i==79); + add $f,$K,$e + rotlwi $e,$a,5 + lwz r16,0($ctx) + add $f,$f,@X[$i%16] + xor $t0,$b,$c + lwz r17,4($ctx) + add $f,$f,$e + rotlwi $b,$b,30 + lwz r18,8($ctx) + xor $t0,$t0,$d + lwz r19,12($ctx) + add $f,$f,$t0 + lwz r20,16($ctx) +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___; + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + and $t0,$b,$c + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + or $t1,$b,$c + rotlwi $b,$b,30 + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + and $t1,$t1,$d + or $t0,$t0,$t1 + rotlwi @X[$j%16],@X[$j%16],1 + add $f,$f,$t0 +___ +} + +$code=<<___; +.machine "any" +.text + +.globl .sha1_block_data_order +.align 4 +.sha1_block_data_order: + mflr r0 + $STU $sp,`-($FRAME+64)`($sp) + $PUSH r0,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + lwz $A,0($ctx) + lwz $B,4($ctx) + lwz $C,8($ctx) + lwz $D,12($ctx) + lwz $E,16($ctx) + andi. r0,$inp,3 + bne Lunaligned +Laligned: + mtctr $num + bl Lsha1_block_private +Ldone: + $POP r0,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,`$FRAME+64` + blr +___ + +# PowerPC specification allows an implementation to be ill-behaved +# upon unaligned access which crosses page boundary. "Better safe +# than sorry" principle makes me treat it specially. But I don't +# look for particular offending word, but rather for 64-byte input +# block which crosses the boundary. Once found that block is aligned +# and hashed separately... +$code.=<<___; +.align 4 +Lunaligned: + subfic $t1,$inp,4096 + andi. $t1,$t1,4095 ; distance to closest page boundary + srwi. $t1,$t1,6 ; t1/=64 + beq Lcross_page + $UCMP $num,$t1 + ble- Laligned ; didn't cross the page boundary + mtctr $t1 + subfc $num,$t1,$num + bl Lsha1_block_private +Lcross_page: + li $t1,16 + mtctr $t1 + addi r20,$sp,$FRAME ; spot below the frame +Lmemcpy: + lbz r16,0($inp) + lbz r17,1($inp) + lbz r18,2($inp) + lbz r19,3($inp) + addi $inp,$inp,4 + stb r16,0(r20) + stb r17,1(r20) + stb r18,2(r20) + stb r19,3(r20) + addi r20,r20,4 + bdnz Lmemcpy + + $PUSH $inp,`$FRAME-$SIZE_T*19`($sp) + li $t1,1 + addi $inp,$sp,$FRAME + mtctr $t1 + bl Lsha1_block_private + $POP $inp,`$FRAME-$SIZE_T*19`($sp) + addic. $num,$num,-1 + bne- Lunaligned + b Ldone +___ + +# This is private block function, which uses tailored calling +# interface, namely upon entry SHA_CTX is pre-loaded to given +# registers and counter register contains amount of chunks to +# digest... +$code.=<<___; +.align 4 +Lsha1_block_private: +___ +$code.=<<___; # load K_00_19 + lis $K,0x5a82 + ori $K,$K,0x7999 +___ +for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_20_39 + lis $K,0x6ed9 + ori $K,$K,0xeba1 +___ +for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_40_59 + lis $K,0x8f1b + ori $K,$K,0xbcdc +___ +for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_60_79 + lis $K,0xca62 + ori $K,$K,0xc1d6 +___ +for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add r16,r16,$E + add r17,r17,$T + add r18,r18,$A + add r19,r19,$B + add r20,r20,$C + stw r16,0($ctx) + mr $A,r16 + stw r17,4($ctx) + mr $B,r17 + stw r18,8($ctx) + mr $C,r18 + stw r19,12($ctx) + mr $D,r19 + stw r20,16($ctx) + mr $E,r20 + addi $inp,$inp,`16*4` + bdnz- Lsha1_block_private + blr +___ +$code.=<<___; +.asciz "SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>" +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl b/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl new file mode 100644 index 00000000000..4b17848287a --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl @@ -0,0 +1,226 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA1 block procedure for s390x. + +# April 2007. +# +# Performance is >30% better than gcc 3.3 generated code. But the real +# twist is that SHA1 hardware support is detected and utilized. In +# which case performance can reach further >4.5x for larger chunks. + +# January 2009. +# +# Optimize Xupdate for amount of memory references and reschedule +# instructions to favour dual-issue z10 pipeline. On z10 hardware is +# "only" ~2.3x faster than software. + +$kimdfunc=1; # magic function code for kimd instruction + +$output=shift; +open STDOUT,">$output"; + +$K_00_39="%r0"; $K=$K_00_39; +$K_40_79="%r1"; +$ctx="%r2"; $prefetch="%r2"; +$inp="%r3"; +$len="%r4"; + +$A="%r5"; +$B="%r6"; +$C="%r7"; +$D="%r8"; +$E="%r9"; @V=($A,$B,$C,$D,$E); +$t0="%r10"; +$t1="%r11"; +@X=("%r12","%r13","%r14"); +$sp="%r15"; + +$frame=160+16*4; + +sub Xupdate { +my $i=shift; + +$code.=<<___ if ($i==15); + lg $prefetch,160($sp) ### Xupdate(16) warm-up + lr $X[0],$X[2] +___ +return if ($i&1); # Xupdate is vectorized and executed every 2nd cycle +$code.=<<___ if ($i<16); + lg $X[0],`$i*4`($inp) ### Xload($i) + rllg $X[1],$X[0],32 +___ +$code.=<<___ if ($i>=16); + xgr $X[0],$prefetch ### Xupdate($i) + lg $prefetch,`160+4*(($i+2)%16)`($sp) + xg $X[0],`160+4*(($i+8)%16)`($sp) + xgr $X[0],$prefetch + rll $X[0],$X[0],1 + rllg $X[1],$X[0],32 + rll $X[1],$X[1],1 + rllg $X[0],$X[1],32 + lr $X[2],$X[1] # feedback +___ +$code.=<<___ if ($i<=70); + stg $X[0],`160+4*($i%16)`($sp) +___ +unshift(@X,pop(@X)); +} + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=$X[1]; + + &Xupdate($i); +$code.=<<___; + alr $e,$K ### $i + rll $t1,$a,5 + lr $t0,$d + xr $t0,$c + alr $e,$t1 + nr $t0,$b + alr $e,$xi + xr $t0,$d + rll $b,$b,30 + alr $e,$t0 +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=$X[1]; + + &Xupdate($i); +$code.=<<___; + alr $e,$K ### $i + rll $t1,$a,5 + lr $t0,$b + alr $e,$t1 + xr $t0,$c + alr $e,$xi + xr $t0,$d + rll $b,$b,30 + alr $e,$t0 +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=$X[1]; + + &Xupdate($i); +$code.=<<___; + alr $e,$K ### $i + rll $t1,$a,5 + lr $t0,$b + alr $e,$t1 + or $t0,$c + lr $t1,$b + nr $t0,$d + nr $t1,$c + alr $e,$xi + or $t0,$t1 + rll $b,$b,30 + alr $e,$t0 +___ +} + +$code.=<<___; +.text +.align 64 +.type Ktable,\@object +Ktable: .long 0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6 + .skip 48 #.long 0,0,0,0,0,0,0,0,0,0,0,0 +.size Ktable,.-Ktable +.globl sha1_block_data_order +.type sha1_block_data_order,\@function +sha1_block_data_order: +___ +$code.=<<___ if ($kimdfunc); + larl %r1,OPENSSL_s390xcap_P + lg %r0,0(%r1) + tmhl %r0,0x4000 # check for message-security assist + jz .Lsoftware + lghi %r0,0 + la %r1,16($sp) + .long 0xb93e0002 # kimd %r0,%r2 + lg %r0,16($sp) + tmhh %r0,`0x8000>>$kimdfunc` + jz .Lsoftware + lghi %r0,$kimdfunc + lgr %r1,$ctx + lgr %r2,$inp + sllg %r3,$len,6 + .long 0xb93e0002 # kimd %r0,%r2 + brc 1,.-4 # pay attention to "partial completion" + br %r14 +.align 16 +.Lsoftware: +___ +$code.=<<___; + lghi %r1,-$frame + stg $ctx,16($sp) + stmg %r6,%r15,48($sp) + lgr %r0,$sp + la $sp,0(%r1,$sp) + stg %r0,0($sp) + + larl $t0,Ktable + llgf $A,0($ctx) + llgf $B,4($ctx) + llgf $C,8($ctx) + llgf $D,12($ctx) + llgf $E,16($ctx) + + lg $K_00_39,0($t0) + lg $K_40_79,8($t0) + +.Lloop: + rllg $K_00_39,$K_00_39,32 +___ +for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + rllg $K_00_39,$K_00_39,32 +___ +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; $K=$K_40_79; + rllg $K_40_79,$K_40_79,32 +___ +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + rllg $K_40_79,$K_40_79,32 +___ +for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + + lg $ctx,`$frame+16`($sp) + la $inp,64($inp) + al $A,0($ctx) + al $B,4($ctx) + al $C,8($ctx) + al $D,12($ctx) + al $E,16($ctx) + st $A,0($ctx) + st $B,4($ctx) + st $C,8($ctx) + st $D,12($ctx) + st $E,16($ctx) + brct $len,.Lloop + + lmg %r6,%r15,`$frame+48`($sp) + br %r14 +.size sha1_block_data_order,.-sha1_block_data_order +.string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>" +.comm OPENSSL_s390xcap_P,8,8 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; + +print $code; +close STDOUT; diff --git a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl new file mode 100644 index 00000000000..8306fc88ccf --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl @@ -0,0 +1,283 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# Performance improvement is not really impressive on pre-T1 CPU: +8% +# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it +# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and +# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick. +# X[16] vector is packed to 8 64-bit registers and as result nothing +# is spilled on stack. In addition input data is loaded in compact +# instruction sequence, thus minimizing the window when the code is +# subject to [inter-thread] cache-thrashing hazard. The goal is to +# ensure scalability on UltraSPARC T1, or rather to avoid decay when +# amount of active threads exceeds the number of physical cores. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); +$rot1m="%g2"; +$tmp64="%g3"; +$Xi="%g4"; +$A="%l0"; +$B="%l1"; +$C="%l2"; +$D="%l3"; +$E="%l4"; +@V=($A,$B,$C,$D,$E); +$K_00_19="%l5"; +$K_20_39="%l6"; +$K_40_59="%l7"; +$K_60_79="%g5"; +@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79); + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$tmp0="%i3"; +$tmp1="%i4"; +$tmp2="%i5"; + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=($i&1)?@X[($i/2)%8]:$Xi; + +$code.=<<___; + sll $a,5,$tmp0 !! $i + add @K[$i/20],$e,$e + srl $a,27,$tmp1 + add $tmp0,$e,$e + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + andn $d,$b,$tmp1 + srl $b,2,$b + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $xi,$e,$e +___ +if ($i&1 && $i<15) { + $code.= + " srlx @X[(($i+1)/2)%8],32,$Xi\n"; +} +$code.=<<___; + add $tmp1,$e,$e +___ +} + +sub Xupdate { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i/2; + +if ($i&1) { +$code.=<<___; + sll $a,5,$tmp0 !! $i + add @K[$i/20],$e,$e + srl $a,27,$tmp1 +___ +} else { +$code.=<<___; + sllx @X[($j+6)%8],32,$Xi ! Xupdate($i) + xor @X[($j+1)%8],@X[$j%8],@X[$j%8] + srlx @X[($j+7)%8],32,$tmp1 + xor @X[($j+4)%8],@X[$j%8],@X[$j%8] + sll $a,5,$tmp0 !! $i + or $tmp1,$Xi,$Xi + add @K[$i/20],$e,$e !! + xor $Xi,@X[$j%8],@X[$j%8] + srlx @X[$j%8],31,$Xi + add @X[$j%8],@X[$j%8],@X[$j%8] + and $Xi,$rot1m,$Xi + andn @X[$j%8],$rot1m,@X[$j%8] + srl $a,27,$tmp1 !! + or $Xi,@X[$j%8],@X[$j%8] +___ +} +} + +sub BODY_16_19 { +my ($i,$a,$b,$c,$d,$e)=@_; + + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + add $xi,$e,$e + andn $d,$b,$tmp1 + srl $b,2,$b + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi; + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $xi,$e,$e +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi; + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + or $c,$b,$tmp1 + srl $b,2,$b + and $d,$tmp1,$tmp1 + add $xi,$e,$e + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +} + +$code.=<<___ if ($bits==64); +.register %g2,#scratch +.register %g3,#scratch +___ +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 32 +.globl sha1_block_data_order +sha1_block_data_order: + save %sp,-$frame,%sp + sllx $len,6,$len + add $inp,$len,$len + + or %g0,1,$rot1m + sllx $rot1m,32,$rot1m + or $rot1m,1,$rot1m + + ld [$ctx+0],$A + ld [$ctx+4],$B + ld [$ctx+8],$C + ld [$ctx+12],$D + ld [$ctx+16],$E + andn $inp,7,$tmp0 + + sethi %hi(0x5a827999),$K_00_19 + or $K_00_19,%lo(0x5a827999),$K_00_19 + sethi %hi(0x6ed9eba1),$K_20_39 + or $K_20_39,%lo(0x6ed9eba1),$K_20_39 + sethi %hi(0x8f1bbcdc),$K_40_59 + or $K_40_59,%lo(0x8f1bbcdc),$K_40_59 + sethi %hi(0xca62c1d6),$K_60_79 + or $K_60_79,%lo(0xca62c1d6),$K_60_79 + +.Lloop: + ldx [$tmp0+0],@X[0] + ldx [$tmp0+16],@X[2] + ldx [$tmp0+32],@X[4] + ldx [$tmp0+48],@X[6] + and $inp,7,$tmp1 + ldx [$tmp0+8],@X[1] + sll $tmp1,3,$tmp1 + ldx [$tmp0+24],@X[3] + subcc %g0,$tmp1,$tmp2 ! should be 64-$tmp1, but -$tmp1 works too + ldx [$tmp0+40],@X[5] + bz,pt %icc,.Laligned + ldx [$tmp0+56],@X[7] + + sllx @X[0],$tmp1,@X[0] + ldx [$tmp0+64],$tmp64 +___ +for($i=0;$i<7;$i++) +{ $code.=<<___; + srlx @X[$i+1],$tmp2,$Xi + sllx @X[$i+1],$tmp1,@X[$i+1] + or $Xi,@X[$i],@X[$i] +___ +} +$code.=<<___; + srlx $tmp64,$tmp2,$tmp64 + or $tmp64,@X[7],@X[7] +.Laligned: + srlx @X[0],32,$Xi +___ +for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +for (;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); } +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + + ld [$ctx+0],@X[0] + ld [$ctx+4],@X[1] + ld [$ctx+8],@X[2] + ld [$ctx+12],@X[3] + add $inp,64,$inp + ld [$ctx+16],@X[4] + cmp $inp,$len + + add $A,@X[0],$A + st $A,[$ctx+0] + add $B,@X[1],$B + st $B,[$ctx+4] + add $C,@X[2],$C + st $C,[$ctx+8] + add $D,@X[3],$D + st $D,[$ctx+12] + add $E,@X[4],$E + st $E,[$ctx+16] + + bne `$bits==64?"%xcc":"%icc"`,.Lloop + andn $inp,7,$tmp0 + + ret + restore +.type sha1_block_data_order,#function +.size sha1_block_data_order,(.-sha1_block_data_order) +.asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl new file mode 100644 index 00000000000..15eb854badc --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl @@ -0,0 +1,600 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# January 2009 +# +# Provided that UltraSPARC VIS instructions are pipe-lined(*) and +# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC +# Graphic Unit would make it possible to achieve higher instruction- +# level parallelism, ILP, and thus higher performance. It should be +# explicitly noted that ILP is the keyword, and it means that this +# code would be unsuitable for cores like UltraSPARC-Tx. The idea is +# not really novel, Sun had VIS-powered implementation for a while. +# Unlike Sun's implementation this one can process multiple unaligned +# input blocks, and as such works as drop-in replacement for OpenSSL +# sha1_block_data_order. Performance improvement was measured to be +# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on +# UltraSPARC-III. See below for discussion... +# +# The module does not present direct interest for OpenSSL, because +# it doesn't provide better performance on contemporary SPARCv9 CPUs, +# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they +# absolutely must score on UltraSPARC-I-IV can simply replace +# crypto/sha/asm/sha1-sparcv9.pl with this module. +# +# (*) "Pipe-lined" means that even if it takes several cycles to +# complete, next instruction using same functional unit [but not +# depending on the result of the current instruction] can start +# execution without having to wait for the unit. "Pairable" +# means that two [or more] independent instructions can be +# issued at the very same time. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$tmp0="%i3"; +$tmp1="%i4"; +$tmp2="%i5"; +$tmp3="%g5"; + +$base="%g1"; +$align="%g4"; +$Xfer="%o5"; +$nXfer=$tmp3; +$Xi="%o7"; + +$A="%l0"; +$B="%l1"; +$C="%l2"; +$D="%l3"; +$E="%l4"; +@V=($A,$B,$C,$D,$E); + +$Actx="%o0"; +$Bctx="%o1"; +$Cctx="%o2"; +$Dctx="%o3"; +$Ectx="%o4"; + +$fmul="%f32"; +$VK_00_19="%f34"; +$VK_20_39="%f36"; +$VK_40_59="%f38"; +$VK_60_79="%f40"; +@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79); +@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7", + "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16"); + +# This is reference 2x-parallelized VIS-powered Xupdate procedure. It +# covers even K_NN_MM addition... +sub Xupdate { +my ($i)=@_; +my $K=@VK[($i+16)/20]; +my $j=($i+16)%16; + +# [ provided that GSR.alignaddr_offset is 5, $mul contains +# 0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to +# chosen registers... ] +$code.=<<___; + fxors @X[($j+13)%16],@X[$j],@X[$j] !-1/-1/-1:X[0]^=X[13] + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + ![fxors %f15,%f2,%f2] + for %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + ![fxors %f0,%f3,%f3] !10/17/12:X[0] dependency + fpadd32 $K,@X[$j],%f20 + std %f20,[$Xfer+`4*$j`] +___ +# The numbers delimited with slash are the earliest possible dispatch +# cycles for given instruction assuming 1 cycle latency for simple VIS +# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as +# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being +# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1 +# round. As [long as] FPU/VIS instructions are perfectly pairable with +# IALU ones, the round timing is defined by the maximum between VIS +# and IALU timings. The latter varies from round to round and averages +# out at 6.25 ticks. This means that USI&II should operate at IALU +# rate, while USIII&IV - at VIS rate. This explains why performance +# improvement varies among processors. Well, given that pure IALU +# sha1-sparcv9.pl module exhibits virtually uniform performance of +# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical +# lower limits. Real-life performance was measured to be 6.6 cycles +# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than +# half-round VIS timing, because there are 16 Xupdate-free rounds, +# which "push down" average theoretical timing to 8 cycles... + +# (*) SPARC64-V[II] was originally believed to have 2 cycles VIS +# latency. Well, it might have, but it doesn't have dedicated +# VIS-unit. Instead, VIS instructions are executed by other +# functional units, ones used here - by IALU. This doesn't +# improve effective ILP... +} + +# The reference Xupdate procedure is then "strained" over *pairs* of +# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13] +# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves +# plenty of room to amortize for read-after-write hazard, as well as +# to fetch and align input for the next spin. The VIS instructions are +# scheduled for latency of 2 cycles, because there are not enough IALU +# instructions to schedule for latency of 3, while scheduling for 1 +# would give no gain on USI&II anyway. + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1)); + sll $a,5,$tmp0 !! $i + and $c,$b,$tmp3 + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + sll $b,30,$tmp2 + add $tmp1,$e,$e + andn $d,$b,$tmp1 + add $Xi,$e,$e + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + or $tmp1,$tmp3,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 +___ +$code.=<<___ if ($i&1); + sll $a,5,$tmp0 !! $i + and $c,$b,$tmp3 + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + sll $b,30,$tmp2 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + andn $d,$b,$tmp1 + add $Xi,$e,$e + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + or $tmp1,$tmp3,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +$code.=<<___ if ($i&1 && $i>=2); + std %f20,[$Xfer+`4*$l`] ! +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1) && $i<64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 +___ +$code.=<<___ if ($i&1 && $i<64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + xor $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + add $tmp1,$e,$e + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + or $tmp2,$b,$b + add $Xi,$e,$e + std %f20,[$Xfer+`4*$l`] ! +___ +$code.=<<___ if ($i==64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 $K,@X[$l],%f20 + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + std %f20,[$Xfer+`4*$l`] + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i>64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1)); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + or $c,$b,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + and $d,$tmp1,$tmp1 + add $Xi,$e,$e + or $tmp1,$tmp0,$tmp1 + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 + or $tmp2,$b,$b + add $tmp1,$e,$e + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 +___ +$code.=<<___ if ($i&1); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + and $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + sll $b,30,$tmp2 + or $c,$b,$tmp1 + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + and $d,$tmp1,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + add $Xi,$e,$e + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e + std %f20,[$Xfer+`4*$l`] ! +___ +} + +# If there is more data to process, then we pre-fetch the data for +# next iteration in last ten rounds... +sub BODY_70_79 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $m=($i%8)*2; + +$j=($j+16)%16; + +$code.=<<___ if ($i==70); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + ldd [$inp+64],@X[0] + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e + + and $inp,-64,$nXfer + inc 64,$inp + and $nXfer,255,$nXfer + alignaddr %g0,$align,%g0 + add $base,$nXfer,$nXfer +___ +$code.=<<___ if ($i==71); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i>=72); + faligndata @X[$m],@X[$m+2],@X[$m] + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $VK_00_19,@X[$m],%f20 + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i<77); + ldd [$inp+`8*($i+1-70)`],@X[2*($i+1-70)] +___ +$code.=<<___ if ($i==77); # redundant if $inp was aligned + add $align,63,$tmp0 + and $tmp0,-8,$tmp0 + ldd [$inp+$tmp0],@X[16] +___ +$code.=<<___ if ($i>=72); + std %f20,[$nXfer+`4*$m`] +___ +} + +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 64 +vis_const: +.long 0x5a827999,0x5a827999 ! K_00_19 +.long 0x6ed9eba1,0x6ed9eba1 ! K_20_39 +.long 0x8f1bbcdc,0x8f1bbcdc ! K_40_59 +.long 0xca62c1d6,0xca62c1d6 ! K_60_79 +.long 0x00000100,0x00000100 +.align 64 +.type vis_const,#object +.size vis_const,(.-vis_const) + +.globl sha1_block_data_order +sha1_block_data_order: + save %sp,-$frame,%sp + add %fp,$bias-256,$base + +1: call .+8 + add %o7,vis_const-1b,$tmp0 + + ldd [$tmp0+0],$VK_00_19 + ldd [$tmp0+8],$VK_20_39 + ldd [$tmp0+16],$VK_40_59 + ldd [$tmp0+24],$VK_60_79 + ldd [$tmp0+32],$fmul + + ld [$ctx+0],$Actx + and $base,-256,$base + ld [$ctx+4],$Bctx + sub $base,$bias+$frame,%sp + ld [$ctx+8],$Cctx + and $inp,7,$align + ld [$ctx+12],$Dctx + and $inp,-8,$inp + ld [$ctx+16],$Ectx + + ! X[16] is maintained in FP register bank + alignaddr %g0,$align,%g0 + ldd [$inp+0],@X[0] + sub $inp,-64,$Xfer + ldd [$inp+8],@X[2] + and $Xfer,-64,$Xfer + ldd [$inp+16],@X[4] + and $Xfer,255,$Xfer + ldd [$inp+24],@X[6] + add $base,$Xfer,$Xfer + ldd [$inp+32],@X[8] + ldd [$inp+40],@X[10] + ldd [$inp+48],@X[12] + brz,pt $align,.Laligned + ldd [$inp+56],@X[14] + + ldd [$inp+64],@X[16] + faligndata @X[0],@X[2],@X[0] + faligndata @X[2],@X[4],@X[2] + faligndata @X[4],@X[6],@X[4] + faligndata @X[6],@X[8],@X[6] + faligndata @X[8],@X[10],@X[8] + faligndata @X[10],@X[12],@X[10] + faligndata @X[12],@X[14],@X[12] + faligndata @X[14],@X[16],@X[14] + +.Laligned: + mov 5,$tmp0 + dec 1,$len + alignaddr %g0,$tmp0,%g0 + fpadd32 $VK_00_19,@X[0],%f16 + fpadd32 $VK_00_19,@X[2],%f18 + fpadd32 $VK_00_19,@X[4],%f20 + fpadd32 $VK_00_19,@X[6],%f22 + fpadd32 $VK_00_19,@X[8],%f24 + fpadd32 $VK_00_19,@X[10],%f26 + fpadd32 $VK_00_19,@X[12],%f28 + fpadd32 $VK_00_19,@X[14],%f30 + std %f16,[$Xfer+0] + mov $Actx,$A + std %f18,[$Xfer+8] + mov $Bctx,$B + std %f20,[$Xfer+16] + mov $Cctx,$C + std %f22,[$Xfer+24] + mov $Dctx,$D + std %f24,[$Xfer+32] + mov $Ectx,$E + std %f26,[$Xfer+40] + fxors @X[13],@X[0],@X[0] + std %f28,[$Xfer+48] + ba .Loop + std %f30,[$Xfer+56] +.align 32 +.Loop: +___ +for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +for (;$i<70;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + tst $len + bz,pn `$bits==32?"%icc":"%xcc"`,.Ltail + nop +___ +for (;$i<80;$i++) { &BODY_70_79($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add $A,$Actx,$Actx + add $B,$Bctx,$Bctx + add $C,$Cctx,$Cctx + add $D,$Dctx,$Dctx + add $E,$Ectx,$Ectx + mov 5,$tmp0 + fxors @X[13],@X[0],@X[0] + mov $Actx,$A + mov $Bctx,$B + mov $Cctx,$C + mov $Dctx,$D + mov $Ectx,$E + alignaddr %g0,$tmp0,%g0 + dec 1,$len + ba .Loop + mov $nXfer,$Xfer + +.align 32 +.Ltail: +___ +for($i=70;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add $A,$Actx,$Actx + add $B,$Bctx,$Bctx + add $C,$Cctx,$Cctx + add $D,$Dctx,$Dctx + add $E,$Ectx,$Ectx + + st $Actx,[$ctx+0] + st $Bctx,[$ctx+4] + st $Cctx,[$ctx+8] + st $Dctx,[$ctx+12] + st $Ectx,[$ctx+16] + + ret + restore +.type sha1_block_data_order,#function +.size sha1_block_data_order,(.-sha1_block_data_order) +.asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>" +___ + +# Purpose of these subroutines is to explicitly encode VIS instructions, +# so that one can compile the module without having to specify VIS +# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. +# Idea is to reserve for option to produce "universal" binary and let +# programmer detect if current CPU is VIS capable at run-time. +sub unvis { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my $ref,$opf; +my %visopf = ( "fmul8ulx16" => 0x037, + "faligndata" => 0x048, + "fpadd32" => 0x052, + "fxor" => 0x06c, + "fxors" => 0x06d ); + + $ref = "$mnemonic\t$rs1,$rs2,$rd"; + + if ($opf=$visopf{$mnemonic}) { + foreach ($rs1,$rs2,$rd) { + return $ref if (!/%f([0-9]{1,2})/); + $_=$1; + if ($1>=32) { + return $ref if ($1&1); + # re-encode for upper double register addressing + $_=($1|$1>>5)&31; + } + } + + return sprintf ".word\t0x%08x !%s", + 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, + $ref; + } else { + return $ref; + } +} +sub unalignaddr { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); +my $ref="$mnemonic\t$rs1,$rs2,$rd"; + + foreach ($rs1,$rs2,$rd) { + if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } + else { return $ref; } + } + return sprintf ".word\t0x%08x !%s", + 0x81b00300|$rd<<25|$rs1<<14|$rs2, + $ref; +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/ + &unvis($1,$2,$3,$4) + /gem; +$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/ + &unalignaddr($1,$2,$3,$4) + /gem; +print $code; +close STDOUT; diff --git a/lib/libssl/src/crypto/sha/asm/sha1-thumb.pl b/lib/libssl/src/crypto/sha/asm/sha1-thumb.pl new file mode 100644 index 00000000000..7c9ea9b0296 --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha1-thumb.pl @@ -0,0 +1,259 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# sha1_block for Thumb. +# +# January 2007. +# +# The code does not present direct interest to OpenSSL, because of low +# performance. Its purpose is to establish _size_ benchmark. Pretty +# useless one I must say, because 30% or 88 bytes larger ARMv4 code +# [avialable on demand] is almost _twice_ as fast. It should also be +# noted that in-lining of .Lcommon and .Lrotate improves performance +# by over 40%, while code increases by only 10% or 32 bytes. But once +# again, the goal was to establish _size_ benchmark, not performance. + +$output=shift; +open STDOUT,">$output"; + +$inline=0; +#$cheat_on_binutils=1; + +$t0="r0"; +$t1="r1"; +$t2="r2"; +$a="r3"; +$b="r4"; +$c="r5"; +$d="r6"; +$e="r7"; +$K="r8"; # "upper" registers can be used in add/sub and mov insns +$ctx="r9"; +$inp="r10"; +$len="r11"; +$Xi="r12"; + +sub common { +<<___; + sub $t0,#4 + ldr $t1,[$t0] + add $e,$K @ E+=K_xx_xx + lsl $t2,$a,#5 + add $t2,$e + lsr $e,$a,#27 + add $t2,$e @ E+=ROR(A,27) + add $t2,$t1 @ E+=X[i] +___ +} +sub rotate { +<<___; + mov $e,$d @ E=D + mov $d,$c @ D=C + lsl $c,$b,#30 + lsr $b,$b,#2 + orr $c,$b @ C=ROR(B,2) + mov $b,$a @ B=A + add $a,$t2,$t1 @ A=E+F_xx_xx(B,C,D) +___ +} + +sub BODY_00_19 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$c + eor $t1,$d + and $t1,$b + eor $t1,$d @ F_00_19(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +sub BODY_20_39 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$b + eor $t1,$c + eor $t1,$d @ F_20_39(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +sub BODY_40_59 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$b + and $t1,$c + mov $e,$b + orr $e,$c + and $e,$d + orr $t1,$e @ F_40_59(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +$code=<<___; +.text +.code 16 + +.global sha1_block_data_order +.type sha1_block_data_order,%function + +.align 2 +sha1_block_data_order: +___ +if ($cheat_on_binutils) { +$code.=<<___; +.code 32 + add r3,pc,#1 + bx r3 @ switch to Thumb ISA +.code 16 +___ +} +$code.=<<___; + push {r4-r7} + mov r3,r8 + mov r4,r9 + mov r5,r10 + mov r6,r11 + mov r7,r12 + push {r3-r7,lr} + lsl r2,#6 + mov $ctx,r0 @ save context + mov $inp,r1 @ save inp + mov $len,r2 @ save len + add $len,$inp @ $len to point at inp end + +.Lloop: + mov $Xi,sp + mov $t2,sp + sub $t2,#16*4 @ [3] +.LXload: + ldrb $a,[$t1,#0] @ $t1 is r1 and holds inp + ldrb $b,[$t1,#1] + ldrb $c,[$t1,#2] + ldrb $d,[$t1,#3] + lsl $a,#24 + lsl $b,#16 + lsl $c,#8 + orr $a,$b + orr $a,$c + orr $a,$d + add $t1,#4 + push {$a} + cmp sp,$t2 + bne .LXload @ [+14*16] + + mov $inp,$t1 @ update $inp + sub $t2,#32*4 + sub $t2,#32*4 + mov $e,#31 @ [+4] +.LXupdate: + ldr $a,[sp,#15*4] + ldr $b,[sp,#13*4] + ldr $c,[sp,#7*4] + ldr $d,[sp,#2*4] + eor $a,$b + eor $a,$c + eor $a,$d + ror $a,$e + push {$a} + cmp sp,$t2 + bne .LXupdate @ [+(11+1)*64] + + ldmia $t0!,{$a,$b,$c,$d,$e} @ $t0 is r0 and holds ctx + mov $t0,$Xi + + ldr $t2,.LK_00_19 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+7+4] +.L_00_19: +___ + &BODY_00_19(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_00_19 @ [+(2+9+4+2+8+2)*20] + + ldr $t2,.LK_20_39 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+5] +.L_20_39_or_60_79: +___ + &BODY_20_39(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_20_39_or_60_79 @ [+(2+9+3+2+8+2)*20*2] + cmp sp,$t0 + beq .Ldone @ [+2] + + ldr $t2,.LK_40_59 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+5] +.L_40_59: +___ + &BODY_40_59(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_40_59 @ [+(2+9+6+2+8+2)*20] + + ldr $t2,.LK_60_79 + mov $Xi,sp + mov $K,$t2 + b .L_20_39_or_60_79 @ [+4] +.Ldone: + mov $t0,$ctx + ldr $t1,[$t0,#0] + ldr $t2,[$t0,#4] + add $a,$t1 + ldr $t1,[$t0,#8] + add $b,$t2 + ldr $t2,[$t0,#12] + add $c,$t1 + ldr $t1,[$t0,#16] + add $d,$t2 + add $e,$t1 + stmia $t0!,{$a,$b,$c,$d,$e} @ [+20] + + add sp,#80*4 @ deallocate stack frame + mov $t0,$ctx @ restore ctx + mov $t1,$inp @ restore inp + cmp $t1,$len + beq .Lexit + b .Lloop @ [+6] total 3212 cycles +.Lexit: + pop {r2-r7} + mov r8,r2 + mov r9,r3 + mov r10,r4 + mov r11,r5 + mov r12,r6 + mov lr,r7 + pop {r4-r7} + bx lr +.align 2 +___ +$code.=".Lcommon:\n".&common()."\tmov pc,lr\n" if (!$inline); +$code.=".Lrotate:\n".&rotate()."\tmov pc,lr\n" if (!$inline); +$code.=<<___; +.align 2 +.LK_00_19: .word 0x5a827999 +.LK_20_39: .word 0x6ed9eba1 +.LK_40_59: .word 0x8f1bbcdc +.LK_60_79: .word 0xca62c1d6 +.size sha1_block_data_order,.-sha1_block_data_order +.asciz "SHA1 block transform for Thumb, CRYPTOGAMS by <appro\@openssl.org>" +___ + +print $code; +close STDOUT; # enforce flush diff --git a/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl b/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl index f7ed67a7260..4edc5ea9ad5 100755 --- a/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl @@ -29,14 +29,18 @@ # Xeon P4 +65% +0% 9.9 # Core2 +60% +10% 7.0 -$output=shift; +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $output"; +open STDOUT,"| $^X $xlate $flavour $output"; $ctx="%rdi"; # 1st arg $inp="%rsi"; # 2nd arg @@ -69,13 +73,14 @@ $func: push %rbx push %rbp push %r12 - mov %rsp,%rax + mov %rsp,%r11 mov %rdi,$ctx # reassigned argument sub \$`8+16*4`,%rsp mov %rsi,$inp # reassigned argument and \$-64,%rsp mov %rdx,$num # reassigned argument - mov %rax,`16*4`(%rsp) + mov %r11,`16*4`(%rsp) +.Lprologue: mov 0($ctx),$A mov 4($ctx),$B @@ -88,10 +93,12 @@ ___ sub EPILOGUE { my $func=shift; $code.=<<___; - mov `16*4`(%rsp),%rsp - pop %r12 - pop %rbp - pop %rbx + mov `16*4`(%rsp),%rsi + mov (%rsi),%r12 + mov 8(%rsi),%rbp + mov 16(%rsi),%rbx + lea 24(%rsi),%rsp +.Lepilogue: ret .size $func,.-$func ___ @@ -233,7 +240,109 @@ ___ &EPILOGUE("sha1_block_data_order"); $code.=<<___; .asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>" +.align 16 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + mov `16*4`(%rax),%rax # pull saved stack pointer + lea 24(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_sha1_block_data_order + .rva .LSEH_end_sha1_block_data_order + .rva .LSEH_info_sha1_block_data_order + +.section .xdata +.align 8 +.LSEH_info_sha1_block_data_order: + .byte 9,0,0,0 + .rva se_handler ___ +} #################################################################### diff --git a/lib/libssl/src/crypto/sha/asm/sha256-586.pl b/lib/libssl/src/crypto/sha/asm/sha256-586.pl new file mode 100644 index 00000000000..ecc8b69c75d --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha256-586.pl @@ -0,0 +1,251 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA256 block transform for x86. September 2007. +# +# Performance in clock cycles per processed byte (less is better): +# +# Pentium PIII P4 AMD K8 Core2 +# gcc 46 36 41 27 26 +# icc 57 33 38 25 23 +# x86 asm 40 30 35 20 20 +# x86_64 asm(*) - - 21 15.8 16.5 +# +# (*) x86_64 assembler performance is presented for reference +# purposes. +# +# Performance improvement over compiler generated code varies from +# 10% to 40% [see above]. Not very impressive on some µ-archs, but +# it's 5 times smaller and optimizies amount of writes. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386"); + +$A="eax"; +$E="edx"; +$T="ebx"; +$Aoff=&DWP(0,"esp"); +$Boff=&DWP(4,"esp"); +$Coff=&DWP(8,"esp"); +$Doff=&DWP(12,"esp"); +$Eoff=&DWP(16,"esp"); +$Foff=&DWP(20,"esp"); +$Goff=&DWP(24,"esp"); +$Hoff=&DWP(28,"esp"); +$Xoff=&DWP(32,"esp"); +$K256="ebp"; + +sub BODY_00_15() { + my $in_16_63=shift; + + &mov ("ecx",$E); + &add ($T,&DWP(4*(8+15+16-9),"esp")) if ($in_16_63); # T += X[-7] + &ror ("ecx",6); + &mov ("edi",$E); + &ror ("edi",11); + &mov ("esi",$Foff); + &xor ("ecx","edi"); + &ror ("edi",25-11); + &mov (&DWP(4*(8+15),"esp"),$T) if ($in_16_63); # save X[0] + &xor ("ecx","edi"); # Sigma1(e) + &mov ("edi",$Goff); + &add ($T,"ecx"); # T += Sigma1(e) + &mov ($Eoff,$E); # modulo-scheduled + + &xor ("esi","edi"); + &mov ("ecx",$A); + &and ("esi",$E); + &mov ($E,$Doff); # e becomes d, which is e in next iteration + &xor ("esi","edi"); # Ch(e,f,g) + &mov ("edi",$A); + &add ($T,"esi"); # T += Ch(e,f,g) + + &ror ("ecx",2); + &add ($T,$Hoff); # T += h + &ror ("edi",13); + &mov ("esi",$Boff); + &xor ("ecx","edi"); + &ror ("edi",22-13); + &add ($E,$T); # d += T + &xor ("ecx","edi"); # Sigma0(a) + &mov ("edi",$Coff); + + &add ($T,"ecx"); # T += Sigma0(a) + &mov ($Aoff,$A); # modulo-scheduled + + &mov ("ecx",$A); + &sub ("esp",4); + &or ($A,"esi"); # a becomes h, which is a in next iteration + &and ("ecx","esi"); + &and ($A,"edi"); + &mov ("esi",&DWP(0,$K256)); + &or ($A,"ecx"); # h=Maj(a,b,c) + + &add ($K256,4); + &add ($A,$T); # h += T + &mov ($T,&DWP(4*(8+15+16-1),"esp")) if ($in_16_63); # preload T + &add ($E,"esi"); # d += K256[i] + &add ($A,"esi"); # h += K256[i] +} + +&function_begin("sha256_block_data_order"); + &mov ("esi",wparam(0)); # ctx + &mov ("edi",wparam(1)); # inp + &mov ("eax",wparam(2)); # num + &mov ("ebx","esp"); # saved sp + + &call (&label("pic_point")); # make it PIC! +&set_label("pic_point"); + &blindpop($K256); + &lea ($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256)); + + &sub ("esp",16); + &and ("esp",-64); + + &shl ("eax",6); + &add ("eax","edi"); + &mov (&DWP(0,"esp"),"esi"); # ctx + &mov (&DWP(4,"esp"),"edi"); # inp + &mov (&DWP(8,"esp"),"eax"); # inp+num*128 + &mov (&DWP(12,"esp"),"ebx"); # saved sp + +&set_label("loop",16); + # copy input block to stack reversing byte and dword order + for($i=0;$i<4;$i++) { + &mov ("eax",&DWP($i*16+0,"edi")); + &mov ("ebx",&DWP($i*16+4,"edi")); + &mov ("ecx",&DWP($i*16+8,"edi")); + &mov ("edx",&DWP($i*16+12,"edi")); + &bswap ("eax"); + &bswap ("ebx"); + &bswap ("ecx"); + &bswap ("edx"); + &push ("eax"); + &push ("ebx"); + &push ("ecx"); + &push ("edx"); + } + &add ("edi",64); + &sub ("esp",4*8); # place for A,B,C,D,E,F,G,H + &mov (&DWP(4*(8+16)+4,"esp"),"edi"); + + # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack + &mov ($A,&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edi",&DWP(12,"esi")); + # &mov ($Aoff,$A); + &mov ($Boff,"ebx"); + &mov ($Coff,"ecx"); + &mov ($Doff,"edi"); + &mov ($E,&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &mov ("edi",&DWP(28,"esi")); + # &mov ($Eoff,$E); + &mov ($Foff,"ebx"); + &mov ($Goff,"ecx"); + &mov ($Hoff,"edi"); + +&set_label("00_15",16); + &mov ($T,&DWP(4*(8+15),"esp")); + + &BODY_00_15(); + + &cmp ("esi",0xc19bf174); + &jne (&label("00_15")); + + &mov ($T,&DWP(4*(8+15+16-1),"esp")); # preloaded in BODY_00_15(1) +&set_label("16_63",16); + &mov ("esi",$T); + &mov ("ecx",&DWP(4*(8+15+16-14),"esp")); + &shr ($T,3); + &ror ("esi",7); + &xor ($T,"esi"); + &ror ("esi",18-7); + &mov ("edi","ecx"); + &xor ($T,"esi"); # T = sigma0(X[-15]) + + &shr ("ecx",10); + &mov ("esi",&DWP(4*(8+15+16),"esp")); + &ror ("edi",17); + &xor ("ecx","edi"); + &ror ("edi",19-17); + &add ($T,"esi"); # T += X[-16] + &xor ("edi","ecx") # sigma1(X[-2]) + + &add ($T,"edi"); # T += sigma1(X[-2]) + # &add ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7], moved to BODY_00_15(1) + # &mov (&DWP(4*(8+15),"esp"),$T); # save X[0] + + &BODY_00_15(1); + + &cmp ("esi",0xc67178f2); + &jne (&label("16_63")); + + &mov ("esi",&DWP(4*(8+16+64)+0,"esp"));#ctx + # &mov ($A,$Aoff); + &mov ("ebx",$Boff); + &mov ("ecx",$Coff); + &mov ("edi",$Doff); + &add ($A,&DWP(0,"esi")); + &add ("ebx",&DWP(4,"esi")); + &add ("ecx",&DWP(8,"esi")); + &add ("edi",&DWP(12,"esi")); + &mov (&DWP(0,"esi"),$A); + &mov (&DWP(4,"esi"),"ebx"); + &mov (&DWP(8,"esi"),"ecx"); + &mov (&DWP(12,"esi"),"edi"); + # &mov ($E,$Eoff); + &mov ("eax",$Foff); + &mov ("ebx",$Goff); + &mov ("ecx",$Hoff); + &mov ("edi",&DWP(4*(8+16+64)+4,"esp"));#inp + &add ($E,&DWP(16,"esi")); + &add ("eax",&DWP(20,"esi")); + &add ("ebx",&DWP(24,"esi")); + &add ("ecx",&DWP(28,"esi")); + &mov (&DWP(16,"esi"),$E); + &mov (&DWP(20,"esi"),"eax"); + &mov (&DWP(24,"esi"),"ebx"); + &mov (&DWP(28,"esi"),"ecx"); + + &add ("esp",4*(8+16+64)); # destroy frame + &sub ($K256,4*64); # rewind K + + &cmp ("edi",&DWP(8,"esp")); # are we done yet? + &jb (&label("loop")); + + &mov ("esp",&DWP(12,"esp")); # restore sp +&function_end_A(); + +&set_label("K256",64); # Yes! I keep it in the code segment! + &data_word(0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5); + &data_word(0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5); + &data_word(0xd807aa98,0x12835b01,0x243185be,0x550c7dc3); + &data_word(0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174); + &data_word(0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc); + &data_word(0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da); + &data_word(0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7); + &data_word(0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967); + &data_word(0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13); + &data_word(0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85); + &data_word(0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3); + &data_word(0xd192e819,0xd6990624,0xf40e3585,0x106aa070); + &data_word(0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5); + &data_word(0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3); + &data_word(0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208); + &data_word(0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2); +&function_end_B("sha256_block_data_order"); +&asciz("SHA256 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>"); + +&asm_finish(); diff --git a/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl b/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl new file mode 100644 index 00000000000..48d846deec3 --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl @@ -0,0 +1,181 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256 block procedure for ARMv4. May 2007. + +# Performance is ~2x better than gcc 3.4 generated code and in "abso- +# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per +# byte. + +$output=shift; +open STDOUT,">$output"; + +$ctx="r0"; $t0="r0"; +$inp="r1"; +$len="r2"; $t1="r2"; +$T1="r3"; +$A="r4"; +$B="r5"; +$C="r6"; +$D="r7"; +$E="r8"; +$F="r9"; +$G="r10"; +$H="r11"; +@V=($A,$B,$C,$D,$E,$F,$G,$H); +$t2="r12"; +$Ktbl="r14"; + +@Sigma0=( 2,13,22); +@Sigma1=( 6,11,25); +@sigma0=( 7,18, 3); +@sigma1=(17,19,10); + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___ if ($i<16); + ldrb $T1,[$inp,#3] @ $i + ldrb $t2,[$inp,#2] + ldrb $t1,[$inp,#1] + ldrb $t0,[$inp],#4 + orr $T1,$T1,$t2,lsl#8 + orr $T1,$T1,$t1,lsl#16 + orr $T1,$T1,$t0,lsl#24 + `"str $inp,[sp,#17*4]" if ($i==15)` +___ +$code.=<<___; + ldr $t2,[$Ktbl],#4 @ *K256++ + str $T1,[sp,#`$i%16`*4] + mov $t0,$e,ror#$Sigma1[0] + eor $t0,$t0,$e,ror#$Sigma1[1] + eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e) + add $T1,$T1,$t0 + eor $t1,$f,$g + and $t1,$t1,$e + eor $t1,$t1,$g @ Ch(e,f,g) + add $T1,$T1,$t1 + add $T1,$T1,$h + add $T1,$T1,$t2 + mov $h,$a,ror#$Sigma0[0] + eor $h,$h,$a,ror#$Sigma0[1] + eor $h,$h,$a,ror#$Sigma0[2] @ Sigma0(a) + orr $t0,$a,$b + and $t0,$t0,$c + and $t1,$a,$b + orr $t0,$t0,$t1 @ Maj(a,b,c) + add $h,$h,$t0 + add $d,$d,$T1 + add $h,$h,$T1 +___ +} + +sub BODY_16_XX { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + ldr $t1,[sp,#`($i+1)%16`*4] @ $i + ldr $t2,[sp,#`($i+14)%16`*4] + ldr $T1,[sp,#`($i+0)%16`*4] + ldr $inp,[sp,#`($i+9)%16`*4] + mov $t0,$t1,ror#$sigma0[0] + eor $t0,$t0,$t1,ror#$sigma0[1] + eor $t0,$t0,$t1,lsr#$sigma0[2] @ sigma0(X[i+1]) + mov $t1,$t2,ror#$sigma1[0] + eor $t1,$t1,$t2,ror#$sigma1[1] + eor $t1,$t1,$t2,lsr#$sigma1[2] @ sigma1(X[i+14]) + add $T1,$T1,$t0 + add $T1,$T1,$t1 + add $T1,$T1,$inp +___ + &BODY_00_15(@_); +} + +$code=<<___; +.text +.code 32 + +.type K256,%object +.align 5 +K256: +.word 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 +.word 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 +.word 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 +.word 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 +.word 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc +.word 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da +.word 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 +.word 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 +.word 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 +.word 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 +.word 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 +.word 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 +.word 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 +.word 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 +.word 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 +.word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +.size K256,.-K256 + +.global sha256_block_data_order +.type sha256_block_data_order,%function +sha256_block_data_order: + sub r3,pc,#8 @ sha256_block_data_order + add $len,$inp,$len,lsl#6 @ len to point at the end of inp + stmdb sp!,{$ctx,$inp,$len,r4-r12,lr} + ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H} + sub $Ktbl,r3,#256 @ K256 + sub sp,sp,#16*4 @ alloca(X[16]) +.Loop: +___ +for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=".Lrounds_16_xx:\n"; +for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + and $t2,$t2,#0xff + cmp $t2,#0xf2 + bne .Lrounds_16_xx + + ldr $T1,[sp,#16*4] @ pull ctx + ldr $t0,[$T1,#0] + ldr $t1,[$T1,#4] + ldr $t2,[$T1,#8] + add $A,$A,$t0 + ldr $t0,[$T1,#12] + add $B,$B,$t1 + ldr $t1,[$T1,#16] + add $C,$C,$t2 + ldr $t2,[$T1,#20] + add $D,$D,$t0 + ldr $t0,[$T1,#24] + add $E,$E,$t1 + ldr $t1,[$T1,#28] + add $F,$F,$t2 + ldr $inp,[sp,#17*4] @ pull inp + ldr $t2,[sp,#18*4] @ pull inp+len + add $G,$G,$t0 + add $H,$H,$t1 + stmia $T1,{$A,$B,$C,$D,$E,$F,$G,$H} + cmp $inp,$t2 + sub $Ktbl,$Ktbl,#256 @ rewind Ktbl + bne .Loop + + add sp,sp,#`16+3`*4 @ destroy frame + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +.size sha256_block_data_order,.-sha256_block_data_order +.asciz "SHA256 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/lib/libssl/src/crypto/sha/asm/sha512-586.pl b/lib/libssl/src/crypto/sha/asm/sha512-586.pl new file mode 100644 index 00000000000..5b9f3337add --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha512-586.pl @@ -0,0 +1,644 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA512 block transform for x86. September 2007. +# +# Performance in clock cycles per processed byte (less is better): +# +# Pentium PIII P4 AMD K8 Core2 +# gcc 100 75 116 54 66 +# icc 97 77 95 55 57 +# x86 asm 61 56 82 36 40 +# SSE2 asm - - 38 24 20 +# x86_64 asm(*) - - 30 10.0 10.5 +# +# (*) x86_64 assembler performance is presented for reference +# purposes. +# +# IALU code-path is optimized for elder Pentiums. On vanilla Pentium +# performance improvement over compiler generated code reaches ~60%, +# while on PIII - ~35%. On newer µ-archs improvement varies from 15% +# to 50%, but it's less important as they are expected to execute SSE2 +# code-path, which is commonly ~2-3x faster [than compiler generated +# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even +# though it does not use 128-bit operations. The latter means that +# SSE2-aware kernel is no longer required to execute the code. Another +# difference is that new code optimizes amount of writes, but at the +# cost of increased data cache "footprint" by 1/2KB. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386"); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + +$Tlo=&DWP(0,"esp"); $Thi=&DWP(4,"esp"); +$Alo=&DWP(8,"esp"); $Ahi=&DWP(8+4,"esp"); +$Blo=&DWP(16,"esp"); $Bhi=&DWP(16+4,"esp"); +$Clo=&DWP(24,"esp"); $Chi=&DWP(24+4,"esp"); +$Dlo=&DWP(32,"esp"); $Dhi=&DWP(32+4,"esp"); +$Elo=&DWP(40,"esp"); $Ehi=&DWP(40+4,"esp"); +$Flo=&DWP(48,"esp"); $Fhi=&DWP(48+4,"esp"); +$Glo=&DWP(56,"esp"); $Ghi=&DWP(56+4,"esp"); +$Hlo=&DWP(64,"esp"); $Hhi=&DWP(64+4,"esp"); +$K512="ebp"; + +$Asse2=&QWP(0,"esp"); +$Bsse2=&QWP(8,"esp"); +$Csse2=&QWP(16,"esp"); +$Dsse2=&QWP(24,"esp"); +$Esse2=&QWP(32,"esp"); +$Fsse2=&QWP(40,"esp"); +$Gsse2=&QWP(48,"esp"); +$Hsse2=&QWP(56,"esp"); + +$A="mm0"; # B-D and +$E="mm4"; # F-H are commonly loaded to respectively mm1-mm3 and + # mm5-mm7, but it's done on on-demand basis... + +sub BODY_00_15_sse2 { + my $prefetch=shift; + + &movq ("mm5",$Fsse2); # load f + &movq ("mm6",$Gsse2); # load g + &movq ("mm7",$Hsse2); # load h + + &movq ("mm1",$E); # %mm1 is sliding right + &movq ("mm2",$E); # %mm2 is sliding left + &psrlq ("mm1",14); + &movq ($Esse2,$E); # modulo-scheduled save e + &psllq ("mm2",23); + &movq ("mm3","mm1"); # %mm3 is T1 + &psrlq ("mm1",4); + &pxor ("mm3","mm2"); + &psllq ("mm2",23); + &pxor ("mm3","mm1"); + &psrlq ("mm1",23); + &pxor ("mm3","mm2"); + &psllq ("mm2",4); + &pxor ("mm3","mm1"); + &paddq ("mm7",QWP(0,$K512)); # h+=K512[i] + &pxor ("mm3","mm2"); # T1=Sigma1_512(e) + + &pxor ("mm5","mm6"); # f^=g + &movq ("mm1",$Bsse2); # load b + &pand ("mm5",$E); # f&=e + &movq ("mm2",$Csse2); # load c + &pxor ("mm5","mm6"); # f^=g + &movq ($E,$Dsse2); # e = load d + &paddq ("mm3","mm5"); # T1+=Ch(e,f,g) + &movq (&QWP(0,"esp"),$A); # modulo-scheduled save a + &paddq ("mm3","mm7"); # T1+=h + + &movq ("mm5",$A); # %mm5 is sliding right + &movq ("mm6",$A); # %mm6 is sliding left + &paddq ("mm3",&QWP(8*9,"esp")); # T1+=X[0] + &psrlq ("mm5",28); + &paddq ($E,"mm3"); # e += T1 + &psllq ("mm6",25); + &movq ("mm7","mm5"); # %mm7 is T2 + &psrlq ("mm5",6); + &pxor ("mm7","mm6"); + &psllq ("mm6",5); + &pxor ("mm7","mm5"); + &psrlq ("mm5",5); + &pxor ("mm7","mm6"); + &psllq ("mm6",6); + &pxor ("mm7","mm5"); + &sub ("esp",8); + &pxor ("mm7","mm6"); # T2=Sigma0_512(a) + + &movq ("mm5",$A); # %mm5=a + &por ($A,"mm2"); # a=a|c + &movq ("mm6",&QWP(8*(9+16-14),"esp")) if ($prefetch); + &pand ("mm5","mm2"); # %mm5=a&c + &pand ($A,"mm1"); # a=(a|c)&b + &movq ("mm2",&QWP(8*(9+16-1),"esp")) if ($prefetch); + &por ("mm5",$A); # %mm5=(a&c)|((a|c)&b) + &paddq ("mm7","mm5"); # T2+=Maj(a,b,c) + &movq ($A,"mm3"); # a=T1 + + &mov (&LB("edx"),&BP(0,$K512)); + &paddq ($A,"mm7"); # a+=T2 + &add ($K512,8); +} + +sub BODY_00_15_x86 { + #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) + # LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 + # HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 + &mov ("ecx",$Elo); + &mov ("edx",$Ehi); + &mov ("esi","ecx"); + + &shr ("ecx",9) # lo>>9 + &mov ("edi","edx"); + &shr ("edx",9) # hi>>9 + &mov ("ebx","ecx"); + &shl ("esi",14); # lo<<14 + &mov ("eax","edx"); + &shl ("edi",14); # hi<<14 + &xor ("ebx","esi"); + + &shr ("ecx",14-9); # lo>>14 + &xor ("eax","edi"); + &shr ("edx",14-9); # hi>>14 + &xor ("eax","ecx"); + &shl ("esi",18-14); # lo<<18 + &xor ("ebx","edx"); + &shl ("edi",18-14); # hi<<18 + &xor ("ebx","esi"); + + &shr ("ecx",18-14); # lo>>18 + &xor ("eax","edi"); + &shr ("edx",18-14); # hi>>18 + &xor ("eax","ecx"); + &shl ("esi",23-18); # lo<<23 + &xor ("ebx","edx"); + &shl ("edi",23-18); # hi<<23 + &xor ("eax","esi"); + &xor ("ebx","edi"); # T1 = Sigma1(e) + + &mov ("ecx",$Flo); + &mov ("edx",$Fhi); + &mov ("esi",$Glo); + &mov ("edi",$Ghi); + &add ("eax",$Hlo); + &adc ("ebx",$Hhi); # T1 += h + &xor ("ecx","esi"); + &xor ("edx","edi"); + &and ("ecx",$Elo); + &and ("edx",$Ehi); + &add ("eax",&DWP(8*(9+15)+0,"esp")); + &adc ("ebx",&DWP(8*(9+15)+4,"esp")); # T1 += X[0] + &xor ("ecx","esi"); + &xor ("edx","edi"); # Ch(e,f,g) = (f^g)&e)^g + + &mov ("esi",&DWP(0,$K512)); + &mov ("edi",&DWP(4,$K512)); # K[i] + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += Ch(e,f,g) + &mov ("ecx",$Dlo); + &mov ("edx",$Dhi); + &add ("eax","esi"); + &adc ("ebx","edi"); # T1 += K[i] + &mov ($Tlo,"eax"); + &mov ($Thi,"ebx"); # put T1 away + &add ("eax","ecx"); + &adc ("ebx","edx"); # d += T1 + + #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) + # LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 + # HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 + &mov ("ecx",$Alo); + &mov ("edx",$Ahi); + &mov ($Dlo,"eax"); + &mov ($Dhi,"ebx"); + &mov ("esi","ecx"); + + &shr ("ecx",2) # lo>>2 + &mov ("edi","edx"); + &shr ("edx",2) # hi>>2 + &mov ("ebx","ecx"); + &shl ("esi",4); # lo<<4 + &mov ("eax","edx"); + &shl ("edi",4); # hi<<4 + &xor ("ebx","esi"); + + &shr ("ecx",7-2); # lo>>7 + &xor ("eax","edi"); + &shr ("edx",7-2); # hi>>7 + &xor ("ebx","ecx"); + &shl ("esi",25-4); # lo<<25 + &xor ("eax","edx"); + &shl ("edi",25-4); # hi<<25 + &xor ("eax","esi"); + + &shr ("ecx",28-7); # lo>>28 + &xor ("ebx","edi"); + &shr ("edx",28-7); # hi>>28 + &xor ("eax","ecx"); + &shl ("esi",30-25); # lo<<30 + &xor ("ebx","edx"); + &shl ("edi",30-25); # hi<<30 + &xor ("eax","esi"); + &xor ("ebx","edi"); # Sigma0(a) + + &mov ("ecx",$Alo); + &mov ("edx",$Ahi); + &mov ("esi",$Blo); + &mov ("edi",$Bhi); + &add ("eax",$Tlo); + &adc ("ebx",$Thi); # T1 = Sigma0(a)+T1 + &or ("ecx","esi"); + &or ("edx","edi"); + &and ("ecx",$Clo); + &and ("edx",$Chi); + &and ("esi",$Alo); + &and ("edi",$Ahi); + &or ("ecx","esi"); + &or ("edx","edi"); # Maj(a,b,c) = ((a|b)&c)|(a&b) + + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += Maj(a,b,c) + &mov ($Tlo,"eax"); + &mov ($Thi,"ebx"); + + &mov (&LB("edx"),&BP(0,$K512)); # pre-fetch LSB of *K + &sub ("esp",8); + &lea ($K512,&DWP(8,$K512)); # K++ +} + + +&function_begin("sha512_block_data_order"); + &mov ("esi",wparam(0)); # ctx + &mov ("edi",wparam(1)); # inp + &mov ("eax",wparam(2)); # num + &mov ("ebx","esp"); # saved sp + + &call (&label("pic_point")); # make it PIC! +&set_label("pic_point"); + &blindpop($K512); + &lea ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512)); + + &sub ("esp",16); + &and ("esp",-64); + + &shl ("eax",7); + &add ("eax","edi"); + &mov (&DWP(0,"esp"),"esi"); # ctx + &mov (&DWP(4,"esp"),"edi"); # inp + &mov (&DWP(8,"esp"),"eax"); # inp+num*128 + &mov (&DWP(12,"esp"),"ebx"); # saved sp + +if ($sse2) { + &picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512")); + &bt (&DWP(0,"edx"),26); + &jnc (&label("loop_x86")); + + # load ctx->h[0-7] + &movq ($A,&QWP(0,"esi")); + &movq ("mm1",&QWP(8,"esi")); + &movq ("mm2",&QWP(16,"esi")); + &movq ("mm3",&QWP(24,"esi")); + &movq ($E,&QWP(32,"esi")); + &movq ("mm5",&QWP(40,"esi")); + &movq ("mm6",&QWP(48,"esi")); + &movq ("mm7",&QWP(56,"esi")); + &sub ("esp",8*10); + +&set_label("loop_sse2",16); + # &movq ($Asse2,$A); + &movq ($Bsse2,"mm1"); + &movq ($Csse2,"mm2"); + &movq ($Dsse2,"mm3"); + # &movq ($Esse2,$E); + &movq ($Fsse2,"mm5"); + &movq ($Gsse2,"mm6"); + &movq ($Hsse2,"mm7"); + + &mov ("ecx",&DWP(0,"edi")); + &mov ("edx",&DWP(4,"edi")); + &add ("edi",8); + &bswap ("ecx"); + &bswap ("edx"); + &mov (&DWP(8*9+4,"esp"),"ecx"); + &mov (&DWP(8*9+0,"esp"),"edx"); + +&set_label("00_14_sse2",16); + &mov ("eax",&DWP(0,"edi")); + &mov ("ebx",&DWP(4,"edi")); + &add ("edi",8); + &bswap ("eax"); + &bswap ("ebx"); + &mov (&DWP(8*8+4,"esp"),"eax"); + &mov (&DWP(8*8+0,"esp"),"ebx"); + + &BODY_00_15_sse2(); + + &cmp (&LB("edx"),0x35); + &jne (&label("00_14_sse2")); + + &BODY_00_15_sse2(1); + +&set_label("16_79_sse2",16); + #&movq ("mm2",&QWP(8*(9+16-1),"esp")); #prefetched in BODY_00_15 + #&movq ("mm6",&QWP(8*(9+16-14),"esp")); + &movq ("mm1","mm2"); + + &psrlq ("mm2",1); + &movq ("mm7","mm6"); + &psrlq ("mm6",6); + &movq ("mm3","mm2"); + + &psrlq ("mm2",7-1); + &movq ("mm5","mm6"); + &psrlq ("mm6",19-6); + &pxor ("mm3","mm2"); + + &psrlq ("mm2",8-7); + &pxor ("mm5","mm6"); + &psrlq ("mm6",61-19); + &pxor ("mm3","mm2"); + + &movq ("mm2",&QWP(8*(9+16),"esp")); + + &psllq ("mm1",56); + &pxor ("mm5","mm6"); + &psllq ("mm7",3); + &pxor ("mm3","mm1"); + + &paddq ("mm2",&QWP(8*(9+16-9),"esp")); + + &psllq ("mm1",63-56); + &pxor ("mm5","mm7"); + &psllq ("mm7",45-3); + &pxor ("mm3","mm1"); + &pxor ("mm5","mm7"); + + &paddq ("mm3","mm5"); + &paddq ("mm3","mm2"); + &movq (&QWP(8*9,"esp"),"mm3"); + + &BODY_00_15_sse2(1); + + &cmp (&LB("edx"),0x17); + &jne (&label("16_79_sse2")); + + # &movq ($A,$Asse2); + &movq ("mm1",$Bsse2); + &movq ("mm2",$Csse2); + &movq ("mm3",$Dsse2); + # &movq ($E,$Esse2); + &movq ("mm5",$Fsse2); + &movq ("mm6",$Gsse2); + &movq ("mm7",$Hsse2); + + &paddq ($A,&QWP(0,"esi")); + &paddq ("mm1",&QWP(8,"esi")); + &paddq ("mm2",&QWP(16,"esi")); + &paddq ("mm3",&QWP(24,"esi")); + &paddq ($E,&QWP(32,"esi")); + &paddq ("mm5",&QWP(40,"esi")); + &paddq ("mm6",&QWP(48,"esi")); + &paddq ("mm7",&QWP(56,"esi")); + + &movq (&QWP(0,"esi"),$A); + &movq (&QWP(8,"esi"),"mm1"); + &movq (&QWP(16,"esi"),"mm2"); + &movq (&QWP(24,"esi"),"mm3"); + &movq (&QWP(32,"esi"),$E); + &movq (&QWP(40,"esi"),"mm5"); + &movq (&QWP(48,"esi"),"mm6"); + &movq (&QWP(56,"esi"),"mm7"); + + &add ("esp",8*80); # destroy frame + &sub ($K512,8*80); # rewind K + + &cmp ("edi",&DWP(8*10+8,"esp")); # are we done yet? + &jb (&label("loop_sse2")); + + &emms (); + &mov ("esp",&DWP(8*10+12,"esp")); # restore sp +&function_end_A(); +} +&set_label("loop_x86",16); + # copy input block to stack reversing byte and qword order + for ($i=0;$i<8;$i++) { + &mov ("eax",&DWP($i*16+0,"edi")); + &mov ("ebx",&DWP($i*16+4,"edi")); + &mov ("ecx",&DWP($i*16+8,"edi")); + &mov ("edx",&DWP($i*16+12,"edi")); + &bswap ("eax"); + &bswap ("ebx"); + &bswap ("ecx"); + &bswap ("edx"); + &push ("eax"); + &push ("ebx"); + &push ("ecx"); + &push ("edx"); + } + &add ("edi",128); + &sub ("esp",9*8); # place for T,A,B,C,D,E,F,G,H + &mov (&DWP(8*(9+16)+4,"esp"),"edi"); + + # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack + &lea ("edi",&DWP(8,"esp")); + &mov ("ecx",16); + &data_word(0xA5F3F689); # rep movsd + +&set_label("00_15_x86",16); + &BODY_00_15_x86(); + + &cmp (&LB("edx"),0x94); + &jne (&label("00_15_x86")); + +&set_label("16_79_x86",16); + #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) + # LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 + # HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 + &mov ("ecx",&DWP(8*(9+15+16-1)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16-1)+4,"esp")); + &mov ("esi","ecx"); + + &shr ("ecx",1) # lo>>1 + &mov ("edi","edx"); + &shr ("edx",1) # hi>>1 + &mov ("eax","ecx"); + &shl ("esi",24); # lo<<24 + &mov ("ebx","edx"); + &shl ("edi",24); # hi<<24 + &xor ("ebx","esi"); + + &shr ("ecx",7-1); # lo>>7 + &xor ("eax","edi"); + &shr ("edx",7-1); # hi>>7 + &xor ("eax","ecx"); + &shl ("esi",31-24); # lo<<31 + &xor ("ebx","edx"); + &shl ("edi",25-24); # hi<<25 + &xor ("ebx","esi"); + + &shr ("ecx",8-7); # lo>>8 + &xor ("eax","edi"); + &shr ("edx",8-7); # hi>>8 + &xor ("eax","ecx"); + &shl ("edi",31-25); # hi<<31 + &xor ("ebx","edx"); + &xor ("eax","edi"); # T1 = sigma0(X[-15]) + + &mov (&DWP(0,"esp"),"eax"); + &mov (&DWP(4,"esp"),"ebx"); # put T1 away + + #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + # LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 + # HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 + &mov ("ecx",&DWP(8*(9+15+16-14)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16-14)+4,"esp")); + &mov ("esi","ecx"); + + &shr ("ecx",6) # lo>>6 + &mov ("edi","edx"); + &shr ("edx",6) # hi>>6 + &mov ("eax","ecx"); + &shl ("esi",3); # lo<<3 + &mov ("ebx","edx"); + &shl ("edi",3); # hi<<3 + &xor ("eax","esi"); + + &shr ("ecx",19-6); # lo>>19 + &xor ("ebx","edi"); + &shr ("edx",19-6); # hi>>19 + &xor ("eax","ecx"); + &shl ("esi",13-3); # lo<<13 + &xor ("ebx","edx"); + &shl ("edi",13-3); # hi<<13 + &xor ("ebx","esi"); + + &shr ("ecx",29-19); # lo>>29 + &xor ("eax","edi"); + &shr ("edx",29-19); # hi>>29 + &xor ("ebx","ecx"); + &shl ("edi",26-13); # hi<<26 + &xor ("eax","edx"); + &xor ("eax","edi"); # sigma1(X[-2]) + + &mov ("ecx",&DWP(8*(9+15+16)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16)+4,"esp")); + &add ("eax",&DWP(0,"esp")); + &adc ("ebx",&DWP(4,"esp")); # T1 = sigma1(X[-2])+T1 + &mov ("esi",&DWP(8*(9+15+16-9)+0,"esp")); + &mov ("edi",&DWP(8*(9+15+16-9)+4,"esp")); + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += X[-16] + &add ("eax","esi"); + &adc ("ebx","edi"); # T1 += X[-7] + &mov (&DWP(8*(9+15)+0,"esp"),"eax"); + &mov (&DWP(8*(9+15)+4,"esp"),"ebx"); # save X[0] + + &BODY_00_15_x86(); + + &cmp (&LB("edx"),0x17); + &jne (&label("16_79_x86")); + + &mov ("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx + &mov ("edi",&DWP(8*(9+16+80)+4,"esp"));# inp + for($i=0;$i<4;$i++) { + &mov ("eax",&DWP($i*16+0,"esi")); + &mov ("ebx",&DWP($i*16+4,"esi")); + &mov ("ecx",&DWP($i*16+8,"esi")); + &mov ("edx",&DWP($i*16+12,"esi")); + &add ("eax",&DWP(8+($i*16)+0,"esp")); + &adc ("ebx",&DWP(8+($i*16)+4,"esp")); + &mov (&DWP($i*16+0,"esi"),"eax"); + &mov (&DWP($i*16+4,"esi"),"ebx"); + &add ("ecx",&DWP(8+($i*16)+8,"esp")); + &adc ("edx",&DWP(8+($i*16)+12,"esp")); + &mov (&DWP($i*16+8,"esi"),"ecx"); + &mov (&DWP($i*16+12,"esi"),"edx"); + } + &add ("esp",8*(9+16+80)); # destroy frame + &sub ($K512,8*80); # rewind K + + &cmp ("edi",&DWP(8,"esp")); # are we done yet? + &jb (&label("loop_x86")); + + &mov ("esp",&DWP(12,"esp")); # restore sp +&function_end_A(); + +&set_label("K512",64); # Yes! I keep it in the code segment! + &data_word(0xd728ae22,0x428a2f98); # u64 + &data_word(0x23ef65cd,0x71374491); # u64 + &data_word(0xec4d3b2f,0xb5c0fbcf); # u64 + &data_word(0x8189dbbc,0xe9b5dba5); # u64 + &data_word(0xf348b538,0x3956c25b); # u64 + &data_word(0xb605d019,0x59f111f1); # u64 + &data_word(0xaf194f9b,0x923f82a4); # u64 + &data_word(0xda6d8118,0xab1c5ed5); # u64 + &data_word(0xa3030242,0xd807aa98); # u64 + &data_word(0x45706fbe,0x12835b01); # u64 + &data_word(0x4ee4b28c,0x243185be); # u64 + &data_word(0xd5ffb4e2,0x550c7dc3); # u64 + &data_word(0xf27b896f,0x72be5d74); # u64 + &data_word(0x3b1696b1,0x80deb1fe); # u64 + &data_word(0x25c71235,0x9bdc06a7); # u64 + &data_word(0xcf692694,0xc19bf174); # u64 + &data_word(0x9ef14ad2,0xe49b69c1); # u64 + &data_word(0x384f25e3,0xefbe4786); # u64 + &data_word(0x8b8cd5b5,0x0fc19dc6); # u64 + &data_word(0x77ac9c65,0x240ca1cc); # u64 + &data_word(0x592b0275,0x2de92c6f); # u64 + &data_word(0x6ea6e483,0x4a7484aa); # u64 + &data_word(0xbd41fbd4,0x5cb0a9dc); # u64 + &data_word(0x831153b5,0x76f988da); # u64 + &data_word(0xee66dfab,0x983e5152); # u64 + &data_word(0x2db43210,0xa831c66d); # u64 + &data_word(0x98fb213f,0xb00327c8); # u64 + &data_word(0xbeef0ee4,0xbf597fc7); # u64 + &data_word(0x3da88fc2,0xc6e00bf3); # u64 + &data_word(0x930aa725,0xd5a79147); # u64 + &data_word(0xe003826f,0x06ca6351); # u64 + &data_word(0x0a0e6e70,0x14292967); # u64 + &data_word(0x46d22ffc,0x27b70a85); # u64 + &data_word(0x5c26c926,0x2e1b2138); # u64 + &data_word(0x5ac42aed,0x4d2c6dfc); # u64 + &data_word(0x9d95b3df,0x53380d13); # u64 + &data_word(0x8baf63de,0x650a7354); # u64 + &data_word(0x3c77b2a8,0x766a0abb); # u64 + &data_word(0x47edaee6,0x81c2c92e); # u64 + &data_word(0x1482353b,0x92722c85); # u64 + &data_word(0x4cf10364,0xa2bfe8a1); # u64 + &data_word(0xbc423001,0xa81a664b); # u64 + &data_word(0xd0f89791,0xc24b8b70); # u64 + &data_word(0x0654be30,0xc76c51a3); # u64 + &data_word(0xd6ef5218,0xd192e819); # u64 + &data_word(0x5565a910,0xd6990624); # u64 + &data_word(0x5771202a,0xf40e3585); # u64 + &data_word(0x32bbd1b8,0x106aa070); # u64 + &data_word(0xb8d2d0c8,0x19a4c116); # u64 + &data_word(0x5141ab53,0x1e376c08); # u64 + &data_word(0xdf8eeb99,0x2748774c); # u64 + &data_word(0xe19b48a8,0x34b0bcb5); # u64 + &data_word(0xc5c95a63,0x391c0cb3); # u64 + &data_word(0xe3418acb,0x4ed8aa4a); # u64 + &data_word(0x7763e373,0x5b9cca4f); # u64 + &data_word(0xd6b2b8a3,0x682e6ff3); # u64 + &data_word(0x5defb2fc,0x748f82ee); # u64 + &data_word(0x43172f60,0x78a5636f); # u64 + &data_word(0xa1f0ab72,0x84c87814); # u64 + &data_word(0x1a6439ec,0x8cc70208); # u64 + &data_word(0x23631e28,0x90befffa); # u64 + &data_word(0xde82bde9,0xa4506ceb); # u64 + &data_word(0xb2c67915,0xbef9a3f7); # u64 + &data_word(0xe372532b,0xc67178f2); # u64 + &data_word(0xea26619c,0xca273ece); # u64 + &data_word(0x21c0c207,0xd186b8c7); # u64 + &data_word(0xcde0eb1e,0xeada7dd6); # u64 + &data_word(0xee6ed178,0xf57d4f7f); # u64 + &data_word(0x72176fba,0x06f067aa); # u64 + &data_word(0xa2c898a6,0x0a637dc5); # u64 + &data_word(0xbef90dae,0x113f9804); # u64 + &data_word(0x131c471b,0x1b710b35); # u64 + &data_word(0x23047d84,0x28db77f5); # u64 + &data_word(0x40c72493,0x32caab7b); # u64 + &data_word(0x15c9bebc,0x3c9ebe0a); # u64 + &data_word(0x9c100d4c,0x431d67c4); # u64 + &data_word(0xcb3e42b6,0x4cc5d4be); # u64 + &data_word(0xfc657e2a,0x597f299c); # u64 + &data_word(0x3ad6faec,0x5fcb6fab); # u64 + &data_word(0x4a475817,0x6c44198c); # u64 +&function_end_B("sha512_block_data_order"); +&asciz("SHA512 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>"); + +&asm_finish(); diff --git a/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl b/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl new file mode 100644 index 00000000000..4fbb94a914f --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl @@ -0,0 +1,399 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA512 block procedure for ARMv4. September 2007. + +# This code is ~4.5 (four and a half) times faster than code generated +# by gcc 3.4 and it spends ~72 clock cycles per byte. + +# Byte order [in]dependence. ========================================= +# +# Caller is expected to maintain specific *dword* order in h[0-7], +# namely with most significant dword at *lower* address, which is +# reflected in below two parameters. *Byte* order within these dwords +# in turn is whatever *native* byte order on current platform. +$hi=0; +$lo=4; +# ==================================================================== + +$output=shift; +open STDOUT,">$output"; + +$ctx="r0"; +$inp="r1"; +$len="r2"; +$Tlo="r3"; +$Thi="r4"; +$Alo="r5"; +$Ahi="r6"; +$Elo="r7"; +$Ehi="r8"; +$t0="r9"; +$t1="r10"; +$t2="r11"; +$t3="r12"; +############ r13 is stack pointer +$Ktbl="r14"; +############ r15 is program counter + +$Aoff=8*0; +$Boff=8*1; +$Coff=8*2; +$Doff=8*3; +$Eoff=8*4; +$Foff=8*5; +$Goff=8*6; +$Hoff=8*7; +$Xoff=8*8; + +sub BODY_00_15() { +my $magic = shift; +$code.=<<___; + ldr $t2,[sp,#$Hoff+0] @ h.lo + ldr $t3,[sp,#$Hoff+4] @ h.hi + @ Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) + @ LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 + @ HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 + mov $t0,$Elo,lsr#14 + mov $t1,$Ehi,lsr#14 + eor $t0,$t0,$Ehi,lsl#18 + eor $t1,$t1,$Elo,lsl#18 + eor $t0,$t0,$Elo,lsr#18 + eor $t1,$t1,$Ehi,lsr#18 + eor $t0,$t0,$Ehi,lsl#14 + eor $t1,$t1,$Elo,lsl#14 + eor $t0,$t0,$Ehi,lsr#9 + eor $t1,$t1,$Elo,lsr#9 + eor $t0,$t0,$Elo,lsl#23 + eor $t1,$t1,$Ehi,lsl#23 @ Sigma1(e) + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 @ T += Sigma1(e) + adds $Tlo,$Tlo,$t2 + adc $Thi,$Thi,$t3 @ T += h + + ldr $t0,[sp,#$Foff+0] @ f.lo + ldr $t1,[sp,#$Foff+4] @ f.hi + ldr $t2,[sp,#$Goff+0] @ g.lo + ldr $t3,[sp,#$Goff+4] @ g.hi + str $Elo,[sp,#$Eoff+0] + str $Ehi,[sp,#$Eoff+4] + str $Alo,[sp,#$Aoff+0] + str $Ahi,[sp,#$Aoff+4] + + eor $t0,$t0,$t2 + eor $t1,$t1,$t3 + and $t0,$t0,$Elo + and $t1,$t1,$Ehi + eor $t0,$t0,$t2 + eor $t1,$t1,$t3 @ Ch(e,f,g) + + ldr $t2,[$Ktbl,#4] @ K[i].lo + ldr $t3,[$Ktbl,#0] @ K[i].hi + ldr $Elo,[sp,#$Doff+0] @ d.lo + ldr $Ehi,[sp,#$Doff+4] @ d.hi + + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 @ T += Ch(e,f,g) + adds $Tlo,$Tlo,$t2 + adc $Thi,$Thi,$t3 @ T += K[i] + adds $Elo,$Elo,$Tlo + adc $Ehi,$Ehi,$Thi @ d += T + + and $t0,$t2,#0xff + teq $t0,#$magic + orreq $Ktbl,$Ktbl,#1 + + ldr $t2,[sp,#$Boff+0] @ b.lo + ldr $t3,[sp,#$Coff+0] @ c.lo + @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) + @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 + @ HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 + mov $t0,$Alo,lsr#28 + mov $t1,$Ahi,lsr#28 + eor $t0,$t0,$Ahi,lsl#4 + eor $t1,$t1,$Alo,lsl#4 + eor $t0,$t0,$Ahi,lsr#2 + eor $t1,$t1,$Alo,lsr#2 + eor $t0,$t0,$Alo,lsl#30 + eor $t1,$t1,$Ahi,lsl#30 + eor $t0,$t0,$Ahi,lsr#7 + eor $t1,$t1,$Alo,lsr#7 + eor $t0,$t0,$Alo,lsl#25 + eor $t1,$t1,$Ahi,lsl#25 @ Sigma0(a) + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 @ T += Sigma0(a) + + and $t0,$Alo,$t2 + orr $Alo,$Alo,$t2 + ldr $t1,[sp,#$Boff+4] @ b.hi + ldr $t2,[sp,#$Coff+4] @ c.hi + and $Alo,$Alo,$t3 + orr $Alo,$Alo,$t0 @ Maj(a,b,c).lo + and $t3,$Ahi,$t1 + orr $Ahi,$Ahi,$t1 + and $Ahi,$Ahi,$t2 + orr $Ahi,$Ahi,$t3 @ Maj(a,b,c).hi + adds $Alo,$Alo,$Tlo + adc $Ahi,$Ahi,$Thi @ h += T + + sub sp,sp,#8 + add $Ktbl,$Ktbl,#8 +___ +} +$code=<<___; +.text +.code 32 +.type K512,%object +.align 5 +K512: +.word 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd +.word 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc +.word 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019 +.word 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118 +.word 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe +.word 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2 +.word 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1 +.word 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694 +.word 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3 +.word 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65 +.word 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483 +.word 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5 +.word 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210 +.word 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4 +.word 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725 +.word 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70 +.word 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926 +.word 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df +.word 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8 +.word 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b +.word 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001 +.word 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30 +.word 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910 +.word 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8 +.word 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53 +.word 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8 +.word 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb +.word 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3 +.word 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60 +.word 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec +.word 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9 +.word 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b +.word 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207 +.word 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178 +.word 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6 +.word 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b +.word 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493 +.word 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c +.word 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a +.word 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817 +.size K512,.-K512 + +.global sha512_block_data_order +.type sha512_block_data_order,%function +sha512_block_data_order: + sub r3,pc,#8 @ sha512_block_data_order + add $len,$inp,$len,lsl#7 @ len to point at the end of inp + stmdb sp!,{r4-r12,lr} + sub $Ktbl,r3,#640 @ K512 + sub sp,sp,#9*8 + + ldr $Elo,[$ctx,#$Eoff+$lo] + ldr $Ehi,[$ctx,#$Eoff+$hi] + ldr $t0, [$ctx,#$Goff+$lo] + ldr $t1, [$ctx,#$Goff+$hi] + ldr $t2, [$ctx,#$Hoff+$lo] + ldr $t3, [$ctx,#$Hoff+$hi] +.Loop: + str $t0, [sp,#$Goff+0] + str $t1, [sp,#$Goff+4] + str $t2, [sp,#$Hoff+0] + str $t3, [sp,#$Hoff+4] + ldr $Alo,[$ctx,#$Aoff+$lo] + ldr $Ahi,[$ctx,#$Aoff+$hi] + ldr $Tlo,[$ctx,#$Boff+$lo] + ldr $Thi,[$ctx,#$Boff+$hi] + ldr $t0, [$ctx,#$Coff+$lo] + ldr $t1, [$ctx,#$Coff+$hi] + ldr $t2, [$ctx,#$Doff+$lo] + ldr $t3, [$ctx,#$Doff+$hi] + str $Tlo,[sp,#$Boff+0] + str $Thi,[sp,#$Boff+4] + str $t0, [sp,#$Coff+0] + str $t1, [sp,#$Coff+4] + str $t2, [sp,#$Doff+0] + str $t3, [sp,#$Doff+4] + ldr $Tlo,[$ctx,#$Foff+$lo] + ldr $Thi,[$ctx,#$Foff+$hi] + str $Tlo,[sp,#$Foff+0] + str $Thi,[sp,#$Foff+4] + +.L00_15: + ldrb $Tlo,[$inp,#7] + ldrb $t0, [$inp,#6] + ldrb $t1, [$inp,#5] + ldrb $t2, [$inp,#4] + ldrb $Thi,[$inp,#3] + ldrb $t3, [$inp,#2] + orr $Tlo,$Tlo,$t0,lsl#8 + ldrb $t0, [$inp,#1] + orr $Tlo,$Tlo,$t1,lsl#16 + ldrb $t1, [$inp],#8 + orr $Tlo,$Tlo,$t2,lsl#24 + orr $Thi,$Thi,$t3,lsl#8 + orr $Thi,$Thi,$t0,lsl#16 + orr $Thi,$Thi,$t1,lsl#24 + str $Tlo,[sp,#$Xoff+0] + str $Thi,[sp,#$Xoff+4] +___ + &BODY_00_15(0x94); +$code.=<<___; + tst $Ktbl,#1 + beq .L00_15 + bic $Ktbl,$Ktbl,#1 + +.L16_79: + ldr $t0,[sp,#`$Xoff+8*(16-1)`+0] + ldr $t1,[sp,#`$Xoff+8*(16-1)`+4] + ldr $t2,[sp,#`$Xoff+8*(16-14)`+0] + ldr $t3,[sp,#`$Xoff+8*(16-14)`+4] + + @ sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) + @ LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 + @ HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 + mov $Tlo,$t0,lsr#1 + mov $Thi,$t1,lsr#1 + eor $Tlo,$Tlo,$t1,lsl#31 + eor $Thi,$Thi,$t0,lsl#31 + eor $Tlo,$Tlo,$t0,lsr#8 + eor $Thi,$Thi,$t1,lsr#8 + eor $Tlo,$Tlo,$t1,lsl#24 + eor $Thi,$Thi,$t0,lsl#24 + eor $Tlo,$Tlo,$t0,lsr#7 + eor $Thi,$Thi,$t1,lsr#7 + eor $Tlo,$Tlo,$t1,lsl#25 + + @ sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + @ LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 + @ HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 + mov $t0,$t2,lsr#19 + mov $t1,$t3,lsr#19 + eor $t0,$t0,$t3,lsl#13 + eor $t1,$t1,$t2,lsl#13 + eor $t0,$t0,$t3,lsr#29 + eor $t1,$t1,$t2,lsr#29 + eor $t0,$t0,$t2,lsl#3 + eor $t1,$t1,$t3,lsl#3 + eor $t0,$t0,$t2,lsr#6 + eor $t1,$t1,$t3,lsr#6 + eor $t0,$t0,$t3,lsl#26 + + ldr $t2,[sp,#`$Xoff+8*(16-9)`+0] + ldr $t3,[sp,#`$Xoff+8*(16-9)`+4] + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 + + ldr $t0,[sp,#`$Xoff+8*16`+0] + ldr $t1,[sp,#`$Xoff+8*16`+4] + adds $Tlo,$Tlo,$t2 + adc $Thi,$Thi,$t3 + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 + str $Tlo,[sp,#$Xoff+0] + str $Thi,[sp,#$Xoff+4] +___ + &BODY_00_15(0x17); +$code.=<<___; + tst $Ktbl,#1 + beq .L16_79 + bic $Ktbl,$Ktbl,#1 + + ldr $Tlo,[sp,#$Boff+0] + ldr $Thi,[sp,#$Boff+4] + ldr $t0, [$ctx,#$Aoff+$lo] + ldr $t1, [$ctx,#$Aoff+$hi] + ldr $t2, [$ctx,#$Boff+$lo] + ldr $t3, [$ctx,#$Boff+$hi] + adds $t0,$Alo,$t0 + adc $t1,$Ahi,$t1 + adds $t2,$Tlo,$t2 + adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Aoff+$lo] + str $t1, [$ctx,#$Aoff+$hi] + str $t2, [$ctx,#$Boff+$lo] + str $t3, [$ctx,#$Boff+$hi] + + ldr $Alo,[sp,#$Coff+0] + ldr $Ahi,[sp,#$Coff+4] + ldr $Tlo,[sp,#$Doff+0] + ldr $Thi,[sp,#$Doff+4] + ldr $t0, [$ctx,#$Coff+$lo] + ldr $t1, [$ctx,#$Coff+$hi] + ldr $t2, [$ctx,#$Doff+$lo] + ldr $t3, [$ctx,#$Doff+$hi] + adds $t0,$Alo,$t0 + adc $t1,$Ahi,$t1 + adds $t2,$Tlo,$t2 + adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Coff+$lo] + str $t1, [$ctx,#$Coff+$hi] + str $t2, [$ctx,#$Doff+$lo] + str $t3, [$ctx,#$Doff+$hi] + + ldr $Tlo,[sp,#$Foff+0] + ldr $Thi,[sp,#$Foff+4] + ldr $t0, [$ctx,#$Eoff+$lo] + ldr $t1, [$ctx,#$Eoff+$hi] + ldr $t2, [$ctx,#$Foff+$lo] + ldr $t3, [$ctx,#$Foff+$hi] + adds $Elo,$Elo,$t0 + adc $Ehi,$Ehi,$t1 + adds $t2,$Tlo,$t2 + adc $t3,$Thi,$t3 + str $Elo,[$ctx,#$Eoff+$lo] + str $Ehi,[$ctx,#$Eoff+$hi] + str $t2, [$ctx,#$Foff+$lo] + str $t3, [$ctx,#$Foff+$hi] + + ldr $Alo,[sp,#$Goff+0] + ldr $Ahi,[sp,#$Goff+4] + ldr $Tlo,[sp,#$Hoff+0] + ldr $Thi,[sp,#$Hoff+4] + ldr $t0, [$ctx,#$Goff+$lo] + ldr $t1, [$ctx,#$Goff+$hi] + ldr $t2, [$ctx,#$Hoff+$lo] + ldr $t3, [$ctx,#$Hoff+$hi] + adds $t0,$Alo,$t0 + adc $t1,$Ahi,$t1 + adds $t2,$Tlo,$t2 + adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Goff+$lo] + str $t1, [$ctx,#$Goff+$hi] + str $t2, [$ctx,#$Hoff+$lo] + str $t3, [$ctx,#$Hoff+$hi] + + add sp,sp,#640 + sub $Ktbl,$Ktbl,#640 + + teq $inp,$len + bne .Loop + + add sp,sp,#8*9 @ destroy frame + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +.size sha512_block_data_order,.-sha512_block_data_order +.asciz "SHA512 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" +.align 2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/lib/libssl/src/crypto/sha/asm/sha512-ppc.pl b/lib/libssl/src/crypto/sha/asm/sha512-ppc.pl new file mode 100755 index 00000000000..768a6a6fad5 --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha512-ppc.pl @@ -0,0 +1,462 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# I let hardware handle unaligned input, except on page boundaries +# (see below for details). Otherwise straightforward implementation +# with X vector in register bank. The module is big-endian [which is +# not big deal as there're no little-endian targets left around]. + +# sha256 | sha512 +# -m64 -m32 | -m64 -m32 +# --------------------------------------+----------------------- +# PPC970,gcc-4.0.0 +50% +38% | +40% +410%(*) +# Power6,xlc-7 +150% +90% | +100% +430%(*) +# +# (*) 64-bit code in 32-bit application context, which actually is +# on TODO list. It should be noted that for safe deployment in +# 32-bit *mutli-threaded* context asyncronous signals should be +# blocked upon entry to SHA512 block routine. This is because +# 32-bit signaling procedure invalidates upper halves of GPRs. +# Context switch procedure preserves them, but not signaling:-( + +# Second version is true multi-thread safe. Trouble with the original +# version was that it was using thread local storage pointer register. +# Well, it scrupulously preserved it, but the problem would arise the +# moment asynchronous signal was delivered and signal handler would +# dereference the TLS pointer. While it's never the case in openssl +# application or test suite, we have to respect this scenario and not +# use TLS pointer register. Alternative would be to require caller to +# block signals prior calling this routine. For the record, in 32-bit +# context R2 serves as TLS pointer, while in 64-bit context - R13. + +$flavour=shift; +$output =shift; + +if ($flavour =~ /64/) { + $SIZE_T=8; + $STU="stdu"; + $UCMP="cmpld"; + $SHL="sldi"; + $POP="ld"; + $PUSH="std"; +} elsif ($flavour =~ /32/) { + $SIZE_T=4; + $STU="stwu"; + $UCMP="cmplw"; + $SHL="slwi"; + $POP="lwz"; + $PUSH="stw"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!"; + +if ($output =~ /512/) { + $func="sha512_block_data_order"; + $SZ=8; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; + $LD="ld"; + $ST="std"; + $ROR="rotrdi"; + $SHR="srdi"; +} else { + $func="sha256_block_data_order"; + $SZ=4; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; + $LD="lwz"; + $ST="stw"; + $ROR="rotrwi"; + $SHR="srwi"; +} + +$FRAME=32*$SIZE_T; + +$sp ="r1"; +$toc="r2"; +$ctx="r3"; # zapped by $a0 +$inp="r4"; # zapped by $a1 +$num="r5"; # zapped by $t0 + +$T ="r0"; +$a0 ="r3"; +$a1 ="r4"; +$t0 ="r5"; +$t1 ="r6"; +$Tbl="r7"; + +$A ="r8"; +$B ="r9"; +$C ="r10"; +$D ="r11"; +$E ="r12"; +$F ="r13"; $F="r2" if ($SIZE_T==8);# reassigned to exempt TLS pointer +$G ="r14"; +$H ="r15"; + +@V=($A,$B,$C,$D,$E,$F,$G,$H); +@X=("r16","r17","r18","r19","r20","r21","r22","r23", + "r24","r25","r26","r27","r28","r29","r30","r31"); + +$inp="r31"; # reassigned $inp! aliases with @X[15] + +sub ROUND_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +$code.=<<___; + $LD $T,`$i*$SZ`($Tbl) + $ROR $a0,$e,$Sigma1[0] + $ROR $a1,$e,$Sigma1[1] + and $t0,$f,$e + andc $t1,$g,$e + add $T,$T,$h + xor $a0,$a0,$a1 + $ROR $a1,$a1,`$Sigma1[2]-$Sigma1[1]` + or $t0,$t0,$t1 ; Ch(e,f,g) + add $T,$T,@X[$i] + xor $a0,$a0,$a1 ; Sigma1(e) + add $T,$T,$t0 + add $T,$T,$a0 + + $ROR $a0,$a,$Sigma0[0] + $ROR $a1,$a,$Sigma0[1] + and $t0,$a,$b + and $t1,$a,$c + xor $a0,$a0,$a1 + $ROR $a1,$a1,`$Sigma0[2]-$Sigma0[1]` + xor $t0,$t0,$t1 + and $t1,$b,$c + xor $a0,$a0,$a1 ; Sigma0(a) + add $d,$d,$T + xor $t0,$t0,$t1 ; Maj(a,b,c) + add $h,$T,$a0 + add $h,$h,$t0 + +___ +} + +sub ROUND_16_xx { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +$i-=16; +$code.=<<___; + $ROR $a0,@X[($i+1)%16],$sigma0[0] + $ROR $a1,@X[($i+1)%16],$sigma0[1] + $ROR $t0,@X[($i+14)%16],$sigma1[0] + $ROR $t1,@X[($i+14)%16],$sigma1[1] + xor $a0,$a0,$a1 + $SHR $a1,@X[($i+1)%16],$sigma0[2] + xor $t0,$t0,$t1 + $SHR $t1,@X[($i+14)%16],$sigma1[2] + add @X[$i],@X[$i],@X[($i+9)%16] + xor $a0,$a0,$a1 ; sigma0(X[(i+1)&0x0f]) + xor $t0,$t0,$t1 ; sigma1(X[(i+14)&0x0f]) + add @X[$i],@X[$i],$a0 + add @X[$i],@X[$i],$t0 +___ +&ROUND_00_15($i,$a,$b,$c,$d,$e,$f,$g,$h); +} + +$code=<<___; +.machine "any" +.text + +.globl $func +.align 6 +$func: + mflr r0 + $STU $sp,`-($FRAME+16*$SZ)`($sp) + $SHL $num,$num,`log(16*$SZ)/log(2)` + + $PUSH $ctx,`$FRAME-$SIZE_T*22`($sp) + + $PUSH r0,`$FRAME-$SIZE_T*21`($sp) + $PUSH $toc,`$FRAME-$SIZE_T*20`($sp) + $PUSH r13,`$FRAME-$SIZE_T*19`($sp) + $PUSH r14,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + + $LD $A,`0*$SZ`($ctx) + mr $inp,r4 ; incarnate $inp + $LD $B,`1*$SZ`($ctx) + $LD $C,`2*$SZ`($ctx) + $LD $D,`3*$SZ`($ctx) + $LD $E,`4*$SZ`($ctx) + $LD $F,`5*$SZ`($ctx) + $LD $G,`6*$SZ`($ctx) + $LD $H,`7*$SZ`($ctx) + + b LPICmeup +LPICedup: + andi. r0,$inp,3 + bne Lunaligned +Laligned: + add $num,$inp,$num + $PUSH $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private +Ldone: + $POP r0,`$FRAME-$SIZE_T*21`($sp) + $POP $toc,`$FRAME-$SIZE_T*20`($sp) + $POP r13,`$FRAME-$SIZE_T*19`($sp) + $POP r14,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,`$FRAME+16*$SZ` + blr +___ + +# PowerPC specification allows an implementation to be ill-behaved +# upon unaligned access which crosses page boundary. "Better safe +# than sorry" principle makes me treat it specially. But I don't +# look for particular offending word, but rather for the input +# block which crosses the boundary. Once found that block is aligned +# and hashed separately... +$code.=<<___; +.align 4 +Lunaligned: + subfic $t1,$inp,4096 + andi. $t1,$t1,`4096-16*$SZ` ; distance to closest page boundary + beq Lcross_page + $UCMP $num,$t1 + ble- Laligned ; didn't cross the page boundary + subfc $num,$t1,$num + add $t1,$inp,$t1 + $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real remaining num + $PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; intermediate end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private + ; $inp equals to the intermediate end pointer here + $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real remaining num +Lcross_page: + li $t1,`16*$SZ/4` + mtctr $t1 + addi r20,$sp,$FRAME ; aligned spot below the frame +Lmemcpy: + lbz r16,0($inp) + lbz r17,1($inp) + lbz r18,2($inp) + lbz r19,3($inp) + addi $inp,$inp,4 + stb r16,0(r20) + stb r17,1(r20) + stb r18,2(r20) + stb r19,3(r20) + addi r20,r20,4 + bdnz Lmemcpy + + $PUSH $inp,`$FRAME-$SIZE_T*26`($sp) ; save real inp + addi $t1,$sp,`$FRAME+16*$SZ` ; fictitious end pointer + addi $inp,$sp,$FRAME ; fictitious inp pointer + $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real num + $PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private + $POP $inp,`$FRAME-$SIZE_T*26`($sp) ; restore real inp + $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real num + addic. $num,$num,`-16*$SZ` ; num-- + bne- Lunaligned + b Ldone +___ + +$code.=<<___; +.align 4 +Lsha2_block_private: +___ +for($i=0;$i<16;$i++) { +$code.=<<___ if ($SZ==4); + lwz @X[$i],`$i*$SZ`($inp) +___ +# 64-bit loads are split to 2x32-bit ones, as CPU can't handle +# unaligned 64-bit loads, only 32-bit ones... +$code.=<<___ if ($SZ==8); + lwz $t0,`$i*$SZ`($inp) + lwz @X[$i],`$i*$SZ+4`($inp) + insrdi @X[$i],$t0,32,0 +___ + &ROUND_00_15($i,@V); + unshift(@V,pop(@V)); +} +$code.=<<___; + li $T,`$rounds/16-1` + mtctr $T +.align 4 +Lrounds: + addi $Tbl,$Tbl,`16*$SZ` +___ +for(;$i<32;$i++) { + &ROUND_16_xx($i,@V); + unshift(@V,pop(@V)); +} +$code.=<<___; + bdnz- Lrounds + + $POP $ctx,`$FRAME-$SIZE_T*22`($sp) + $POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + $POP $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer + subi $Tbl,$Tbl,`($rounds-16)*$SZ` ; rewind Tbl + + $LD r16,`0*$SZ`($ctx) + $LD r17,`1*$SZ`($ctx) + $LD r18,`2*$SZ`($ctx) + $LD r19,`3*$SZ`($ctx) + $LD r20,`4*$SZ`($ctx) + $LD r21,`5*$SZ`($ctx) + $LD r22,`6*$SZ`($ctx) + addi $inp,$inp,`16*$SZ` ; advance inp + $LD r23,`7*$SZ`($ctx) + add $A,$A,r16 + add $B,$B,r17 + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) + add $C,$C,r18 + $ST $A,`0*$SZ`($ctx) + add $D,$D,r19 + $ST $B,`1*$SZ`($ctx) + add $E,$E,r20 + $ST $C,`2*$SZ`($ctx) + add $F,$F,r21 + $ST $D,`3*$SZ`($ctx) + add $G,$G,r22 + $ST $E,`4*$SZ`($ctx) + add $H,$H,r23 + $ST $F,`5*$SZ`($ctx) + $ST $G,`6*$SZ`($ctx) + $UCMP $inp,$num + $ST $H,`7*$SZ`($ctx) + bne Lsha2_block_private + blr +___ + +# Ugly hack here, because PPC assembler syntax seem to vary too +# much from platforms to platform... +$code.=<<___; +.align 6 +LPICmeup: + bl LPIC + addi $Tbl,$Tbl,`64-4` ; "distance" between . and last nop + b LPICedup + nop + nop + nop + nop + nop +LPIC: mflr $Tbl + blr + nop + nop + nop + nop + nop + nop +___ +$code.=<<___ if ($SZ==8); + .long 0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd + .long 0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc + .long 0x3956c25b,0xf348b538,0x59f111f1,0xb605d019 + .long 0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118 + .long 0xd807aa98,0xa3030242,0x12835b01,0x45706fbe + .long 0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2 + .long 0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1 + .long 0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694 + .long 0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3 + .long 0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65 + .long 0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483 + .long 0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5 + .long 0x983e5152,0xee66dfab,0xa831c66d,0x2db43210 + .long 0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4 + .long 0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725 + .long 0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70 + .long 0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926 + .long 0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df + .long 0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8 + .long 0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b + .long 0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001 + .long 0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30 + .long 0xd192e819,0xd6ef5218,0xd6990624,0x5565a910 + .long 0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8 + .long 0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53 + .long 0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8 + .long 0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb + .long 0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3 + .long 0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60 + .long 0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec + .long 0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9 + .long 0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b + .long 0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207 + .long 0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178 + .long 0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6 + .long 0x113f9804,0xbef90dae,0x1b710b35,0x131c471b + .long 0x28db77f5,0x23047d84,0x32caab7b,0x40c72493 + .long 0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c + .long 0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a + .long 0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817 +___ +$code.=<<___ if ($SZ==4); + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl b/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl new file mode 100644 index 00000000000..e7ef2d5a9f5 --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl @@ -0,0 +1,301 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256/512 block procedures for s390x. + +# April 2007. +# +# sha256_block_data_order is reportedly >3 times faster than gcc 3.3 +# generated code (must be a bug in compiler, as improvement is +# "pathologically" high, in particular in comparison to other SHA +# modules). But the real twist is that it detects if hardware support +# for SHA256 is available and in such case utilizes it. Then the +# performance can reach >6.5x of assembler one for larger chunks. +# +# sha512_block_data_order is ~70% faster than gcc 3.3 generated code. + +# January 2009. +# +# Add support for hardware SHA512 and reschedule instructions to +# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster +# than software. + +$t0="%r0"; +$t1="%r1"; +$ctx="%r2"; $t2="%r2"; +$inp="%r3"; +$len="%r4"; # used as index in inner loop + +$A="%r5"; +$B="%r6"; +$C="%r7"; +$D="%r8"; +$E="%r9"; +$F="%r10"; +$G="%r11"; +$H="%r12"; @V=($A,$B,$C,$D,$E,$F,$G,$H); +$tbl="%r13"; +$T1="%r14"; +$sp="%r15"; + +$output=shift; +open STDOUT,">$output"; + +if ($output =~ /512/) { + $label="512"; + $SZ=8; + $LD="lg"; # load from memory + $ST="stg"; # store to memory + $ADD="alg"; # add with memory operand + $ROT="rllg"; # rotate left + $SHR="srlg"; # logical right shift [see even at the end] + @Sigma0=(25,30,36); + @Sigma1=(23,46,50); + @sigma0=(56,63, 7); + @sigma1=( 3,45, 6); + $rounds=80; + $kimdfunc=3; # 0 means unknown/unsupported/unimplemented/disabled +} else { + $label="256"; + $SZ=4; + $LD="llgf"; # load from memory + $ST="st"; # store to memory + $ADD="al"; # add with memory operand + $ROT="rll"; # rotate left + $SHR="srl"; # logical right shift + @Sigma0=(10,19,30); + @Sigma1=( 7,21,26); + @sigma0=(14,25, 3); + @sigma1=(13,15,10); + $rounds=64; + $kimdfunc=2; # magic function code for kimd instruction +} +$Func="sha${label}_block_data_order"; +$Table="K${label}"; +$frame=160+16*$SZ; + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___ if ($i<16); + $LD $T1,`$i*$SZ`($inp) ### $i +___ +$code.=<<___; + $ROT $t0,$e,$Sigma1[0] + $ROT $t1,$e,$Sigma1[1] + lgr $t2,$f + xgr $t0,$t1 + $ROT $t1,$t1,`$Sigma1[2]-$Sigma1[1]` + xgr $t2,$g + $ST $T1,`160+$SZ*($i%16)`($sp) + xgr $t0,$t1 # Sigma1(e) + la $T1,0($T1,$h) # T1+=h + ngr $t2,$e + lgr $t1,$a + algr $T1,$t0 # T1+=Sigma1(e) + $ROT $h,$a,$Sigma0[0] + xgr $t2,$g # Ch(e,f,g) + $ADD $T1,`$i*$SZ`($len,$tbl) # T1+=K[i] + $ROT $t0,$a,$Sigma0[1] + algr $T1,$t2 # T1+=Ch(e,f,g) + ogr $t1,$b + xgr $h,$t0 + lgr $t2,$a + ngr $t1,$c + $ROT $t0,$t0,`$Sigma0[2]-$Sigma0[1]` + xgr $h,$t0 # h=Sigma0(a) + ngr $t2,$b + algr $h,$T1 # h+=T1 + ogr $t2,$t1 # Maj(a,b,c) + la $d,0($d,$T1) # d+=T1 + algr $h,$t2 # h+=Maj(a,b,c) +___ +} + +sub BODY_16_XX { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + $LD $T1,`160+$SZ*(($i+1)%16)`($sp) ### $i + $LD $t1,`160+$SZ*(($i+14)%16)`($sp) + $ROT $t0,$T1,$sigma0[0] + $SHR $T1,$sigma0[2] + $ROT $t2,$t0,`$sigma0[1]-$sigma0[0]` + xgr $T1,$t0 + $ROT $t0,$t1,$sigma1[0] + xgr $T1,$t2 # sigma0(X[i+1]) + $SHR $t1,$sigma1[2] + $ADD $T1,`160+$SZ*($i%16)`($sp) # +=X[i] + xgr $t1,$t0 + $ROT $t0,$t0,`$sigma1[1]-$sigma1[0]` + $ADD $T1,`160+$SZ*(($i+9)%16)`($sp) # +=X[i+9] + xgr $t1,$t0 # sigma1(X[i+14]) + algr $T1,$t1 # +=sigma1(X[i+14]) +___ + &BODY_00_15(@_); +} + +$code.=<<___; +.text +.align 64 +.type $Table,\@object +$Table: +___ +$code.=<<___ if ($SZ==4); + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +___ +$code.=<<___ if ($SZ==8); + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +___ +$code.=<<___; +.size $Table,.-$Table +.globl $Func +.type $Func,\@function +$Func: +___ +$code.=<<___ if ($kimdfunc); + larl %r1,OPENSSL_s390xcap_P + lg %r0,0(%r1) + tmhl %r0,0x4000 # check for message-security assist + jz .Lsoftware + lghi %r0,0 + la %r1,16($sp) + .long 0xb93e0002 # kimd %r0,%r2 + lg %r0,16($sp) + tmhh %r0,`0x8000>>$kimdfunc` + jz .Lsoftware + lghi %r0,$kimdfunc + lgr %r1,$ctx + lgr %r2,$inp + sllg %r3,$len,`log(16*$SZ)/log(2)` + .long 0xb93e0002 # kimd %r0,%r2 + brc 1,.-4 # pay attention to "partial completion" + br %r14 +.align 16 +.Lsoftware: +___ +$code.=<<___; + sllg $len,$len,`log(16*$SZ)/log(2)` + lghi %r1,-$frame + agr $len,$inp + stmg $ctx,%r15,16($sp) + lgr %r0,$sp + la $sp,0(%r1,$sp) + stg %r0,0($sp) + + larl $tbl,$Table + $LD $A,`0*$SZ`($ctx) + $LD $B,`1*$SZ`($ctx) + $LD $C,`2*$SZ`($ctx) + $LD $D,`3*$SZ`($ctx) + $LD $E,`4*$SZ`($ctx) + $LD $F,`5*$SZ`($ctx) + $LD $G,`6*$SZ`($ctx) + $LD $H,`7*$SZ`($ctx) + +.Lloop: + lghi $len,0 +___ +for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=".Lrounds_16_xx:\n"; +for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + aghi $len,`16*$SZ` + lghi $t0,`($rounds-16)*$SZ` + clgr $len,$t0 + jne .Lrounds_16_xx + + lg $ctx,`$frame+16`($sp) + la $inp,`16*$SZ`($inp) + $ADD $A,`0*$SZ`($ctx) + $ADD $B,`1*$SZ`($ctx) + $ADD $C,`2*$SZ`($ctx) + $ADD $D,`3*$SZ`($ctx) + $ADD $E,`4*$SZ`($ctx) + $ADD $F,`5*$SZ`($ctx) + $ADD $G,`6*$SZ`($ctx) + $ADD $H,`7*$SZ`($ctx) + $ST $A,`0*$SZ`($ctx) + $ST $B,`1*$SZ`($ctx) + $ST $C,`2*$SZ`($ctx) + $ST $D,`3*$SZ`($ctx) + $ST $E,`4*$SZ`($ctx) + $ST $F,`5*$SZ`($ctx) + $ST $G,`6*$SZ`($ctx) + $ST $H,`7*$SZ`($ctx) + clg $inp,`$frame+32`($sp) + jne .Lloop + + lmg %r6,%r15,`$frame+48`($sp) + br %r14 +.size $Func,.-$Func +.string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>" +.comm OPENSSL_s390xcap_P,8,8 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +# unlike 32-bit shift 64-bit one takes three arguments +$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; + +print $code; +close STDOUT; diff --git a/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl b/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl new file mode 100644 index 00000000000..54241aab504 --- /dev/null +++ b/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl @@ -0,0 +1,593 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256 performance improvement over compiler generated code varies +# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit +# build]. Just like in SHA1 module I aim to ensure scalability on +# UltraSPARC T1 by packing X[16] to 8 64-bit registers. + +# SHA512 on pre-T1 UltraSPARC. +# +# Performance is >75% better than 64-bit code generated by Sun C and +# over 2x than 32-bit code. X[16] resides on stack, but access to it +# is scheduled for L2 latency and staged through 32 least significant +# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI +# duality. Nevetheless it's ~40% faster than SHA256, which is pretty +# good [optimal coefficient is 50%]. +# +# SHA512 on UltraSPARC T1. +# +# It's not any faster than 64-bit code generated by Sun C 5.8. This is +# because 64-bit code generator has the advantage of using 64-bit +# loads(*) to access X[16], which I consciously traded for 32-/64-bit +# ABI duality [as per above]. But it surpasses 32-bit Sun C generated +# code by 60%, not to mention that it doesn't suffer from severe decay +# when running 4 times physical cores threads and that it leaves gcc +# [3.4] behind by over 4x factor! If compared to SHA256, single thread +# performance is only 10% better, but overall throughput for maximum +# amount of threads for given CPU exceeds corresponding one of SHA256 +# by 30% [again, optimal coefficient is 50%]. +# +# (*) Unlike pre-T1 UltraSPARC loads on T1 are executed strictly +# in-order, i.e. load instruction has to complete prior next +# instruction in given thread is executed, even if the latter is +# not dependent on load result! This means that on T1 two 32-bit +# loads are always slower than one 64-bit load. Once again this +# is unlike pre-T1 UltraSPARC, where, if scheduled appropriately, +# 2x32-bit loads can be as fast as 1x64-bit ones. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +if ($output =~ /512/) { + $label="512"; + $SZ=8; + $LD="ldx"; # load from memory + $ST="stx"; # store to memory + $SLL="sllx"; # shift left logical + $SRL="srlx"; # shift right logical + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=( 7, 1, 8); # right shift first + @sigma1=( 6,19,61); # right shift first + $lastK=0x817; + $rounds=80; + $align=4; + + $locals=16*$SZ; # X[16] + + $A="%o0"; + $B="%o1"; + $C="%o2"; + $D="%o3"; + $E="%o4"; + $F="%o5"; + $G="%g1"; + $H="%o7"; + @V=($A,$B,$C,$D,$E,$F,$G,$H); +} else { + $label="256"; + $SZ=4; + $LD="ld"; # load from memory + $ST="st"; # store to memory + $SLL="sll"; # shift left logical + $SRL="srl"; # shift right logical + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 3, 7,18); # right shift first + @sigma1=(10,17,19); # right shift first + $lastK=0x8f2; + $rounds=64; + $align=8; + + $locals=0; # X[16] is register resident + @X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); + + $A="%l0"; + $B="%l1"; + $C="%l2"; + $D="%l3"; + $E="%l4"; + $F="%l5"; + $G="%l6"; + $H="%l7"; + @V=($A,$B,$C,$D,$E,$F,$G,$H); +} +$T1="%g2"; +$tmp0="%g3"; +$tmp1="%g4"; +$tmp2="%g5"; + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$Ktbl="%i3"; +$tmp31="%i4"; +$tmp32="%i5"; + +########### SHA256 +$Xload = sub { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; + + if ($i==0) { +$code.=<<___; + ldx [$inp+0],@X[0] + ldx [$inp+16],@X[2] + ldx [$inp+32],@X[4] + ldx [$inp+48],@X[6] + ldx [$inp+8],@X[1] + ldx [$inp+24],@X[3] + subcc %g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too + ldx [$inp+40],@X[5] + bz,pt %icc,.Laligned + ldx [$inp+56],@X[7] + + sllx @X[0],$tmp31,@X[0] + ldx [$inp+64],$T1 +___ +for($j=0;$j<7;$j++) +{ $code.=<<___; + srlx @X[$j+1],$tmp32,$tmp1 + sllx @X[$j+1],$tmp31,@X[$j+1] + or $tmp1,@X[$j],@X[$j] +___ +} +$code.=<<___; + srlx $T1,$tmp32,$T1 + or $T1,@X[7],@X[7] +.Laligned: +___ + } + + if ($i&1) { + $code.="\tadd @X[$i/2],$h,$T1\n"; + } else { + $code.="\tsrlx @X[$i/2],32,$T1\n\tadd $h,$T1,$T1\n"; + } +} if ($SZ==4); + +########### SHA512 +$Xload = sub { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8)); + +$code.=<<___ if ($i==0); + ld [$inp+0],%l0 + ld [$inp+4],%l1 + ld [$inp+8],%l2 + ld [$inp+12],%l3 + ld [$inp+16],%l4 + ld [$inp+20],%l5 + ld [$inp+24],%l6 + ld [$inp+28],%l7 +___ +$code.=<<___ if ($i<15); + sllx @pair[1],$tmp31,$tmp2 ! Xload($i) + add $tmp31,32,$tmp0 + sllx @pair[0],$tmp0,$tmp1 + `"ld [$inp+".eval(32+0+$i*8)."],@pair[0]" if ($i<12)` + srlx @pair[2],$tmp32,@pair[1] + or $tmp1,$tmp2,$tmp2 + or @pair[1],$tmp2,$tmp2 + `"ld [$inp+".eval(32+4+$i*8)."],@pair[1]" if ($i<12)` + add $h,$tmp2,$T1 + $ST $tmp2,[%sp+`$bias+$frame+$i*$SZ`] +___ +$code.=<<___ if ($i==12); + brnz,a $tmp31,.+8 + ld [$inp+128],%l0 +___ +$code.=<<___ if ($i==15); + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2 + sllx @pair[1],$tmp31,$tmp2 ! Xload($i) + add $tmp31,32,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3 + sllx @pair[0],$tmp0,$tmp1 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4 + srlx @pair[2],$tmp32,@pair[1] + or $tmp1,$tmp2,$tmp2 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5 + or @pair[1],$tmp2,$tmp2 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6 + add $h,$tmp2,$T1 + $ST $tmp2,[%sp+`$bias+$frame+$i*$SZ`] + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1 +___ +} if ($SZ==8); + +########### common +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; + + if ($i<16) { + &$Xload(@_); + } else { + $code.="\tadd $h,$T1,$T1\n"; + } + +$code.=<<___; + $SRL $e,@Sigma1[0],$h !! $i + xor $f,$g,$tmp2 + $SLL $e,`$SZ*8-@Sigma1[2]`,$tmp1 + and $e,$tmp2,$tmp2 + $SRL $e,@Sigma1[1],$tmp0 + xor $tmp1,$h,$h + $SLL $e,`$SZ*8-@Sigma1[1]`,$tmp1 + xor $tmp0,$h,$h + $SRL $e,@Sigma1[2],$tmp0 + xor $tmp1,$h,$h + $SLL $e,`$SZ*8-@Sigma1[0]`,$tmp1 + xor $tmp0,$h,$h + xor $g,$tmp2,$tmp2 ! Ch(e,f,g) + xor $tmp1,$h,$tmp0 ! Sigma1(e) + + $SRL $a,@Sigma0[0],$h + add $tmp2,$T1,$T1 + $LD [$Ktbl+`$i*$SZ`],$tmp2 ! K[$i] + $SLL $a,`$SZ*8-@Sigma0[2]`,$tmp1 + add $tmp0,$T1,$T1 + $SRL $a,@Sigma0[1],$tmp0 + xor $tmp1,$h,$h + $SLL $a,`$SZ*8-@Sigma0[1]`,$tmp1 + xor $tmp0,$h,$h + $SRL $a,@Sigma0[2],$tmp0 + xor $tmp1,$h,$h + $SLL $a,`$SZ*8-@Sigma0[0]`,$tmp1 + xor $tmp0,$h,$h + xor $tmp1,$h,$h ! Sigma0(a) + + or $a,$b,$tmp0 + and $a,$b,$tmp1 + and $c,$tmp0,$tmp0 + or $tmp0,$tmp1,$tmp1 ! Maj(a,b,c) + add $tmp2,$T1,$T1 ! +=K[$i] + add $tmp1,$h,$h + + add $T1,$d,$d + add $T1,$h,$h +___ +} + +########### SHA256 +$BODY_16_XX = sub { +my $i=@_[0]; +my $xi; + + if ($i&1) { + $xi=$tmp32; + $code.="\tsrlx @X[(($i+1)/2)%8],32,$xi\n"; + } else { + $xi=@X[(($i+1)/2)%8]; + } +$code.=<<___; + srl $xi,@sigma0[0],$T1 !! Xupdate($i) + sll $xi,`32-@sigma0[2]`,$tmp1 + srl $xi,@sigma0[1],$tmp0 + xor $tmp1,$T1,$T1 + sll $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1 + xor $tmp0,$T1,$T1 + srl $xi,@sigma0[2],$tmp0 + xor $tmp1,$T1,$T1 +___ + if ($i&1) { + $xi=@X[(($i+14)/2)%8]; + } else { + $xi=$tmp32; + $code.="\tsrlx @X[(($i+14)/2)%8],32,$xi\n"; + } +$code.=<<___; + srl $xi,@sigma1[0],$tmp2 + xor $tmp0,$T1,$T1 ! T1=sigma0(X[i+1]) + sll $xi,`32-@sigma1[2]`,$tmp1 + srl $xi,@sigma1[1],$tmp0 + xor $tmp1,$tmp2,$tmp2 + sll $tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1 + xor $tmp0,$tmp2,$tmp2 + srl $xi,@sigma1[2],$tmp0 + xor $tmp1,$tmp2,$tmp2 +___ + if ($i&1) { + $xi=@X[($i/2)%8]; +$code.=<<___; + srlx @X[(($i+9)/2)%8],32,$tmp1 ! X[i+9] + xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) + srl @X[($i/2)%8],0,$tmp0 + add $xi,$T1,$T1 ! +=X[i] + xor $tmp0,@X[($i/2)%8],@X[($i/2)%8] + add $tmp2,$T1,$T1 + add $tmp1,$T1,$T1 + + srl $T1,0,$T1 + or $T1,@X[($i/2)%8],@X[($i/2)%8] +___ + } else { + $xi=@X[(($i+9)/2)%8]; +$code.=<<___; + srlx @X[($i/2)%8],32,$tmp1 ! X[i] + xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) + srl @X[($i/2)%8],0,@X[($i/2)%8] + add $xi,$T1,$T1 ! +=X[i+9] + add $tmp2,$T1,$T1 + add $tmp1,$T1,$T1 + + sllx $T1,32,$tmp0 + or $tmp0,@X[($i/2)%8],@X[($i/2)%8] +___ + } + &BODY_00_15(@_); +} if ($SZ==4); + +########### SHA512 +$BODY_16_XX = sub { +my $i=@_[0]; +my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1)); + +$code.=<<___; + sllx %l2,32,$tmp0 !! Xupdate($i) + or %l3,$tmp0,$tmp0 + + srlx $tmp0,@sigma0[0],$T1 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2 + sllx $tmp0,`64-@sigma0[2]`,$tmp1 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3 + srlx $tmp0,@sigma0[1],$tmp0 + xor $tmp1,$T1,$T1 + sllx $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1 + xor $tmp0,$T1,$T1 + srlx $tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0 + xor $tmp1,$T1,$T1 + sllx %l6,32,$tmp2 + xor $tmp0,$T1,$T1 ! sigma0(X[$i+1]) + or %l7,$tmp2,$tmp2 + + srlx $tmp2,@sigma1[0],$tmp1 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6 + sllx $tmp2,`64-@sigma1[2]`,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7 + srlx $tmp2,@sigma1[1],$tmp2 + xor $tmp0,$tmp1,$tmp1 + sllx $tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0 + xor $tmp2,$tmp1,$tmp1 + srlx $tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2 + xor $tmp0,$tmp1,$tmp1 + sllx %l4,32,$tmp0 + xor $tmp2,$tmp1,$tmp1 ! sigma1(X[$i+14]) + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4 + or %l5,$tmp0,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5 + + sllx %l0,32,$tmp2 + add $tmp1,$T1,$T1 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0 + or %l1,$tmp2,$tmp2 + add $tmp0,$T1,$T1 ! +=X[$i+9] + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1 + add $tmp2,$T1,$T1 ! +=X[$i] + $ST $T1,[%sp+`$bias+$frame+($i%16)*$SZ`] +___ + &BODY_00_15(@_); +} if ($SZ==8); + +$code.=<<___ if ($bits==64); +.register %g2,#scratch +.register %g3,#scratch +___ +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 64 +K${label}: +.type K${label},#object +___ +if ($SZ==4) { +$code.=<<___; + .long 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 + .long 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 + .long 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 + .long 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 + .long 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc + .long 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da + .long 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 + .long 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 + .long 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 + .long 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 + .long 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 + .long 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 + .long 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 + .long 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 + .long 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 + .long 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +___ +} else { +$code.=<<___; + .long 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd + .long 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc + .long 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019 + .long 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118 + .long 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe + .long 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2 + .long 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1 + .long 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694 + .long 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3 + .long 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65 + .long 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483 + .long 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5 + .long 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210 + .long 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4 + .long 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725 + .long 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70 + .long 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926 + .long 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df + .long 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8 + .long 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b + .long 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001 + .long 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30 + .long 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910 + .long 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8 + .long 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53 + .long 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8 + .long 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb + .long 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3 + .long 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60 + .long 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec + .long 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9 + .long 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b + .long 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207 + .long 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178 + .long 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6 + .long 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b + .long 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493 + .long 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c + .long 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a + .long 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817 +___ +} +$code.=<<___; +.size K${label},.-K${label} +.globl sha${label}_block_data_order +sha${label}_block_data_order: + save %sp,`-$frame-$locals`,%sp + and $inp,`$align-1`,$tmp31 + sllx $len,`log(16*$SZ)/log(2)`,$len + andn $inp,`$align-1`,$inp + sll $tmp31,3,$tmp31 + add $inp,$len,$len +___ +$code.=<<___ if ($SZ==8); # SHA512 + mov 32,$tmp32 + sub $tmp32,$tmp31,$tmp32 +___ +$code.=<<___; +.Lpic: call .+8 + add %o7,K${label}-.Lpic,$Ktbl + + $LD [$ctx+`0*$SZ`],$A + $LD [$ctx+`1*$SZ`],$B + $LD [$ctx+`2*$SZ`],$C + $LD [$ctx+`3*$SZ`],$D + $LD [$ctx+`4*$SZ`],$E + $LD [$ctx+`5*$SZ`],$F + $LD [$ctx+`6*$SZ`],$G + $LD [$ctx+`7*$SZ`],$H + +.Lloop: +___ +for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=".L16_xx:\n"; +for (;$i<32;$i++) { &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + and $tmp2,0xfff,$tmp2 + cmp $tmp2,$lastK + bne .L16_xx + add $Ktbl,`16*$SZ`,$Ktbl ! Ktbl+=16 + +___ +$code.=<<___ if ($SZ==4); # SHA256 + $LD [$ctx+`0*$SZ`],@X[0] + $LD [$ctx+`1*$SZ`],@X[1] + $LD [$ctx+`2*$SZ`],@X[2] + $LD [$ctx+`3*$SZ`],@X[3] + $LD [$ctx+`4*$SZ`],@X[4] + $LD [$ctx+`5*$SZ`],@X[5] + $LD [$ctx+`6*$SZ`],@X[6] + $LD [$ctx+`7*$SZ`],@X[7] + + add $A,@X[0],$A + $ST $A,[$ctx+`0*$SZ`] + add $B,@X[1],$B + $ST $B,[$ctx+`1*$SZ`] + add $C,@X[2],$C + $ST $C,[$ctx+`2*$SZ`] + add $D,@X[3],$D + $ST $D,[$ctx+`3*$SZ`] + add $E,@X[4],$E + $ST $E,[$ctx+`4*$SZ`] + add $F,@X[5],$F + $ST $F,[$ctx+`5*$SZ`] + add $G,@X[6],$G + $ST $G,[$ctx+`6*$SZ`] + add $H,@X[7],$H + $ST $H,[$ctx+`7*$SZ`] +___ +$code.=<<___ if ($SZ==8); # SHA512 + ld [$ctx+`0*$SZ+0`],%l0 + ld [$ctx+`0*$SZ+4`],%l1 + ld [$ctx+`1*$SZ+0`],%l2 + ld [$ctx+`1*$SZ+4`],%l3 + ld [$ctx+`2*$SZ+0`],%l4 + ld [$ctx+`2*$SZ+4`],%l5 + ld [$ctx+`3*$SZ+0`],%l6 + + sllx %l0,32,$tmp0 + ld [$ctx+`3*$SZ+4`],%l7 + sllx %l2,32,$tmp1 + or %l1,$tmp0,$tmp0 + or %l3,$tmp1,$tmp1 + add $tmp0,$A,$A + add $tmp1,$B,$B + $ST $A,[$ctx+`0*$SZ`] + sllx %l4,32,$tmp2 + $ST $B,[$ctx+`1*$SZ`] + sllx %l6,32,$T1 + or %l5,$tmp2,$tmp2 + or %l7,$T1,$T1 + add $tmp2,$C,$C + $ST $C,[$ctx+`2*$SZ`] + add $T1,$D,$D + $ST $D,[$ctx+`3*$SZ`] + + ld [$ctx+`4*$SZ+0`],%l0 + ld [$ctx+`4*$SZ+4`],%l1 + ld [$ctx+`5*$SZ+0`],%l2 + ld [$ctx+`5*$SZ+4`],%l3 + ld [$ctx+`6*$SZ+0`],%l4 + ld [$ctx+`6*$SZ+4`],%l5 + ld [$ctx+`7*$SZ+0`],%l6 + + sllx %l0,32,$tmp0 + ld [$ctx+`7*$SZ+4`],%l7 + sllx %l2,32,$tmp1 + or %l1,$tmp0,$tmp0 + or %l3,$tmp1,$tmp1 + add $tmp0,$E,$E + add $tmp1,$F,$F + $ST $E,[$ctx+`4*$SZ`] + sllx %l4,32,$tmp2 + $ST $F,[$ctx+`5*$SZ`] + sllx %l6,32,$T1 + or %l5,$tmp2,$tmp2 + or %l7,$T1,$T1 + add $tmp2,$G,$G + $ST $G,[$ctx+`6*$SZ`] + add $T1,$H,$H + $ST $H,[$ctx+`7*$SZ`] +___ +$code.=<<___; + add $inp,`16*$SZ`,$inp ! advance inp + cmp $inp,$len + bne `$bits==64?"%xcc":"%icc"`,.Lloop + sub $Ktbl,`($rounds-16)*$SZ`,$Ktbl ! rewind Ktbl + + ret + restore +.type sha${label}_block_data_order,#function +.size sha${label}_block_data_order,(.-sha${label}_block_data_order) +.asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl b/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl index b6252d31eca..e6643f8cf61 100755 --- a/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl +++ b/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl @@ -40,14 +40,18 @@ # sha256_block:-( This is presumably because 64-bit shifts/rotates # apparently are not atomic instructions, but implemented in microcode. -$output=shift; +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -open STDOUT,"| $^X $xlate $output"; +open STDOUT,"| $^X $xlate $flavour $output"; if ($output =~ /512/) { $func="sha512_block_data_order"; @@ -186,7 +190,7 @@ $func: push %r13 push %r14 push %r15 - mov %rsp,%rbp # copy %rsp + mov %rsp,%r11 # copy %rsp shl \$4,%rdx # num*16 sub \$$framesz,%rsp lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ @@ -194,10 +198,10 @@ $func: mov $ctx,$_ctx # save ctx, 1st arg mov $inp,$_inp # save inp, 2nd arh mov %rdx,$_end # save end pointer, "3rd" arg - mov %rbp,$_rsp # save copy of %rsp + mov %r11,$_rsp # save copy of %rsp +.Lprologue: - .picmeup $Tbl - lea $TABLE-.($Tbl),$Tbl + lea $TABLE(%rip),$Tbl mov $SZ*0($ctx),$A mov $SZ*1($ctx),$B @@ -257,14 +261,15 @@ $code.=<<___; mov $H,$SZ*7($ctx) jb .Lloop - mov $_rsp,%rsp - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - + mov $_rsp,%rsi + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue: ret .size $func,.-$func ___ @@ -339,6 +344,113 @@ $TABLE: ___ } +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + mov 16*$SZ+3*8(%rax),%rax # pull $_rsp + lea 48(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_$func + .rva .LSEH_end_$func + .rva .LSEH_info_$func + +.section .xdata +.align 8 +.LSEH_info_$func: + .byte 9,0,0,0 + .rva se_handler +___ +} + $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; close STDOUT; diff --git a/lib/libssl/src/crypto/sha/sha256.c b/lib/libssl/src/crypto/sha/sha256.c index 3256a83e98e..8952d87673b 100644 --- a/lib/libssl/src/crypto/sha/sha256.c +++ b/lib/libssl/src/crypto/sha/sha256.c @@ -12,39 +12,29 @@ #include <openssl/crypto.h> #include <openssl/sha.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif - #include <openssl/opensslv.h> const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; int SHA224_Init (SHA256_CTX *c) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif + memset (c,0,sizeof(*c)); c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; - c->Nl=0; c->Nh=0; - c->num=0; c->md_len=SHA224_DIGEST_LENGTH; + c->md_len=SHA224_DIGEST_LENGTH; return 1; } int SHA256_Init (SHA256_CTX *c) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif + memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; - c->Nl=0; c->Nh=0; - c->num=0; c->md_len=SHA256_DIGEST_LENGTH; + c->md_len=SHA256_DIGEST_LENGTH; return 1; } @@ -94,21 +84,21 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) */ #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ - unsigned int xn; \ + unsigned int nn; \ switch ((c)->md_len) \ { case SHA224_DIGEST_LENGTH: \ - for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++) \ - { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ + for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \ + { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ break; \ case SHA256_DIGEST_LENGTH: \ - for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++) \ - { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ + for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \ + { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ break; \ default: \ if ((c)->md_len > SHA256_DIGEST_LENGTH) \ return 0; \ - for (xn=0;xn<(c)->md_len/4;xn++) \ - { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ + for (nn=0;nn<(c)->md_len/4;nn++) \ + { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ break; \ } \ } while (0) diff --git a/lib/libssl/src/crypto/sha/sha512.c b/lib/libssl/src/crypto/sha/sha512.c index f5ed468b85e..cbc0e58c488 100644 --- a/lib/libssl/src/crypto/sha/sha512.c +++ b/lib/libssl/src/crypto/sha/sha512.c @@ -5,10 +5,6 @@ * ==================================================================== */ #include <openssl/opensslconf.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) /* * IMPLEMENTATION NOTES. @@ -65,9 +61,19 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; int SHA384_Init (SHA512_CTX *c) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif +#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) + /* maintain dword order required by assembler module */ + unsigned int *h = (unsigned int *)c->h; + + h[0] = 0xcbbb9d5d; h[1] = 0xc1059ed8; + h[2] = 0x629a292a; h[3] = 0x367cd507; + h[4] = 0x9159015a; h[5] = 0x3070dd17; + h[6] = 0x152fecd8; h[7] = 0xf70e5939; + h[8] = 0x67332667; h[9] = 0xffc00b31; + h[10] = 0x8eb44a87; h[11] = 0x68581511; + h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7; + h[14] = 0x47b5481d; h[15] = 0xbefa4fa4; +#else c->h[0]=U64(0xcbbb9d5dc1059ed8); c->h[1]=U64(0x629a292a367cd507); c->h[2]=U64(0x9159015a3070dd17); @@ -76,6 +82,7 @@ int SHA384_Init (SHA512_CTX *c) c->h[5]=U64(0x8eb44a8768581511); c->h[6]=U64(0xdb0c2e0d64f98fa7); c->h[7]=U64(0x47b5481dbefa4fa4); +#endif c->Nl=0; c->Nh=0; c->num=0; c->md_len=SHA384_DIGEST_LENGTH; return 1; @@ -83,9 +90,19 @@ int SHA384_Init (SHA512_CTX *c) int SHA512_Init (SHA512_CTX *c) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif +#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) + /* maintain dword order required by assembler module */ + unsigned int *h = (unsigned int *)c->h; + + h[0] = 0x6a09e667; h[1] = 0xf3bcc908; + h[2] = 0xbb67ae85; h[3] = 0x84caa73b; + h[4] = 0x3c6ef372; h[5] = 0xfe94f82b; + h[6] = 0xa54ff53a; h[7] = 0x5f1d36f1; + h[8] = 0x510e527f; h[9] = 0xade682d1; + h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f; + h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b; + h[14] = 0x5be0cd19; h[15] = 0x137e2179; +#else c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); @@ -94,6 +111,7 @@ int SHA512_Init (SHA512_CTX *c) c->h[5]=U64(0x9b05688c2b3e6c1f); c->h[6]=U64(0x1f83d9abfb41bd6b); c->h[7]=U64(0x5be0cd19137e2179); +#endif c->Nl=0; c->Nh=0; c->num=0; c->md_len=SHA512_DIGEST_LENGTH; return 1; @@ -142,6 +160,24 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) if (md==0) return 0; +#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) + /* recall assembler dword order... */ + n = c->md_len; + if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH) + { + unsigned int *h = (unsigned int *)c->h, t; + + for (n/=4;n;n--) + { + t = *(h++); + *(md++) = (unsigned char)(t>>24); + *(md++) = (unsigned char)(t>>16); + *(md++) = (unsigned char)(t>>8); + *(md++) = (unsigned char)(t); + } + } + else return 0; +#else switch (c->md_len) { /* Let compiler decide if it's appropriate to unroll... */ @@ -178,7 +214,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) /* ... as well as make sure md_len is not abused. */ default: return 0; } - +#endif return 1; } @@ -204,7 +240,7 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) if (len < n) { - memcpy (p+c->num,data,len), c->num += len; + memcpy (p+c->num,data,len), c->num += (unsigned int)len; return 1; } else { @@ -314,7 +350,7 @@ static const SHA_LONG64 K512[80] = { #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__x86_64) || defined(__x86_64__) -# define ROTR(a,n) ({ unsigned long ret; \ +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rorq %1,%0" \ : "=r"(ret) \ : "J"(n),"0"(a) \ @@ -337,20 +373,21 @@ static const SHA_LONG64 K512[80] = { ((SHA_LONG64)hi)<<32|lo; }) # else # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ + unsigned int hi=p[0],lo=p[1]; \ asm ("bswapl %0; bswapl %1;" \ : "=r"(lo),"=r"(hi) \ : "0"(lo),"1"(hi)); \ ((SHA_LONG64)hi)<<32|lo; }) # endif # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -# define ROTR(a,n) ({ unsigned long ret; \ +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) # endif # elif defined(_MSC_VER) # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# pragma intrinsic(_rotr64) # define ROTR(a,n) _rotr64((a),n) # endif # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) @@ -398,15 +435,66 @@ static const SHA_LONG64 K512[80] = { #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#define GO_FOR_SSE2(ctx,in,num) do { \ - void sha512_block_sse2(void *,const void *,size_t); \ - if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ - sha512_block_sse2(ctx->h,in,num); return; \ - } while (0) + +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +/* + * This code should give better results on 32-bit CPU with less than + * ~24 registers, both size and performance wise... + */ +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 A,E,T; + SHA_LONG64 X[9+80],*F; + int i; + + while (num--) { + + F = X+80; + A = ctx->h[0]; F[1] = ctx->h[1]; + F[2] = ctx->h[2]; F[3] = ctx->h[3]; + E = ctx->h[4]; F[5] = ctx->h[5]; + F[6] = ctx->h[6]; F[7] = ctx->h[7]; + + for (i=0;i<16;i++,F--) + { +#ifdef B_ENDIAN + T = W[i]; +#else + T = PULL64(W[i]); #endif + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A,F[1],F[2]); + } + + for (;i<80;i++,F--) + { + T = sigma0(F[8+16-1]); + T += sigma1(F[8+16-14]); + T += F[8+16] + F[8+16-9]; + + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A,F[1],F[2]); + } -#ifdef OPENSSL_SMALL_FOOTPRINT + ctx->h[0] += A; ctx->h[1] += F[1]; + ctx->h[2] += F[2]; ctx->h[3] += F[3]; + ctx->h[4] += E; ctx->h[5] += F[5]; + ctx->h[6] += F[6]; ctx->h[7] += F[7]; + + W+=SHA_LBLOCK; + } + } + +#elif defined(OPENSSL_SMALL_FOOTPRINT) static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { @@ -415,10 +503,6 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num SHA_LONG64 X[16]; int i; -#ifdef GO_FOR_SSE2 - GO_FOR_SSE2(ctx,in,num); -#endif - while (num--) { a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; @@ -463,11 +547,11 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num h = Sigma0(a) + Maj(a,b,c); \ d += T1; h += T1; } while (0) -#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ - ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) +#define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ + ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { @@ -476,10 +560,6 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num SHA_LONG64 X[16]; int i; -#ifdef GO_FOR_SSE2 - GO_FOR_SSE2(ctx,in,num); -#endif - while (num--) { a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; @@ -521,16 +601,24 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); #endif - for (i=16;i<80;i+=8) + for (i=16;i<80;i+=16) { - ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); - ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); - ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); - ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); - ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); - ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); - ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); - ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); + ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); + ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X); } ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; @@ -544,4 +632,10 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num #endif /* SHA512_ASM */ -#endif /* OPENSSL_NO_SHA512 */ +#else /* !OPENSSL_NO_SHA512 */ + +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +static void *dummy=&dummy; +#endif + +#endif /* !OPENSSL_NO_SHA512 */ diff --git a/lib/libssl/src/crypto/sparccpuid.S b/lib/libssl/src/crypto/sparccpuid.S index c17350fc89e..aa8b11efc97 100644 --- a/lib/libssl/src/crypto/sparccpuid.S +++ b/lib/libssl/src/crypto/sparccpuid.S @@ -34,7 +34,8 @@ OPENSSL_wipe_cpu: nop call .PIC.zero.up mov .zero-(.-4),%o0 - ldd [%o0],%f0 + ld [%o0],%f0 + ld [%o0],%f1 subcc %g0,1,%o0 ! Following is V9 "rd %ccr,%o0" instruction. However! V8 @@ -166,6 +167,7 @@ walk_reg_wins: .global OPENSSL_atomic_add .type OPENSSL_atomic_add,#function +.align 32 OPENSSL_atomic_add: #ifndef ABI64 subcc %g0,1,%o2 @@ -177,7 +179,7 @@ OPENSSL_atomic_add: ba .enter nop #ifdef __sun -! Note that you don't have to link with libthread to call thr_yield, +! Note that you do not have to link with libthread to call thr_yield, ! as libc provides a stub, which is overloaded the moment you link ! with *either* libpthread or libthread... #define YIELD_CPU thr_yield @@ -213,27 +215,106 @@ OPENSSL_atomic_add: sra %o0,%g0,%o0 ! we return signed int, remember? .size OPENSSL_atomic_add,.-OPENSSL_atomic_add -.global OPENSSL_rdtsc +.global _sparcv9_rdtick +.align 32 +_sparcv9_rdtick: subcc %g0,1,%o0 .word 0x91408000 !rd %ccr,%o0 cmp %o0,0x99 - bne .notsc + bne .notick xor %o0,%o0,%o0 - save %sp,FRAME-16,%sp - mov 513,%o0 !SI_PLATFORM - add %sp,BIAS+16,%o1 - call sysinfo - mov 256,%o2 + .word 0x91410000 !rd %tick,%o0 + retl + .word 0x93323020 !srlx %o2,32,%o1 +.notick: + retl + xor %o1,%o1,%o1 +.type _sparcv9_rdtick,#function +.size _sparcv9_rdtick,.-_sparcv9_rdtick - add %sp,BIAS-16,%o1 - ld [%o1],%l0 - ld [%o1+4],%l1 - ld [%o1+8],%l2 - mov %lo('SUNW'),%l3 - ret - restore -.notsc: +.global OPENSSL_cleanse +.align 32 +OPENSSL_cleanse: + cmp %o1,14 + nop +#ifdef ABI64 + bgu %xcc,.Lot +#else + bgu .Lot +#endif + cmp %o1,0 + bne .Little + nop + retl + nop + +.Little: + stb %g0,[%o0] + subcc %o1,1,%o1 + bnz .Little + add %o0,1,%o0 + retl + nop +.align 32 +.Lot: +#ifndef ABI64 + subcc %g0,1,%g1 + ! see above for explanation + .word 0x83408000 !rd %ccr,%g1 + cmp %g1,0x99 + bne .v8lot + nop +#endif + +.v9lot: andcc %o0,7,%g0 + bz .v9aligned + nop + stb %g0,[%o0] + sub %o1,1,%o1 + ba .v9lot + add %o0,1,%o0 +.align 16,0x01000000 +.v9aligned: + .word 0xc0720000 !stx %g0,[%o0] + sub %o1,8,%o1 + andcc %o1,-8,%g0 +#ifdef ABI64 + .word 0x126ffffd !bnz %xcc,.v9aligned +#else + .word 0x124ffffd !bnz %icc,.v9aligned +#endif + add %o0,8,%o0 + + cmp %o1,0 + bne .Little + nop retl nop -.type OPENSSL_rdtsc,#function -.size OPENSSL_rdtsc,.-OPENSSL_atomic_add +#ifndef ABI64 +.v8lot: andcc %o0,3,%g0 + bz .v8aligned + nop + stb %g0,[%o0] + sub %o1,1,%o1 + ba .v8lot + add %o0,1,%o0 + nop +.v8aligned: + st %g0,[%o0] + sub %o1,4,%o1 + andcc %o1,-4,%g0 + bnz .v8aligned + add %o0,4,%o0 + + cmp %o1,0 + bne .Little + nop + retl + nop +#endif +.type OPENSSL_cleanse,#function +.size OPENSSL_cleanse,.-OPENSSL_cleanse + +.section ".init",#alloc,#execinstr + call OPENSSL_cpuid_setup + nop diff --git a/lib/libssl/src/crypto/stack/Makefile b/lib/libssl/src/crypto/stack/Makefile index 489a77b93c4..5327692ac89 100644 --- a/lib/libssl/src/crypto/stack/Makefile +++ b/lib/libssl/src/crypto/stack/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libssl/src/crypto/store/Makefile b/lib/libssl/src/crypto/store/Makefile index c9f5d001a39..0dcfd7857a3 100644 --- a/lib/libssl/src/crypto/store/Makefile +++ b/lib/libssl/src/crypto/store/Makefile @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -89,14 +89,14 @@ str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -str_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -str_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -str_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -str_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -str_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -str_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h -str_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h +str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +str_lib.o: str_lib.c str_locl.h str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h diff --git a/lib/libssl/src/crypto/store/store.h b/lib/libssl/src/crypto/store/store.h index 64583377a94..0a28c7d5a20 100644 --- a/lib/libssl/src/crypto/store/store.h +++ b/lib/libssl/src/crypto/store/store.h @@ -59,6 +59,12 @@ #ifndef HEADER_STORE_H #define HEADER_STORE_H +#include <openssl/opensslconf.h> + +#ifdef OPENSSL_NO_STORE +#error STORE is disabled. +#endif + #include <openssl/ossl_typ.h> #ifndef OPENSSL_NO_DEPRECATED #include <openssl/evp.h> @@ -408,7 +414,8 @@ int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, /* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in each contained attribute. */ -int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO * const *a, + const STORE_ATTR_INFO * const *b); /* Check if the set of attributes in a is within the range of attributes set in b. */ int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); diff --git a/lib/libssl/src/crypto/store/str_err.c b/lib/libssl/src/crypto/store/str_err.c index 6fee6498220..924edf05058 100644 --- a/lib/libssl/src/crypto/store/str_err.c +++ b/lib/libssl/src/crypto/store/str_err.c @@ -1,6 +1,6 @@ /* crypto/store/str_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libssl/src/crypto/store/str_lib.c b/lib/libssl/src/crypto/store/str_lib.c index 32ae5bd3957..f1dbcbd0e0c 100644 --- a/lib/libssl/src/crypto/store/str_lib.c +++ b/lib/libssl/src/crypto/store/str_lib.c @@ -1670,7 +1670,7 @@ int STORE_parse_attrs_endp(void *handle) } static int attr_info_compare_compute_range( - unsigned char *abits, unsigned char *bbits, + const unsigned char *abits, const unsigned char *bbits, unsigned int *alowp, unsigned int *ahighp, unsigned int *blowp, unsigned int *bhighp) { @@ -1739,13 +1739,15 @@ static int attr_info_compare_compute_range( return res; } -int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO * const *a, + const STORE_ATTR_INFO * const *b) { if (a == b) return 0; if (!a) return -1; if (!b) return 1; - return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); + return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0); } + int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { unsigned int alow, ahigh, blow, bhigh; @@ -1759,6 +1761,7 @@ int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) return 1; return 0; } + int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { unsigned char *abits, *bbits; @@ -1776,6 +1779,7 @@ int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) } return 1; } + int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { STORE_ATTR_TYPES i; diff --git a/lib/libssl/src/crypto/store/str_mem.c b/lib/libssl/src/crypto/store/str_mem.c index 527757ae099..8ac4f7e55c7 100644 --- a/lib/libssl/src/crypto/store/str_mem.c +++ b/lib/libssl/src/crypto/store/str_mem.c @@ -76,30 +76,35 @@ attribute type code). */ -struct mem_object_data_st +typedef struct mem_object_data_st { STORE_OBJECT *object; STORE_ATTR_INFO *attr_info; int references; - }; + } MEM_OBJECT_DATA; +DECLARE_STACK_OF(MEM_OBJECT_DATA) struct mem_data_st { - STACK *data; /* A stack of mem_object_data_st, - sorted with STORE_ATTR_INFO_compare(). */ + STACK_OF(MEM_OBJECT_DATA) *data; /* sorted with + * STORE_ATTR_INFO_compare(). */ unsigned int compute_components : 1; /* Currently unused, but can be used to add attributes from parts of the data. */ }; +DECLARE_STACK_OF(STORE_ATTR_INFO) struct mem_ctx_st { int type; /* The type we're searching for */ - STACK *search_attributes; /* Sets of attributes to search for. - Each element is a STORE_ATTR_INFO. */ - int search_index; /* which of the search attributes we found a match - for, -1 when we still haven't found any */ - int index; /* -1 as long as we're searching for the first */ + STACK_OF(STORE_ATTR_INFO) *search_attributes; /* Sets of + attributes to search for. Each + element is a STORE_ATTR_INFO. */ + int search_index; /* which of the search attributes we + found a match for, -1 when we still + haven't found any */ + int index; /* -1 as long as we're searching for + the first */ }; static int mem_init(STORE *s); @@ -240,7 +245,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, if (context->search_attributes == NULL) { context->search_attributes = - sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare); + sk_STORE_ATTR_INFO_new(STORE_ATTR_INFO_compare); if (!context->search_attributes) { STOREerr(STORE_F_MEM_LIST_START, @@ -248,7 +253,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, goto err; } } - sk_push(context->search_attributes,(char *)attrs); + sk_STORE_ATTR_INFO_push(context->search_attributes,attrs); } if (!STORE_parse_attrs_endp(attribute_context)) goto err; @@ -284,11 +289,14 @@ static STORE_OBJECT *mem_list_next(STORE *s, void *handle) if (context->search_index == -1) { - for (i = 0; i < sk_num(context->search_attributes); i++) + for (i = 0; + i < sk_STORE_ATTR_INFO_num(context->search_attributes); + i++) { - key.attr_info = - (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); - srch = sk_find_ex(store->data, (char *)&key); + key.attr_info + = sk_STORE_ATTR_INFO_value(context->search_attributes, + i); + srch = sk_MEM_OBJECT_DATA_find_ex(store->data, &key); if (srch >= 0) { @@ -301,21 +309,20 @@ static STORE_OBJECT *mem_list_next(STORE *s, void *handle) return NULL; key.attr_info = - (STORE_ATTR_INFO *)sk_value(context->search_attributes, - context->search_index); + sk_STORE_ATTR_INFO_value(context->search_attributes, + context->search_index); for(srch = context->search_index; - srch < sk_num(store->data) + srch < sk_MEM_OBJECT_DATA_num(store->data) && STORE_ATTR_INFO_in_range(key.attr_info, - (STORE_ATTR_INFO *)sk_value(store->data, srch)) + sk_MEM_OBJECT_DATA_value(store->data, srch)->attr_info) && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, - (STORE_ATTR_INFO *)sk_value(store->data, srch))); + sk_MEM_OBJECT_DATA_value(store->data, srch)->attr_info)); srch++) ; context->search_index = srch; if (cres) - return ((struct mem_object_data_st *)sk_value(store->data, - srch))->object; + return (sk_MEM_OBJECT_DATA_value(store->data, srch))->object; return NULL; } static int mem_list_end(STORE *s, void *handle) @@ -328,7 +335,7 @@ static int mem_list_end(STORE *s, void *handle) return 0; } if (context && context->search_attributes) - sk_free(context->search_attributes); + sk_STORE_ATTR_INFO_free(context->search_attributes); if (context) OPENSSL_free(context); return 1; } @@ -337,7 +344,8 @@ static int mem_list_endp(STORE *s, void *handle) struct mem_ctx_st *context = (struct mem_ctx_st *)handle; if (!context - || context->search_index == sk_num(context->search_attributes)) + || context->search_index + == sk_STORE_ATTR_INFO_num(context->search_attributes)) return 1; return 0; } diff --git a/lib/libssl/src/crypto/ts/Makefile b/lib/libssl/src/crypto/ts/Makefile new file mode 100644 index 00000000000..c18234555be --- /dev/null +++ b/lib/libssl/src/crypto/ts/Makefile @@ -0,0 +1,269 @@ +# +# SSLeay/crypto/ts/Makefile +# + +DIR= ts +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG = -g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +AR= ar r + +PEX_LIBS= +EX_LIBS= + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL= Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c \ + ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c \ + ts_asn1.c +LIBOBJ= ts_err.o ts_req_utils.o ts_req_print.o ts_rsp_utils.o ts_rsp_print.o \ + ts_rsp_sign.o ts_rsp_verify.o ts_verify_ctx.o ts_lib.o ts_conf.o \ + ts_asn1.o + +SRC= $(LIBSRC) + +EXHEADER= ts.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +test: + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +ts_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +ts_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ts_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ts_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +ts_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ts_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ts_asn1.o: ../../include/openssl/ts.h ../../include/openssl/x509.h +ts_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ts_asn1.o: ts_asn1.c +ts_conf.o: ../../e_os.h ../../include/openssl/asn1.h +ts_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_conf.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ts_conf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ts_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ts_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +ts_conf.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +ts_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_conf.c +ts_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ts_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ts_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ts_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ts_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ts_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ts_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ts_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ts_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_err.o: ../../include/openssl/x509v3.h ts_err.c +ts_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +ts_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ts_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ts_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ts_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +ts_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ts_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ts_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ts.h ts_lib.c +ts_req_print.o: ../../e_os.h ../../include/openssl/asn1.h +ts_req_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ts_req_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ts_req_print.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ts_req_print.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ts_req_print.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ts_req_print.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ts_req_print.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_req_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ts_req_print.o: ../../include/openssl/opensslconf.h +ts_req_print.o: ../../include/openssl/opensslv.h +ts_req_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_req_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_req_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_req_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_req_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_req_print.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_req_print.c +ts_req_utils.o: ../../e_os.h ../../include/openssl/asn1.h +ts_req_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_req_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_req_utils.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_req_utils.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_req_utils.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_req_utils.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_req_utils.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_req_utils.o: ../../include/openssl/objects.h +ts_req_utils.o: ../../include/openssl/opensslconf.h +ts_req_utils.o: ../../include/openssl/opensslv.h +ts_req_utils.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_req_utils.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_req_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_req_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_req_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_req_utils.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_req_utils.c +ts_rsp_print.o: ../../e_os.h ../../include/openssl/asn1.h +ts_rsp_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ts_rsp_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ts_rsp_print.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ts_rsp_print.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ts_rsp_print.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ts_rsp_print.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ts_rsp_print.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_rsp_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ts_rsp_print.o: ../../include/openssl/opensslconf.h +ts_rsp_print.o: ../../include/openssl/opensslv.h +ts_rsp_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_rsp_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_rsp_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_rsp_print.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ts_rsp_print.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ts_rsp_print.o: ../cryptlib.h ts.h ts_rsp_print.c +ts_rsp_sign.o: ../../e_os.h ../../include/openssl/asn1.h +ts_rsp_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_rsp_sign.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_rsp_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_rsp_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_rsp_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_rsp_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_rsp_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_rsp_sign.o: ../../include/openssl/objects.h +ts_rsp_sign.o: ../../include/openssl/opensslconf.h +ts_rsp_sign.o: ../../include/openssl/opensslv.h +ts_rsp_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_rsp_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_sign.c +ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h +ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_rsp_utils.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_rsp_utils.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_rsp_utils.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_rsp_utils.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_rsp_utils.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_rsp_utils.o: ../../include/openssl/objects.h +ts_rsp_utils.o: ../../include/openssl/opensslconf.h +ts_rsp_utils.o: ../../include/openssl/opensslv.h +ts_rsp_utils.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_rsp_utils.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_rsp_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_rsp_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_rsp_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_rsp_utils.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_utils.c +ts_rsp_verify.o: ../../e_os.h ../../include/openssl/asn1.h +ts_rsp_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_rsp_verify.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_rsp_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_rsp_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_rsp_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_rsp_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_rsp_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_rsp_verify.o: ../../include/openssl/objects.h +ts_rsp_verify.o: ../../include/openssl/opensslconf.h +ts_rsp_verify.o: ../../include/openssl/opensslv.h +ts_rsp_verify.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_rsp_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_rsp_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_rsp_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_rsp_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_rsp_verify.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_verify.c +ts_verify_ctx.o: ../../e_os.h ../../include/openssl/asn1.h +ts_verify_ctx.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ts_verify_ctx.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_verify_ctx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_verify_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_verify_ctx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_verify_ctx.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_verify_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_verify_ctx.o: ../../include/openssl/objects.h +ts_verify_ctx.o: ../../include/openssl/opensslconf.h +ts_verify_ctx.o: ../../include/openssl/opensslv.h +ts_verify_ctx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_verify_ctx.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_verify_ctx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_verify_ctx.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h +ts_verify_ctx.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_verify_ctx.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_verify_ctx.c diff --git a/lib/libssl/src/crypto/ts/ts.h b/lib/libssl/src/crypto/ts/ts.h new file mode 100644 index 00000000000..190e8a1bf2b --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts.h @@ -0,0 +1,861 @@ +/* crypto/ts/ts.h */ +/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL + * project 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_H +#define HEADER_TS_H + +#include <openssl/opensslconf.h> +#include <openssl/symhacks.h> +#ifndef OPENSSL_NO_BUFFER +#include <openssl/buffer.h> +#endif +#ifndef OPENSSL_NO_EVP +#include <openssl/evp.h> +#endif +#ifndef OPENSSL_NO_BIO +#include <openssl/bio.h> +#endif +#include <openssl/stack.h> +#include <openssl/asn1.h> +#include <openssl/safestack.h> + +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif + +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif + +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif + +#include <openssl/evp.h> + + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef WIN32 +/* Under Win32 this is defined in wincrypt.h */ +#undef X509_NAME +#endif + +#include <openssl/x509.h> +#include <openssl/x509v3.h> + +/* +MessageImprint ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + hashedMessage OCTET STRING } +*/ + +typedef struct TS_msg_imprint_st + { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; + } TS_MSG_IMPRINT; + +/* +TimeStampReq ::= SEQUENCE { + version INTEGER { v1(1) }, + messageImprint MessageImprint, + --a hash algorithm OID and the hash value of the data to be + --time-stamped + reqPolicy TSAPolicyId OPTIONAL, + nonce INTEGER OPTIONAL, + certReq BOOLEAN DEFAULT FALSE, + extensions [0] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_req_st + { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; /* OPTIONAL */ + ASN1_INTEGER *nonce; /* OPTIONAL */ + ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ + STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ + } TS_REQ; + +/* +Accuracy ::= SEQUENCE { + seconds INTEGER OPTIONAL, + millis [0] INTEGER (1..999) OPTIONAL, + micros [1] INTEGER (1..999) OPTIONAL } +*/ + +typedef struct TS_accuracy_st + { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; + } TS_ACCURACY; + +/* +TSTInfo ::= SEQUENCE { + version INTEGER { v1(1) }, + policy TSAPolicyId, + messageImprint MessageImprint, + -- MUST have the same value as the similar field in + -- TimeStampReq + serialNumber INTEGER, + -- Time-Stamping users MUST be ready to accommodate integers + -- up to 160 bits. + genTime GeneralizedTime, + accuracy Accuracy OPTIONAL, + ordering BOOLEAN DEFAULT FALSE, + nonce INTEGER OPTIONAL, + -- MUST be present if the similar field was present + -- in TimeStampReq. In that case it MUST have the same value. + tsa [0] GeneralName OPTIONAL, + extensions [1] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_tst_info_st + { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; + } TS_TST_INFO; + +/* +PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL } + +From RFC 1510 - section 3.1.1: +PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String (note: each UTF8String SHOULD + -- include an RFC 1766 language tag to indicate the language + -- of the contained text) +*/ + +/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ + +#define TS_STATUS_GRANTED 0 +#define TS_STATUS_GRANTED_WITH_MODS 1 +#define TS_STATUS_REJECTION 2 +#define TS_STATUS_WAITING 3 +#define TS_STATUS_REVOCATION_WARNING 4 +#define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */ + +#define TS_INFO_BAD_ALG 0 +#define TS_INFO_BAD_REQUEST 2 +#define TS_INFO_BAD_DATA_FORMAT 5 +#define TS_INFO_TIME_NOT_AVAILABLE 14 +#define TS_INFO_UNACCEPTED_POLICY 15 +#define TS_INFO_UNACCEPTED_EXTENSION 16 +#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +#define TS_INFO_SYSTEM_FAILURE 25 + +typedef struct TS_status_info_st + { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; + } TS_STATUS_INFO; + +DECLARE_STACK_OF(ASN1_UTF8STRING) +DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) + +/* +TimeStampResp ::= SEQUENCE { + status PKIStatusInfo, + timeStampToken TimeStampToken OPTIONAL } +*/ + +typedef struct TS_resp_st + { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; + } TS_RESP; + +/* The structure below would belong to the ESS component. */ + +/* +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber + } +*/ + +typedef struct ESS_issuer_serial + { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; + } ESS_ISSUER_SERIAL; + +/* +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} +*/ + +typedef struct ESS_cert_id + { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; + } ESS_CERT_ID; + +DECLARE_STACK_OF(ESS_CERT_ID) +DECLARE_ASN1_SET_OF(ESS_CERT_ID) + +/* +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} +*/ + +typedef struct ESS_signing_cert + { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; + } ESS_SIGNING_CERT; + + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, + unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, + unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +void ERR_load_TS_strings(void); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +#define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +#define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +#define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); + +/* This must return the seconds and microseconds since Jan 1, 1970 in + the sec and usec variables allocated by the caller. + Return non-zero for success and zero for failure. */ +typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec); + +/* This must process the given extension. + * It can modify the TS_TST_INFO object of the context. + * Return values: !0 (processed), 0 (error, it must set the + * status info/failure info of the response). + */ +typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); + +typedef struct TS_resp_ctx + { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in + time stamp token. */ + unsigned flags; /* Optional info, see values above. */ + + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; + } TS_RESP_CTX; + +DECLARE_STACK_OF(EVP_MD) +DECLARE_ASN1_SET_OF(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* Adds a new acceptable policy, only the default policy + is accepted by default. */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); + +/* Adds a new acceptable message digest. Note that no message digests + are accepted by default. The md argument is shared with the caller. */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* Clock precision digits, i.e. the number of decimal digits: + '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +#define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +#define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +#define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +#define TS_VFY_POLICY (1u << 2) +/* Verify the message imprint provided by the user. This flag should not be + specified with TS_VFY_DATA. */ +#define TS_VFY_IMPRINT (1u << 3) +/* Verify the message imprint computed by the verify method from the user + provided data and the MD algorithm of the response. This flag should not be + specified with TS_VFY_IMPRINT. */ +#define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +#define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +#define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +#define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +#define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +#define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx + { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + + /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, + the algorithm from the response is used. */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; + } TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + * they are defined in ts/ts_verify_ctx.c. + */ + +/* Set all fields to zero. */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); + +/* + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* Function declarations for handling configuration options, + defined in ts/ts_conf.c */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +/* -------------------------------------------------- */ +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_TS_strings(void); + +/* Error codes for the TS functions. */ + +/* Function codes. */ +#define TS_F_D2I_TS_RESP 147 +#define TS_F_DEF_SERIAL_CB 110 +#define TS_F_DEF_TIME_CB 111 +#define TS_F_ESS_ADD_SIGNING_CERT 112 +#define TS_F_ESS_CERT_ID_NEW_INIT 113 +#define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +#define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +#define TS_F_PKCS7_TO_TS_TST_INFO 148 +#define TS_F_TS_ACCURACY_SET_MICROS 115 +#define TS_F_TS_ACCURACY_SET_MILLIS 116 +#define TS_F_TS_ACCURACY_SET_SECONDS 117 +#define TS_F_TS_CHECK_IMPRINTS 100 +#define TS_F_TS_CHECK_NONCES 101 +#define TS_F_TS_CHECK_POLICY 102 +#define TS_F_TS_CHECK_SIGNING_CERTS 103 +#define TS_F_TS_CHECK_STATUS_INFO 104 +#define TS_F_TS_COMPUTE_IMPRINT 145 +#define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +#define TS_F_TS_GET_STATUS_TEXT 105 +#define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +#define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +#define TS_F_TS_REQ_SET_NONCE 120 +#define TS_F_TS_REQ_SET_POLICY_ID 121 +#define TS_F_TS_RESP_CREATE_RESPONSE 122 +#define TS_F_TS_RESP_CREATE_TST_INFO 123 +#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +#define TS_F_TS_RESP_CTX_ADD_MD 125 +#define TS_F_TS_RESP_CTX_ADD_POLICY 126 +#define TS_F_TS_RESP_CTX_NEW 127 +#define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +#define TS_F_TS_RESP_CTX_SET_CERTS 129 +#define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +#define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +#define TS_F_TS_RESP_GET_POLICY 133 +#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +#define TS_F_TS_RESP_SET_STATUS_INFO 135 +#define TS_F_TS_RESP_SET_TST_INFO 150 +#define TS_F_TS_RESP_SIGN 136 +#define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +#define TS_F_TS_RESP_VERIFY_TOKEN 107 +#define TS_F_TS_TST_INFO_SET_ACCURACY 137 +#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +#define TS_F_TS_TST_INFO_SET_NONCE 139 +#define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +#define TS_F_TS_TST_INFO_SET_SERIAL 141 +#define TS_F_TS_TST_INFO_SET_TIME 142 +#define TS_F_TS_TST_INFO_SET_TSA 143 +#define TS_F_TS_VERIFY 108 +#define TS_F_TS_VERIFY_CERT 109 +#define TS_F_TS_VERIFY_CTX_NEW 144 + +/* Reason codes. */ +#define TS_R_BAD_PKCS7_TYPE 132 +#define TS_R_BAD_TYPE 133 +#define TS_R_CERTIFICATE_VERIFY_ERROR 100 +#define TS_R_COULD_NOT_SET_ENGINE 127 +#define TS_R_COULD_NOT_SET_TIME 115 +#define TS_R_D2I_TS_RESP_INT_FAILED 128 +#define TS_R_DETACHED_CONTENT 134 +#define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +#define TS_R_INVALID_NULL_POINTER 102 +#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +#define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +#define TS_R_NONCE_MISMATCH 104 +#define TS_R_NONCE_NOT_RETURNED 105 +#define TS_R_NO_CONTENT 106 +#define TS_R_NO_TIME_STAMP_TOKEN 107 +#define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +#define TS_R_POLICY_MISMATCH 108 +#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +#define TS_R_RESPONSE_SETUP_ERROR 121 +#define TS_R_SIGNATURE_FAILURE 109 +#define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +#define TS_R_TIME_SYSCALL_ERROR 122 +#define TS_R_TOKEN_NOT_PRESENT 130 +#define TS_R_TOKEN_PRESENT 131 +#define TS_R_TSA_NAME_MISMATCH 111 +#define TS_R_TSA_UNTRUSTED 112 +#define TS_R_TST_INFO_SETUP_ERROR 123 +#define TS_R_TS_DATASIGN 124 +#define TS_R_UNACCEPTABLE_POLICY 125 +#define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +#define TS_R_UNSUPPORTED_VERSION 113 +#define TS_R_WRONG_CONTENT_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/lib/libssl/src/crypto/ts/ts_asn1.c b/lib/libssl/src/crypto/ts/ts_asn1.c new file mode 100644 index 00000000000..40b730c5e2e --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_asn1.c @@ -0,0 +1,322 @@ +/* crypto/ts/ts_asn1.c */ +/* Written by Nils Larsch for the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <openssl/ts.h> +#include <openssl/err.h> +#include <openssl/asn1t.h> + +ASN1_SEQUENCE(TS_MSG_IMPRINT) = { + ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), + ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(TS_MSG_IMPRINT) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) +#ifndef OPENSSL_NO_BIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) + { + return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, bp, a); + } + +int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a) +{ + return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a); +} +#endif +#ifndef OPENSSL_NO_FP_API +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) + { + return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, fp, a); + } + +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a) + { + return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a); + } +#endif + +ASN1_SEQUENCE(TS_REQ) = { + ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER), + ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT), + ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT), + ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER), + ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN), + ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0) +} ASN1_SEQUENCE_END(TS_REQ) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ) +#ifndef OPENSSL_NO_BIO +TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a) + { + return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a); + } + +int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a) + { + return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a); + } +#endif +#ifndef OPENSSL_NO_FP_API +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a) + { + return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a); + } + +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a) + { + return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a); + } +#endif + +ASN1_SEQUENCE(TS_ACCURACY) = { + ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER), + ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0), + ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1) +} ASN1_SEQUENCE_END(TS_ACCURACY) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY) + +ASN1_SEQUENCE(TS_TST_INFO) = { + ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT), + ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT), + ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER), + ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME), + ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY), + ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN), + ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER), + ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0), + ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1) +} ASN1_SEQUENCE_END(TS_TST_INFO) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO) +#ifndef OPENSSL_NO_BIO +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) + { + return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, a); + } + +int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a) + { + return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a); + } +#endif +#ifndef OPENSSL_NO_FP_API +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) + { + return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, a); + } + +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a) + { + return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a); + } +#endif + +ASN1_SEQUENCE(TS_STATUS_INFO) = { + ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER), + ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING), + ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(TS_STATUS_INFO) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO) + +static int ts_resp_set_tst_info(TS_RESP *a) +{ + long status; + + status = ASN1_INTEGER_get(a->status_info->status); + + if (a->token) { + if (status != 0 && status != 1) { + TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT); + return 0; + } + if (a->tst_info != NULL) + TS_TST_INFO_free(a->tst_info); + a->tst_info = PKCS7_to_TS_TST_INFO(a->token); + if (!a->tst_info) { + TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_PKCS7_TO_TS_TST_INFO_FAILED); + return 0; + } + } else if (status == 0 || status == 1) { + TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT); + return 0; + } + + return 1; +} + +static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + TS_RESP *ts_resp = (TS_RESP *)*pval; + if (op == ASN1_OP_NEW_POST) { + ts_resp->tst_info = NULL; + } else if (op == ASN1_OP_FREE_POST) { + if (ts_resp->tst_info != NULL) + TS_TST_INFO_free(ts_resp->tst_info); + } else if (op == ASN1_OP_D2I_POST) { + if (ts_resp_set_tst_info(ts_resp) == 0) + return 0; + } + return 1; +} + +ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = { + ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO), + ASN1_OPT(TS_RESP, token, PKCS7), +} ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP) + +IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP) +IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP) +#ifndef OPENSSL_NO_BIO +TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a) + { + return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a); + } + +int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a) + { + return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a); + } +#endif +#ifndef OPENSSL_NO_FP_API +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a) + { + return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a); + } + +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a) + { + return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a); + } +#endif + +ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = { + ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME), + ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER) +} ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL) + +IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL) +IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) + +ASN1_SEQUENCE(ESS_CERT_ID) = { + ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING), + ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL) +} ASN1_SEQUENCE_END(ESS_CERT_ID) + +IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID) +IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID) + +ASN1_SEQUENCE(ESS_SIGNING_CERT) = { + ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID), + ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO) +} ASN1_SEQUENCE_END(ESS_SIGNING_CERT) + +IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT) +IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) + +/* Getting encapsulated TS_TST_INFO object from PKCS7. */ +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token) +{ + PKCS7_SIGNED *pkcs7_signed; + PKCS7 *enveloped; + ASN1_TYPE *tst_info_wrapper; + ASN1_OCTET_STRING *tst_info_der; + const unsigned char *p; + + if (!PKCS7_type_is_signed(token)) + { + TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); + return NULL; + } + + /* Content must be present. */ + if (PKCS7_get_detached(token)) + { + TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT); + return NULL; + } + + /* We have a signed data with content. */ + pkcs7_signed = token->d.sign; + enveloped = pkcs7_signed->contents; + if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) + { + TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); + return NULL; + } + + /* We have a DER encoded TST_INFO as the signed data. */ + tst_info_wrapper = enveloped->d.other; + if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) + { + TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE); + return NULL; + } + + /* We have the correct ASN1_OCTET_STRING type. */ + tst_info_der = tst_info_wrapper->value.octet_string; + /* At last, decode the TST_INFO. */ + p = tst_info_der->data; + return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length); +} diff --git a/lib/libssl/src/crypto/ts/ts_conf.c b/lib/libssl/src/crypto/ts/ts_conf.c new file mode 100644 index 00000000000..c39be76f284 --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_conf.c @@ -0,0 +1,507 @@ +/* crypto/ts/ts_conf.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <string.h> + +#include <openssl/crypto.h> +#include "cryptlib.h" +#include <openssl/pem.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif +#include <openssl/ts.h> + +/* Macro definitions for the configuration file. */ + +#define BASE_SECTION "tsa" +#define ENV_DEFAULT_TSA "default_tsa" +#define ENV_SERIAL "serial" +#define ENV_CRYPTO_DEVICE "crypto_device" +#define ENV_SIGNER_CERT "signer_cert" +#define ENV_CERTS "certs" +#define ENV_SIGNER_KEY "signer_key" +#define ENV_DEFAULT_POLICY "default_policy" +#define ENV_OTHER_POLICIES "other_policies" +#define ENV_DIGESTS "digests" +#define ENV_ACCURACY "accuracy" +#define ENV_ORDERING "ordering" +#define ENV_TSA_NAME "tsa_name" +#define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" +#define ENV_VALUE_SECS "secs" +#define ENV_VALUE_MILLISECS "millisecs" +#define ENV_VALUE_MICROSECS "microsecs" +#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" +#define ENV_VALUE_YES "yes" +#define ENV_VALUE_NO "no" + +/* Function definitions for certificate and key loading. */ + +X509 *TS_CONF_load_cert(const char *file) + { + BIO *cert = NULL; + X509 *x = NULL; + + if ((cert = BIO_new_file(file, "r")) == NULL) goto end; + x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); +end: + if (x == NULL) + fprintf(stderr, "unable to load certificate: %s\n", file); + BIO_free(cert); + return x; + } + +STACK_OF(X509) *TS_CONF_load_certs(const char *file) + { + BIO *certs = NULL; + STACK_OF(X509) *othercerts = NULL; + STACK_OF(X509_INFO) *allcerts = NULL; + int i; + + if (!(certs = BIO_new_file(file, "r"))) goto end; + + if (!(othercerts = sk_X509_new_null())) goto end; + allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); + for(i = 0; i < sk_X509_INFO_num(allcerts); i++) + { + X509_INFO *xi = sk_X509_INFO_value(allcerts, i); + if (xi->x509) + { + sk_X509_push(othercerts, xi->x509); + xi->x509 = NULL; + } + } +end: + if (othercerts == NULL) + fprintf(stderr, "unable to load certificates: %s\n", file); + sk_X509_INFO_pop_free(allcerts, X509_INFO_free); + BIO_free(certs); + return othercerts; + } + +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) + { + BIO *key = NULL; + EVP_PKEY *pkey = NULL; + + if (!(key = BIO_new_file(file, "r"))) goto end; + pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *) pass); + end: + if (pkey == NULL) + fprintf(stderr, "unable to load private key: %s\n", file); + BIO_free(key); + return pkey; + } + +/* Function definitions for handling configuration options. */ + +static void TS_CONF_lookup_fail(const char *name, const char *tag) + { + fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); + } + +static void TS_CONF_invalid(const char *name, const char *tag) + { + fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); + } + +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) + { + if (!section) + { + section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); + if (!section) + TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); + } + return section; + } + +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx) + { + int ret = 0; + char *serial = NCONF_get_string(conf, section, ENV_SERIAL); + if (!serial) + { + TS_CONF_lookup_fail(section, ENV_SERIAL); + goto err; + } + TS_RESP_CTX_set_serial_cb(ctx, cb, serial); + + ret = 1; + err: + return ret; + } + +#ifndef OPENSSL_NO_ENGINE + +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device) + { + int ret = 0; + + if (!device) + device = NCONF_get_string(conf, section, + ENV_CRYPTO_DEVICE); + + if (device && !TS_CONF_set_default_engine(device)) + { + TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); + goto err; + } + ret = 1; + err: + return ret; + } + +int TS_CONF_set_default_engine(const char *name) + { + ENGINE *e = NULL; + int ret = 0; + + /* Leave the default if builtin specified. */ + if (strcmp(name, "builtin") == 0) return 1; + + if (!(e = ENGINE_by_id(name))) goto err; + /* Enable the use of the NCipher HSM for forked children. */ + if (strcmp(name, "chil") == 0) + ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); + /* All the operations are going to be carried out by the engine. */ + if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) goto err; + ret = 1; + err: + if (!ret) + { + TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, + TS_R_COULD_NOT_SET_ENGINE); + ERR_add_error_data(2, "engine:", name); + } + if (e) ENGINE_free(e); + return ret; + } + +#endif + +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx) + { + int ret = 0; + X509 *cert_obj = NULL; + if (!cert) + cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); + if (!cert) + { + TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); + goto err; + } + if (!(cert_obj = TS_CONF_load_cert(cert))) + goto err; + if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) + goto err; + + ret = 1; + err: + X509_free(cert_obj); + return ret; + } + +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx) + { + int ret = 0; + STACK_OF(X509) *certs_obj = NULL; + if (!certs) + certs = NCONF_get_string(conf, section, ENV_CERTS); + /* Certificate chain is optional. */ + if (!certs) goto end; + if (!(certs_obj = TS_CONF_load_certs(certs))) goto err; + if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) goto err; + end: + ret = 1; + err: + sk_X509_pop_free(certs_obj, X509_free); + return ret; + } + +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx) + { + int ret = 0; + EVP_PKEY *key_obj = NULL; + if (!key) + key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); + if (!key) + { + TS_CONF_lookup_fail(section, ENV_SIGNER_KEY); + goto err; + } + if (!(key_obj = TS_CONF_load_key(key, pass))) goto err; + if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) goto err; + + ret = 1; + err: + EVP_PKEY_free(key_obj); + return ret; + } + +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx) + { + int ret = 0; + ASN1_OBJECT *policy_obj = NULL; + if (!policy) + policy = NCONF_get_string(conf, section, + ENV_DEFAULT_POLICY); + if (!policy) + { + TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); + goto err; + } + if (!(policy_obj = OBJ_txt2obj(policy, 0))) + { + TS_CONF_invalid(section, ENV_DEFAULT_POLICY); + goto err; + } + if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) + goto err; + + ret = 1; + err: + ASN1_OBJECT_free(policy_obj); + return ret; + } + +int TS_CONF_set_policies(CONF *conf, const char *section, + TS_RESP_CTX *ctx) + { + int ret = 0; + int i; + STACK_OF(CONF_VALUE) *list = NULL; + char *policies = NCONF_get_string(conf, section, + ENV_OTHER_POLICIES); + /* If no other policy is specified, that's fine. */ + if (policies && !(list = X509V3_parse_list(policies))) + { + TS_CONF_invalid(section, ENV_OTHER_POLICIES); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) + { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + const char *extval = val->value ? val->value : val->name; + ASN1_OBJECT *objtmp; + if (!(objtmp = OBJ_txt2obj(extval, 0))) + { + TS_CONF_invalid(section, ENV_OTHER_POLICIES); + goto err; + } + if (!TS_RESP_CTX_add_policy(ctx, objtmp)) + goto err; + ASN1_OBJECT_free(objtmp); + } + + ret = 1; + err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; + } + +int TS_CONF_set_digests(CONF *conf, const char *section, + TS_RESP_CTX *ctx) + { + int ret = 0; + int i; + STACK_OF(CONF_VALUE) *list = NULL; + char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); + if (!digests) + { + TS_CONF_lookup_fail(section, ENV_DIGESTS); + goto err; + } + if (!(list = X509V3_parse_list(digests))) + { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + if (sk_CONF_VALUE_num(list) == 0) + { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) + { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + const char *extval = val->value ? val->value : val->name; + const EVP_MD *md; + if (!(md = EVP_get_digestbyname(extval))) + { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + if (!TS_RESP_CTX_add_md(ctx, md)) + goto err; + } + + ret = 1; + err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; + } + +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) + { + int ret = 0; + int i; + int secs = 0, millis = 0, micros = 0; + STACK_OF(CONF_VALUE) *list = NULL; + char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); + + if (accuracy && !(list = X509V3_parse_list(accuracy))) + { + TS_CONF_invalid(section, ENV_ACCURACY); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) + { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + if (strcmp(val->name, ENV_VALUE_SECS) == 0) + { + if (val->value) secs = atoi(val->value); + } + else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) + { + if (val->value) millis = atoi(val->value); + } + else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) + { + if (val->value) micros = atoi(val->value); + } + else + { + TS_CONF_invalid(section, ENV_ACCURACY); + goto err; + } + } + if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) + goto err; + + ret = 1; + err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; + } + +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx) + { + int ret = 0; + long digits = 0; + + /* If not specified, set the default value to 0, i.e. sec precision */ + if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS, + &digits)) + digits = 0; + if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) + { + TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); + goto err; + } + + if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) + goto err; + + return 1; + err: + return ret; + } + +static int TS_CONF_add_flag(CONF *conf, const char *section, const char *field, + int flag, TS_RESP_CTX *ctx) + { + /* Default is false. */ + const char *value = NCONF_get_string(conf, section, field); + if (value) + { + if (strcmp(value, ENV_VALUE_YES) == 0) + TS_RESP_CTX_add_flags(ctx, flag); + else if (strcmp(value, ENV_VALUE_NO) != 0) + { + TS_CONF_invalid(section, field); + return 0; + } + } + + return 1; + } + +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) + { + return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); + } + +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) + { + return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); + } + +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx) + { + return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, + TS_ESS_CERT_ID_CHAIN, ctx); + } diff --git a/lib/libssl/src/crypto/ts/ts_err.c b/lib/libssl/src/crypto/ts/ts_err.c new file mode 100644 index 00000000000..a08b0ffa234 --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_err.c @@ -0,0 +1,179 @@ +/* crypto/ts/ts_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include <stdio.h> +#include <openssl/err.h> +#include <openssl/ts.h> + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason) + +static ERR_STRING_DATA TS_str_functs[]= + { +{ERR_FUNC(TS_F_D2I_TS_RESP), "d2i_TS_RESP"}, +{ERR_FUNC(TS_F_DEF_SERIAL_CB), "DEF_SERIAL_CB"}, +{ERR_FUNC(TS_F_DEF_TIME_CB), "DEF_TIME_CB"}, +{ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_ADD_SIGNING_CERT"}, +{ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ESS_CERT_ID_NEW_INIT"}, +{ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ESS_SIGNING_CERT_NEW_INIT"}, +{ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "INT_TS_RESP_VERIFY_TOKEN"}, +{ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"}, +{ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"}, +{ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"}, +{ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"}, +{ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "TS_CHECK_IMPRINTS"}, +{ERR_FUNC(TS_F_TS_CHECK_NONCES), "TS_CHECK_NONCES"}, +{ERR_FUNC(TS_F_TS_CHECK_POLICY), "TS_CHECK_POLICY"}, +{ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"}, +{ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"}, +{ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"}, +{ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"}, +{ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"}, +{ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"}, +{ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"}, +{ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"}, +{ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"}, +{ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"}, +{ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "TS_RESP_CREATE_TST_INFO"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO), "TS_RESP_CTX_add_failure_info"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT), "TS_RESP_CTX_set_signer_cert"}, +{ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO), "TS_RESP_CTX_set_status_info"}, +{ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "TS_RESP_GET_POLICY"}, +{ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION), "TS_RESP_SET_GENTIME_WITH_PRECISION"}, +{ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"}, +{ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"}, +{ERR_FUNC(TS_F_TS_RESP_SIGN), "TS_RESP_SIGN"}, +{ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"}, +{ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN), "TS_RESP_verify_token"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT), "TS_TST_INFO_set_msg_imprint"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"}, +{ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"}, +{ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"}, +{ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"}, +{ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"}, +{0,NULL} + }; + +static ERR_STRING_DATA TS_str_reasons[]= + { +{ERR_REASON(TS_R_BAD_PKCS7_TYPE) ,"bad pkcs7 type"}, +{ERR_REASON(TS_R_BAD_TYPE) ,"bad type"}, +{ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +{ERR_REASON(TS_R_COULD_NOT_SET_ENGINE) ,"could not set engine"}, +{ERR_REASON(TS_R_COULD_NOT_SET_TIME) ,"could not set time"}, +{ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED) ,"d2i ts resp int failed"}, +{ERR_REASON(TS_R_DETACHED_CONTENT) ,"detached content"}, +{ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),"ess add signing cert error"}, +{ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR),"ess signing certificate error"}, +{ERR_REASON(TS_R_INVALID_NULL_POINTER) ,"invalid null pointer"}, +{ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),"invalid signer certificate purpose"}, +{ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH),"message imprint mismatch"}, +{ERR_REASON(TS_R_NONCE_MISMATCH) ,"nonce mismatch"}, +{ERR_REASON(TS_R_NONCE_NOT_RETURNED) ,"nonce not returned"}, +{ERR_REASON(TS_R_NO_CONTENT) ,"no content"}, +{ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN) ,"no time stamp token"}, +{ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, +{ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),"pkcs7 add signed attr error"}, +{ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED),"pkcs7 to ts tst info failed"}, +{ERR_REASON(TS_R_POLICY_MISMATCH) ,"policy mismatch"}, +{ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +{ERR_REASON(TS_R_RESPONSE_SETUP_ERROR) ,"response setup error"}, +{ERR_REASON(TS_R_SIGNATURE_FAILURE) ,"signature failure"}, +{ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER),"there must be one signer"}, +{ERR_REASON(TS_R_TIME_SYSCALL_ERROR) ,"time syscall error"}, +{ERR_REASON(TS_R_TOKEN_NOT_PRESENT) ,"token not present"}, +{ERR_REASON(TS_R_TOKEN_PRESENT) ,"token present"}, +{ERR_REASON(TS_R_TSA_NAME_MISMATCH) ,"tsa name mismatch"}, +{ERR_REASON(TS_R_TSA_UNTRUSTED) ,"tsa untrusted"}, +{ERR_REASON(TS_R_TST_INFO_SETUP_ERROR) ,"tst info setup error"}, +{ERR_REASON(TS_R_TS_DATASIGN) ,"ts datasign"}, +{ERR_REASON(TS_R_UNACCEPTABLE_POLICY) ,"unacceptable policy"}, +{ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM),"unsupported md algorithm"}, +{ERR_REASON(TS_R_UNSUPPORTED_VERSION) ,"unsupported version"}, +{ERR_REASON(TS_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, +{0,NULL} + }; + +#endif + +void ERR_load_TS_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(TS_str_functs[0].error) == NULL) + { + ERR_load_strings(0,TS_str_functs); + ERR_load_strings(0,TS_str_reasons); + } +#endif + } diff --git a/lib/libssl/src/crypto/ts/ts_lib.c b/lib/libssl/src/crypto/ts/ts_lib.c new file mode 100644 index 00000000000..e8608dbf711 --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_lib.c @@ -0,0 +1,145 @@ +/* crypto/ts/ts_lib.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> +#include "ts.h" + +/* Local function declarations. */ + +/* Function definitions. */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) + { + BIGNUM num_bn; + int result = 0; + char *hex; + + BN_init(&num_bn); + ASN1_INTEGER_to_BN(num, &num_bn); + if ((hex = BN_bn2hex(&num_bn))) + { + result = BIO_write(bio, "0x", 2) > 0; + result = result && BIO_write(bio, hex, strlen(hex)) > 0; + OPENSSL_free(hex); + } + BN_free(&num_bn); + + return result; + } + +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) + { + char obj_txt[128]; + + int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); + BIO_write(bio, obj_txt, len); + BIO_write(bio, "\n", 1); + + return 1; + } + +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions) + { + int i, critical, n; + X509_EXTENSION *ex; + ASN1_OBJECT *obj; + + BIO_printf(bio, "Extensions:\n"); + n = X509v3_get_ext_count(extensions); + for (i = 0; i < n; i++) + { + ex = X509v3_get_ext(extensions, i); + obj = X509_EXTENSION_get_object(ex); + i2a_ASN1_OBJECT(bio, obj); + critical = X509_EXTENSION_get_critical(ex); + BIO_printf(bio, ": %s\n", critical ? "critical" : ""); + if (!X509V3_EXT_print(bio, ex, 0, 4)) + { + BIO_printf(bio, "%4s", ""); + M_ASN1_OCTET_STRING_print(bio, ex->value); + } + BIO_write(bio, "\n", 1); + } + + return 1; + } + +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg) + { + int i = OBJ_obj2nid(alg->algorithm); + return BIO_printf(bio, "Hash Algorithm: %s\n", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); + } + +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a) + { + const ASN1_OCTET_STRING *msg; + + TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a)); + + BIO_printf(bio, "Message data:\n"); + msg = TS_MSG_IMPRINT_get_msg(a); + BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg), + M_ASN1_STRING_length(msg), 4); + + return 1; + } diff --git a/lib/libssl/src/crypto/ts/ts_req_print.c b/lib/libssl/src/crypto/ts/ts_req_print.c new file mode 100644 index 00000000000..eba12c38240 --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_req_print.c @@ -0,0 +1,102 @@ +/* crypto/ts/ts_req_print.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> +#include <openssl/ts.h> + +/* Function definitions. */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a) + { + int v; + ASN1_OBJECT *policy_id; + const ASN1_INTEGER *nonce; + + if (a == NULL) return 0; + + v = TS_REQ_get_version(a); + BIO_printf(bio, "Version: %d\n", v); + + TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a)); + + BIO_printf(bio, "Policy OID: "); + policy_id = TS_REQ_get_policy_id(a); + if (policy_id == NULL) + BIO_printf(bio, "unspecified\n"); + else + TS_OBJ_print_bio(bio, policy_id); + + BIO_printf(bio, "Nonce: "); + nonce = TS_REQ_get_nonce(a); + if (nonce == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, nonce); + BIO_write(bio, "\n", 1); + + BIO_printf(bio, "Certificate required: %s\n", + TS_REQ_get_cert_req(a) ? "yes" : "no"); + + TS_ext_print_bio(bio, TS_REQ_get_exts(a)); + + return 1; + } diff --git a/lib/libssl/src/crypto/ts/ts_req_utils.c b/lib/libssl/src/crypto/ts/ts_req_utils.c new file mode 100644 index 00000000000..43280c15874 --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_req_utils.c @@ -0,0 +1,234 @@ +/* crypto/ts/ts_req_utils.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/x509v3.h> +#include <openssl/ts.h> + +int TS_REQ_set_version(TS_REQ *a, long version) + { + return ASN1_INTEGER_set(a->version, version); + } + +long TS_REQ_get_version(const TS_REQ *a) + { + return ASN1_INTEGER_get(a->version); + } + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint) + { + TS_MSG_IMPRINT *new_msg_imprint; + + if (a->msg_imprint == msg_imprint) + return 1; + new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); + if (new_msg_imprint == NULL) + { + TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); + return 0; + } + TS_MSG_IMPRINT_free(a->msg_imprint); + a->msg_imprint = new_msg_imprint; + return 1; + } + +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a) + { + return a->msg_imprint; + } + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg) + { + X509_ALGOR *new_alg; + + if (a->hash_algo == alg) + return 1; + new_alg = X509_ALGOR_dup(alg); + if (new_alg == NULL) + { + TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE); + return 0; + } + X509_ALGOR_free(a->hash_algo); + a->hash_algo = new_alg; + return 1; + } + +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a) + { + return a->hash_algo; + } + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len) + { + return ASN1_OCTET_STRING_set(a->hashed_msg, d, len); + } + +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a) + { + return a->hashed_msg; + } + +int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy) + { + ASN1_OBJECT *new_policy; + + if (a->policy_id == policy) + return 1; + new_policy = OBJ_dup(policy); + if (new_policy == NULL) + { + TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(a->policy_id); + a->policy_id = new_policy; + return 1; + } + +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a) + { + return a->policy_id; + } + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce) + { + ASN1_INTEGER *new_nonce; + + if (a->nonce == nonce) + return 1; + new_nonce = ASN1_INTEGER_dup(nonce); + if (new_nonce == NULL) + { + TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->nonce); + a->nonce = new_nonce; + return 1; + } + +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a) + { + return a->nonce; + } + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req) + { + a->cert_req = cert_req ? 0xFF : 0x00; + return 1; + } + +int TS_REQ_get_cert_req(const TS_REQ *a) + { + return a->cert_req ? 1 : 0; + } + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a) + { + return a->extensions; + } + +void TS_REQ_ext_free(TS_REQ *a) + { + if (!a) return; + sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); + a->extensions = NULL; + } + +int TS_REQ_get_ext_count(TS_REQ *a) + { + return X509v3_get_ext_count(a->extensions); + } + +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos) + { + return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); + } + +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos) + { + return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); + } + +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos) + { + return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); + } + +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc) + { + return X509v3_get_ext(a->extensions,loc); + } + +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc) + { + return X509v3_delete_ext(a->extensions,loc); + } + +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc) + { + return X509v3_add_ext(&a->extensions,ex,loc) != NULL; + } + +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx) + { + return X509V3_get_d2i(a->extensions, nid, crit, idx); + } diff --git a/lib/libssl/src/crypto/ts/ts_rsp_print.c b/lib/libssl/src/crypto/ts/ts_rsp_print.c new file mode 100644 index 00000000000..21062517ba9 --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_rsp_print.c @@ -0,0 +1,287 @@ +/* crypto/ts/ts_resp_print.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> +#include "ts.h" + +struct status_map_st + { + int bit; + const char *text; + }; + +/* Local function declarations. */ + +static int TS_status_map_print(BIO *bio, struct status_map_st *a, + ASN1_BIT_STRING *v); +static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); + +/* Function definitions. */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a) + { + TS_TST_INFO *tst_info; + + BIO_printf(bio, "Status info:\n"); + TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a)); + + BIO_printf(bio, "\nTST info:\n"); + tst_info = TS_RESP_get_tst_info(a); + if (tst_info != NULL) + TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a)); + else + BIO_printf(bio, "Not included.\n"); + + return 1; + } + +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) + { + static const char *status_map[] = + { + "Granted.", + "Granted with modifications.", + "Rejected.", + "Waiting.", + "Revocation warning.", + "Revoked." + }; + static struct status_map_st failure_map[] = + { + { TS_INFO_BAD_ALG, + "unrecognized or unsupported algorithm identifier" }, + { TS_INFO_BAD_REQUEST, + "transaction not permitted or supported" }, + { TS_INFO_BAD_DATA_FORMAT, + "the data submitted has the wrong format" }, + { TS_INFO_TIME_NOT_AVAILABLE, + "the TSA's time source is not available" }, + { TS_INFO_UNACCEPTED_POLICY, + "the requested TSA policy is not supported by the TSA" }, + { TS_INFO_UNACCEPTED_EXTENSION, + "the requested extension is not supported by the TSA" }, + { TS_INFO_ADD_INFO_NOT_AVAILABLE, + "the additional information requested could not be understood " + "or is not available" }, + { TS_INFO_SYSTEM_FAILURE, + "the request cannot be handled due to system failure" }, + { -1, NULL } + }; + long status; + int i, lines = 0; + + /* Printing status code. */ + BIO_printf(bio, "Status: "); + status = ASN1_INTEGER_get(a->status); + if (0 <= status && status < (long)(sizeof(status_map)/sizeof(status_map[0]))) + BIO_printf(bio, "%s\n", status_map[status]); + else + BIO_printf(bio, "out of bounds\n"); + + /* Printing status description. */ + BIO_printf(bio, "Status description: "); + for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) + { + if (i > 0) + BIO_puts(bio, "\t"); + ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i), + 0); + BIO_puts(bio, "\n"); + } + if (i == 0) + BIO_printf(bio, "unspecified\n"); + + /* Printing failure information. */ + BIO_printf(bio, "Failure info: "); + if (a->failure_info != NULL) + lines = TS_status_map_print(bio, failure_map, + a->failure_info); + if (lines == 0) + BIO_printf(bio, "unspecified"); + BIO_printf(bio, "\n"); + + return 1; + } + +static int TS_status_map_print(BIO *bio, struct status_map_st *a, + ASN1_BIT_STRING *v) + { + int lines = 0; + + for (; a->bit >= 0; ++a) + { + if (ASN1_BIT_STRING_get_bit(v, a->bit)) + { + if (++lines > 1) + BIO_printf(bio, ", "); + BIO_printf(bio, "%s", a->text); + } + } + + return lines; + } + +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) + { + int v; + ASN1_OBJECT *policy_id; + const ASN1_INTEGER *serial; + const ASN1_GENERALIZEDTIME *gtime; + TS_ACCURACY *accuracy; + const ASN1_INTEGER *nonce; + GENERAL_NAME *tsa_name; + + if (a == NULL) return 0; + + /* Print version. */ + v = TS_TST_INFO_get_version(a); + BIO_printf(bio, "Version: %d\n", v); + + /* Print policy id. */ + BIO_printf(bio, "Policy OID: "); + policy_id = TS_TST_INFO_get_policy_id(a); + TS_OBJ_print_bio(bio, policy_id); + + /* Print message imprint. */ + TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a)); + + /* Print serial number. */ + BIO_printf(bio, "Serial number: "); + serial = TS_TST_INFO_get_serial(a); + if (serial == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, serial); + BIO_write(bio, "\n", 1); + + /* Print time stamp. */ + BIO_printf(bio, "Time stamp: "); + gtime = TS_TST_INFO_get_time(a); + ASN1_GENERALIZEDTIME_print(bio, gtime); + BIO_write(bio, "\n", 1); + + /* Print accuracy. */ + BIO_printf(bio, "Accuracy: "); + accuracy = TS_TST_INFO_get_accuracy(a); + if (accuracy == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ACCURACY_print_bio(bio, accuracy); + BIO_write(bio, "\n", 1); + + /* Print ordering. */ + BIO_printf(bio, "Ordering: %s\n", + TS_TST_INFO_get_ordering(a) ? "yes" : "no"); + + /* Print nonce. */ + BIO_printf(bio, "Nonce: "); + nonce = TS_TST_INFO_get_nonce(a); + if (nonce == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, nonce); + BIO_write(bio, "\n", 1); + + /* Print TSA name. */ + BIO_printf(bio, "TSA: "); + tsa_name = TS_TST_INFO_get_tsa(a); + if (tsa_name == NULL) + BIO_printf(bio, "unspecified"); + else + { + STACK_OF(CONF_VALUE) *nval; + if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL))) + X509V3_EXT_val_prn(bio, nval, 0, 0); + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + } + BIO_write(bio, "\n", 1); + + /* Print extensions. */ + TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a)); + + return 1; + } + +static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) + { + const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy); + const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy); + const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy); + + if (seconds != NULL) + TS_ASN1_INTEGER_print_bio(bio, seconds); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " seconds, "); + if (millis != NULL) + TS_ASN1_INTEGER_print_bio(bio, millis); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " millis, "); + if (micros != NULL) + TS_ASN1_INTEGER_print_bio(bio, micros); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " micros"); + + return 1; + } diff --git a/lib/libssl/src/crypto/ts/ts_rsp_sign.c b/lib/libssl/src/crypto/ts/ts_rsp_sign.c new file mode 100644 index 00000000000..b0f023c9d2f --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_rsp_sign.c @@ -0,0 +1,1020 @@ +/* crypto/ts/ts_resp_sign.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" + +#if defined(OPENSSL_SYS_UNIX) +#include <sys/time.h> +#endif + +#include <openssl/objects.h> +#include <openssl/ts.h> +#include <openssl/pkcs7.h> + +/* Private function declarations. */ + +static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); +static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); +static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); + +static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); +static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx); +static int TS_RESP_check_request(TS_RESP_CTX *ctx); +static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx); +static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, + ASN1_OBJECT *policy); +static int TS_RESP_process_extensions(TS_RESP_CTX *ctx); +static int TS_RESP_sign(TS_RESP_CTX *ctx); + +static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, + STACK_OF(X509) *certs); +static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); +static int TS_TST_INFO_content_new(PKCS7 *p7); +static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); + +static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( + ASN1_GENERALIZEDTIME *, long, long, unsigned); + +/* Default callbacks for response generation. */ + +static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) + { + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + if (!serial) goto err; + if (!ASN1_INTEGER_set(serial, 1)) goto err; + return serial; + err: + TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Error during serial number generation."); + return NULL; + } + +#if defined(OPENSSL_SYS_UNIX) + +/* Use the gettimeofday function call. */ +static int def_time_cb(struct TS_resp_ctx *ctx, void *data, + long *sec, long *usec) + { + struct timeval tv; + if (gettimeofday(&tv, NULL) != 0) + { + TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Time is not available."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); + return 0; + } + /* Return time to caller. */ + *sec = tv.tv_sec; + *usec = tv.tv_usec; + + return 1; + } + +#else + +/* Use the time function call that provides only seconds precision. */ +static int def_time_cb(struct TS_resp_ctx *ctx, void *data, + long *sec, long *usec) + { + time_t t; + if (time(&t) == (time_t) -1) + { + TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Time is not available."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); + return 0; + } + /* Return time to caller, only second precision. */ + *sec = (long) t; + *usec = 0; + + return 1; + } + +#endif + +static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, + void *data) + { + /* No extensions are processed here. */ + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Unsupported extension."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION); + return 0; + } + +/* TS_RESP_CTX management functions. */ + +TS_RESP_CTX *TS_RESP_CTX_new() + { + TS_RESP_CTX *ctx; + + if (!(ctx = (TS_RESP_CTX *) OPENSSL_malloc(sizeof(TS_RESP_CTX)))) + { + TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + memset(ctx, 0, sizeof(TS_RESP_CTX)); + + /* Setting default callbacks. */ + ctx->serial_cb = def_serial_cb; + ctx->time_cb = def_time_cb; + ctx->extension_cb = def_extension_cb; + + return ctx; + } + +void TS_RESP_CTX_free(TS_RESP_CTX *ctx) + { + if (!ctx) return; + + X509_free(ctx->signer_cert); + EVP_PKEY_free(ctx->signer_key); + sk_X509_pop_free(ctx->certs, X509_free); + sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free); + ASN1_OBJECT_free(ctx->default_policy); + sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ + ASN1_INTEGER_free(ctx->seconds); + ASN1_INTEGER_free(ctx->millis); + ASN1_INTEGER_free(ctx->micros); + OPENSSL_free(ctx); + } + +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) + { + if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) + { + TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, + TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); + return 0; + } + if (ctx->signer_cert) X509_free(ctx->signer_cert); + ctx->signer_cert = signer; + CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); + return 1; + } + +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) + { + if (ctx->signer_key) EVP_PKEY_free(ctx->signer_key); + ctx->signer_key = key; + CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY); + + return 1; + } + +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) + { + if (ctx->default_policy) ASN1_OBJECT_free(ctx->default_policy); + if (!(ctx->default_policy = OBJ_dup(def_policy))) goto err; + return 1; + err: + TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE); + return 0; + } + +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) + { + int i; + + if (ctx->certs) + { + sk_X509_pop_free(ctx->certs, X509_free); + ctx->certs = NULL; + } + if (!certs) return 1; + if (!(ctx->certs = sk_X509_dup(certs))) + { + TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); + return 0; + } + for (i = 0; i < sk_X509_num(ctx->certs); ++i) + { + X509 *cert = sk_X509_value(ctx->certs, i); + CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509); + } + + return 1; + } + +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) + { + ASN1_OBJECT *copy = NULL; + + /* Create new policy stack if necessary. */ + if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null())) + goto err; + if (!(copy = OBJ_dup(policy))) goto err; + if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) goto err; + + return 1; + err: + TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(copy); + return 0; + } + +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) + { + /* Create new md stack if necessary. */ + if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null())) + goto err; + /* Add the shared md, no copy needed. */ + if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md)) goto err; + + return 1; + err: + TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE); + return 0; + } + +#define TS_RESP_CTX_accuracy_free(ctx) \ + ASN1_INTEGER_free(ctx->seconds); \ + ctx->seconds = NULL; \ + ASN1_INTEGER_free(ctx->millis); \ + ctx->millis = NULL; \ + ASN1_INTEGER_free(ctx->micros); \ + ctx->micros = NULL; + +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros) + { + + TS_RESP_CTX_accuracy_free(ctx); + if (secs && (!(ctx->seconds = ASN1_INTEGER_new()) + || !ASN1_INTEGER_set(ctx->seconds, secs))) + goto err; + if (millis && (!(ctx->millis = ASN1_INTEGER_new()) + || !ASN1_INTEGER_set(ctx->millis, millis))) + goto err; + if (micros && (!(ctx->micros = ASN1_INTEGER_new()) + || !ASN1_INTEGER_set(ctx->micros, micros))) + goto err; + + return 1; + err: + TS_RESP_CTX_accuracy_free(ctx); + TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE); + return 0; + } + +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags) + { + ctx->flags |= flags; + } + +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) + { + ctx->serial_cb = cb; + ctx->serial_cb_data = data; + } + +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) + { + ctx->time_cb = cb; + ctx->time_cb_data = data; + } + +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data) + { + ctx->extension_cb = cb; + ctx->extension_cb_data = data; + } + +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text) + { + TS_STATUS_INFO *si = NULL; + ASN1_UTF8STRING *utf8_text = NULL; + int ret = 0; + + if (!(si = TS_STATUS_INFO_new())) goto err; + if (!ASN1_INTEGER_set(si->status, status)) goto err; + if (text) + { + if (!(utf8_text = ASN1_UTF8STRING_new()) + || !ASN1_STRING_set(utf8_text, text, strlen(text))) + goto err; + if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null())) + goto err; + if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) goto err; + utf8_text = NULL; /* Ownership is lost. */ + } + if (!TS_RESP_set_status_info(ctx->response, si)) goto err; + ret = 1; + err: + if (!ret) + TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); + TS_STATUS_INFO_free(si); + ASN1_UTF8STRING_free(utf8_text); + return ret; + } + +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text) + { + int ret = 1; + TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); + + if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) + { + /* Status has not been set, set it now. */ + ret = TS_RESP_CTX_set_status_info(ctx, status, text); + } + return ret; + } + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) + { + TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); + if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new())) + goto err; + if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1)) + goto err; + return 1; + err: + TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE); + return 0; + } + +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx) + { + return ctx->request; + } + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx) + { + return ctx->tst_info; + } + +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, unsigned precision) + { + if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) + return 0; + ctx->clock_precision_digits = precision; + return 1; + } + +/* Main entry method of the response generation. */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) + { + ASN1_OBJECT *policy; + TS_RESP *response; + int result = 0; + + TS_RESP_CTX_init(ctx); + + /* Creating the response object. */ + if (!(ctx->response = TS_RESP_new())) + { + TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE); + goto end; + } + + /* Parsing DER request. */ + if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad request format or " + "system error."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); + goto end; + } + + /* Setting default status info. */ + if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL)) + goto end; + + /* Checking the request format. */ + if (!TS_RESP_check_request(ctx)) goto end; + + /* Checking acceptable policies. */ + if (!(policy = TS_RESP_get_policy(ctx))) goto end; + + /* Creating the TS_TST_INFO object. */ + if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy))) + goto end; + + /* Processing extensions. */ + if (!TS_RESP_process_extensions(ctx)) goto end; + + /* Generating the signature. */ + if (!TS_RESP_sign(ctx)) goto end; + + /* Everything was successful. */ + result = 1; + end: + if (!result) + { + TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR); + if (ctx->response != NULL) + { + if (TS_RESP_CTX_set_status_info_cond(ctx, + TS_STATUS_REJECTION, "Error during response " + "generation.") == 0) + { + TS_RESP_free(ctx->response); + ctx->response = NULL; + } + } + } + response = ctx->response; + ctx->response = NULL; /* Ownership will be returned to caller. */ + TS_RESP_CTX_cleanup(ctx); + return response; + } + +/* Initializes the variable part of the context. */ +static void TS_RESP_CTX_init(TS_RESP_CTX *ctx) + { + ctx->request = NULL; + ctx->response = NULL; + ctx->tst_info = NULL; + } + +/* Cleans up the variable part of the context. */ +static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) + { + TS_REQ_free(ctx->request); + ctx->request = NULL; + TS_RESP_free(ctx->response); + ctx->response = NULL; + TS_TST_INFO_free(ctx->tst_info); + ctx->tst_info = NULL; + } + +/* Checks the format and content of the request. */ +static int TS_RESP_check_request(TS_RESP_CTX *ctx) + { + TS_REQ *request = ctx->request; + TS_MSG_IMPRINT *msg_imprint; + X509_ALGOR *md_alg; + int md_alg_id; + const ASN1_OCTET_STRING *digest; + EVP_MD *md = NULL; + int i; + + /* Checking request version. */ + if (TS_REQ_get_version(request) != 1) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad request version."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST); + return 0; + } + + /* Checking message digest algorithm. */ + msg_imprint = TS_REQ_get_msg_imprint(request); + md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint); + md_alg_id = OBJ_obj2nid(md_alg->algorithm); + for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) + { + EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); + if (md_alg_id == EVP_MD_type(current_md)) + md = current_md; + } + if (!md) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Message digest algorithm is " + "not supported."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); + return 0; + } + + /* No message digest takes parameter. */ + if (md_alg->parameter + && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Superfluous message digest " + "parameter."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); + return 0; + } + /* Checking message digest size. */ + digest = TS_MSG_IMPRINT_get_msg(msg_imprint); + if (digest->length != EVP_MD_size(md)) + { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad message digest."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); + return 0; + } + + return 1; + } + +/* Returns the TSA policy based on the requested and acceptable policies. */ +static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx) + { + ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); + ASN1_OBJECT *policy = NULL; + int i; + + if (ctx->default_policy == NULL) + { + TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER); + return NULL; + } + /* Return the default policy if none is requested or the default is + requested. */ + if (!requested || !OBJ_cmp(requested, ctx->default_policy)) + policy = ctx->default_policy; + + /* Check if the policy is acceptable. */ + for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) + { + ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i); + if (!OBJ_cmp(requested, current)) + policy = current; + } + if (!policy) + { + TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Requested policy is not " + "supported."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY); + } + return policy; + } + +/* Creates the TS_TST_INFO object based on the settings of the context. */ +static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, + ASN1_OBJECT *policy) + { + int result = 0; + TS_TST_INFO *tst_info = NULL; + ASN1_INTEGER *serial = NULL; + ASN1_GENERALIZEDTIME *asn1_time = NULL; + long sec, usec; + TS_ACCURACY *accuracy = NULL; + const ASN1_INTEGER *nonce; + GENERAL_NAME *tsa_name = NULL; + + if (!(tst_info = TS_TST_INFO_new())) goto end; + if (!TS_TST_INFO_set_version(tst_info, 1)) goto end; + if (!TS_TST_INFO_set_policy_id(tst_info, policy)) goto end; + if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint)) + goto end; + if (!(serial = (*ctx->serial_cb)(ctx, ctx->serial_cb_data)) + || !TS_TST_INFO_set_serial(tst_info, serial)) + goto end; + if (!(*ctx->time_cb)(ctx, ctx->time_cb_data, &sec, &usec) + || !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, + sec, usec, + ctx->clock_precision_digits)) + || !TS_TST_INFO_set_time(tst_info, asn1_time)) + goto end; + + /* Setting accuracy if needed. */ + if ((ctx->seconds || ctx->millis || ctx->micros) + && !(accuracy = TS_ACCURACY_new())) + goto end; + + if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds)) + goto end; + if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis)) + goto end; + if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros)) + goto end; + if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy)) + goto end; + + /* Setting ordering. */ + if ((ctx->flags & TS_ORDERING) + && !TS_TST_INFO_set_ordering(tst_info, 1)) + goto end; + + /* Setting nonce if needed. */ + if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL + && !TS_TST_INFO_set_nonce(tst_info, nonce)) + goto end; + + /* Setting TSA name to subject of signer certificate. */ + if (ctx->flags & TS_TSA_NAME) + { + if (!(tsa_name = GENERAL_NAME_new())) goto end; + tsa_name->type = GEN_DIRNAME; + tsa_name->d.dirn = + X509_NAME_dup(ctx->signer_cert->cert_info->subject); + if (!tsa_name->d.dirn) goto end; + if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) goto end; + } + + result = 1; + end: + if (!result) + { + TS_TST_INFO_free(tst_info); + tst_info = NULL; + TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR); + TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, + "Error during TSTInfo " + "generation."); + } + GENERAL_NAME_free(tsa_name); + TS_ACCURACY_free(accuracy); + ASN1_GENERALIZEDTIME_free(asn1_time); + ASN1_INTEGER_free(serial); + + return tst_info; + } + +/* Processing the extensions of the request. */ +static int TS_RESP_process_extensions(TS_RESP_CTX *ctx) + { + STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); + int i; + int ok = 1; + + for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) + { + X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); + /* XXXXX The last argument was previously + (void *)ctx->extension_cb, but ISO C doesn't permit + converting a function pointer to void *. For lack of + better information, I'm placing a NULL there instead. + The callback can pick its own address out from the ctx + anyway... + */ + ok = (*ctx->extension_cb)(ctx, ext, NULL); + } + + return ok; + } + +/* Functions for signing the TS_TST_INFO structure of the context. */ +static int TS_RESP_sign(TS_RESP_CTX *ctx) + { + int ret = 0; + PKCS7 *p7 = NULL; + PKCS7_SIGNER_INFO *si; + STACK_OF(X509) *certs; /* Certificates to include in sc. */ + ESS_SIGNING_CERT *sc = NULL; + ASN1_OBJECT *oid; + BIO *p7bio = NULL; + int i; + + /* Check if signcert and pkey match. */ + if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { + TSerr(TS_F_TS_RESP_SIGN, + TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + goto err; + } + + /* Create a new PKCS7 signed object. */ + if (!(p7 = PKCS7_new())) { + TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto err; + + /* Force SignedData version to be 3 instead of the default 1. */ + if (!ASN1_INTEGER_set(p7->d.sign->version, 3)) goto err; + + /* Add signer certificate and optional certificate chain. */ + if (TS_REQ_get_cert_req(ctx->request)) + { + PKCS7_add_certificate(p7, ctx->signer_cert); + if (ctx->certs) + { + for(i = 0; i < sk_X509_num(ctx->certs); ++i) + { + X509 *cert = sk_X509_value(ctx->certs, i); + PKCS7_add_certificate(p7, cert); + } + } + } + + /* Add a new signer info. */ + if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, + ctx->signer_key, EVP_sha1()))) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); + goto err; + } + + /* Add content type signed attribute to the signer info. */ + oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); + if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, oid)) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); + goto err; + } + + /* Create the ESS SigningCertificate attribute which contains + the signer certificate id and optionally the certificate chain. */ + certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; + if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs))) + goto err; + + /* Add SigningCertificate signed attribute to the signer info. */ + if (!ESS_add_signing_cert(si, sc)) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); + goto err; + } + + /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */ + if (!TS_TST_INFO_content_new(p7)) goto err; + + /* Add the DER encoded tst_info to the PKCS7 structure. */ + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Convert tst_info to DER. */ + if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); + goto err; + } + + /* Create the signature and add it to the signer info. */ + if (!PKCS7_dataFinal(p7, p7bio)) + { + TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); + goto err; + } + + /* Set new PKCS7 and TST_INFO objects. */ + TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info); + p7 = NULL; /* Ownership is lost. */ + ctx->tst_info = NULL; /* Ownership is lost. */ + + ret = 1; + err: + if (!ret) + TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, + "Error during signature " + "generation."); + BIO_free_all(p7bio); + ESS_SIGNING_CERT_free(sc); + PKCS7_free(p7); + return ret; + } + +static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, + STACK_OF(X509) *certs) + { + ESS_CERT_ID *cid; + ESS_SIGNING_CERT *sc = NULL; + int i; + + /* Creating the ESS_CERT_ID stack. */ + if (!(sc = ESS_SIGNING_CERT_new())) goto err; + if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null())) + goto err; + + /* Adding the signing certificate id. */ + if (!(cid = ESS_CERT_ID_new_init(signcert, 0)) + || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) + goto err; + /* Adding the certificate chain ids. */ + for (i = 0; i < sk_X509_num(certs); ++i) + { + X509 *cert = sk_X509_value(certs, i); + if (!(cid = ESS_CERT_ID_new_init(cert, 1)) + || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) + goto err; + } + + return sc; +err: + ESS_SIGNING_CERT_free(sc); + TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE); + return NULL; + } + +static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) + { + ESS_CERT_ID *cid = NULL; + GENERAL_NAME *name = NULL; + + /* Recompute SHA1 hash of certificate if necessary (side effect). */ + X509_check_purpose(cert, -1, 0); + + if (!(cid = ESS_CERT_ID_new())) goto err; + if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, + sizeof(cert->sha1_hash))) + goto err; + + /* Setting the issuer/serial if requested. */ + if (issuer_needed) + { + /* Creating issuer/serial structure. */ + if (!cid->issuer_serial + && !(cid->issuer_serial = ESS_ISSUER_SERIAL_new())) + goto err; + /* Creating general name from the certificate issuer. */ + if (!(name = GENERAL_NAME_new())) goto err; + name->type = GEN_DIRNAME; + if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) + goto err; + if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) + goto err; + name = NULL; /* Ownership is lost. */ + /* Setting the serial number. */ + ASN1_INTEGER_free(cid->issuer_serial->serial); + if (!(cid->issuer_serial->serial = + ASN1_INTEGER_dup(cert->cert_info->serialNumber))) + goto err; + } + + return cid; +err: + GENERAL_NAME_free(name); + ESS_CERT_ID_free(cid); + TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE); + return NULL; + } + +static int TS_TST_INFO_content_new(PKCS7 *p7) + { + PKCS7 *ret = NULL; + ASN1_OCTET_STRING *octet_string = NULL; + + /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ + if (!(ret = PKCS7_new())) goto err; + if (!(ret->d.other = ASN1_TYPE_new())) goto err; + ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); + if (!(octet_string = ASN1_OCTET_STRING_new())) goto err; + ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string); + octet_string = NULL; + + /* Add encapsulated content to signed PKCS7 structure. */ + if (!PKCS7_set_content(p7, ret)) goto err; + + return 1; + err: + ASN1_OCTET_STRING_free(octet_string); + PKCS7_free(ret); + return 0; + } + +static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) + { + ASN1_STRING *seq = NULL; + unsigned char *p, *pp = NULL; + int len; + + len = i2d_ESS_SIGNING_CERT(sc, NULL); + if (!(pp = (unsigned char *) OPENSSL_malloc(len))) + { + TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); + goto err; + } + p = pp; + i2d_ESS_SIGNING_CERT(sc, &p); + if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) + { + TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); + goto err; + } + OPENSSL_free(pp); pp = NULL; + return PKCS7_add_signed_attribute(si, + NID_id_smime_aa_signingCertificate, + V_ASN1_SEQUENCE, seq); + err: + ASN1_STRING_free(seq); + OPENSSL_free(pp); + + return 0; + } + + +static ASN1_GENERALIZEDTIME * +TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, + long sec, long usec, unsigned precision) + { + time_t time_sec = (time_t) sec; + struct tm *tm = NULL; + char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; + char *p = genTime_str; + char *p_end = genTime_str + sizeof(genTime_str); + + if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) + goto err; + + + if (!(tm = gmtime(&time_sec))) + goto err; + + /* + * Put "genTime_str" in GeneralizedTime format. We work around the + * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST + * NOT include fractional seconds") and OpenSSL related functions to + * meet the rfc3161 requirement: "GeneralizedTime syntax can include + * fraction-of-second details". + */ + p += BIO_snprintf(p, p_end - p, + "%04d%02d%02d%02d%02d%02d", + tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); + if (precision > 0) + { + /* Add fraction of seconds (leave space for dot and null). */ + BIO_snprintf(p, 2 + precision, ".%ld", usec); + /* We cannot use the snprintf return value, + because it might have been truncated. */ + p += strlen(p); + + /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides + the following restrictions for a DER-encoding, which OpenSSL + (specifically ASN1_GENERALIZEDTIME_check() function) doesn't + support: + "The encoding MUST terminate with a "Z" (which means "Zulu" + time). The decimal point element, if present, MUST be the + point option ".". The fractional-seconds elements, + if present, MUST omit all trailing 0's; + if the elements correspond to 0, they MUST be wholly + omitted, and the decimal point element also MUST be + omitted." */ + /* Remove trailing zeros. The dot guarantees the exit + condition of this loop even if all the digits are zero. */ + while (*--p == '0') + /* empty */; + /* p points to either the dot or the last non-zero digit. */ + if (*p != '.') ++p; + } + /* Add the trailing Z and the terminating null. */ + *p++ = 'Z'; + *p++ = '\0'; + + /* Now call OpenSSL to check and set our genTime value */ + if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) + goto err; + if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) + { + ASN1_GENERALIZEDTIME_free(asn1_time); + goto err; + } + + return asn1_time; + err: + TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME); + return NULL; + } diff --git a/lib/libssl/src/crypto/ts/ts_rsp_utils.c b/lib/libssl/src/crypto/ts/ts_rsp_utils.c new file mode 100644 index 00000000000..401c1fdc51d --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_rsp_utils.c @@ -0,0 +1,409 @@ +/* crypto/ts/ts_resp_utils.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/ts.h> +#include <openssl/pkcs7.h> + +/* Function definitions. */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) + { + TS_STATUS_INFO *new_status_info; + + if (a->status_info == status_info) + return 1; + new_status_info = TS_STATUS_INFO_dup(status_info); + if (new_status_info == NULL) + { + TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); + return 0; + } + TS_STATUS_INFO_free(a->status_info); + a->status_info = new_status_info; + + return 1; + } + +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a) + { + return a->status_info; + } + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info) + { + /* Set new PKCS7 and TST_INFO objects. */ + PKCS7_free(a->token); + a->token = p7; + TS_TST_INFO_free(a->tst_info); + a->tst_info = tst_info; + } + +PKCS7 *TS_RESP_get_token(TS_RESP *a) + { + return a->token; + } + +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a) + { + return a->tst_info; + } + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version) + { + return ASN1_INTEGER_set(a->version, version); + } + +long TS_TST_INFO_get_version(const TS_TST_INFO *a) + { + return ASN1_INTEGER_get(a->version); + } + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy) + { + ASN1_OBJECT *new_policy; + + if (a->policy_id == policy) + return 1; + new_policy = OBJ_dup(policy); + if (new_policy == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(a->policy_id); + a->policy_id = new_policy; + return 1; + } + +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a) + { + return a->policy_id; + } + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint) + { + TS_MSG_IMPRINT *new_msg_imprint; + + if (a->msg_imprint == msg_imprint) + return 1; + new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); + if (new_msg_imprint == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); + return 0; + } + TS_MSG_IMPRINT_free(a->msg_imprint); + a->msg_imprint = new_msg_imprint; + return 1; + } + +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a) + { + return a->msg_imprint; + } + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial) + { + ASN1_INTEGER *new_serial; + + if (a->serial == serial) + return 1; + new_serial = ASN1_INTEGER_dup(serial); + if (new_serial == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->serial); + a->serial = new_serial; + return 1; + } + +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a) + { + return a->serial; + } + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime) + { + ASN1_GENERALIZEDTIME *new_time; + + if (a->time == gtime) + return 1; + new_time = M_ASN1_GENERALIZEDTIME_dup(gtime); + if (new_time == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_GENERALIZEDTIME_free(a->time); + a->time = new_time; + return 1; + } + +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a) + { + return a->time; + } + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy) + { + TS_ACCURACY *new_accuracy; + + if (a->accuracy == accuracy) + return 1; + new_accuracy = TS_ACCURACY_dup(accuracy); + if (new_accuracy == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE); + return 0; + } + TS_ACCURACY_free(a->accuracy); + a->accuracy = new_accuracy; + return 1; + } + +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a) + { + return a->accuracy; + } + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds) + { + ASN1_INTEGER *new_seconds; + + if (a->seconds == seconds) + return 1; + new_seconds = ASN1_INTEGER_dup(seconds); + if (new_seconds == NULL) + { + TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->seconds); + a->seconds = new_seconds; + return 1; + } + +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a) + { + return a->seconds; + } + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis) + { + ASN1_INTEGER *new_millis = NULL; + + if (a->millis == millis) + return 1; + if (millis != NULL) + { + new_millis = ASN1_INTEGER_dup(millis); + if (new_millis == NULL) + { + TSerr(TS_F_TS_ACCURACY_SET_MILLIS, + ERR_R_MALLOC_FAILURE); + return 0; + } + } + ASN1_INTEGER_free(a->millis); + a->millis = new_millis; + return 1; + } + +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a) + { + return a->millis; + } + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros) + { + ASN1_INTEGER *new_micros = NULL; + + if (a->micros == micros) + return 1; + if (micros != NULL) + { + new_micros = ASN1_INTEGER_dup(micros); + if (new_micros == NULL) + { + TSerr(TS_F_TS_ACCURACY_SET_MICROS, + ERR_R_MALLOC_FAILURE); + return 0; + } + } + ASN1_INTEGER_free(a->micros); + a->micros = new_micros; + return 1; + } + +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a) + { + return a->micros; + } + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering) + { + a->ordering = ordering ? 0xFF : 0x00; + return 1; + } + +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a) + { + return a->ordering ? 1 : 0; + } + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce) + { + ASN1_INTEGER *new_nonce; + + if (a->nonce == nonce) + return 1; + new_nonce = ASN1_INTEGER_dup(nonce); + if (new_nonce == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->nonce); + a->nonce = new_nonce; + return 1; + } + +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a) + { + return a->nonce; + } + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa) + { + GENERAL_NAME *new_tsa; + + if (a->tsa == tsa) + return 1; + new_tsa = GENERAL_NAME_dup(tsa); + if (new_tsa == NULL) + { + TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE); + return 0; + } + GENERAL_NAME_free(a->tsa); + a->tsa = new_tsa; + return 1; + } + +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a) + { + return a->tsa; + } + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a) + { + return a->extensions; + } + +void TS_TST_INFO_ext_free(TS_TST_INFO *a) + { + if (!a) return; + sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); + a->extensions = NULL; + } + +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a) + { + return X509v3_get_ext_count(a->extensions); + } + +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos) + { + return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); + } + +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos) + { + return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); + } + +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos) + { + return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); + } + +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc) + { + return X509v3_get_ext(a->extensions,loc); + } + +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc) + { + return X509v3_delete_ext(a->extensions,loc); + } + +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc) + { + return X509v3_add_ext(&a->extensions,ex,loc) != NULL; + } + +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx) + { + return X509V3_get_d2i(a->extensions, nid, crit, idx); + } diff --git a/lib/libssl/src/crypto/ts/ts_rsp_verify.c b/lib/libssl/src/crypto/ts/ts_rsp_verify.c new file mode 100644 index 00000000000..e1f3b534afb --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_rsp_verify.c @@ -0,0 +1,725 @@ +/* crypto/ts/ts_resp_verify.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/ts.h> +#include <openssl/pkcs7.h> + +/* Private function declarations. */ + +static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, + X509 *signer, STACK_OF(X509) **chain); +static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); +static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); +static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); +static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); +static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, + PKCS7 *token, TS_TST_INFO *tst_info); +static int TS_check_status_info(TS_RESP *response); +static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); +static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); +static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, + X509_ALGOR **md_alg, + unsigned char **imprint, unsigned *imprint_len); +static int TS_check_imprints(X509_ALGOR *algor_a, + unsigned char *imprint_a, unsigned len_a, + TS_TST_INFO *tst_info); +static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); +static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); +static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); + +/* + * Local mapping between response codes and descriptions. + * Don't forget to change TS_STATUS_BUF_SIZE when modifying + * the elements of this array. + */ +static const char *TS_status_text[] = + { "granted", + "grantedWithMods", + "rejection", + "waiting", + "revocationWarning", + "revocationNotification" }; + +#define TS_STATUS_TEXT_SIZE (sizeof(TS_status_text)/sizeof(*TS_status_text)) + +/* + * This must be greater or equal to the sum of the strings in TS_status_text + * plus the number of its elements. + */ +#define TS_STATUS_BUF_SIZE 256 + +static struct + { + int code; + const char *text; + } TS_failure_info[] = + { { TS_INFO_BAD_ALG, "badAlg" }, + { TS_INFO_BAD_REQUEST, "badRequest" }, + { TS_INFO_BAD_DATA_FORMAT, "badDataFormat" }, + { TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" }, + { TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" }, + { TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" }, + { TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" }, + { TS_INFO_SYSTEM_FAILURE, "systemFailure" } }; + +#define TS_FAILURE_INFO_SIZE (sizeof(TS_failure_info) / \ + sizeof(*TS_failure_info)) + +/* Functions for verifying a signed TS_TST_INFO structure. */ + +/* + * This function carries out the following tasks: + * - Checks if there is one and only one signer. + * - Search for the signing certificate in 'certs' and in the response. + * - Check the extended key usage and key usage fields of the signer + * certificate (done by the path validation). + * - Build and validate the certificate path. + * - Check if the certificate path meets the requirements of the + * SigningCertificate ESS signed attribute. + * - Verify the signature value. + * - Returns the signer certificate in 'signer', if 'signer' is not NULL. + */ +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out) + { + STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; + PKCS7_SIGNER_INFO *si; + STACK_OF(X509) *signers = NULL; + X509 *signer; + STACK_OF(X509) *chain = NULL; + char buf[4096]; + int i, j = 0, ret = 0; + BIO *p7bio = NULL; + + /* Some sanity checks first. */ + if (!token) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER); + goto err; + } + + /* Check for the correct content type */ + if(!PKCS7_type_is_signed(token)) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE); + goto err; + } + + /* Check if there is one and only one signer. */ + sinfos = PKCS7_get_signer_info(token); + if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, + TS_R_THERE_MUST_BE_ONE_SIGNER); + goto err; + } + si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); + + /* Check for no content: no data to verify signature. */ + if (PKCS7_get_detached(token)) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT); + goto err; + } + + /* Get hold of the signer certificate, search only internal + certificates if it was requested. */ + signers = PKCS7_get0_signers(token, certs, 0); + if (!signers || sk_X509_num(signers) != 1) goto err; + signer = sk_X509_value(signers, 0); + + /* Now verify the certificate. */ + if (!TS_verify_cert(store, certs, signer, &chain)) goto err; + + /* Check if the signer certificate is consistent with the + ESS extension. */ + if (!TS_check_signing_certs(si, chain)) goto err; + + /* Creating the message digest. */ + p7bio = PKCS7_dataInit(token, NULL); + + /* We now have to 'read' from p7bio to calculate digests etc. */ + while ((i = BIO_read(p7bio,buf,sizeof(buf))) > 0); + + /* Verifying the signature. */ + j = PKCS7_signatureVerify(p7bio, token, si, signer); + if (j <= 0) + { + TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE); + goto err; + } + + /* Return the signer certificate if needed. */ + if (signer_out) + { + *signer_out = signer; + CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + } + + ret = 1; + + err: + BIO_free_all(p7bio); + sk_X509_pop_free(chain, X509_free); + sk_X509_free(signers); + + return ret; + } + +/* + * The certificate chain is returned in chain. Caller is responsible for + * freeing the vector. + */ +static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, + X509 *signer, STACK_OF(X509) **chain) + { + X509_STORE_CTX cert_ctx; + int i; + int ret = 1; + + /* chain is an out argument. */ + *chain = NULL; + X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted); + X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) + { + int j = X509_STORE_CTX_get_error(&cert_ctx); + TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(j)); + ret = 0; + } + else + { + /* Get a copy of the certificate chain. */ + *chain = X509_STORE_CTX_get1_chain(&cert_ctx); + } + + X509_STORE_CTX_cleanup(&cert_ctx); + + return ret; + } + +static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) + { + ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); + STACK_OF(ESS_CERT_ID) *cert_ids = NULL; + X509 *cert; + int i = 0; + int ret = 0; + + if (!ss) goto err; + cert_ids = ss->cert_ids; + /* The signer certificate must be the first in cert_ids. */ + cert = sk_X509_value(chain, 0); + if (TS_find_cert(cert_ids, cert) != 0) goto err; + + /* Check the other certificates of the chain if there are more + than one certificate ids in cert_ids. */ + if (sk_ESS_CERT_ID_num(cert_ids) > 1) + { + /* All the certificates of the chain must be in cert_ids. */ + for (i = 1; i < sk_X509_num(chain); ++i) + { + cert = sk_X509_value(chain, i); + if (TS_find_cert(cert_ids, cert) < 0) goto err; + } + } + ret = 1; + err: + if (!ret) + TSerr(TS_F_TS_CHECK_SIGNING_CERTS, + TS_R_ESS_SIGNING_CERTIFICATE_ERROR); + ESS_SIGNING_CERT_free(ss); + return ret; + } + +static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) + { + ASN1_TYPE *attr; + const unsigned char *p; + attr = PKCS7_get_signed_attribute(si, + NID_id_smime_aa_signingCertificate); + if (!attr) return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); + } + +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) + { + int i; + + if (!cert_ids || !cert) return -1; + + /* Recompute SHA1 hash of certificate if necessary (side effect). */ + X509_check_purpose(cert, -1, 0); + + /* Look for cert in the cert_ids vector. */ + for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) + { + ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); + + /* Check the SHA-1 hash first. */ + if (cid->hash->length == sizeof(cert->sha1_hash) + && !memcmp(cid->hash->data, cert->sha1_hash, + sizeof(cert->sha1_hash))) + { + /* Check the issuer/serial as well if specified. */ + ESS_ISSUER_SERIAL *is = cid->issuer_serial; + if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) + return i; + } + } + + return -1; + } + +static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) + { + GENERAL_NAME *issuer; + + if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) return -1; + + /* Check the issuer first. It must be a directory name. */ + issuer = sk_GENERAL_NAME_value(is->issuer, 0); + if (issuer->type != GEN_DIRNAME + || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)) + return -1; + + /* Check the serial number, too. */ + if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)) + return -1; + + return 0; + } + +/* + * Verifies whether 'response' contains a valid response with regards + * to the settings of the context: + * - Gives an error message if the TS_TST_INFO is not present. + * - Calls _TS_RESP_verify_token to verify the token content. + */ +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) + { + PKCS7 *token = TS_RESP_get_token(response); + TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); + int ret = 0; + + /* Check if we have a successful TS_TST_INFO object in place. */ + if (!TS_check_status_info(response)) goto err; + + /* Check the contents of the time stamp token. */ + if (!int_TS_RESP_verify_token(ctx, token, tst_info)) + goto err; + + ret = 1; + err: + return ret; + } + +/* + * Tries to extract a TS_TST_INFO structure from the PKCS7 token and + * calls the internal int_TS_RESP_verify_token function for verifying it. + */ +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) + { + TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); + int ret = 0; + if (tst_info) + { + ret = int_TS_RESP_verify_token(ctx, token, tst_info); + TS_TST_INFO_free(tst_info); + } + return ret; + } + +/* + * Verifies whether the 'token' contains a valid time stamp token + * with regards to the settings of the context. Only those checks are + * carried out that are specified in the context: + * - Verifies the signature of the TS_TST_INFO. + * - Checks the version number of the response. + * - Check if the requested and returned policies math. + * - Check if the message imprints are the same. + * - Check if the nonces are the same. + * - Check if the TSA name matches the signer. + * - Check if the TSA name is the expected TSA. + */ +static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, + PKCS7 *token, TS_TST_INFO *tst_info) + { + X509 *signer = NULL; + GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); + X509_ALGOR *md_alg = NULL; + unsigned char *imprint = NULL; + unsigned imprint_len = 0; + int ret = 0; + + /* Verify the signature. */ + if ((ctx->flags & TS_VFY_SIGNATURE) + && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, + &signer)) + goto err; + + /* Check version number of response. */ + if ((ctx->flags & TS_VFY_VERSION) + && TS_TST_INFO_get_version(tst_info) != 1) + { + TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION); + goto err; + } + + /* Check policies. */ + if ((ctx->flags & TS_VFY_POLICY) + && !TS_check_policy(ctx->policy, tst_info)) + goto err; + + /* Check message imprints. */ + if ((ctx->flags & TS_VFY_IMPRINT) + && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, + tst_info)) + goto err; + + /* Compute and check message imprints. */ + if ((ctx->flags & TS_VFY_DATA) + && (!TS_compute_imprint(ctx->data, tst_info, + &md_alg, &imprint, &imprint_len) + || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) + goto err; + + /* Check nonces. */ + if ((ctx->flags & TS_VFY_NONCE) + && !TS_check_nonces(ctx->nonce, tst_info)) + goto err; + + /* Check whether TSA name and signer certificate match. */ + if ((ctx->flags & TS_VFY_SIGNER) + && tsa_name && !TS_check_signer_name(tsa_name, signer)) + { + TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); + goto err; + } + + /* Check whether the TSA is the expected one. */ + if ((ctx->flags & TS_VFY_TSA_NAME) + && !TS_check_signer_name(ctx->tsa_name, signer)) + { + TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); + goto err; + } + + ret = 1; + err: + X509_free(signer); + X509_ALGOR_free(md_alg); + OPENSSL_free(imprint); + return ret; + } + +static int TS_check_status_info(TS_RESP *response) + { + TS_STATUS_INFO *info = TS_RESP_get_status_info(response); + long status = ASN1_INTEGER_get(info->status); + const char *status_text = NULL; + char *embedded_status_text = NULL; + char failure_text[TS_STATUS_BUF_SIZE] = ""; + + /* Check if everything went fine. */ + if (status == 0 || status == 1) return 1; + + /* There was an error, get the description in status_text. */ + if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE) + status_text = TS_status_text[status]; + else + status_text = "unknown code"; + + /* Set the embedded_status_text to the returned description. */ + if (sk_ASN1_UTF8STRING_num(info->text) > 0 + && !(embedded_status_text = TS_get_status_text(info->text))) + return 0; + + /* Filling in failure_text with the failure information. */ + if (info->failure_info) + { + int i; + int first = 1; + for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) + { + if (ASN1_BIT_STRING_get_bit(info->failure_info, + TS_failure_info[i].code)) + { + if (!first) + strcpy(failure_text, ","); + else + first = 0; + strcat(failure_text, TS_failure_info[i].text); + } + } + } + if (failure_text[0] == '\0') + strcpy(failure_text, "unspecified"); + + /* Making up the error string. */ + TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN); + ERR_add_error_data(6, + "status code: ", status_text, + ", status text: ", embedded_status_text ? + embedded_status_text : "unspecified", + ", failure codes: ", failure_text); + OPENSSL_free(embedded_status_text); + + return 0; + } + +static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) + { + int i; + unsigned int length = 0; + char *result = NULL; + char *p; + + /* Determine length first. */ + for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) + { + ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); + length += ASN1_STRING_length(current); + length += 1; /* separator character */ + } + /* Allocate memory (closing '\0' included). */ + if (!(result = OPENSSL_malloc(length))) + { + TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE); + return NULL; + } + /* Concatenate the descriptions. */ + for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) + { + ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); + length = ASN1_STRING_length(current); + if (i > 0) *p++ = '/'; + strncpy(p, (const char *)ASN1_STRING_data(current), length); + p += length; + } + /* We do have space for this, too. */ + *p = '\0'; + + return result; + } + +static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) + { + ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); + + if (OBJ_cmp(req_oid, resp_oid) != 0) + { + TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH); + return 0; + } + + return 1; + } + +static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, + X509_ALGOR **md_alg, + unsigned char **imprint, unsigned *imprint_len) + { + TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); + X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); + const EVP_MD *md; + EVP_MD_CTX md_ctx; + unsigned char buffer[4096]; + int length; + + *md_alg = NULL; + *imprint = NULL; + + /* Return the MD algorithm of the response. */ + if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) goto err; + + /* Getting the MD object. */ + if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) + { + TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM); + goto err; + } + + /* Compute message digest. */ + length = EVP_MD_size(md); + if (length < 0) + goto err; + *imprint_len = length; + if (!(*imprint = OPENSSL_malloc(*imprint_len))) + { + TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); + goto err; + } + + EVP_DigestInit(&md_ctx, md); + while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) + { + EVP_DigestUpdate(&md_ctx, buffer, length); + } + EVP_DigestFinal(&md_ctx, *imprint, NULL); + + return 1; + err: + X509_ALGOR_free(*md_alg); + OPENSSL_free(*imprint); + *imprint_len = 0; + return 0; + } + +static int TS_check_imprints(X509_ALGOR *algor_a, + unsigned char *imprint_a, unsigned len_a, + TS_TST_INFO *tst_info) + { + TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); + X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); + int ret = 0; + + /* algor_a is optional. */ + if (algor_a) + { + /* Compare algorithm OIDs. */ + if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) goto err; + + /* The parameter must be NULL in both. */ + if ((algor_a->parameter + && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) + || (algor_b->parameter + && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL)) + goto err; + } + + /* Compare octet strings. */ + ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) && + memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0; + err: + if (!ret) + TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH); + return ret; + } + +static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) + { + const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); + + /* Error if nonce is missing. */ + if (!b) + { + TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED); + return 0; + } + + /* No error if a nonce is returned without being requested. */ + if (ASN1_INTEGER_cmp(a, b) != 0) + { + TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH); + return 0; + } + + return 1; + } + +/* Check if the specified TSA name matches either the subject + or one of the subject alternative names of the TSA certificate. */ +static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) + { + STACK_OF(GENERAL_NAME) *gen_names = NULL; + int idx = -1; + int found = 0; + + /* Check the subject name first. */ + if (tsa_name->type == GEN_DIRNAME + && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) + return 1; + + /* Check all the alternative names. */ + gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, + NULL, &idx); + while (gen_names != NULL + && !(found = TS_find_name(gen_names, tsa_name) >= 0)) + { + /* Get the next subject alternative name, + although there should be no more than one. */ + GENERAL_NAMES_free(gen_names); + gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, + NULL, &idx); + } + if (gen_names) GENERAL_NAMES_free(gen_names); + + return found; + } + +/* Returns 1 if name is in gen_names, 0 otherwise. */ +static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) + { + int i, found; + for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); + ++i) + { + GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i); + found = GENERAL_NAME_cmp(current, name) == 0; + } + return found ? i - 1 : -1; + } diff --git a/lib/libssl/src/crypto/ts/ts_verify_ctx.c b/lib/libssl/src/crypto/ts/ts_verify_ctx.c new file mode 100644 index 00000000000..b079b50fc37 --- /dev/null +++ b/lib/libssl/src/crypto/ts/ts_verify_ctx.c @@ -0,0 +1,160 @@ +/* crypto/ts/ts_verify_ctx.c */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <assert.h> +#include "cryptlib.h" +#include <openssl/objects.h> +#include <openssl/ts.h> + +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) + { + TS_VERIFY_CTX *ctx = + (TS_VERIFY_CTX *) OPENSSL_malloc(sizeof(TS_VERIFY_CTX)); + if (ctx) + memset(ctx, 0, sizeof(TS_VERIFY_CTX)); + else + TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); + return ctx; + } + +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) + { + assert(ctx != NULL); + memset(ctx, 0, sizeof(TS_VERIFY_CTX)); + } + +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) + { + if (!ctx) return; + + TS_VERIFY_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } + +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) + { + if (!ctx) return; + + X509_STORE_free(ctx->store); + sk_X509_pop_free(ctx->certs, X509_free); + + ASN1_OBJECT_free(ctx->policy); + + X509_ALGOR_free(ctx->md_alg); + OPENSSL_free(ctx->imprint); + + BIO_free_all(ctx->data); + + ASN1_INTEGER_free(ctx->nonce); + + GENERAL_NAME_free(ctx->tsa_name); + + TS_VERIFY_CTX_init(ctx); + } + +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) + { + TS_VERIFY_CTX *ret = ctx; + ASN1_OBJECT *policy; + TS_MSG_IMPRINT *imprint; + X509_ALGOR *md_alg; + ASN1_OCTET_STRING *msg; + const ASN1_INTEGER *nonce; + + assert(req != NULL); + if (ret) + TS_VERIFY_CTX_cleanup(ret); + else + if (!(ret = TS_VERIFY_CTX_new())) return NULL; + + /* Setting flags. */ + ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); + + /* Setting policy. */ + if ((policy = TS_REQ_get_policy_id(req)) != NULL) + { + if (!(ret->policy = OBJ_dup(policy))) goto err; + } + else + ret->flags &= ~TS_VFY_POLICY; + + /* Setting md_alg, imprint and imprint_len. */ + imprint = TS_REQ_get_msg_imprint(req); + md_alg = TS_MSG_IMPRINT_get_algo(imprint); + if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) goto err; + msg = TS_MSG_IMPRINT_get_msg(imprint); + ret->imprint_len = ASN1_STRING_length(msg); + if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) goto err; + memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); + + /* Setting nonce. */ + if ((nonce = TS_REQ_get_nonce(req)) != NULL) + { + if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) goto err; + } + else + ret->flags &= ~TS_VFY_NONCE; + + return ret; + err: + if (ctx) + TS_VERIFY_CTX_cleanup(ctx); + else + TS_VERIFY_CTX_free(ret); + return NULL; + } diff --git a/lib/libssl/src/crypto/txt_db/Makefile b/lib/libssl/src/crypto/txt_db/Makefile index 87e57b49f64..e6f30331d8d 100644 --- a/lib/libssl/src/crypto/txt_db/Makefile +++ b/lib/libssl/src/crypto/txt_db/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libssl/src/crypto/ui/Makefile b/lib/libssl/src/crypto/ui/Makefile index 4755e206f66..a685659fb4c 100644 --- a/lib/libssl/src/crypto/ui/Makefile +++ b/lib/libssl/src/crypto/ui/Makefile @@ -37,7 +37,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libssl/src/crypto/whrlpool/Makefile b/lib/libssl/src/crypto/whrlpool/Makefile new file mode 100644 index 00000000000..566b9962905 --- /dev/null +++ b/lib/libssl/src/crypto/whrlpool/Makefile @@ -0,0 +1,93 @@ +# +# crypto/whrlpool/Makefile +# + +DIR= whrlpool +TOP= ../.. +CC= cc +CPP= $(CC) -E +INCLUDES= +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +WP_ASM_OBJ=wp_block.o + +CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) + +GENERAL=Makefile +TEST=wp_test.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=wp_dgst.c wp_block.c +LIBOBJ=wp_dgst.o $(WP_ASM_OBJ) + +SRC= $(LIBSRC) + +EXHEADER= whrlpool.h +HEADER= wp_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +wp-mmx.s: asm/wp-mmx.pl ../perlasm/x86asm.pl + $(PERL) asm/wp-mmx.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ + +wp-x86_64.s: asm/wp-x86_64.pl + $(PERL) asm/wp-x86_64.pl $(PERLASM_SCHEME) > $@ + +$(LIBOBJ): $(LIBSRC) + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +wp_block.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +wp_block.o: ../../include/openssl/whrlpool.h wp_block.c wp_locl.h +wp_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +wp_dgst.o: ../../include/openssl/whrlpool.h wp_dgst.c wp_locl.h diff --git a/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl b/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl new file mode 100644 index 00000000000..32cf16380b5 --- /dev/null +++ b/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl @@ -0,0 +1,493 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# whirlpool_block_mmx implementation. +# +*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results +# in 16KB large table, which is tough on L1 cache, but eliminates +# unaligned references to it. Value of 2 results in 4KB table, but +# 7/8 of references to it are unaligned. AMD cores seem to be +# allergic to the latter, while Intel ones - to former [see the +# table]. I stick to value of 2 for two reasons: 1. smaller table +# minimizes cache trashing and thus mitigates the hazard of side- +# channel leakage similar to AES cache-timing one; 2. performance +# gap among different µ-archs is smaller. +# +# Performance table lists rounded amounts of CPU cycles spent by +# whirlpool_block_mmx routine on single 64 byte input block, i.e. +# smaller is better and asymptotic throughput can be estimated by +# multiplying 64 by CPU clock frequency and dividing by relevant +# value from the given table: +# +# $SCALE=2/8 icc8 gcc3 +# Intel P4 3200/4600 4600(*) 6400 +# Intel PIII 2900/3000 4900 5400 +# AMD K[78] 2500/1800 9900 8200(**) +# +# (*) I've sketched even non-MMX assembler, but for the record +# I've failed to beat the Intel compiler on P4, without using +# MMX that is... +# (**) ... on AMD on the other hand non-MMX assembler was observed +# to perform significantly better, but I figured this MMX +# implementation is even faster anyway, so why bother? As for +# pre-MMX AMD core[s], the improvement coefficient is more +# than likely to vary anyway and I don't know how. But the +# least I know is that gcc-generated code compiled with +# -DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for +# details] and optimized for Pentium was observed to perform +# *better* on Pentium 100 than unrolled non-MMX assembler +# loop... So we just say that I don't know if maintaining +# non-MMX implementation would actually pay off, but till +# opposite is proved "unlikely" is assumed. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"wp-mmx.pl"); + +sub L() { &data_byte(@_); } +sub LL() +{ if ($SCALE==2) { &data_byte(@_); &data_byte(@_); } + elsif ($SCALE==8) { for ($i=0;$i<8;$i++) { + &data_byte(@_); + unshift(@_,pop(@_)); + } + } + else { die "unvalid SCALE value"; } +} + +sub scale() +{ if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); } + elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); } + else { die "unvalid SCALE value"; } +} + +sub row() +{ if ($SCALE==2) { ((8-shift)&7); } + elsif ($SCALE==8) { (8*shift); } + else { die "unvalid SCALE value"; } +} + +$tbl="ebp"; +@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7"); + +&function_begin_B("whirlpool_block_mmx"); + &push ("ebp"); + &push ("ebx"); + &push ("esi"); + &push ("edi"); + + &mov ("esi",&wparam(0)); # hash value + &mov ("edi",&wparam(1)); # input data stream + &mov ("ebp",&wparam(2)); # number of chunks in input + + &mov ("eax","esp"); # copy stack pointer + &sub ("esp",128+20); # allocate frame + &and ("esp",-64); # align for cache-line + + &lea ("ebx",&DWP(128,"esp")); + &mov (&DWP(0,"ebx"),"esi"); # save parameter block + &mov (&DWP(4,"ebx"),"edi"); + &mov (&DWP(8,"ebx"),"ebp"); + &mov (&DWP(16,"ebx"),"eax"); # saved stack pointer + + &call (&label("pic_point")); +&set_label("pic_point"); + &blindpop($tbl); + &lea ($tbl,&DWP(&label("table")."-".&label("pic_point"),$tbl)); + + &xor ("ecx","ecx"); + &xor ("edx","edx"); + + for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); } # L=H +&set_label("outerloop"); + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp + for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L + + &xor ("esi","esi"); + &mov (&DWP(12,"ebx"),"esi"); # zero round counter + +&set_label("round",16); + &movq (@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8)); # rc[r] + &mov ("eax",&DWP(0,"esp")); + &mov ("ebx",&DWP(4,"esp")); +for($i=0;$i<8;$i++) { + my $func = ($i==0)? movq : pxor; + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("eax",16); + &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); + &$func (@mm[1],&QWP(&row(1),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &mov ("eax",&DWP(($i+1)*8,"esp")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &$func (@mm[2],&QWP(&row(2),$tbl,"esi",8)); + &$func (@mm[3],&QWP(&row(3),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("ebx",16); + &$func (@mm[4],&QWP(&row(4),$tbl,"esi",8)); + &$func (@mm[5],&QWP(&row(5),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &mov ("ebx",&DWP(($i+1)*8+4,"esp")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &$func (@mm[6],&QWP(&row(6),$tbl,"esi",8)); + &$func (@mm[7],&QWP(&row(7),$tbl,"edi",8)); + push(@mm,shift(@mm)); +} + + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L + +for($i=0;$i<8;$i++) { + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("eax",16); + &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); + &pxor (@mm[1],&QWP(&row(1),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &mov ("eax",&DWP(64+($i+1)*8,"esp")) if ($i<7); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &pxor (@mm[2],&QWP(&row(2),$tbl,"esi",8)); + &pxor (@mm[3],&QWP(&row(3),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("ebx",16); + &pxor (@mm[4],&QWP(&row(4),$tbl,"esi",8)); + &pxor (@mm[5],&QWP(&row(5),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &mov ("ebx",&DWP(64+($i+1)*8+4,"esp")) if ($i<7); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &pxor (@mm[6],&QWP(&row(6),$tbl,"esi",8)); + &pxor (@mm[7],&QWP(&row(7),$tbl,"edi",8)); + push(@mm,shift(@mm)); +} + &lea ("ebx",&DWP(128,"esp")); + &mov ("esi",&DWP(12,"ebx")); # pull round counter + &add ("esi",1); + &cmp ("esi",10); + &je (&label("roundsdone")); + + &mov (&DWP(12,"ebx"),"esi"); # update round counter + for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L + &jmp (&label("round")); + +&set_label("roundsdone",16); + &mov ("esi",&DWP(0,"ebx")); # reload argument block + &mov ("edi",&DWP(4,"ebx")); + &mov ("eax",&DWP(8,"ebx")); + + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); } # L^=H + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); } # H=L + + &lea ("edi",&DWP(64,"edi")); # inp+=64 + &sub ("eax",1); # num-- + &jz (&label("alldone")); + &mov (&DWP(4,"ebx"),"edi"); # update argument block + &mov (&DWP(8,"ebx"),"eax"); + &jmp (&label("outerloop")); + +&set_label("alldone"); + &emms (); + &mov ("esp",&DWP(16,"ebx")); # restore saved stack pointer + &pop ("edi"); + &pop ("esi"); + &pop ("ebx"); + &pop ("ebp"); + &ret (); + +&align(64); +&set_label("table"); + &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); + &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); + &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); + &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); + &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); + &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); + &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); + &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); + &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); + &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); + &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); + &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); + &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); + &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); + &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); + &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); + &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); + &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); + &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); + &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); + &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); + &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); + &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); + &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); + &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); + &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); + &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); + &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); + &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); + &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); + &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); + &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); + &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); + &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); + &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); + &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); + &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); + &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); + &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); + &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); + &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); + &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); + &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); + &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); + &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); + &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); + &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); + &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); + &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); + &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); + &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); + &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); + &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); + &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); + &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); + &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); + &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); + &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); + &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); + &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); + &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); + &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); + &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); + &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); + &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); + &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); + &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); + &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); + &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); + &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); + &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); + &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); + &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); + &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); + &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); + &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); + &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); + &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); + &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); + &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); + &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); + &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); + &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); + &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); + &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); + &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); + &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); + &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); + &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); + &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); + &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); + &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); + &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); + &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); + &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); + &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); + &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); + &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); + &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); + &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); + &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); + &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); + &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); + &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); + &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); + &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); + &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); + &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); + &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); + &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); + &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); + &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); + &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); + &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); + &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); + &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); + &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); + &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); + &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); + &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); + &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); + &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); + &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); + &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); + &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); + &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); + &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); + &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); + &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); + &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); + &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); + &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); + &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); + &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); + &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); + &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); + &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); + &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); + &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); + &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); + &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); + &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); + &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); + &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); + &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); + &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); + &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); + &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); + &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); + &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); + &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); + &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); + &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); + &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); + &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); + &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); + &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); + &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); + &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); + &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); + &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); + &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); + &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); + &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); + &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); + &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); + &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); + &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); + &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); + &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); + &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); + &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); + &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); + &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); + &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); + &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); + &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); + &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); + &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); + &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); + &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); + &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); + &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); + &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); + &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); + &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); + &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); + &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); + &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); + &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); + &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); + &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); + &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); + &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); + &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); + &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); + &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); + &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); + &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); + &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); + &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); + &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); + &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); + &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); + &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); + &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); + &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); + &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); + &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); + &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); + &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); + &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); + &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); + &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); + &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); + &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); + &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); + &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); + &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); + &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); + &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); + &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); + &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); + &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); + &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); + &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); + &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); + &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); + &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); + &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); + &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); + &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); + &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); + &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); + &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); + &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); + &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); + &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); + &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); + &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); + &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); + &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); + &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); + &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); + &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); + &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); + &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); + &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); + &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); + &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); + &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); + &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); + &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); + &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); + &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); + &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); + + &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] + &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); + &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); + &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); + &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); + &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); + &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); + &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); + &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); + &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); + +&function_end_B("whirlpool_block_mmx"); +&asm_finish(); diff --git a/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl b/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl new file mode 100644 index 00000000000..87c0843dc1d --- /dev/null +++ b/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl @@ -0,0 +1,589 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# whirlpool_block for x86_64. +# +# 2500 cycles per 64-byte input block on AMD64, which is *identical* +# to 32-bit MMX version executed on same CPU. So why did I bother? +# Well, it's faster than gcc 3.3.2 generated code by over 50%, and +# over 80% faster than PathScale 1.4, an "ambitious" commercial +# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio +# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the +# first example when they fail to generate more optimal code, when +# I believe they had *all* chances to... +# +# Note that register and stack frame layout are virtually identical +# to 32-bit MMX version, except that %r8-15 are used instead of +# %mm0-8. You can even notice that K[i] and S[i] are loaded to +# %eax:%ebx as pair of 32-bit values and not as single 64-bit one. +# This is done in order to avoid 64-bit shift penalties on Intel +# EM64T core. Speaking of which! I bet it's possible to improve +# Opteron performance by compressing the table to 2KB and replacing +# unaligned references with complementary rotations [which would +# incidentally replace lea instructions], but it would definitely +# just "kill" EM64T, because it has only 1 shifter/rotator [against +# 3 on Opteron] and which is *unacceptably* slow with 64-bit +# operand. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour $output"; + +sub L() { $code.=".byte ".join(',',@_)."\n"; } +sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; } + +@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"); + +$func="whirlpool_block"; +$table=".Ltable"; + +$code=<<___; +.text + +.globl $func +.type $func,\@function,3 +.align 16 +$func: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + mov %rsp,%r11 + sub \$128+40,%rsp + and \$-64,%rsp + + lea 128(%rsp),%r10 + mov %rdi,0(%r10) # save parameter block + mov %rsi,8(%r10) + mov %rdx,16(%r10) + mov %r11,32(%r10) # saved stack pointer +.Lprologue: + + mov %r10,%rbx + lea $table(%rip),%rbp + + xor %rcx,%rcx + xor %rdx,%rdx +___ +for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; } # L=H +$code.=".Louterloop:\n"; +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L +$code.=<<___; + xor %rsi,%rsi + mov %rsi,24(%rbx) # zero round counter +.align 16 +.Lround: + mov 4096(%rbp,%rsi,8),@mm[0] # rc[r] + mov 0(%rsp),%eax + mov 4(%rsp),%ebx +___ +for($i=0;$i<8;$i++) { + my $func = ($i==0)? "mov" : "xor"; + $code.=<<___; + mov %al,%cl + mov %ah,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%eax + xor 0(%rbp,%rsi,8),@mm[0] + $func 7(%rbp,%rdi,8),@mm[1] + mov %al,%cl + mov %ah,%dl + mov $i*8+8(%rsp),%eax # ($i+1)*8 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + $func 6(%rbp,%rsi,8),@mm[2] + $func 5(%rbp,%rdi,8),@mm[3] + mov %bl,%cl + mov %bh,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%ebx + $func 4(%rbp,%rsi,8),@mm[4] + $func 3(%rbp,%rdi,8),@mm[5] + mov %bl,%cl + mov %bh,%dl + mov $i*8+8+4(%rsp),%ebx # ($i+1)*8+4 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + $func 2(%rbp,%rsi,8),@mm[6] + $func 1(%rbp,%rdi,8),@mm[7] +___ + push(@mm,shift(@mm)); +} +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L +for($i=0;$i<8;$i++) { + $code.=<<___; + mov %al,%cl + mov %ah,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%eax + xor 0(%rbp,%rsi,8),@mm[0] + xor 7(%rbp,%rdi,8),@mm[1] + mov %al,%cl + mov %ah,%dl + `"mov 64+$i*8+8(%rsp),%eax" if($i<7);` # 64+($i+1)*8 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + xor 6(%rbp,%rsi,8),@mm[2] + xor 5(%rbp,%rdi,8),@mm[3] + mov %bl,%cl + mov %bh,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%ebx + xor 4(%rbp,%rsi,8),@mm[4] + xor 3(%rbp,%rdi,8),@mm[5] + mov %bl,%cl + mov %bh,%dl + `"mov 64+$i*8+8+4(%rsp),%ebx" if($i<7);` # 64+($i+1)*8+4 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + xor 2(%rbp,%rsi,8),@mm[6] + xor 1(%rbp,%rdi,8),@mm[7] +___ + push(@mm,shift(@mm)); +} +$code.=<<___; + lea 128(%rsp),%rbx + mov 24(%rbx),%rsi # pull round counter + add \$1,%rsi + cmp \$10,%rsi + je .Lroundsdone + + mov %rsi,24(%rbx) # update round counter +___ +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L +$code.=<<___; + jmp .Lround +.align 16 +.Lroundsdone: + mov 0(%rbx),%rdi # reload argument block + mov 8(%rbx),%rsi + mov 16(%rbx),%rax +___ +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; } # L^=H +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; } # H=L +$code.=<<___; + lea 64(%rsi),%rsi # inp+=64 + sub \$1,%rax # num-- + jz .Lalldone + mov %rsi,8(%rbx) # update parameter block + mov %rax,16(%rbx) + jmp .Louterloop +.Lalldone: + mov 32(%rbx),%rsi # restore saved pointer + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue: + ret +.size $func,.-$func + +.align 64 +.type $table,\@object +$table: +___ + &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); + &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); + &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); + &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); + &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); + &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); + &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); + &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); + &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); + &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); + &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); + &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); + &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); + &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); + &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); + &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); + &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); + &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); + &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); + &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); + &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); + &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); + &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); + &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); + &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); + &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); + &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); + &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); + &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); + &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); + &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); + &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); + &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); + &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); + &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); + &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); + &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); + &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); + &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); + &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); + &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); + &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); + &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); + &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); + &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); + &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); + &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); + &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); + &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); + &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); + &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); + &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); + &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); + &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); + &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); + &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); + &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); + &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); + &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); + &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); + &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); + &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); + &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); + &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); + &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); + &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); + &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); + &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); + &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); + &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); + &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); + &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); + &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); + &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); + &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); + &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); + &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); + &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); + &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); + &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); + &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); + &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); + &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); + &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); + &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); + &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); + &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); + &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); + &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); + &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); + &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); + &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); + &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); + &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); + &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); + &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); + &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); + &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); + &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); + &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); + &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); + &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); + &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); + &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); + &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); + &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); + &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); + &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); + &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); + &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); + &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); + &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); + &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); + &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); + &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); + &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); + &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); + &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); + &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); + &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); + &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); + &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); + &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); + &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); + &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); + &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); + &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); + &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); + &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); + &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); + &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); + &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); + &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); + &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); + &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); + &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); + &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); + &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); + &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); + &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); + &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); + &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); + &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); + &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); + &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); + &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); + &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); + &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); + &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); + &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); + &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); + &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); + &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); + &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); + &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); + &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); + &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); + &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); + &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); + &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); + &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); + &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); + &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); + &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); + &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); + &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); + &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); + &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); + &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); + &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); + &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); + &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); + &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); + &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); + &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); + &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); + &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); + &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); + &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); + &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); + &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); + &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); + &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); + &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); + &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); + &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); + &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); + &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); + &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); + &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); + &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); + &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); + &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); + &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); + &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); + &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); + &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); + &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); + &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); + &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); + &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); + &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); + &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); + &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); + &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); + &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); + &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); + &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); + &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); + &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); + &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); + &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); + &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); + &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); + &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); + &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); + &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); + &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); + &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); + &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); + &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); + &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); + &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); + &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); + &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); + &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); + &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); + &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); + &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); + &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); + &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); + &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); + &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); + &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); + &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); + &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); + &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); + &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); + &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); + &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); + &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); + &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); + &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); + &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); + &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); + &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); + &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); + &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); + &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); + &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); + &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); + &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); + &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); + &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); + &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); + &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); + + &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] + &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); + &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); + &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); + &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); + &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); + &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); + &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); + &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); + &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lin_prologue + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lin_prologue + + mov 128+32(%rax),%rax # pull saved stack pointer + lea 48(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_$func + .rva .LSEH_end_$func + .rva .LSEH_info_$func + +.section .xdata +.align 8 +.LSEH_info_$func: + .byte 9,0,0,0 + .rva se_handler +___ +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/lib/libssl/src/crypto/whrlpool/whrlpool.h b/lib/libssl/src/crypto/whrlpool/whrlpool.h new file mode 100644 index 00000000000..03c91da1155 --- /dev/null +++ b/lib/libssl/src/crypto/whrlpool/whrlpool.h @@ -0,0 +1,38 @@ +#ifndef HEADER_WHRLPOOL_H +#define HEADER_WHRLPOOL_H + +#include <openssl/e_os2.h> +#include <stddef.h> + +#ifdef __cplusplus +extern "C" { +#endif + +#define WHIRLPOOL_DIGEST_LENGTH (512/8) +#define WHIRLPOOL_BBLOCK 512 +#define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK/8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)]; + } WHIRLPOOL_CTX; + +#ifndef OPENSSL_NO_WHIRLPOOL +int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); +int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/lib/libssl/src/crypto/whrlpool/wp_block.c b/lib/libssl/src/crypto/whrlpool/wp_block.c new file mode 100644 index 00000000000..221f6cc59f2 --- /dev/null +++ b/lib/libssl/src/crypto/whrlpool/wp_block.c @@ -0,0 +1,655 @@ +/** + * The Whirlpool hashing function. + * + * <P> + * <b>References</b> + * + * <P> + * The Whirlpool algorithm was developed by + * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and + * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>. + * + * See + * P.S.L.M. Barreto, V. Rijmen, + * ``The Whirlpool hashing function,'' + * NESSIE submission, 2000 (tweaked version, 2001), + * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip> + * + * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and + * Vincent Rijmen. Lookup "reference implementations" on + * <http://planeta.terra.com.br/informatica/paulobarreto/> + * + * ============================================================================= + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "wp_locl.h" +#include <string.h> + +typedef unsigned char u8; +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32) +typedef unsigned __int64 u64; +#elif defined(__arch64__) +typedef unsigned long u64; +#else +typedef unsigned long long u64; +#endif + +#define ROUNDS 10 + +#define STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) +/* Well, formally there're couple of other architectures, which permit + * unaligned loads, specifically those not crossing cache lines, IA-64 + * and PowerPC... */ +# undef STRICT_ALIGNMENT +#endif + +#undef SMALL_REGISTER_BANK +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +# define SMALL_REGISTER_BANK +# if defined(WHIRLPOOL_ASM) +# ifndef OPENSSL_SMALL_FOOTPRINT +# define OPENSSL_SMALL_FOOTPRINT /* it appears that for elder non-MMX + CPUs this is actually faster! */ +# endif +# define GO_FOR_MMX(ctx,inp,num) do { \ + extern unsigned long OPENSSL_ia32cap_P; \ + void whirlpool_block_mmx(void *,const void *,size_t); \ + if (!(OPENSSL_ia32cap_P & (1<<23))) break; \ + whirlpool_block_mmx(ctx->H.c,inp,num); return; \ + } while (0) +# endif +#endif + +#undef ROTATE +#if defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# pragma intrinsic(_rotl64) +# define ROTATE(a,n) _rotl64((a),n) +# endif +#elif defined(__GNUC__) && __GNUC__>=2 +# if defined(__x86_64) || defined(__x86_64__) +# if defined(L_ENDIAN) +# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \ + : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) +# elif defined(B_ENDIAN) + /* Most will argue that x86_64 is always little-endian. Well, + * yes, but then we have stratus.com who has modified gcc to + * "emulate" big-endian on x86. Is there evidence that they + * [or somebody else] won't do same for x86_64? Naturally no. + * And this line is waiting ready for that brave soul:-) */ +# define ROTATE(a,n) ({ u64 ret; asm ("rorq %1,%0" \ + : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) +# endif +# elif defined(__ia64) || defined(__ia64__) +# if defined(L_ENDIAN) +# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ + : "=r"(ret) : "r"(a),"M"(64-(n))); ret; }) +# elif defined(B_ENDIAN) +# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ + : "=r"(ret) : "r"(a),"M"(n)); ret; }) +# endif +# endif +#endif + +#if defined(OPENSSL_SMALL_FOOTPRINT) +# if !defined(ROTATE) +# if defined(L_ENDIAN) /* little-endians have to rotate left */ +# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n)) +# elif defined(B_ENDIAN) /* big-endians have to rotate right */ +# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n)) +# endif +# endif +# if defined(ROTATE) && !defined(STRICT_ALIGNMENT) +# define STRICT_ALIGNMENT /* ensure smallest table size */ +# endif +#endif + +/* + * Table size depends on STRICT_ALIGNMENT and whether or not endian- + * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not + * defined, which is normally the case on x86[_64] CPUs, the table is + * 4KB large unconditionally. Otherwise if ROTATE is defined, the + * table is 2KB large, and otherwise - 16KB. 2KB table requires a + * whole bunch of additional rotations, but I'm willing to "trade," + * because 16KB table certainly trashes L1 cache. I wish all CPUs + * could handle unaligned load as 4KB table doesn't trash the cache, + * nor does it require additional rotations. + */ +/* + * Note that every Cn macro expands as two loads: one byte load and + * one quadword load. One can argue that that many single-byte loads + * is too excessive, as one could load a quadword and "milk" it for + * eight 8-bit values instead. Well, yes, but in order to do so *and* + * avoid excessive loads you have to accomodate a handful of 64-bit + * values in the register bank and issue a bunch of shifts and mask. + * It's a tradeoff: loads vs. shift and mask in big register bank[!]. + * On most CPUs eight single-byte loads are faster and I let other + * ones to depend on smart compiler to fold byte loads if beneficial. + * Hand-coded assembler would be another alternative:-) + */ +#ifdef STRICT_ALIGNMENT +# if defined(ROTATE) +# define N 1 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7 +# define C0(K,i) (Cx.q[K.c[(i)*8+0]]) +# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8) +# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16) +# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24) +# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32) +# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40) +# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48) +# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56) +# else +# define N 8 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ + c7,c0,c1,c2,c3,c4,c5,c6, \ + c6,c7,c0,c1,c2,c3,c4,c5, \ + c5,c6,c7,c0,c1,c2,c3,c4, \ + c4,c5,c6,c7,c0,c1,c2,c3, \ + c3,c4,c5,c6,c7,c0,c1,c2, \ + c2,c3,c4,c5,c6,c7,c0,c1, \ + c1,c2,c3,c4,c5,c6,c7,c0 +# define C0(K,i) (Cx.q[0+8*K.c[(i)*8+0]]) +# define C1(K,i) (Cx.q[1+8*K.c[(i)*8+1]]) +# define C2(K,i) (Cx.q[2+8*K.c[(i)*8+2]]) +# define C3(K,i) (Cx.q[3+8*K.c[(i)*8+3]]) +# define C4(K,i) (Cx.q[4+8*K.c[(i)*8+4]]) +# define C5(K,i) (Cx.q[5+8*K.c[(i)*8+5]]) +# define C6(K,i) (Cx.q[6+8*K.c[(i)*8+6]]) +# define C7(K,i) (Cx.q[7+8*K.c[(i)*8+7]]) +# endif +#else +# define N 2 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ + c0,c1,c2,c3,c4,c5,c6,c7 +# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) +# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) +# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) +# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) +# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) +# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) +# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) +# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) +#endif + +static const +union { + u8 c[(256*N+ROUNDS)*sizeof(u64)]; + u64 q[(256*N+ROUNDS)]; + } Cx = { { + /* Note endian-neutral representation:-) */ + LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8), + LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26), + LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8), + LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb), + LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb), + LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11), + LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09), + LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d), + LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b), + LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff), + LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c), + LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e), + LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96), + LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30), + LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d), + LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8), + LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47), + LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35), + LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37), + LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a), + LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2), + LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c), + LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84), + LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80), + LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5), + LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3), + LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21), + LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c), + LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43), + LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29), + LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d), + LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5), + LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd), + LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8), + LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92), + LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e), + LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13), + LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23), + LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20), + LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44), + LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2), + LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf), + LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c), + LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a), + LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50), + LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9), + LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14), + LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9), + LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c), + LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f), + LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90), + LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07), + LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd), + LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3), + LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d), + LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78), + LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97), + LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02), + LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73), + LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7), + LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6), + LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2), + LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49), + LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56), + LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70), + LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd), + LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb), + LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71), + LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b), + LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf), + LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45), + LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a), + LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4), + LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58), + LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e), + LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f), + LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac), + LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0), + LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef), + LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6), + LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c), + LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12), + LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93), + LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde), + LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6), + LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1), + LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b), + LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f), + LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31), + LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8), + LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9), + LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc), + LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e), + LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b), + LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf), + LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59), + LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2), + LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77), + LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33), + LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4), + LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27), + LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb), + LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89), + LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32), + LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54), + LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d), + LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64), + LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d), + LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d), + LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f), + LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca), + LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7), + LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d), + LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce), + LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f), + LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f), + LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63), + LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a), + LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc), + LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82), + LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a), + LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48), + LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95), + LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf), + LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d), + LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0), + LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91), + LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8), + LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b), + LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00), + LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9), + LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e), + LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1), + LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6), + LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28), + LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3), + LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74), + LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe), + LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d), + LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea), + LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57), + LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38), + LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad), + LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4), + LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda), + LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7), + LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb), + LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9), + LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a), + LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03), + LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a), + LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e), + LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60), + LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc), + LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46), + LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f), + LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76), + LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa), + LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36), + LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae), + LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b), + LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85), + LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e), + LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7), + LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55), + LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a), + LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81), + LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52), + LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62), + LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3), + LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10), + LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab), + LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0), + LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5), + LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec), + LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16), + LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94), + LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f), + LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5), + LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98), + LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17), + LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4), + LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1), + LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e), + LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42), + LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34), + LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08), + LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee), + LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61), + LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1), + LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f), + LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24), + LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3), + LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25), + LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22), + LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65), + LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79), + LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69), + LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9), + LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19), + LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe), + LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a), + LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0), + LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99), + LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83), + LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04), + LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66), + LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0), + LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1), + LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd), + LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40), + LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c), + LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18), + LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b), + LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51), + LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05), + LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c), + LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39), + LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa), + LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b), + LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc), + LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e), + LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0), + LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88), + LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67), + LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a), + LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87), + LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1), + LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72), + LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53), + LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01), + LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b), + LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4), + LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3), + LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15), + LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c), + LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5), + LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5), + LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4), + LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba), + LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6), + LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7), + LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06), + LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41), + LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7), + LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f), + LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e), + LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6), + LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2), + LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68), + LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c), + LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed), + LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75), + LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86), + LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b), + LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2), +#define RC (&(Cx.q[256*N])) + 0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f, /* rc[ROUNDS] */ + 0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52, + 0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35, + 0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57, + 0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda, + 0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85, + 0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67, + 0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8, + 0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e, + 0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33 + } +}; + +void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n) + { + int r; + const u8 *p=inp; + union { u64 q[8]; u8 c[64]; } S,K,*H=(void *)ctx->H.q; + +#ifdef GO_FOR_MMX + GO_FOR_MMX(ctx,inp,n); +#endif + do { +#ifdef OPENSSL_SMALL_FOOTPRINT + u64 L[8]; + int i; + + for (i=0;i<64;i++) S.c[i] = (K.c[i] = H->c[i]) ^ p[i]; + for (r=0;r<ROUNDS;r++) + { + for (i=0;i<8;i++) + { + L[i] = i ? 0 : RC[r]; + L[i] ^= C0(K,i) ^ C1(K,(i-1)&7) ^ + C2(K,(i-2)&7) ^ C3(K,(i-3)&7) ^ + C4(K,(i-4)&7) ^ C5(K,(i-5)&7) ^ + C6(K,(i-6)&7) ^ C7(K,(i-7)&7); + } + memcpy (K.q,L,64); + for (i=0;i<8;i++) + { + L[i] ^= C0(S,i) ^ C1(S,(i-1)&7) ^ + C2(S,(i-2)&7) ^ C3(S,(i-3)&7) ^ + C4(S,(i-4)&7) ^ C5(S,(i-5)&7) ^ + C6(S,(i-6)&7) ^ C7(S,(i-7)&7); + } + memcpy (S.q,L,64); + } + for (i=0;i<64;i++) H->c[i] ^= S.c[i] ^ p[i]; +#else + u64 L0,L1,L2,L3,L4,L5,L6,L7; + +#ifdef STRICT_ALIGNMENT + if ((size_t)p & 7) + { + memcpy (S.c,p,64); + S.q[0] ^= (K.q[0] = H->q[0]); + S.q[1] ^= (K.q[1] = H->q[1]); + S.q[2] ^= (K.q[2] = H->q[2]); + S.q[3] ^= (K.q[3] = H->q[3]); + S.q[4] ^= (K.q[4] = H->q[4]); + S.q[5] ^= (K.q[5] = H->q[5]); + S.q[6] ^= (K.q[6] = H->q[6]); + S.q[7] ^= (K.q[7] = H->q[7]); + } + else +#endif + { + const u64 *pa = (const u64*)p; + S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; + S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; + S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; + S.q[3] = (K.q[3] = H->q[3]) ^ pa[3]; + S.q[4] = (K.q[4] = H->q[4]) ^ pa[4]; + S.q[5] = (K.q[5] = H->q[5]) ^ pa[5]; + S.q[6] = (K.q[6] = H->q[6]) ^ pa[6]; + S.q[7] = (K.q[7] = H->q[7]) ^ pa[7]; + } + + for(r=0;r<ROUNDS;r++) + { +#ifdef SMALL_REGISTER_BANK + L0 = C0(K,0) ^ C1(K,7) ^ C2(K,6) ^ C3(K,5) ^ + C4(K,4) ^ C5(K,3) ^ C6(K,2) ^ C7(K,1) ^ RC[r]; + L1 = C0(K,1) ^ C1(K,0) ^ C2(K,7) ^ C3(K,6) ^ + C4(K,5) ^ C5(K,4) ^ C6(K,3) ^ C7(K,2); + L2 = C0(K,2) ^ C1(K,1) ^ C2(K,0) ^ C3(K,7) ^ + C4(K,6) ^ C5(K,5) ^ C6(K,4) ^ C7(K,3); + L3 = C0(K,3) ^ C1(K,2) ^ C2(K,1) ^ C3(K,0) ^ + C4(K,7) ^ C5(K,6) ^ C6(K,5) ^ C7(K,4); + L4 = C0(K,4) ^ C1(K,3) ^ C2(K,2) ^ C3(K,1) ^ + C4(K,0) ^ C5(K,7) ^ C6(K,6) ^ C7(K,5); + L5 = C0(K,5) ^ C1(K,4) ^ C2(K,3) ^ C3(K,2) ^ + C4(K,1) ^ C5(K,0) ^ C6(K,7) ^ C7(K,6); + L6 = C0(K,6) ^ C1(K,5) ^ C2(K,4) ^ C3(K,3) ^ + C4(K,2) ^ C5(K,1) ^ C6(K,0) ^ C7(K,7); + L7 = C0(K,7) ^ C1(K,6) ^ C2(K,5) ^ C3(K,4) ^ + C4(K,3) ^ C5(K,2) ^ C6(K,1) ^ C7(K,0); + + K.q[0] = L0; K.q[1] = L1; K.q[2] = L2; K.q[3] = L3; + K.q[4] = L4; K.q[5] = L5; K.q[6] = L6; K.q[7] = L7; + + L0 ^= C0(S,0) ^ C1(S,7) ^ C2(S,6) ^ C3(S,5) ^ + C4(S,4) ^ C5(S,3) ^ C6(S,2) ^ C7(S,1); + L1 ^= C0(S,1) ^ C1(S,0) ^ C2(S,7) ^ C3(S,6) ^ + C4(S,5) ^ C5(S,4) ^ C6(S,3) ^ C7(S,2); + L2 ^= C0(S,2) ^ C1(S,1) ^ C2(S,0) ^ C3(S,7) ^ + C4(S,6) ^ C5(S,5) ^ C6(S,4) ^ C7(S,3); + L3 ^= C0(S,3) ^ C1(S,2) ^ C2(S,1) ^ C3(S,0) ^ + C4(S,7) ^ C5(S,6) ^ C6(S,5) ^ C7(S,4); + L4 ^= C0(S,4) ^ C1(S,3) ^ C2(S,2) ^ C3(S,1) ^ + C4(S,0) ^ C5(S,7) ^ C6(S,6) ^ C7(S,5); + L5 ^= C0(S,5) ^ C1(S,4) ^ C2(S,3) ^ C3(S,2) ^ + C4(S,1) ^ C5(S,0) ^ C6(S,7) ^ C7(S,6); + L6 ^= C0(S,6) ^ C1(S,5) ^ C2(S,4) ^ C3(S,3) ^ + C4(S,2) ^ C5(S,1) ^ C6(S,0) ^ C7(S,7); + L7 ^= C0(S,7) ^ C1(S,6) ^ C2(S,5) ^ C3(S,4) ^ + C4(S,3) ^ C5(S,2) ^ C6(S,1) ^ C7(S,0); + + S.q[0] = L0; S.q[1] = L1; S.q[2] = L2; S.q[3] = L3; + S.q[4] = L4; S.q[5] = L5; S.q[6] = L6; S.q[7] = L7; +#else + L0 = C0(K,0); L1 = C1(K,0); L2 = C2(K,0); L3 = C3(K,0); + L4 = C4(K,0); L5 = C5(K,0); L6 = C6(K,0); L7 = C7(K,0); + L0 ^= RC[r]; + + L1 ^= C0(K,1); L2 ^= C1(K,1); L3 ^= C2(K,1); L4 ^= C3(K,1); + L5 ^= C4(K,1); L6 ^= C5(K,1); L7 ^= C6(K,1); L0 ^= C7(K,1); + + L2 ^= C0(K,2); L3 ^= C1(K,2); L4 ^= C2(K,2); L5 ^= C3(K,2); + L6 ^= C4(K,2); L7 ^= C5(K,2); L0 ^= C6(K,2); L1 ^= C7(K,2); + + L3 ^= C0(K,3); L4 ^= C1(K,3); L5 ^= C2(K,3); L6 ^= C3(K,3); + L7 ^= C4(K,3); L0 ^= C5(K,3); L1 ^= C6(K,3); L2 ^= C7(K,3); + + L4 ^= C0(K,4); L5 ^= C1(K,4); L6 ^= C2(K,4); L7 ^= C3(K,4); + L0 ^= C4(K,4); L1 ^= C5(K,4); L2 ^= C6(K,4); L3 ^= C7(K,4); + + L5 ^= C0(K,5); L6 ^= C1(K,5); L7 ^= C2(K,5); L0 ^= C3(K,5); + L1 ^= C4(K,5); L2 ^= C5(K,5); L3 ^= C6(K,5); L4 ^= C7(K,5); + + L6 ^= C0(K,6); L7 ^= C1(K,6); L0 ^= C2(K,6); L1 ^= C3(K,6); + L2 ^= C4(K,6); L3 ^= C5(K,6); L4 ^= C6(K,6); L5 ^= C7(K,6); + + L7 ^= C0(K,7); L0 ^= C1(K,7); L1 ^= C2(K,7); L2 ^= C3(K,7); + L3 ^= C4(K,7); L4 ^= C5(K,7); L5 ^= C6(K,7); L6 ^= C7(K,7); + + K.q[0] = L0; K.q[1] = L1; K.q[2] = L2; K.q[3] = L3; + K.q[4] = L4; K.q[5] = L5; K.q[6] = L6; K.q[7] = L7; + + L0 ^= C0(S,0); L1 ^= C1(S,0); L2 ^= C2(S,0); L3 ^= C3(S,0); + L4 ^= C4(S,0); L5 ^= C5(S,0); L6 ^= C6(S,0); L7 ^= C7(S,0); + + L1 ^= C0(S,1); L2 ^= C1(S,1); L3 ^= C2(S,1); L4 ^= C3(S,1); + L5 ^= C4(S,1); L6 ^= C5(S,1); L7 ^= C6(S,1); L0 ^= C7(S,1); + + L2 ^= C0(S,2); L3 ^= C1(S,2); L4 ^= C2(S,2); L5 ^= C3(S,2); + L6 ^= C4(S,2); L7 ^= C5(S,2); L0 ^= C6(S,2); L1 ^= C7(S,2); + + L3 ^= C0(S,3); L4 ^= C1(S,3); L5 ^= C2(S,3); L6 ^= C3(S,3); + L7 ^= C4(S,3); L0 ^= C5(S,3); L1 ^= C6(S,3); L2 ^= C7(S,3); + + L4 ^= C0(S,4); L5 ^= C1(S,4); L6 ^= C2(S,4); L7 ^= C3(S,4); + L0 ^= C4(S,4); L1 ^= C5(S,4); L2 ^= C6(S,4); L3 ^= C7(S,4); + + L5 ^= C0(S,5); L6 ^= C1(S,5); L7 ^= C2(S,5); L0 ^= C3(S,5); + L1 ^= C4(S,5); L2 ^= C5(S,5); L3 ^= C6(S,5); L4 ^= C7(S,5); + + L6 ^= C0(S,6); L7 ^= C1(S,6); L0 ^= C2(S,6); L1 ^= C3(S,6); + L2 ^= C4(S,6); L3 ^= C5(S,6); L4 ^= C6(S,6); L5 ^= C7(S,6); + + L7 ^= C0(S,7); L0 ^= C1(S,7); L1 ^= C2(S,7); L2 ^= C3(S,7); + L3 ^= C4(S,7); L4 ^= C5(S,7); L5 ^= C6(S,7); L6 ^= C7(S,7); + + S.q[0] = L0; S.q[1] = L1; S.q[2] = L2; S.q[3] = L3; + S.q[4] = L4; S.q[5] = L5; S.q[6] = L6; S.q[7] = L7; +#endif + } + +#ifdef STRICT_ALIGNMENT + if ((size_t)p & 7) + { + int i; + for(i=0;i<64;i++) H->c[i] ^= S.c[i] ^ p[i]; + } + else +#endif + { + const u64 *pa=(const u64 *)p; + H->q[0] ^= S.q[0] ^ pa[0]; + H->q[1] ^= S.q[1] ^ pa[1]; + H->q[2] ^= S.q[2] ^ pa[2]; + H->q[3] ^= S.q[3] ^ pa[3]; + H->q[4] ^= S.q[4] ^ pa[4]; + H->q[5] ^= S.q[5] ^ pa[5]; + H->q[6] ^= S.q[6] ^ pa[6]; + H->q[7] ^= S.q[7] ^ pa[7]; + } +#endif + p += 64; + } while(--n); + } diff --git a/lib/libssl/src/crypto/whrlpool/wp_dgst.c b/lib/libssl/src/crypto/whrlpool/wp_dgst.c new file mode 100644 index 00000000000..ee5c5c1bf3a --- /dev/null +++ b/lib/libssl/src/crypto/whrlpool/wp_dgst.c @@ -0,0 +1,264 @@ +/** + * The Whirlpool hashing function. + * + * <P> + * <b>References</b> + * + * <P> + * The Whirlpool algorithm was developed by + * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and + * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>. + * + * See + * P.S.L.M. Barreto, V. Rijmen, + * ``The Whirlpool hashing function,'' + * NESSIE submission, 2000 (tweaked version, 2001), + * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip> + * + * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and + * Vincent Rijmen. Lookup "reference implementations" on + * <http://planeta.terra.com.br/informatica/paulobarreto/> + * + * ============================================================================= + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* + * OpenSSL-specific implementation notes. + * + * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect + * number of *bytes* as input length argument. Bit-oriented routine + * as specified by authors is called WHIRLPOOL_BitUpdate[!] and + * does not have one-stroke counterpart. + * + * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially + * to serve WHIRLPOOL_Update. This is done for performance. + * + * Unlike authors' reference implementation, block processing + * routine whirlpool_block is designed to operate on multi-block + * input. This is done for perfomance. + */ + +#include "wp_locl.h" +#include <string.h> + +int WHIRLPOOL_Init (WHIRLPOOL_CTX *c) + { + memset (c,0,sizeof(*c)); + return(1); + } + +int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *_inp,size_t bytes) + { + /* Well, largest suitable chunk size actually is + * (1<<(sizeof(size_t)*8-3))-64, but below number + * is large enough for not to care about excessive + * calls to WHIRLPOOL_BitUpdate... */ + size_t chunk = ((size_t)1)<<(sizeof(size_t)*8-4); + const unsigned char *inp = _inp; + + while (bytes>=chunk) + { + WHIRLPOOL_BitUpdate(c,inp,chunk*8); + bytes -= chunk; + inp += chunk; + } + if (bytes) + WHIRLPOOL_BitUpdate(c,inp,bytes*8); + + return(1); + } + +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *_inp,size_t bits) + { + size_t n; + unsigned int bitoff = c->bitoff, + bitrem = bitoff%8, + inpgap = (8-(unsigned int)bits%8)&7; + const unsigned char *inp=_inp; + + /* This 256-bit increment procedure relies on the size_t + * being natural size of CPU register, so that we don't + * have to mask the value in order to detect overflows. */ + c->bitlen[0] += bits; + if (c->bitlen[0] < bits) /* overflow */ + { + n = 1; + do { c->bitlen[n]++; + } while(c->bitlen[n]==0 + && ++n<(WHIRLPOOL_COUNTER/sizeof(size_t))); + } + +#ifndef OPENSSL_SMALL_FOOTPRINT + reconsider: + if (inpgap==0 && bitrem==0) /* byte-oriented loop */ + { + while (bits) + { + if (bitoff==0 && (n=bits/WHIRLPOOL_BBLOCK)) + { + whirlpool_block(c,inp,n); + inp += n*WHIRLPOOL_BBLOCK/8; + bits %= WHIRLPOOL_BBLOCK; + } + else + { + unsigned int byteoff = bitoff/8; + + bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */ + if (bits >= bitrem) + { + bits -= bitrem; + bitrem /= 8; + memcpy(c->data+byteoff,inp,bitrem); + inp += bitrem; + whirlpool_block(c,c->data,1); + bitoff = 0; + } + else + { + memcpy(c->data+byteoff,inp,bits/8); + bitoff += (unsigned int)bits; + bits = 0; + } + c->bitoff = bitoff; + } + } + } + else /* bit-oriented loop */ +#endif + { + /* + inp + | + +-------+-------+------- + ||||||||||||||||||||| + +-------+-------+------- + +-------+-------+-------+-------+------- + |||||||||||||| c->data + +-------+-------+-------+-------+------- + | + c->bitoff/8 + */ + while (bits) + { + unsigned int byteoff = bitoff/8; + unsigned char b; + +#ifndef OPENSSL_SMALL_FOOTPRINT + if (bitrem==inpgap) + { + c->data[byteoff++] |= inp[0] & (0xff>>inpgap); + inpgap = 8-inpgap; + bitoff += inpgap; bitrem = 0; /* bitoff%8 */ + bits -= inpgap; inpgap = 0; /* bits%8 */ + inp++; + if (bitoff==WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + bitoff = 0; + } + c->bitoff = bitoff; + goto reconsider; + } + else +#endif + if (bits>=8) + { + b = ((inp[0]<<inpgap) | (inp[1]>>(8-inpgap))); + b &= 0xff; + if (bitrem) c->data[byteoff++] |= b>>bitrem; + else c->data[byteoff++] = b; + bitoff += 8; + bits -= 8; + inp++; + if (bitoff>=WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + byteoff = 0; + bitoff %= WHIRLPOOL_BBLOCK; + } + if (bitrem) c->data[byteoff] = b<<(8-bitrem); + } + else /* remaining less than 8 bits */ + { + b = (inp[0]<<inpgap)&0xff; + if (bitrem) c->data[byteoff++] |= b>>bitrem; + else c->data[byteoff++] = b; + bitoff += (unsigned int)bits; + if (bitoff==WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + byteoff = 0; + bitoff %= WHIRLPOOL_BBLOCK; + } + if (bitrem) c->data[byteoff] = b<<(8-bitrem); + bits = 0; + } + c->bitoff = bitoff; + } + } + } + +int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c) + { + unsigned int bitoff = c->bitoff, + byteoff = bitoff/8; + size_t i,j,v; + unsigned char *p; + + bitoff %= 8; + if (bitoff) c->data[byteoff] |= 0x80>>bitoff; + else c->data[byteoff] = 0x80; + byteoff++; + + /* pad with zeros */ + if (byteoff > (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)) + { + if (byteoff<WHIRLPOOL_BBLOCK/8) + memset(&c->data[byteoff],0,WHIRLPOOL_BBLOCK/8-byteoff); + whirlpool_block(c,c->data,1); + byteoff = 0; + } + if (byteoff < (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)) + memset(&c->data[byteoff],0, + (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)-byteoff); + /* smash 256-bit c->bitlen in big-endian order */ + p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */ + for(i=0;i<WHIRLPOOL_COUNTER/sizeof(size_t);i++) + for(v=c->bitlen[i],j=0;j<sizeof(size_t);j++,v>>=8) + *p-- = (unsigned char)(v&0xff); + + whirlpool_block(c,c->data,1); + + if (md) { + memcpy(md,c->H.c,WHIRLPOOL_DIGEST_LENGTH); + memset(c,0,sizeof(*c)); + return(1); + } + return(0); + } + +unsigned char *WHIRLPOOL(const void *inp, size_t bytes,unsigned char *md) + { + WHIRLPOOL_CTX ctx; + static unsigned char m[WHIRLPOOL_DIGEST_LENGTH]; + + if (md == NULL) md=m; + WHIRLPOOL_Init(&ctx); + WHIRLPOOL_Update(&ctx,inp,bytes); + WHIRLPOOL_Final(md,&ctx); + return(md); + } diff --git a/lib/libssl/src/crypto/whrlpool/wp_locl.h b/lib/libssl/src/crypto/whrlpool/wp_locl.h new file mode 100644 index 00000000000..94e56a39f18 --- /dev/null +++ b/lib/libssl/src/crypto/whrlpool/wp_locl.h @@ -0,0 +1,3 @@ +#include <openssl/whrlpool.h> + +void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t); diff --git a/lib/libssl/src/crypto/whrlpool/wp_test.c b/lib/libssl/src/crypto/whrlpool/wp_test.c new file mode 100644 index 00000000000..c68c2c62cab --- /dev/null +++ b/lib/libssl/src/crypto/whrlpool/wp_test.c @@ -0,0 +1,228 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * ==================================================================== + */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include <openssl/whrlpool.h> +#include <openssl/crypto.h> + +#if defined(OPENSSL_NO_WHIRLPOOL) +int main(int argc, char *argv[]) +{ + printf("No Whirlpool support\n"); + return(0); +} +#else + +/* ISO/IEC 10118-3 test vector set */ +unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = { + 0x19,0xFA,0x61,0xD7,0x55,0x22,0xA4,0x66, + 0x9B,0x44,0xE3,0x9C,0x1D,0x2E,0x17,0x26, + 0xC5,0x30,0x23,0x21,0x30,0xD4,0x07,0xF8, + 0x9A,0xFE,0xE0,0x96,0x49,0x97,0xF7,0xA7, + 0x3E,0x83,0xBE,0x69,0x8B,0x28,0x8F,0xEB, + 0xCF,0x88,0xE3,0xE0,0x3C,0x4F,0x07,0x57, + 0xEA,0x89,0x64,0xE5,0x9B,0x63,0xD9,0x37, + 0x08,0xB1,0x38,0xCC,0x42,0xA6,0x6E,0xB3 }; + +unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = { + 0x8A,0xCA,0x26,0x02,0x79,0x2A,0xEC,0x6F, + 0x11,0xA6,0x72,0x06,0x53,0x1F,0xB7,0xD7, + 0xF0,0xDF,0xF5,0x94,0x13,0x14,0x5E,0x69, + 0x73,0xC4,0x50,0x01,0xD0,0x08,0x7B,0x42, + 0xD1,0x1B,0xC6,0x45,0x41,0x3A,0xEF,0xF6, + 0x3A,0x42,0x39,0x1A,0x39,0x14,0x5A,0x59, + 0x1A,0x92,0x20,0x0D,0x56,0x01,0x95,0xE5, + 0x3B,0x47,0x85,0x84,0xFD,0xAE,0x23,0x1A }; + +unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = { + 0x4E,0x24,0x48,0xA4,0xC6,0xF4,0x86,0xBB, + 0x16,0xB6,0x56,0x2C,0x73,0xB4,0x02,0x0B, + 0xF3,0x04,0x3E,0x3A,0x73,0x1B,0xCE,0x72, + 0x1A,0xE1,0xB3,0x03,0xD9,0x7E,0x6D,0x4C, + 0x71,0x81,0xEE,0xBD,0xB6,0xC5,0x7E,0x27, + 0x7D,0x0E,0x34,0x95,0x71,0x14,0xCB,0xD6, + 0xC7,0x97,0xFC,0x9D,0x95,0xD8,0xB5,0x82, + 0xD2,0x25,0x29,0x20,0x76,0xD4,0xEE,0xF5 }; + +unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = { + 0x37,0x8C,0x84,0xA4,0x12,0x6E,0x2D,0xC6, + 0xE5,0x6D,0xCC,0x74,0x58,0x37,0x7A,0xAC, + 0x83,0x8D,0x00,0x03,0x22,0x30,0xF5,0x3C, + 0xE1,0xF5,0x70,0x0C,0x0F,0xFB,0x4D,0x3B, + 0x84,0x21,0x55,0x76,0x59,0xEF,0x55,0xC1, + 0x06,0xB4,0xB5,0x2A,0xC5,0xA4,0xAA,0xA6, + 0x92,0xED,0x92,0x00,0x52,0x83,0x8F,0x33, + 0x62,0xE8,0x6D,0xBD,0x37,0xA8,0x90,0x3E }; + +unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = { + 0xF1,0xD7,0x54,0x66,0x26,0x36,0xFF,0xE9, + 0x2C,0x82,0xEB,0xB9,0x21,0x2A,0x48,0x4A, + 0x8D,0x38,0x63,0x1E,0xAD,0x42,0x38,0xF5, + 0x44,0x2E,0xE1,0x3B,0x80,0x54,0xE4,0x1B, + 0x08,0xBF,0x2A,0x92,0x51,0xC3,0x0B,0x6A, + 0x0B,0x8A,0xAE,0x86,0x17,0x7A,0xB4,0xA6, + 0xF6,0x8F,0x67,0x3E,0x72,0x07,0x86,0x5D, + 0x5D,0x98,0x19,0xA3,0xDB,0xA4,0xEB,0x3B }; + +unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = { + 0xDC,0x37,0xE0,0x08,0xCF,0x9E,0xE6,0x9B, + 0xF1,0x1F,0x00,0xED,0x9A,0xBA,0x26,0x90, + 0x1D,0xD7,0xC2,0x8C,0xDE,0xC0,0x66,0xCC, + 0x6A,0xF4,0x2E,0x40,0xF8,0x2F,0x3A,0x1E, + 0x08,0xEB,0xA2,0x66,0x29,0x12,0x9D,0x8F, + 0xB7,0xCB,0x57,0x21,0x1B,0x92,0x81,0xA6, + 0x55,0x17,0xCC,0x87,0x9D,0x7B,0x96,0x21, + 0x42,0xC6,0x5F,0x5A,0x7A,0xF0,0x14,0x67 }; + +unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = { + 0x46,0x6E,0xF1,0x8B,0xAB,0xB0,0x15,0x4D, + 0x25,0xB9,0xD3,0x8A,0x64,0x14,0xF5,0xC0, + 0x87,0x84,0x37,0x2B,0xCC,0xB2,0x04,0xD6, + 0x54,0x9C,0x4A,0xFA,0xDB,0x60,0x14,0x29, + 0x4D,0x5B,0xD8,0xDF,0x2A,0x6C,0x44,0xE5, + 0x38,0xCD,0x04,0x7B,0x26,0x81,0xA5,0x1A, + 0x2C,0x60,0x48,0x1E,0x88,0xC5,0xA2,0x0B, + 0x2C,0x2A,0x80,0xCF,0x3A,0x9A,0x08,0x3B }; + +unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = { + 0x2A,0x98,0x7E,0xA4,0x0F,0x91,0x70,0x61, + 0xF5,0xD6,0xF0,0xA0,0xE4,0x64,0x4F,0x48, + 0x8A,0x7A,0x5A,0x52,0xDE,0xEE,0x65,0x62, + 0x07,0xC5,0x62,0xF9,0x88,0xE9,0x5C,0x69, + 0x16,0xBD,0xC8,0x03,0x1B,0xC5,0xBE,0x1B, + 0x7B,0x94,0x76,0x39,0xFE,0x05,0x0B,0x56, + 0x93,0x9B,0xAA,0xA0,0xAD,0xFF,0x9A,0xE6, + 0x74,0x5B,0x7B,0x18,0x1C,0x3B,0xE3,0xFD }; + +unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = { + 0x0C,0x99,0x00,0x5B,0xEB,0x57,0xEF,0xF5, + 0x0A,0x7C,0xF0,0x05,0x56,0x0D,0xDF,0x5D, + 0x29,0x05,0x7F,0xD8,0x6B,0x20,0xBF,0xD6, + 0x2D,0xEC,0xA0,0xF1,0xCC,0xEA,0x4A,0xF5, + 0x1F,0xC1,0x54,0x90,0xED,0xDC,0x47,0xAF, + 0x32,0xBB,0x2B,0x66,0xC3,0x4F,0xF9,0xAD, + 0x8C,0x60,0x08,0xAD,0x67,0x7F,0x77,0x12, + 0x69,0x53,0xB2,0x26,0xE4,0xED,0x8B,0x01 }; + +int main (int argc,char *argv[]) +{ unsigned char md[WHIRLPOOL_DIGEST_LENGTH]; + int i; + WHIRLPOOL_CTX ctx; + +#ifdef OPENSSL_IA32_SSE2 + /* Alternative to this is to call OpenSSL_add_all_algorithms... + * The below code is retained exclusively for debugging purposes. */ + { char *env; + + if ((env=getenv("OPENSSL_ia32cap"))) + OPENSSL_ia32cap = strtoul (env,NULL,0); + } +#endif + + fprintf(stdout,"Testing Whirlpool "); + + WHIRLPOOL("",0,md); + if (memcmp(md,iso_test_1,sizeof(iso_test_1))) + { fflush(stdout); + fprintf(stderr,"\nTEST 1 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("a",1,md); + if (memcmp(md,iso_test_2,sizeof(iso_test_2))) + { fflush(stdout); + fprintf(stderr,"\nTEST 2 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("abc",3,md); + if (memcmp(md,iso_test_3,sizeof(iso_test_3))) + { fflush(stdout); + fprintf(stderr,"\nTEST 3 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("message digest",14,md); + if (memcmp(md,iso_test_4,sizeof(iso_test_4))) + { fflush(stdout); + fprintf(stderr,"\nTEST 4 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("abcdefghijklmnopqrstuvwxyz",26,md); + if (memcmp(md,iso_test_5,sizeof(iso_test_5))) + { fflush(stdout); + fprintf(stderr,"\nTEST 5 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL( "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789",62,md); + if (memcmp(md,iso_test_6,sizeof(iso_test_6))) + { fflush(stdout); + fprintf(stderr,"\nTEST 6 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL( "1234567890""1234567890""1234567890""1234567890" + "1234567890""1234567890""1234567890""1234567890",80,md); + if (memcmp(md,iso_test_7,sizeof(iso_test_7))) + { fflush(stdout); + fprintf(stderr,"\nTEST 7 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL("abcdbcdecdefdefgefghfghighijhijk",32,md); + if (memcmp(md,iso_test_8,sizeof(iso_test_8))) + { fflush(stdout); + fprintf(stderr,"\nTEST 8 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + WHIRLPOOL_Init (&ctx); + for (i=0;i<1000000;i+=288) + WHIRLPOOL_Update (&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" + "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", + (1000000-i)<288?1000000-i:288); + WHIRLPOOL_Final (md,&ctx); + if (memcmp(md,iso_test_9,sizeof(iso_test_9))) + { fflush(stdout); + fprintf(stderr,"\nTEST 9 of 9 failed.\n"); + return 1; + } + else + fprintf(stdout,"."); fflush(stdout); + + fprintf(stdout," passed.\n"); fflush(stdout); + + return 0; +} +#endif diff --git a/lib/libssl/src/crypto/x509/Makefile b/lib/libssl/src/crypto/x509/Makefile index 464752b159a..72c82278f43 100644 --- a/lib/libssl/src/crypto/x509/Makefile +++ b/lib/libssl/src/crypto/x509/Makefile @@ -43,12 +43,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO links: @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @@ -89,37 +89,35 @@ by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h -by_dir.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -by_dir.o: ../cryptlib.h by_dir.c +by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c by_file.o: ../../e_os.h ../../include/openssl/asn1.h by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -by_file.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -by_file.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c +by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_file.o: ../cryptlib.h by_file.c x509_att.o: ../../e_os.h ../../include/openssl/asn1.h x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_att.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_att.o: ../../include/openssl/opensslconf.h +x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -132,9 +130,8 @@ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_cmp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_cmp.o: ../../include/openssl/opensslconf.h +x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -146,22 +143,22 @@ x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c +x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_d2.o: ../cryptlib.h x509_d2.c x509_def.o: ../../e_os.h ../../include/openssl/asn1.h x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_def.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_def.o: ../../include/openssl/opensslconf.h x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -172,9 +169,8 @@ x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_err.o: ../../include/openssl/opensslconf.h +x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -186,9 +182,8 @@ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_ext.o: ../../include/openssl/opensslconf.h +x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -201,22 +196,22 @@ x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_lu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c +x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_lu.o: ../cryptlib.h x509_lu.c x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_obj.o: ../../include/openssl/opensslconf.h x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -228,21 +223,20 @@ x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_r2x.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_r2x.o: ../../include/openssl/opensslconf.h +x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c x509_req.o: ../../e_os.h ../../include/openssl/asn1.h -x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +x509_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +x509_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_req.o: ../../include/openssl/opensslconf.h x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -256,9 +250,9 @@ x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_set.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_set.o: ../../include/openssl/opensslconf.h x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -270,9 +264,8 @@ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_trs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_trs.o: ../../include/openssl/opensslconf.h +x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -284,9 +277,9 @@ x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_txt.o: ../../include/openssl/opensslconf.h x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -298,23 +291,22 @@ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_v3.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c +x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_v3.o: ../cryptlib.h x509_v3.c x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vfy.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_vfy.o: ../../include/openssl/opensslconf.h +x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -327,9 +319,8 @@ x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vpm.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_vpm.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_vpm.o: ../../include/openssl/opensslconf.h +x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -341,9 +332,9 @@ x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509cset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509cset.o: ../../include/openssl/opensslconf.h x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -354,9 +345,9 @@ x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509name.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509name.o: ../../include/openssl/opensslconf.h x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -367,9 +358,9 @@ x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509rset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509rset.o: ../../include/openssl/opensslconf.h x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -380,9 +371,9 @@ x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509spki.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509spki.o: ../../include/openssl/opensslconf.h x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -393,9 +384,9 @@ x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509type.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509type.o: ../../include/openssl/opensslconf.h x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -406,12 +397,11 @@ x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_all.o: ../cryptlib.h x_all.c +x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c diff --git a/lib/libssl/src/crypto/x509/x509_vpm.c b/lib/libssl/src/crypto/x509/x509_vpm.c index 2b06718aec2..dfd89d89faf 100644 --- a/lib/libssl/src/crypto/x509/x509_vpm.c +++ b/lib/libssl/src/crypto/x509/x509_vpm.c @@ -74,6 +74,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) param->name = NULL; param->purpose = 0; param->trust = 0; + /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ param->inh_flags = 0; param->flags = 0; param->depth = -1; @@ -198,8 +199,12 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from) { + unsigned long save_flags = to->inh_flags; + int ret; to->inh_flags |= X509_VP_FLAG_DEFAULT; - return X509_VERIFY_PARAM_inherit(to, from); + ret = X509_VERIFY_PARAM_inherit(to, from); + to->inh_flags = save_flags; + return ret; } int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) @@ -324,7 +329,7 @@ static const X509_VERIFY_PARAM default_table[] = { NULL /* policies */ }, { - "pkcs7", /* S/MIME signing parameters */ + "pkcs7", /* S/MIME sign parameters */ 0, /* Check time */ 0, /* internal flags */ 0, /* flags */ @@ -334,7 +339,7 @@ static const X509_VERIFY_PARAM default_table[] = { NULL /* policies */ }, { - "smime_sign", /* S/MIME signing parameters */ + "smime_sign", /* S/MIME sign parameters */ 0, /* Check time */ 0, /* internal flags */ 0, /* flags */ @@ -366,12 +371,17 @@ static const X509_VERIFY_PARAM default_table[] = { static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; -static int table_cmp(const void *pa, const void *pb) +static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b) + { - const X509_VERIFY_PARAM *a = pa, *b = pb; return strcmp(a->name, b->name); } +DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, + table); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, + table); + static int param_cmp(const X509_VERIFY_PARAM * const *a, const X509_VERIFY_PARAM * const *b) { @@ -407,6 +417,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) { int idx; X509_VERIFY_PARAM pm; + pm.name = (char *)name; if (param_table) { @@ -414,11 +425,8 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) if (idx != -1) return sk_X509_VERIFY_PARAM_value(param_table, idx); } - return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm, - (char *)&default_table, - sizeof(default_table)/sizeof(X509_VERIFY_PARAM), - sizeof(X509_VERIFY_PARAM), - table_cmp); + return OBJ_bsearch_table(&pm, default_table, + sizeof(default_table)/sizeof(X509_VERIFY_PARAM)); } void X509_VERIFY_PARAM_table_cleanup(void) diff --git a/lib/libssl/src/crypto/x509v3/Makefile b/lib/libssl/src/crypto/x509v3/Makefile index e71dc42f9f7..556ef351bf8 100644 --- a/lib/libssl/src/crypto/x509v3/Makefile +++ b/lib/libssl/src/crypto/x509v3/Makefile @@ -43,7 +43,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -90,8 +90,8 @@ pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_cache.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_cache.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_cache.o: ../../include/openssl/objects.h pcy_cache.o: ../../include/openssl/opensslconf.h pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -105,9 +105,8 @@ pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_data.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_data.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_data.o: ../../include/openssl/opensslconf.h +pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -120,36 +119,35 @@ pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pcy_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pcy_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pcy_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcy_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pcy_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_lib.c +pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_map.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_map.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_map.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pcy_map.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pcy_map.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pcy_map.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcy_map.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pcy_map.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_map.c +pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -pcy_node.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_node.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_node.o: ../../include/openssl/opensslconf.h +pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -162,9 +160,8 @@ pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_tree.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_tree.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_tree.o: ../../include/openssl/opensslconf.h +pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -177,39 +174,37 @@ v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_addr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_addr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_addr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_addr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_addr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_addr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_addr.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_addr.o: ../cryptlib.h v3_addr.c +v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_akey.o: ../cryptlib.h v3_akey.c +v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_akeya.o: ../../include/openssl/opensslconf.h v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -221,15 +216,14 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_alt.o: ../cryptlib.h v3_alt.c +v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -237,23 +231,23 @@ v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_asid.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_asid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_asid.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_asid.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_asid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_asid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_asid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_asid.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_asid.c +v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_asid.o: ../cryptlib.h v3_asid.c v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_bcons.o: ../../include/openssl/opensslconf.h v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -266,9 +260,8 @@ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_bitst.o: ../../include/openssl/opensslconf.h +v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -281,23 +274,23 @@ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_conf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c +v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_conf.o: ../cryptlib.h v3_conf.c v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_cpols.o: ../../include/openssl/opensslconf.h v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -310,38 +303,37 @@ v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_crld.o: ../cryptlib.h v3_crld.c +v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_enum.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c +v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_enum.o: ../cryptlib.h v3_enum.c v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_extku.o: ../../include/openssl/opensslconf.h v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -354,81 +346,76 @@ v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_genn.o: ../cryptlib.h v3_genn.c +v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ia5.o: ../cryptlib.h v3_ia5.c +v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c v3_info.o: ../../e_os.h ../../include/openssl/asn1.h v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_info.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_info.o: ../cryptlib.h v3_info.c +v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_int.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_int.o: ../cryptlib.h v3_int.c +v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c +v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ncons.o: ../../include/openssl/opensslconf.h v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -441,52 +428,49 @@ v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_ocsp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ocsp.o: ../cryptlib.h v3_ocsp.c +v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pci.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pci.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pci.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pci.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pci.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pci.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pci.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pci.o: ../cryptlib.h v3_pci.c +v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pcia.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pcia.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pcia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pcia.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pcia.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pcia.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pcia.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pcia.o: v3_pcia.c +v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcons.o: ../../include/openssl/opensslconf.h v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -499,24 +483,23 @@ v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pku.o: ../cryptlib.h v3_pku.c +v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pmaps.o: ../../include/openssl/opensslconf.h v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -528,52 +511,51 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_prn.o: ../cryptlib.h v3_prn.c +v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_purp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c +v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_purp.o: ../cryptlib.h v3_purp.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c +v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_skey.o: ../cryptlib.h v3_skey.c v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_sxnet.o: ../../include/openssl/opensslconf.h v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -586,25 +568,24 @@ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_utl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c +v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_utl.o: ../cryptlib.h v3_utl.c v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3err.o: v3err.c +v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3err.o: ../../include/openssl/x509v3.h v3err.c diff --git a/lib/libssl/src/crypto/x509v3/pcy_cache.c b/lib/libssl/src/crypto/x509v3/pcy_cache.c index 1030931b713..172b7e7ee4f 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_cache.c +++ b/lib/libssl/src/crypto/x509v3/pcy_cache.c @@ -139,7 +139,6 @@ static int policy_cache_new(X509 *x) return 0; cache->anyPolicy = NULL; cache->data = NULL; - cache->maps = NULL; cache->any_skip = -1; cache->explicit_skip = -1; cache->map_skip = -1; diff --git a/lib/libssl/src/crypto/x509v3/pcy_int.h b/lib/libssl/src/crypto/x509v3/pcy_int.h index 3780de4fcdb..ccff92846e4 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_int.h +++ b/lib/libssl/src/crypto/x509v3/pcy_int.h @@ -56,12 +56,10 @@ * */ -DECLARE_STACK_OF(X509_POLICY_DATA) -DECLARE_STACK_OF(X509_POLICY_REF) -DECLARE_STACK_OF(X509_POLICY_NODE) typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; -typedef struct X509_POLICY_REF_st X509_POLICY_REF; + +DECLARE_STACK_OF(X509_POLICY_DATA) /* Internal structures */ @@ -110,16 +108,6 @@ struct X509_POLICY_DATA_st #define POLICY_DATA_FLAG_CRITICAL 0x10 -/* This structure is an entry from a table of mapped policies which - * cross reference the policy it refers to. - */ - -struct X509_POLICY_REF_st - { - ASN1_OBJECT *subjectDomainPolicy; - const X509_POLICY_DATA *data; - }; - /* This structure is cached with a certificate */ struct X509_POLICY_CACHE_st { @@ -127,8 +115,6 @@ struct X509_POLICY_CACHE_st { X509_POLICY_DATA *anyPolicy; /* other policy data */ STACK_OF(X509_POLICY_DATA) *data; - /* If policyMappings extension present a table of mapped policies */ - STACK_OF(X509_POLICY_REF) *maps; /* If InhibitAnyPolicy present this is its value or -1 if absent. */ long any_skip; /* If policyConstraints and requireExplicitPolicy present this is its @@ -193,7 +179,7 @@ struct X509_POLICY_TREE_st /* Internal functions */ -X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, +X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, int crit); void policy_data_free(X509_POLICY_DATA *data); @@ -209,15 +195,18 @@ void policy_cache_init(void); void policy_cache_free(X509_POLICY_CACHE *cache); X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + const X509_POLICY_NODE *parent, const ASN1_OBJECT *id); X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, const ASN1_OBJECT *id); X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree); void policy_node_free(X509_POLICY_NODE *node); +int policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); const X509_POLICY_CACHE *policy_cache_set(X509 *x); diff --git a/lib/libssl/src/crypto/x509v3/pcy_map.c b/lib/libssl/src/crypto/x509v3/pcy_map.c index f28796e6d4e..21163b529d4 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_map.c +++ b/lib/libssl/src/crypto/x509v3/pcy_map.c @@ -62,31 +62,6 @@ #include "pcy_int.h" -static int ref_cmp(const X509_POLICY_REF * const *a, - const X509_POLICY_REF * const *b) - { - return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); - } - -static void policy_map_free(X509_POLICY_REF *map) - { - if (map->subjectDomainPolicy) - ASN1_OBJECT_free(map->subjectDomainPolicy); - OPENSSL_free(map); - } - -static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id) - { - X509_POLICY_REF tmp; - int idx; - tmp.subjectDomainPolicy = id; - - idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); - if (idx == -1) - return NULL; - return sk_X509_POLICY_REF_value(cache->maps, idx); - } - /* Set policy mapping entries in cache. * Note: this modifies the passed POLICY_MAPPINGS structure */ @@ -94,7 +69,6 @@ static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *i int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) { POLICY_MAPPING *map; - X509_POLICY_REF *ref = NULL; X509_POLICY_DATA *data; X509_POLICY_CACHE *cache = x->policy_cache; int i; @@ -104,7 +78,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) ret = -1; goto bad_mapping; } - cache->maps = sk_X509_POLICY_REF_new(ref_cmp); for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) { map = sk_POLICY_MAPPING_value(maps, i); @@ -116,13 +89,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) goto bad_mapping; } - /* If we've already mapped from this OID bad mapping */ - if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) - { - ret = -1; - goto bad_mapping; - } - /* Attempt to find matching policy data */ data = policy_cache_find_data(cache, map->issuerDomainPolicy); /* If we don't have anyPolicy can't map */ @@ -138,7 +104,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) if (!data) goto bad_mapping; data->qualifier_set = cache->anyPolicy->qualifier_set; - map->issuerDomainPolicy = NULL; + /*map->issuerDomainPolicy = NULL;*/ data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; if (!sk_X509_POLICY_DATA_push(cache->data, data)) @@ -149,23 +115,10 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) } else data->flags |= POLICY_DATA_FLAG_MAPPED; - if (!sk_ASN1_OBJECT_push(data->expected_policy_set, map->subjectDomainPolicy)) goto bad_mapping; - - ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); - if (!ref) - goto bad_mapping; - - ref->subjectDomainPolicy = map->subjectDomainPolicy; map->subjectDomainPolicy = NULL; - ref->data = data; - - if (!sk_X509_POLICY_REF_push(cache->maps, ref)) - goto bad_mapping; - - ref = NULL; } @@ -173,13 +126,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) bad_mapping: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; - if (ref) - policy_map_free(ref); - if (ret <= 0) - { - sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); - cache->maps = NULL; - } sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); return ret; diff --git a/lib/libssl/src/crypto/x509v3/pcy_node.c b/lib/libssl/src/crypto/x509v3/pcy_node.c index 6587cb05aba..bd1e7f1ae8b 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_node.c +++ b/lib/libssl/src/crypto/x509v3/pcy_node.c @@ -92,13 +92,25 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, } X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + const X509_POLICY_NODE *parent, const ASN1_OBJECT *id) { - return tree_find_sk(level->nodes, id); + X509_POLICY_NODE *node; + int i; + for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) + { + node = sk_X509_POLICY_NODE_value(level->nodes, i); + if (node->parent == parent) + { + if (!OBJ_cmp(node->data->valid_policy, id)) + return node; + } + } + return NULL; } X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, - X509_POLICY_DATA *data, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, X509_POLICY_TREE *tree) { @@ -155,4 +167,31 @@ void policy_node_free(X509_POLICY_NODE *node) OPENSSL_free(node); } +/* See if a policy node matches a policy OID. If mapping enabled look through + * expected policy set otherwise just valid policy. + */ + +int policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid) + { + int i; + ASN1_OBJECT *policy_oid; + const X509_POLICY_DATA *x = node->data; + + if ( (lvl->flags & X509_V_FLAG_INHIBIT_MAP) + || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) + { + if (!OBJ_cmp(x->valid_policy, oid)) + return 1; + return 0; + } + + for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) + { + policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i); + if (!OBJ_cmp(policy_oid, oid)) + return 1; + } + return 0; + } diff --git a/lib/libssl/src/crypto/x509v3/v3_ncons.c b/lib/libssl/src/crypto/x509v3/v3_ncons.c index 4e706be3e1c..689df46acdc 100644 --- a/lib/libssl/src/crypto/x509v3/v3_ncons.c +++ b/lib/libssl/src/crypto/x509v3/v3_ncons.c @@ -63,15 +63,22 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, +static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind); -static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name); +static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name); static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); +static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); +static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); +static int nc_dn(X509_NAME *sub, X509_NAME *nm); +static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); +static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); +static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); + const X509V3_EXT_METHOD v3_name_constraints = { NID_name_constraints, 0, ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -99,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) -static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { int i; CONF_VALUE tval, *val; @@ -155,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, -static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *a, BIO *bp, int ind) +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + BIO *bp, int ind) { NAME_CONSTRAINTS *ncons = a; do_i2r_name_constraints(method, ncons->permittedSubtrees, @@ -166,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, return 1; } -static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, - STACK_OF(GENERAL_SUBTREE) *trees, - BIO *bp, int ind, char *name) +static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name) { GENERAL_SUBTREE *tree; int i; @@ -218,3 +225,282 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) return 1; } +/* Check a certificate conforms to a specified set of constraints. + * Return values: + * X509_V_OK: All constraints obeyed. + * X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation. + * X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation. + * X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type. + * X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type. + * X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax. + * X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name + + */ + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) + { + int r, i; + X509_NAME *nm; + + nm = X509_get_subject_name(x); + + if (X509_NAME_entry_count(nm) > 0) + { + GENERAL_NAME gntmp; + gntmp.type = GEN_DIRNAME; + gntmp.d.directoryName = nm; + + r = nc_match(&gntmp, nc); + + if (r != X509_V_OK) + return r; + + gntmp.type = GEN_EMAIL; + + + /* Process any email address attributes in subject name */ + + for (i = -1;;) + { + X509_NAME_ENTRY *ne; + i = X509_NAME_get_index_by_NID(nm, + NID_pkcs9_emailAddress, + i); + if (i == -1) + break; + ne = X509_NAME_get_entry(nm, i); + gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne); + if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + r = nc_match(&gntmp, nc); + + if (r != X509_V_OK) + return r; + } + + } + + for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) + { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i); + r = nc_match(gen, nc); + if (r != X509_V_OK) + return r; + } + + return X509_V_OK; + + } + +static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + { + GENERAL_SUBTREE *sub; + int i, r, match = 0; + + /* Permitted subtrees: if any subtrees exist of matching the type + * at least one subtree must match. + */ + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) + { + sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); + if (gen->type != sub->base->type) + continue; + if (sub->minimum || sub->maximum) + return X509_V_ERR_SUBTREE_MINMAX; + /* If we already have a match don't bother trying any more */ + if (match == 2) + continue; + if (match == 0) + match = 1; + r = nc_match_single(gen, sub->base); + if (r == X509_V_OK) + match = 2; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) + return r; + } + + if (match == 1) + return X509_V_ERR_PERMITTED_VIOLATION; + + /* Excluded subtrees: must not match any of these */ + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) + { + sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); + if (gen->type != sub->base->type) + continue; + if (sub->minimum || sub->maximum) + return X509_V_ERR_SUBTREE_MINMAX; + + r = nc_match_single(gen, sub->base); + if (r == X509_V_OK) + return X509_V_ERR_EXCLUDED_VIOLATION; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) + return r; + + } + + return X509_V_OK; + + } + +static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) + { + switch(base->type) + { + case GEN_DIRNAME: + return nc_dn(gen->d.directoryName, base->d.directoryName); + + case GEN_DNS: + return nc_dns(gen->d.dNSName, base->d.dNSName); + + case GEN_EMAIL: + return nc_email(gen->d.rfc822Name, base->d.rfc822Name); + + case GEN_URI: + return nc_uri(gen->d.uniformResourceIdentifier, + base->d.uniformResourceIdentifier); + + default: + return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; + } + + } + +/* directoryName name constraint matching. + * The canonical encoding of X509_NAME makes this comparison easy. It is + * matched if the subtree is a subset of the name. + */ + +static int nc_dn(X509_NAME *nm, X509_NAME *base) + { + /* Ensure canonical encodings are up to date. */ + if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) + return X509_V_ERR_OUT_OF_MEM; + if (base->modified && i2d_X509_NAME(base, NULL) < 0) + return X509_V_ERR_OUT_OF_MEM; + if (base->canon_enclen > nm->canon_enclen) + return X509_V_ERR_PERMITTED_VIOLATION; + if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) + return X509_V_ERR_PERMITTED_VIOLATION; + return X509_V_OK; + } + +static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) + { + char *baseptr = (char *)base->data; + char *dnsptr = (char *)dns->data; + /* Empty matches everything */ + if (!*baseptr) + return X509_V_OK; + /* Otherwise can add zero or more components on the left so + * compare RHS and if dns is longer and expect '.' as preceding + * character. + */ + if (dns->length > base->length) + { + dnsptr += dns->length - base->length; + if (dnsptr[-1] != '.') + return X509_V_ERR_PERMITTED_VIOLATION; + } + + if (strcasecmp(baseptr, dnsptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; + + } + +static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) + { + const char *baseptr = (char *)base->data; + const char *emlptr = (char *)eml->data; + + const char *baseat = strchr(baseptr, '@'); + const char *emlat = strchr(emlptr, '@'); + if (!emlat) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + /* Special case: inital '.' is RHS match */ + if (!baseat && (*baseptr == '.')) + { + if (eml->length > base->length) + { + emlptr += eml->length - base->length; + if (!strcasecmp(baseptr, emlptr)) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; + } + + /* If we have anything before '@' match local part */ + + if (baseat) + { + if (baseat != baseptr) + { + if ((baseat - baseptr) != (emlat - emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + /* Case sensitive match of local part */ + if (strncmp(baseptr, emlptr, emlat - emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + } + /* Position base after '@' */ + baseptr = baseat + 1; + } + emlptr = emlat + 1; + /* Just have hostname left to match: case insensitive */ + if (strcasecmp(baseptr, emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; + + } + +static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) + { + const char *baseptr = (char *)base->data; + const char *hostptr = (char *)uri->data; + const char *p = strchr(hostptr, ':'); + int hostlen; + /* Check for foo:// and skip past it */ + if (!p || (p[1] != '/') || (p[2] != '/')) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + hostptr = p + 3; + + /* Determine length of hostname part of URI */ + + /* Look for a port indicator as end of hostname first */ + + p = strchr(hostptr, ':'); + /* Otherwise look for trailing slash */ + if (!p) + p = strchr(hostptr, '/'); + + if (!p) + hostlen = strlen(hostptr); + else + hostlen = p - hostptr; + + if (hostlen == 0) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + /* Special case: inital '.' is RHS match */ + if (*baseptr == '.') + { + if (hostlen > base->length) + { + p = hostptr + hostlen - base->length; + if (!strncasecmp(p, baseptr, base->length)) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; + } + + if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; + + } diff --git a/lib/libssl/src/crypto/x509v3/v3_pci.c b/lib/libssl/src/crypto/x509v3/v3_pci.c index 601211f4169..0dcfa004fe2 100644 --- a/lib/libssl/src/crypto/x509v3/v3_pci.c +++ b/lib/libssl/src/crypto/x509v3/v3_pci.c @@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val, { if (*language) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } @@ -97,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val, { if (*pathlen) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } @@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val, unsigned char *tmp_data2 = string_to_hex(val->value + 4, &val_len); - if (!tmp_data2) goto err; + if (!tmp_data2) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); + X509V3_conf_err(val); + goto err; + } tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1); @@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + OPENSSL_free(tmp_data2); + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + OPENSSL_free(tmp_data2); } else if (strncmp(val->value, "file:", 5) == 0) { @@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += n; (*policy)->data[(*policy)->length] = '\0'; } + BIO_free_all(b); if (n < 0) { @@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } } else { diff --git a/lib/libssl/src/crypto/x509v3/v3_pcons.c b/lib/libssl/src/crypto/x509v3/v3_pcons.c index 86c0ff70e6c..30ca6523512 100644 --- a/lib/libssl/src/crypto/x509v3/v3_pcons.c +++ b/lib/libssl/src/crypto/x509v3/v3_pcons.c @@ -64,10 +64,12 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *bcons, STACK_OF(CONF_VALUE) *extlist); -static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); +static STACK_OF(CONF_VALUE) * +i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, + STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values); const X509V3_EXT_METHOD v3_policy_constraints = { NID_policy_constraints, 0, @@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) -static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *extlist) +static STACK_OF(CONF_VALUE) * +i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *extlist) { POLICY_CONSTRAINTS *pcons = a; X509V3_add_value_int("Require Explicit Policy", @@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, return extlist; } -static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { POLICY_CONSTRAINTS *pcons=NULL; CONF_VALUE *val; diff --git a/lib/libssl/src/crypto/x509v3/v3_pmaps.c b/lib/libssl/src/crypto/x509v3/v3_pmaps.c index da03bbc35d3..865bcd39805 100644 --- a/lib/libssl/src/crypto/x509v3/v3_pmaps.c +++ b/lib/libssl/src/crypto/x509v3/v3_pmaps.c @@ -63,10 +63,11 @@ #include <openssl/conf.h> #include <openssl/x509v3.h> -static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - void *pmps, STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) * +i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps, + STACK_OF(CONF_VALUE) *extlist); const X509V3_EXT_METHOD v3_policy_mappings = { NID_policy_mappings, 0, @@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) -static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *ext_list) +static STACK_OF(CONF_VALUE) * +i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *ext_list) { POLICY_MAPPINGS *pmaps = a; POLICY_MAPPING *pmap; @@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, return ext_list; } -static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { POLICY_MAPPINGS *pmaps; POLICY_MAPPING *pmap; diff --git a/lib/libssl/src/crypto/x86cpuid.pl b/lib/libssl/src/crypto/x86cpuid.pl index 4408ef2936e..a7464af19b7 100644 --- a/lib/libssl/src/crypto/x86cpuid.pl +++ b/lib/libssl/src/crypto/x86cpuid.pl @@ -1,6 +1,7 @@ #!/usr/bin/env perl -push(@INC,"perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC, "${dir}perlasm", "perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"x86cpuid"); @@ -22,38 +23,90 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &jnc (&label("done")); &xor ("eax","eax"); &cpuid (); + &mov ("edi","eax"); # max value for standard query level + &xor ("eax","eax"); &cmp ("ebx",0x756e6547); # "Genu" - &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); + &setne (&LB("eax")); &mov ("ebp","eax"); &cmp ("edx",0x49656e69); # "ineI" - &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); + &setne (&LB("eax")); &or ("ebp","eax"); &cmp ("ecx",0x6c65746e); # "ntel" - &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax")); - &or ("ebp","eax"); + &setne (&LB("eax")); + &or ("ebp","eax"); # 0 indicates Intel CPU + &jz (&label("intel")); + + &cmp ("ebx",0x68747541); # "Auth" + &setne (&LB("eax")); + &mov ("esi","eax"); + &cmp ("edx",0x69746E65); # "enti" + &setne (&LB("eax")); + &or ("esi","eax"); + &cmp ("ecx",0x444D4163); # "cAMD" + &setne (&LB("eax")); + &or ("esi","eax"); # 0 indicates AMD CPU + &jnz (&label("intel")); + + # AMD specific + &mov ("eax",0x80000000); + &cpuid (); + &cmp ("eax",0x80000008); + &jb (&label("intel")); + + &mov ("eax",0x80000008); + &cpuid (); + &movz ("esi",&LB("ecx")); # number of cores - 1 + &inc ("esi"); # number of cores + + &mov ("eax",1); + &cpuid (); + &bt ("edx",28); + &jnc (&label("done")); + &shr ("ebx",16); + &and ("ebx",0xff); + &cmp ("ebx","esi"); + &ja (&label("done")); + &and ("edx",0xefffffff); # clear hyper-threading bit + &jmp (&label("done")); + +&set_label("intel"); + &cmp ("edi",4); + &mov ("edi",-1); + &jb (&label("nocacheinfo")); + + &mov ("eax",4); + &mov ("ecx",0); # query L1D + &cpuid (); + &mov ("edi","eax"); + &shr ("edi",14); + &and ("edi",0xfff); # number of cores -1 per L1D + +&set_label("nocacheinfo"); &mov ("eax",1); &cpuid (); &cmp ("ebp",0); &jne (&label("notP4")); - &and ("eax",15<<8); # familiy ID - &cmp ("eax",15<<8); # P4? + &and (&HB("eax"),15); # familiy ID + &cmp (&HB("eax"),15); # P4? &jne (&label("notP4")); &or ("edx",1<<20); # use reserved bit to engage RC4_CHAR &set_label("notP4"); &bt ("edx",28); # test hyper-threading bit &jnc (&label("done")); + &and ("edx",0xefffffff); + &cmp ("edi",0); + &je (&label("done")); + + &or ("edx",0x10000000); &shr ("ebx",16); - &and ("ebx",0xff); - &cmp ("ebx",1); # see if cache is shared(*) + &cmp (&LB("ebx"),1); &ja (&label("done")); &and ("edx",0xefffffff); # clear hyper-threading bit if not &set_label("done"); &mov ("eax","edx"); &mov ("edx","ecx"); &function_end("OPENSSL_ia32_cpuid"); -# (*) on Core2 this value is set to 2 denoting the fact that L2 -# cache is shared between cores. &external_label("OPENSSL_ia32cap_P"); @@ -220,6 +273,40 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } } &function_end_B("OPENSSL_indirect_call"); +&function_begin_B("OPENSSL_cleanse"); + &mov ("edx",&wparam(0)); + &mov ("ecx",&wparam(1)); + &xor ("eax","eax"); + &cmp ("ecx",7); + &jae (&label("lot")); + &cmp ("ecx",0); + &je (&label("ret")); +&set_label("little"); + &mov (&BP(0,"edx"),"al"); + &sub ("ecx",1); + &lea ("edx",&DWP(1,"edx")); + &jnz (&label("little")); +&set_label("ret"); + &ret (); + +&set_label("lot",16); + &test ("edx",3); + &jz (&label("aligned")); + &mov (&BP(0,"edx"),"al"); + &lea ("ecx",&DWP(-1,"ecx")); + &lea ("edx",&DWP(1,"edx")); + &jmp (&label("lot")); +&set_label("aligned"); + &mov (&DWP(0,"edx"),"eax"); + &lea ("ecx",&DWP(-4,"ecx")); + &test ("ecx",-4); + &lea ("edx",&DWP(4,"edx")); + &jnz (&label("aligned")); + &cmp ("ecx",0); + &jne (&label("little")); + &ret (); +&function_end_B("OPENSSL_cleanse"); + &initseg("OPENSSL_cpuid_setup"); &asm_finish(); diff --git a/lib/libssl/src/demos/cms/cacert.pem b/lib/libssl/src/demos/cms/cacert.pem new file mode 100644 index 00000000000..75cbb347aaa --- /dev/null +++ b/lib/libssl/src/demos/cms/cacert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3 +WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD +aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN +RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz +i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR +ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT +jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx +CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B +SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD +VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB +ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc +G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo +u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF +1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw== +-----END CERTIFICATE----- diff --git a/lib/libssl/src/demos/cms/cakey.pem b/lib/libssl/src/demos/cms/cakey.pem new file mode 100644 index 00000000000..3b53c5e8175 --- /dev/null +++ b/lib/libssl/src/demos/cms/cakey.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd +c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3 +dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB +AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5 +HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs +tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS +rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18 +9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u +jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is +uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU ++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP +wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW +8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg== +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/src/demos/cms/cms_comp.c b/lib/libssl/src/demos/cms/cms_comp.c new file mode 100644 index 00000000000..b7943e813b3 --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_comp.c @@ -0,0 +1,61 @@ +/* Simple S/MIME compress example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* + * On OpenSSL 0.9.9 only: + * for streaming set CMS_STREAM + */ + int flags = CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Open content being compressed */ + + in = BIO_new_file("comp.txt", "r"); + + if (!in) + goto err; + + /* compress content */ + cms = CMS_compress(in, NID_zlib_compression, flags); + + if (!cms) + goto err; + + out = BIO_new_file("smcomp.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Compressing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (in) + BIO_free(in); + if (out) + BIO_free(out); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/cms_ddec.c b/lib/libssl/src/demos/cms/cms_ddec.c new file mode 100644 index 00000000000..ba68cfdf764 --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_ddec.c @@ -0,0 +1,89 @@ +/* S/MIME detached data decrypt example: rarely done but + * should the need arise this is an example.... + */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open PEM file containing enveloped data */ + + in = BIO_new_file("smencr.pem", "r"); + + if (!in) + goto err; + + /* Parse PEM content */ + cms = PEM_read_bio_CMS(in, NULL, 0, NULL); + + if (!cms) + goto err; + + /* Open file containing detached content */ + dcont = BIO_new_file("smencr.out", "rb"); + + if (!in) + goto err; + + out = BIO_new_file("encrout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Decrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (rkey) + EVP_PKEY_free(rkey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + if (dcont) + BIO_free(dcont); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/cms_dec.c b/lib/libssl/src/demos/cms/cms_dec.c new file mode 100644 index 00000000000..7ddf653269a --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_dec.c @@ -0,0 +1,79 @@ +/* Simple S/MIME decryption example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open S/MIME message to decrypt */ + + in = BIO_new_file("smencr.txt", "r"); + + if (!in) + goto err; + + /* Parse message */ + cms = SMIME_read_CMS(in, NULL); + + if (!cms) + goto err; + + out = BIO_new_file("decout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!CMS_decrypt(cms, rkey, rcert, out, NULL, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Decrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (rkey) + EVP_PKEY_free(rkey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/cms_denc.c b/lib/libssl/src/demos/cms/cms_denc.c new file mode 100644 index 00000000000..9265e47bf95 --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_denc.c @@ -0,0 +1,97 @@ +/* S/MIME detached data encrypt example: rarely done but + * should the need arise this is an example.... + */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + int flags = CMS_STREAM|CMS_DETACHED; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* sk_X509_pop_free will free up recipient STACK and its contents + * so set rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + dout = BIO_new_file("smencr.out", "wb"); + + if (!in) + goto err; + + /* encrypt content */ + cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!cms) + goto err; + + out = BIO_new_file("smencr.pem", "w"); + if (!out) + goto err; + + if (!CMS_final(cms, in, dout, flags)) + goto err; + + /* Write out CMS structure without content */ + if (!PEM_write_bio_CMS(out, cms)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (recips) + sk_X509_pop_free(recips, X509_free); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (dout) + BIO_free(dout); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/cms_enc.c b/lib/libssl/src/demos/cms/cms_enc.c new file mode 100644 index 00000000000..916b479d3c6 --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_enc.c @@ -0,0 +1,92 @@ +/* Simple S/MIME encrypt example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* + * On OpenSSL 1.0.0 and later only: + * for streaming set CMS_STREAM + */ + int flags = CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* sk_X509_pop_free will free up recipient STACK and its contents + * so set rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + if (!in) + goto err; + + /* encrypt content */ + cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!cms) + goto err; + + out = BIO_new_file("smencr.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (recips) + sk_X509_pop_free(recips, X509_free); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/cms_sign.c b/lib/libssl/src/demos/cms/cms_sign.c new file mode 100644 index 00000000000..42f762034b7 --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_sign.c @@ -0,0 +1,89 @@ +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL; + EVP_PKEY *skey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* For simple S/MIME signing use CMS_DETACHED. + * On OpenSSL 0.9.9 only: + * for streaming detached set CMS_DETACHED|CMS_STREAM + * for streaming non-detached set CMS_STREAM + */ + int flags = CMS_DETACHED|CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert || !skey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + cms = CMS_sign(scert, skey, NULL, in, flags); + + if (!cms) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + if (!(flags & CMS_STREAM)) + BIO_reset(in); + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (scert) + X509_free(scert); + if (skey) + EVP_PKEY_free(skey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/cms_sign2.c b/lib/libssl/src/demos/cms/cms_sign2.c new file mode 100644 index 00000000000..36adee73041 --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_sign2.c @@ -0,0 +1,103 @@ +/* S/MIME signing example: 2 signers */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL, *scert2 = NULL; + EVP_PKEY *skey = NULL, *skey2 = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + BIO_free(tbio); + + tbio = BIO_new_file("signer2.pem", "r"); + + if (!tbio) + goto err; + + scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert2 || !skey2) + goto err; + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM|CMS_PARTIAL); + + if (!cms) + goto err; + + /* Add each signer in turn */ + + if (!CMS_add1_signer(cms, scert, skey, NULL, 0)) + goto err; + + if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0)) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + /* NB: content included and finalized by SMIME_write_CMS */ + + if (!SMIME_write_CMS(out, cms, in, CMS_STREAM)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + + if (scert) + X509_free(scert); + if (skey) + EVP_PKEY_free(skey); + + if (scert2) + X509_free(scert2); + if (skey) + EVP_PKEY_free(skey2); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/cms_uncomp.c b/lib/libssl/src/demos/cms/cms_uncomp.c new file mode 100644 index 00000000000..f15ae2f1327 --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_uncomp.c @@ -0,0 +1,56 @@ +/* Simple S/MIME uncompression example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Open compressed content */ + + in = BIO_new_file("smcomp.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + cms = SMIME_read_CMS(in, NULL); + + if (!cms) + goto err; + + out = BIO_new_file("smuncomp.txt", "w"); + if (!out) + goto err; + + /* Uncompress S/MIME message */ + if (!CMS_uncompress(cms, out, NULL, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Uncompressing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/cms_ver.c b/lib/libssl/src/demos/cms/cms_ver.c new file mode 100644 index 00000000000..bf1145ed8be --- /dev/null +++ b/lib/libssl/src/demos/cms/cms_ver.c @@ -0,0 +1,87 @@ +/* Simple S/MIME verification example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL; + X509_STORE *st = NULL; + X509 *cacert = NULL; + CMS_ContentInfo *cms = NULL; + + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Set up trusted CA certificate store */ + + st = X509_STORE_new(); + + /* Read in CA certificate */ + tbio = BIO_new_file("cacert.pem", "r"); + + if (!tbio) + goto err; + + cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!cacert) + goto err; + + if (!X509_STORE_add_cert(st, cacert)) + goto err; + + /* Open message being verified */ + + in = BIO_new_file("smout.txt", "r"); + + if (!in) + goto err; + + /* parse message */ + cms = SMIME_read_CMS(in, &cont); + + if (!cms) + goto err; + + /* File to output verified content to */ + out = BIO_new_file("smver.txt", "w"); + if (!out) + goto err; + + if (!CMS_verify(cms, NULL, st, cont, out, 0)) + { + fprintf(stderr, "Verification Failure\n"); + goto err; + } + + fprintf(stderr, "Verification Successful\n"); + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Verifying Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + + if (cacert) + X509_free(cacert); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/demos/cms/comp.txt b/lib/libssl/src/demos/cms/comp.txt new file mode 100644 index 00000000000..1672328e773 --- /dev/null +++ b/lib/libssl/src/demos/cms/comp.txt @@ -0,0 +1,22 @@ +Content-type: text/plain + +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed diff --git a/lib/libssl/src/demos/cms/encr.txt b/lib/libssl/src/demos/cms/encr.txt new file mode 100644 index 00000000000..0eceb407b53 --- /dev/null +++ b/lib/libssl/src/demos/cms/encr.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Sample OpenSSL Data for CMS encryption diff --git a/lib/libssl/src/demos/cms/sign.txt b/lib/libssl/src/demos/cms/sign.txt new file mode 100644 index 00000000000..c3f9d73d65e --- /dev/null +++ b/lib/libssl/src/demos/cms/sign.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Test OpenSSL CMS Signed Content diff --git a/lib/libssl/src/demos/cms/signer.pem b/lib/libssl/src/demos/cms/signer.pem new file mode 100644 index 00000000000..bac16ba9636 --- /dev/null +++ b/lib/libssl/src/demos/cms/signer.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3 +WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT +TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl +bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz +jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L +ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y +gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI +AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW +BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 +2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX +MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn ++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv +lDiQlgX0JtmLgA== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm +1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH +Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB +AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG +mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o +wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx +04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55 +qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc +YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY +sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4 +4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid +7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5 +xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw= +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/src/demos/cms/signer2.pem b/lib/libssl/src/demos/cms/signer2.pem new file mode 100644 index 00000000000..25e23d131af --- /dev/null +++ b/lib/libssl/src/demos/cms/signer2.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0 +WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT +TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl +bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ +jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW +ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW +GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI +AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW +BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 +2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X +h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4 +aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR +2aX6rl2JEuJ5Yg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM +nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f +nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB +AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF +6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2 +CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf +m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX +2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr +upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4 +ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL +SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk +gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX +pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A= +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/src/demos/engines/rsaref/build.com b/lib/libssl/src/demos/engines/rsaref/build.com index b9569129161..72b013d45e6 100644 --- a/lib/libssl/src/demos/engines/rsaref/build.com +++ b/lib/libssl/src/demos/engines/rsaref/build.com @@ -7,6 +7,14 @@ $ write sys$error "RSAref 2.0 hasn't been properly extracted." $ exit $ endif $ +$ if (f$getsyi("cpu").lt.128) +$ then +$ arch := vax +$ else +$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$ $ _save_default = f$environment("default") $ set default [.install] $ files := desc,digit,md2c,md5c,nn,prime,- @@ -29,14 +37,8 @@ $ set default [-] $ define/user openssl [---.include.openssl] $ cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c $ -$ if f$getsyi("CPU") .ge. 128 +$ if arch .eqs. "VAX" $ then -$ link/share=librsaref.exe sys$input:/option -[]rsaref.obj -[.install]rsaref.olb/lib -[---.axp.exe.crypto]libcrypto.olb/lib -symbol_vector=(bind_engine=procedure,v_check=procedure) -$ else $ macro/object=rsaref_vec.obj sys$input: ; ; Transfer vector for VAX shareable image @@ -80,6 +82,24 @@ PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT []rsaref.obj [.install]rsaref.olb/lib [---.vax.exe.crypto]libcrypto.olb/lib +$ else +$ if arch_name .eqs. "ALPHA" +$ then +$ link/share=librsaref.exe sys$input:/option +[]rsaref.obj +[.install]rsaref.olb/lib +[---.alpha.exe.crypto]libcrypto.olb/lib +symbol_vector=(bind_engine=procedure,v_check=procedure) +$ else +$ if arch_name .eqs. "IA64" +$ then +$ link /shareable=librsaref.exe sys$input: /options +[]rsaref.obj +[.install]rsaref.olb/lib +[---.ia64.exe.crypto]libcrypto.olb/lib +symbol_vector=(bind_engine=procedure,v_check=procedure) +$ endif +$ endif $ endif $ $ set default '_save_default' diff --git a/lib/libssl/src/demos/smime/cacert.pem b/lib/libssl/src/demos/smime/cacert.pem new file mode 100644 index 00000000000..75cbb347aaa --- /dev/null +++ b/lib/libssl/src/demos/smime/cacert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3 +WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD +aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN +RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz +i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR +ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT +jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx +CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B +SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD +VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB +ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc +G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo +u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF +1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw== +-----END CERTIFICATE----- diff --git a/lib/libssl/src/demos/smime/cakey.pem b/lib/libssl/src/demos/smime/cakey.pem new file mode 100644 index 00000000000..3b53c5e8175 --- /dev/null +++ b/lib/libssl/src/demos/smime/cakey.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd +c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3 +dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB +AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5 +HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs +tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS +rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18 +9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u +jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is +uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU ++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP +wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW +8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg== +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/src/demos/smime/encr.txt b/lib/libssl/src/demos/smime/encr.txt new file mode 100644 index 00000000000..f163a326ed2 --- /dev/null +++ b/lib/libssl/src/demos/smime/encr.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Sample OpenSSL Data for PKCS#7 encryption diff --git a/lib/libssl/src/demos/smime/sign.txt b/lib/libssl/src/demos/smime/sign.txt new file mode 100644 index 00000000000..af1341d0a85 --- /dev/null +++ b/lib/libssl/src/demos/smime/sign.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Test OpenSSL Signed Content diff --git a/lib/libssl/src/demos/smime/signer.pem b/lib/libssl/src/demos/smime/signer.pem new file mode 100644 index 00000000000..bac16ba9636 --- /dev/null +++ b/lib/libssl/src/demos/smime/signer.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3 +WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT +TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl +bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz +jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L +ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y +gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI +AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW +BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 +2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX +MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn ++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv +lDiQlgX0JtmLgA== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm +1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH +Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB +AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG +mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o +wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx +04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55 +qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc +YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY +sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4 +4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid +7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5 +xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw= +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/src/demos/smime/signer2.pem b/lib/libssl/src/demos/smime/signer2.pem new file mode 100644 index 00000000000..25e23d131af --- /dev/null +++ b/lib/libssl/src/demos/smime/signer2.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0 +WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT +TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl +bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ +jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW +ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW +GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI +AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW +BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 +2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X +h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4 +aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR +2aX6rl2JEuJ5Yg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM +nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f +nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB +AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF +6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2 +CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf +m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX +2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr +upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4 +ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL +SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk +gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX +pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A= +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/src/demos/smime/smdec.c b/lib/libssl/src/demos/smime/smdec.c new file mode 100644 index 00000000000..8b1a8545a6c --- /dev/null +++ b/lib/libssl/src/demos/smime/smdec.c @@ -0,0 +1,83 @@ +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("smencr.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = SMIME_read_PKCS7(in, NULL); + + if (!p7) + goto err; + + out = BIO_new_file("encrout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + if (rcert) + X509_free(rcert); + if (rkey) + EVP_PKEY_free(rkey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } + + + + diff --git a/lib/libssl/src/demos/smime/smenc.c b/lib/libssl/src/demos/smime/smenc.c new file mode 100644 index 00000000000..77dd732fc16 --- /dev/null +++ b/lib/libssl/src/demos/smime/smenc.c @@ -0,0 +1,92 @@ +/* Simple S/MIME encrypt example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + /* + * On OpenSSL 0.9.9 only: + * for streaming set PKCS7_STREAM + */ + int flags = PKCS7_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* sk_X509_pop_free will free up recipient STACK and its contents + * so set rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + if (!in) + goto err; + + /* encrypt content */ + p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!p7) + goto err; + + out = BIO_new_file("smencr.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_PKCS7(out, p7, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + if (rcert) + X509_free(rcert); + if (recips) + sk_X509_pop_free(recips, X509_free); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/demos/smime/smsign.c b/lib/libssl/src/demos/smime/smsign.c new file mode 100644 index 00000000000..ba78830cff0 --- /dev/null +++ b/lib/libssl/src/demos/smime/smsign.c @@ -0,0 +1,89 @@ +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL; + EVP_PKEY *skey = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + /* For simple S/MIME signing use PKCS7_DETACHED. + * On OpenSSL 0.9.9 only: + * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM + * for streaming non-detached set PKCS7_STREAM + */ + int flags = PKCS7_DETACHED|PKCS7_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert || !skey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = PKCS7_sign(scert, skey, NULL, in, flags); + + if (!p7) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + if (!(flags & PKCS7_STREAM)) + BIO_reset(in); + + /* Write out S/MIME message */ + if (!SMIME_write_PKCS7(out, p7, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + if (scert) + X509_free(scert); + if (skey) + EVP_PKEY_free(skey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/demos/smime/smsign2.c b/lib/libssl/src/demos/smime/smsign2.c new file mode 100644 index 00000000000..ff835c568c8 --- /dev/null +++ b/lib/libssl/src/demos/smime/smsign2.c @@ -0,0 +1,107 @@ +/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL, *scert2 = NULL; + EVP_PKEY *skey = NULL, *skey2 = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + BIO_free(tbio); + + tbio = BIO_new_file("signer2.pem", "r"); + + if (!tbio) + goto err; + + scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert2 || !skey2) + goto err; + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM|PKCS7_PARTIAL); + + if (!p7) + goto err; + + /* Add each signer in turn */ + + if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0)) + goto err; + + if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0)) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + /* NB: content included and finalized by SMIME_write_PKCS7 */ + + if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + + if (scert) + X509_free(scert); + if (skey) + EVP_PKEY_free(skey); + + if (scert2) + X509_free(scert2); + if (skey) + EVP_PKEY_free(skey2); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } + + + + diff --git a/lib/libssl/src/demos/smime/smver.c b/lib/libssl/src/demos/smime/smver.c new file mode 100644 index 00000000000..9d360c273a3 --- /dev/null +++ b/lib/libssl/src/demos/smime/smver.c @@ -0,0 +1,87 @@ +/* Simple S/MIME verification example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL; + X509_STORE *st = NULL; + X509 *cacert = NULL; + PKCS7 *p7 = NULL; + + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Set up trusted CA certificate store */ + + st = X509_STORE_new(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("cacert.pem", "r"); + + if (!tbio) + goto err; + + cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!cacert) + goto err; + + if (!X509_STORE_add_cert(st, cacert)) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("smout.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = SMIME_read_PKCS7(in, &cont); + + if (!p7) + goto err; + + /* File to output verified content to */ + out = BIO_new_file("smver.txt", "w"); + if (!out) + goto err; + + if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) + { + fprintf(stderr, "Verification Failure\n"); + goto err; + } + + fprintf(stderr, "Verification Successful\n"); + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Verifying Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + + if (cacert) + X509_free(cacert); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/lib/libssl/src/doc/apps/cms.pod b/lib/libssl/src/doc/apps/cms.pod new file mode 100644 index 00000000000..a09588a18df --- /dev/null +++ b/lib/libssl/src/doc/apps/cms.pod @@ -0,0 +1,602 @@ +=pod + +=head1 NAME + +cms - CMS utility + +=head1 SYNOPSIS + +B<openssl> B<cms> +[B<-encrypt>] +[B<-decrypt>] +[B<-sign>] +[B<-verify>] +[B<-cmsout>] +[B<-resign>] +[B<-data_create>] +[B<-data_out>] +[B<-digest_create>] +[B<-digest_verify>] +[B<-compress>] +[B<-uncompress>] +[B<-EncryptedData_encrypt>] +[B<-sign_receipt>] +[B<-verify_receipt receipt>] +[B<-in filename>] +[B<-inform SMIME|PEM|DER>] +[B<-rctform SMIME|PEM|DER>] +[B<-out filename>] +[B<-outform SMIME|PEM|DER>] +[B<-stream -indef -noindef>] +[B<-noindef>] +[B<-content filename>] +[B<-text>] +[B<-noout>] +[B<-print>] +[B<-CAfile file>] +[B<-CApath dir>] +[B<-md digest>] +[B<-[cipher]>] +[B<-nointern>] +[B<-no_signer_cert_verify>] +[B<-nocerts>] +[B<-noattr>] +[B<-nosmimecap>] +[B<-binary>] +[B<-nodetach>] +[B<-certfile file>] +[B<-certsout file>] +[B<-signer file>] +[B<-recip file>] +[B<-keyid>] +[B<-receipt_request_all -receipt_request_first>] +[B<-receipt_request_from emailaddress>] +[B<-receipt_request_to emailaddress>] +[B<-receipt_request_print>] +[B<-secretkey key>] +[B<-secretkeyid id>] +[B<-econtent_type type>] +[B<-inkey file>] +[B<-passin arg>] +[B<-rand file(s)>] +[B<cert.pem...>] +[B<-to addr>] +[B<-from addr>] +[B<-subject subj>] +[cert.pem]... + +=head1 DESCRIPTION + +The B<cms> command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and +verify, compress and uncompress S/MIME messages. + +=head1 COMMAND OPTIONS + +There are fourteen operation options that set the type of operation to be +performed. The meaning of the other options varies according to the operation +type. + +=over 4 + +=item B<-encrypt> + +encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in MIME format. The +actual CMS type is <B>EnvelopedData<B>. + +=item B<-decrypt> + +decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in MIME format for the input file. The decrypted mail +is written to the output file. + +=item B<-sign> + +sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in MIME format is written +to the output file. + +=item B<-verify> + +verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. + +=item B<-cmsout> + +takes an input message and writes out a PEM encoded CMS structure. + +=item B<-resign> + +resign a message: take an existing message and one or more new signers. + +=item B<-data_create> + +Create a CMS B<Data> type. + +=item B<-data_out> + +B<Data> type and output the content. + +=item B<-digest_create> + +Create a CMS B<DigestedData> type. + +=item B<-digest_verify> + +Verify a CMS B<DigestedData> type and output the content. + +=item B<-compress> + +Create a CMS B<CompressedData> type. OpenSSL must be compiled with B<zlib> +support for this option to work, otherwise it will output an error. + +=item B<-uncompress> + +Uncompress a CMS B<CompressedData> type and output the content. OpenSSL must be +compiled with B<zlib> support for this option to work, otherwise it will +output an error. + +=item B<-EncryptedData_encrypt> + +Encrypt suppled content using supplied symmetric key and algorithm using a CMS +B<EncrytedData> type and output the content. + +=item B<-sign_receipt> + +Generate and output a signed receipt for the supplied message. The input +message B<must> contain a signed receipt request. Functionality is otherwise +similar to the B<-sign> operation. + +=item B<-verify_receipt receipt> + +Verify a signed receipt in filename B<receipt>. The input message B<must> +contain the original receipt request. Functionality is otherwise similar +to the B<-verify> operation. + +=item B<-in filename> + +the input message to be encrypted or signed or the message to be decrypted +or verified. + +=item B<-inform SMIME|PEM|DER> + +this specifies the input format for the CMS structure. The default +is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER> +format change this to expect PEM and DER format CMS structures +instead. This currently only affects the input format of the CMS +structure, if no CMS structure is being input (for example with +B<-encrypt> or B<-sign>) this option has no effect. + +=item B<-rctform SMIME|PEM|DER> + +specify the format for a signed receipt for use with the B<-receipt_verify> +operation. + +=item B<-out filename> + +the message text that has been decrypted or verified or the output MIME +format message that has been signed or verified. + +=item B<-outform SMIME|PEM|DER> + +this specifies the output format for the CMS structure. The default +is B<SMIME> which writes an S/MIME format message. B<PEM> and B<DER> +format change this to write PEM and DER format CMS structures +instead. This currently only affects the output format of the CMS +structure, if no CMS structure is being output (for example with +B<-verify> or B<-decrypt>) this option has no effect. + +=item B<-stream -indef -noindef> + +the B<-stream> and B<-indef> options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is B<SMIME> it is currently off by default for all +other operations. + +=item B<-noindef> + +disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. + +=item B<-content filename> + +This specifies a file containing the detached content, this is only +useful with the B<-verify> command. This is only usable if the CMS +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed MIME content type. + +=item B<-text> + +this option adds plain text (text/plain) MIME headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of MIME +type text/plain then an error occurs. + +=item B<-noout> + +for the B<-cmsout> operation do not output the parsed CMS structure. This +is useful when combined with the B<-print> option or if the syntax of the CMS +structure is being checked. + +=item B<-print> + +for the B<-cmsout> operation print out all fields of the CMS structure. This +is mainly useful for testing purposes. + +=item B<-CAfile file> + +a file containing trusted CA certificates, only used with B<-verify>. + +=item B<-CApath dir> + +a directory containing trusted CA certificates, only used with +B<-verify>. This directory must be a standard certificate directory: that +is a hash of each subject name (using B<x509 -hash>) should be linked +to each certificate. + +=item B<-md digest> + +digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually SHA1). + +=item B<-[cipher]> + +the encryption algorithm to use. For example triple DES (168 bits) - B<-des3> +or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the +EVP_get_cipherbyname() function) can also be used preceded by a dash, for +example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for a list of ciphers +supported by your version of OpenSSL. + +If not specified triple DES is used. Only used with B<-encrypt> and +B<-EncryptedData_create> commands. + +=item B<-nointern> + +when verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the B<-certfile> option are used. +The supplied certificates can still be used as untrusted CAs however. + +=item B<-no_signer_cert_verify> + +do not verify the signers certificate of a signed message. + +=item B<-nocerts> + +when signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the B<-certfile> option for example). + +=item B<-noattr> + +normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. + +=item B<-nosmimecap> + +exclude the list of supported algorithms from signed attributes, other options +such as signing time and content type are still included. + +=item B<-binary> + +normally the input message is converted to "canonical" format which is +effectively using CR and LF as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in MIME format. + +=item B<-nodetach> + +when signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the MIME type multipart/signed is used. + +=item B<-certfile file> + +allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in PEM format. + +=item B<-certsout file> + +any certificates contained in the message are written to B<file>. + +=item B<-signer file> + +a signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. + +=item B<-recip file> + +the recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs. + +=item B<-keyid> + +use subject key identifier to identify certificates instead of issuer name and +serial number. The supplied certificate B<must> include a subject key +identifier extension. Supported by B<-sign> and B<-encrypt> options. + +=item B<-receipt_request_all -receipt_request_first> + +for B<-sign> option include a signed receipt request. Indicate requests should +be provided by all receipient or first tier recipients (those mailed directly +and not from a mailing list). Ignored it B<-receipt_request_from> is included. + +=item B<-receipt_request_from emailaddress> + +for B<-sign> option include a signed receipt request. Add an explicit email +address where receipts should be supplied. + +=item B<-receipt_request_to emailaddress> + +Add an explicit email address where signed receipts should be sent to. This +option B<must> but supplied if a signed receipt it requested. + +=item B<-receipt_request_print> + +For the B<-verify> operation print out the contents of any signed receipt +requests. + +=item B<-secretkey key> + +specify symmetric key to use. The key must be supplied in hex format and be +consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt> +B<-EncrryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used +with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the +content encryption key using an AES key in the B<KEKRecipientInfo> type. + +=item B<-secretkeyid id> + +the key identifier for the supplied symmetric key for B<KEKRecipientInfo> type. +This option B<must> be present if the B<-secretkey> option is used with +B<-encrypt>. With B<-decrypt> operations the B<id> is used to locate the +relevant key if it is not supplied then an attempt is used to decrypt any +B<KEKRecipientInfo> structures. + +=item B<-econtent_type type> + +set the encapsulated content type to B<type> if not supplied the B<Data> type +is used. The B<type> argument can be any valid OID name in either text or +numerical format. + +=item B<-inkey file> + +the private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the B<-recip> or B<-signer> file. When signing this option can be used +multiple times to specify successive keys. + +=item B<-passin arg> + +the private key password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. + +=item B<cert.pem...> + +one or more certificates of message recipients: used when encrypting +a message. + +=item B<-to, -from, -subject> + +the relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. + +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> + +Set various certificate chain valiadition option. See the +L<B<verify>|verify(1)> manual page for details. + +=back + +=head1 NOTES + +The MIME message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. + +The supplied message to be signed or encrypted must include the +necessary MIME headers or many S/MIME clients wont display it +properly (if at all). You can use the B<-text> option to automatically +add plain text headers. + +A "signed and encrypted" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. + +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages "in parallel" by signing an already signed message. + +The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME +clients. Strictly speaking these process CMS enveloped data: CMS +encrypted data is used for other purposes. + +The B<-resign> option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. + +The B<-stream> and B<-indef> options enable experimental streaming I/O support. +As a result the encoding is BER using indefinite length constructed encoding +and no longer DER. Streaming is supported for the B<-encrypt> operation and the +B<-sign> operation if the content is not detached. + +Streaming is always used for the B<-sign> operation with detached data but +since the content is no longer part of the CMS structure the encoding +remains DER. + +=head1 EXIT CODES + +=over 4 + +=item 0 + +the operation was completely successfully. + +=item 1 + +an error occurred parsing the command options. + +=item 2 + +one of the input files could not be read. + +=item 3 + +an error occurred creating the CMS file or when reading the MIME +message. + +=item 4 + +an error occurred decrypting or verifying the message. + +=item 5 + +the message was verified correctly but an error occurred writing out +the signers certificates. + +=back + +=head1 COMPATIBILITY WITH PKCS#7 format. + +The B<smime> utility can only process the older B<PKCS#7> format. The B<cms> +utility supports Cryptographic Message Syntax format. Use of some features +will result in messages which cannot be processed by applications which only +support the older format. These are detailed below. + +The use of the B<-keyid> option with B<-sign> or B<-encrypt>. + +The B<-outform PEM> option uses different headers. + +The B<-compress> option. + +The B<-secretkey> option when used with B<-encrypt>. + +Additionally the B<-EncryptedData_create> and B<-data_create> type cannot +be processed by the older B<smime> command. + +=head1 EXAMPLES + +Create a cleartext signed message: + + openssl cms -sign -in message.txt -text -out mail.msg \ + -signer mycert.pem + +Create an opaque signed message + + openssl cms -sign -in message.txt -text -out mail.msg -nodetach \ + -signer mycert.pem + +Create a signed message, include some additional certificates and +read the private key from another file: + + openssl cms -sign -in in.txt -text -out mail.msg \ + -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem + +Create a signed message with two signers, use key identifier: + + openssl cms -sign -in message.txt -text -out mail.msg \ + -signer mycert.pem -signer othercert.pem -keyid + +Send a signed message under Unix directly to sendmail, including headers: + + openssl cms -sign -in in.txt -text -signer mycert.pem \ + -from steve@openssl.org -to someone@somewhere \ + -subject "Signed message" | sendmail someone@somewhere + +Verify a message and extract the signer's certificate if successful: + + openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt + +Send encrypted mail using triple DES: + + openssl cms -encrypt -in in.txt -from steve@openssl.org \ + -to someone@somewhere -subject "Encrypted message" \ + -des3 user.pem -out mail.msg + +Sign and encrypt mail: + + openssl cms -sign -in ml.txt -signer my.pem -text \ + | openssl cms -encrypt -out mail.msg \ + -from steve@openssl.org -to someone@somewhere \ + -subject "Signed and Encrypted message" -des3 user.pem + +Note: the encryption command does not include the B<-text> option because the +message being encrypted already has MIME headers. + +Decrypt mail: + + openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem + +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: + + -----BEGIN PKCS7----- + -----END PKCS7----- + +and using the command, + + openssl cms -verify -inform PEM -in signature.pem -content content.txt + +alternatively you can base64 decode the signature and use + + openssl cms -verify -inform DER -in signature.der -content content.txt + +Create an encrypted message using 128 bit Camellia: + + openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem + +Add a signer to an existing message: + + openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg + +=head1 BUGS + +The MIME parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. + +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. + +Ideally a database should be maintained of a certificates for each email +address. + +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. + +No revocation checking is done on the signer's certificate. + +=head1 HISTORY + +The use of multiple B<-signer> options and the B<-resign> command were first +added in OpenSSL 1.0.0 + + +=cut diff --git a/lib/libssl/src/doc/apps/ec.pod b/lib/libssl/src/doc/apps/ec.pod index 1d4a36dbf40..ba6dc4689bf 100644 --- a/lib/libssl/src/doc/apps/ec.pod +++ b/lib/libssl/src/doc/apps/ec.pod @@ -130,7 +130,7 @@ is currently not implemented in OpenSSL. =item B<-engine id> -specifying an engine (by it's unique B<id> string) will cause B<req> +specifying an engine (by its unique B<id> string) will cause B<ec> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/lib/libssl/src/doc/apps/ecparam.pod b/lib/libssl/src/doc/apps/ecparam.pod index 1a12105da73..788c074d7b4 100644 --- a/lib/libssl/src/doc/apps/ecparam.pod +++ b/lib/libssl/src/doc/apps/ecparam.pod @@ -121,7 +121,7 @@ all others. =item B<-engine id> -specifying an engine (by it's unique B<id> string) will cause B<req> +specifying an engine (by its unique B<id> string) will cause B<ecparam> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/lib/libssl/src/doc/apps/genpkey.pod b/lib/libssl/src/doc/apps/genpkey.pod new file mode 100644 index 00000000000..1611b5ca78b --- /dev/null +++ b/lib/libssl/src/doc/apps/genpkey.pod @@ -0,0 +1,213 @@ +=pod + +=head1 NAME + +genpkey - generate a private key + +=head1 SYNOPSIS + +B<openssl> B<genpkey> +[B<-out filename>] +[B<-outform PEM|DER>] +[B<-pass arg>] +[B<-cipher>] +[B<-engine id>] +[B<-paramfile file>] +[B<-algorithm alg>] +[B<-pkeyopt opt:value>] +[B<-genparam>] +[B<-text>] + +=head1 DESCRIPTION + +The B<genpkey> command generates a private key. + +=head1 OPTIONS + +=over 4 + +=item B<-out filename> + +the output filename. If this argument is not specified then standard output is +used. + +=item B<-outform DER|PEM> + +This specifies the output format DER or PEM. + +=item B<-pass arg> + +the output file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-cipher> + +This option encrypts the private key with the supplied cipher. Any algorithm +name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. + +=item B<-engine id> + +specifying an engine (by its unique B<id> string) will cause B<genpkey> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. If used this option should precede all other +options. + +=item B<-algorithm alg> + +public key algorithm to use such as RSA, DSA or DH. If used this option must +precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> +are mutually exclusive. + +=item B<-pkeyopt opt:value> + +set the public key algorithm option B<opt> to B<value>. The precise set of +options supported depends on the public key algorithm used and its +implementation. See B<KEY GENERATION OPTIONS> below for more details. + +=item B<-genparam> + +generate a set of parameters instead of a private key. If used this option must +precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options. + +=item B<-paramfile filename> + +Some public key algorithms generate a private key based on a set of parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede and B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> +are mutually exclusive. + +=item B<-text> + +Print an (unencrypted) text representation of private and public keys and +parameters along with the PEM or DER structure. + +=back + +=head1 KEY GENERATION OPTIONS + +The options supported by each algorith and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. + +=head1 RSA KEY GENERATION OPTIONS + +=over 4 + +=item B<rsa_keygen_bits:numbits> + +The number of bits in the generated key. If not specified 1024 is used. + +=item B<rsa_keygen_pubexp:value> + +The RSA public exponent value. This can be a large decimal or +hexadecimal value if preceded by B<0x>. Default value is 65537. + +=back + +=head1 DSA PARAMETER GENERATION OPTIONS + +=over 4 + +=item B<dsa_paramgen_bits:numbits> + +The number of bits in the generated parameters. If not specified 1024 is used. + +=head1 DH PARAMETER GENERATION OPTIONS + +=over 4 + +=item B<dh_paramgen_prime_len:numbits> + +The number of bits in the prime parameter B<p>. + +=item B<dh_paramgen_generator:value> + +The value to use for the generator B<g>. + +=back + +=head1 EC PARAMETER GENERATION OPTIONS + +=over 4 + +=item B<ec_paramgen_curve:curve> + +the EC curve to use. + +=back + +=head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS + +Gost 2001 support is not enabled by default. To enable this algorithm, +one should load the ccgost engine in the OpenSSL configuration file. +See README.gost file in the engines/ccgost directiry of the source +distribution for more details. + +Use of a parameter file for the GOST R 34.10 algorithm is optional. +Parameters can be specified during key generation directly as well as +during generation of parameter file. + +=over 4 + +=item B<paramset:name> + +Specifies GOST R 34.10-2001 parameter set according to RFC 4357. +Parameter set can be specified using abbreviated name, object short name or +numeric OID. Following parameter sets are supported: + + paramset OID Usage + A 1.2.643.2.2.35.1 Signature + B 1.2.643.2.2.35.2 Signature + C 1.2.643.2.2.35.3 Signature + XA 1.2.643.2.2.36.0 Key exchange + XB 1.2.643.2.2.36.1 Key exchange + test 1.2.643.2.2.35.0 Test purposes + +=back + + + +=head1 NOTES + +The use of the genpkey program is encouraged over the algorithm specific +utilities because additional algorithm options and ENGINE provided algorithms +can be used. + +=head1 EXAMPLES + +Generate an RSA private key using default parameters: + + openssl genpkey -algorithm RSA -out key.pem + +Encrypt output private key using 128 bit AES and the passphrase "hello": + + openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello + +Generate a 2048 bit RSA key using 3 as the public exponent: + + openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \ + -pkeyopt rsa_keygen_pubexp:3 + +Generate 1024 bit DSA parameters: + + openssl genpkey -genparam -algorithm DSA -out dsap.pem \ + -pkeyopt dsa_paramgen_bits:1024 + +Generate DSA key from parameters: + + openssl genpkey -paramfile dsap.pem -out dsakey.pem + +Generate 1024 bit DH parameters: + + openssl genpkey -genparam -algorithm DH -out dhp.pem \ + -pkeyopt dh_paramgen_prime_len:1024 + +Generate DH key from parameters: + + openssl genpkey -paramfile dhp.pem -out dhkey.pem + + +=cut + diff --git a/lib/libssl/src/doc/apps/pkey.pod b/lib/libssl/src/doc/apps/pkey.pod new file mode 100644 index 00000000000..4851223f3fc --- /dev/null +++ b/lib/libssl/src/doc/apps/pkey.pod @@ -0,0 +1,135 @@ + +=pod + +=head1 NAME + +pkey - public or private key processing tool + +=head1 SYNOPSIS + +B<openssl> B<pkey> +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-passin arg>] +[B<-out filename>] +[B<-passout arg>] +[B<-cipher>] +[B<-text>] +[B<-text_pub>] +[B<-noout>] +[B<-pubin>] +[B<-pubout>] +[B<-engine id>] + +=head1 DESCRIPTION + +The B<pkey> command processes public or private keys. They can be converted +between various forms and their components printed out. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format DER or PEM. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. + +=item B<-passin arg> + +the input file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-out filename> + +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should B<not> be the same as the input +filename. + +=item B<-passout password> + +the output file password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + +=item B<-cipher> + +These options encrypt the private key with the supplied cipher. Any algorithm +name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. + +=item B<-text> + +prints out the various public or private key components in +plain text in addition to the encoded version. + +=item B<-text_pub> + +print out only public key components even if a private key is being processed. + +=item B<-noout> + +do not output the encoded version of the key. + +=item B<-pubin> + +by default a private key is read from the input file: with this +option a public key is read instead. + +=item B<-pubout> + +by default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. + +=item B<-engine id> + +specifying an engine (by its unique B<id> string) will cause B<pkey> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=back + +=head1 EXAMPLES + +To remove the pass phrase on an RSA private key: + + openssl pkey -in key.pem -out keyout.pem + +To encrypt a private key using triple DES: + + openssl pkey -in key.pem -des3 -out keyout.pem + +To convert a private key from PEM to DER format: + + openssl pkey -in key.pem -outform DER -out keyout.der + +To print out the components of a private key to standard output: + + openssl pkey -in key.pem -text -noout + +To print out the public components of a private key to standard output: + + openssl pkey -in key.pem -text_pub -noout + +To just output the public part of a private key: + + openssl pkey -in key.pem -pubout -out pubkey.pem + +=head1 SEE ALSO + +L<genpkey(1)|genpkey(1)>, L<rsa(1)|rsa(1)>, L<pkcs8(1)|pkcs8(1)>, +L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, L<gendsa(1)|gendsa(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/pkeyparam.pod b/lib/libssl/src/doc/apps/pkeyparam.pod new file mode 100644 index 00000000000..154f6721af4 --- /dev/null +++ b/lib/libssl/src/doc/apps/pkeyparam.pod @@ -0,0 +1,69 @@ + +=pod + +=head1 NAME + +pkeyparam - public key algorithm parameter processing tool + +=head1 SYNOPSIS + +B<openssl> B<pkeyparam> +[B<-in filename>] +[B<-out filename>] +[B<-text>] +[B<-noout>] +[B<-engine id>] + +=head1 DESCRIPTION + +The B<pkey> command processes public or private keys. They can be converted +between various forms and their components printed out. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-in filename> + +This specifies the input filename to read parameters from or standard input if +this option is not specified. + +=item B<-out filename> + +This specifies the output filename to write parameters to or standard output if +this option is not specified. + +=item B<-text> + +prints out the parameters in plain text in addition to the encoded version. + +=item B<-noout> + +do not output the encoded version of the parameters. + +=item B<-engine id> + +specifying an engine (by its unique B<id> string) will cause B<pkeyparam> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=back + +=head1 EXAMPLE + +Print out text version of parameters: + + openssl pkeyparam -in param.pem -text + +=head1 NOTES + +There are no B<-inform> or B<-outform> options for this command because only +PEM format is supported because the key type is determined by the PEM headers. + +=head1 SEE ALSO + +L<genpkey(1)|genpkey(1)>, L<rsa(1)|rsa(1)>, L<pkcs8(1)|pkcs8(1)>, +L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, L<gendsa(1)|gendsa(1)> + +=cut diff --git a/lib/libssl/src/doc/apps/pkeyutl.pod b/lib/libssl/src/doc/apps/pkeyutl.pod new file mode 100644 index 00000000000..27be9a90079 --- /dev/null +++ b/lib/libssl/src/doc/apps/pkeyutl.pod @@ -0,0 +1,222 @@ +=pod + +=head1 NAME + +pkeyutl - public key algorithm utility + +=head1 SYNOPSIS + +B<openssl> B<pkeyutl> +[B<-in file>] +[B<-out file>] +[B<-sigfile file>] +[B<-inkey file>] +[B<-keyform PEM|DER>] +[B<-passin arg>] +[B<-peerkey file>] +[B<-peerform PEM|DER>] +[B<-pubin>] +[B<-certin>] +[B<-rev>] +[B<-sign>] +[B<-verify>] +[B<-verifyrecover>] +[B<-encrypt>] +[B<-decrypt>] +[B<-derive>] +[B<-pkeyopt opt:value>] +[B<-hexdump>] +[B<-asn1parse>] +[B<-engine id>] + +=head1 DESCRIPTION + +The B<pkeyutl> command can be used to perform public key operations using +any supported algorithm. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-in filename> + +This specifies the input filename to read data from or standard input +if this option is not specified. + +=item B<-out filename> + +specifies the output filename to write to or standard output by +default. + +=item B<-inkey file> + +the input key file, by default it should be a private key. + +=item B<-keyform PEM|DER> + +the key format PEM, DER or ENGINE. + +=item B<-passin arg> + +the input key password source. For more information about the format of B<arg> +see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. + + +=item B<-peerkey file> + +the peer key file, used by key derivation (agreement) operations. + +=item B<-peerform PEM|DER> + +the peer key format PEM, DER or ENGINE. + +=item B<-engine id> + +specifying an engine (by its unique B<id> string) will cause B<pkeyutl> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + + +=item B<-pubin> + +the input file is a public key. + +=item B<-certin> + +the input is a certificate containing a public key. + +=item B<-rev> + +reverse the order of the input buffer. This is useful for some libraries +(such as CryptoAPI) which represent the buffer in little endian format. + +=item B<-sign> + +sign the input data and output the signed result. This requires +a private key. + +=item B<-verify> + +verify the input data against the signature file and indicate if the +verification succeeded or failed. + +=item B<-verifyrecover> + +verify the input data and output the recovered data. + +=item B<-encrypt> + +encrypt the input data using a public key. + +=item B<-decrypt> + +decrypt the input data using a private key. + +=item B<-derive> + +derive a shared secret using the peer key. + +=item B<-hexdump> + +hex dump the output data. + +=item B<-asn1parse> + +asn1parse the output data, this is useful when combined with the +B<-verifyrecover> option when an ASN1 structure is signed. + +=back + +=head1 NOTES + +The operations and options supported vary according to the key algorithm +and its implementation. The OpenSSL operations and options are indicated below. + +Unless otherwise mentioned all algorithms support the B<digest:alg> option +which specifies the digest in use for sign, verify and verifyrecover operations. +The value B<alg> should represent a digest name as used in the +EVP_get_digestbyname() function for example B<sha1>. + +=head1 RSA ALGORITHM + +The RSA algorithm supports encrypt, decrypt, sign, verify and verifyrecover +operations in general. Some padding modes only support some of these +operations however. + +=over 4 + +=item -B<rsa_padding_mode:mode> + +This sets the RSA padding mode. Acceptable values for B<mode> are B<pkcs1> for +PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep> +for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS. + +In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a B<DigestInfo> structure. If a +digest is set then the a B<DigestInfo> structure is used and its the length +must correspond to the digest type. + +For B<oeap> mode only encryption and decryption is supported. + +For B<x931> if the digest type is set it is used to format the block data +otherwise the first byte is used to specify the X9.31 digest ID. Sign, +verify and verifyrecover are can be performed in this mode. + +For B<pss> mode only sign and verify are supported and the digest type must be +specified. + +=item B<rsa_pss_saltlen:len> + +For B<pss> mode only this option specifies the salt length. Two special values +are supported: -1 sets the salt length to the digest length. When signing -2 +sets the salt length to the maximum permissible value. When verifying -2 causes +the salt length to be automatically determined based on the B<PSS> block +structure. + +=back + +=head1 DSA ALGORITHM + +The DSA algorithm supports signing and verification operations only. Currently +there are no additional options other than B<digest>. Only the SHA1 +digest can be used and this digest is assumed by default. + +=head1 DH ALGORITHM + +The DH algorithm only supports the derivation operation and no additional +options. + +=head1 EC ALGORITHM + +The EC algorithm supports sign, verify and derive operations. The sign and +verify operations use ECDSA and derive uses ECDH. Currently there are no +additional options other than B<digest>. Only the SHA1 digest can be used and +this digest is assumed by default. + +=head1 EXAMPLES + +Sign some data using a private key: + + openssl pkeyutl -sign -in file -inkey key.pem -out sig + +Recover the signed data (e.g. if an RSA key is used): + + openssl pkeyutl -verifyrecover -in sig -inkey key.pem + +Verify the signature (e.g. a DSA key): + + openssl pkeyutl -verify -in file -sigfile sig -inkey key.pem + +Sign data using a message digest value (this is currently only valid for RSA): + + openssl pkeyutl -sign -in file -inkey key.pem -out sig -pkeyopt digest:sha256 + +Derive a shared secret value: + + openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret + +=head1 SEE ALSO + +L<genpkey(1)|genpkey(1)>, L<pkey(1)|pkey(1)>, L<rsautl(1)|rsautl(1)> +L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)> diff --git a/lib/libssl/src/doc/apps/ts.pod b/lib/libssl/src/doc/apps/ts.pod new file mode 100644 index 00000000000..7fb6caa96e5 --- /dev/null +++ b/lib/libssl/src/doc/apps/ts.pod @@ -0,0 +1,594 @@ +=pod + +=head1 NAME + +ts - Time Stamping Authority tool (client/server) + +=head1 SYNOPSIS + +B<openssl> B<ts> +B<-query> +[B<-rand> file:file...] +[B<-config> configfile] +[B<-data> file_to_hash] +[B<-digest> digest_bytes] +[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>] +[B<-policy> object_id] +[B<-no_nonce>] +[B<-cert>] +[B<-in> request.tsq] +[B<-out> request.tsq] +[B<-text>] + +B<openssl> B<ts> +B<-reply> +[B<-config> configfile] +[B<-section> tsa_section] +[B<-queryfile> request.tsq] +[B<-passin> password_src] +[B<-signer> tsa_cert.pem] +[B<-inkey> private.pem] +[B<-chain> certs_file.pem] +[B<-policy> object_id] +[B<-in> response.tsr] +[B<-token_in>] +[B<-out> response.tsr] +[B<-token_out>] +[B<-text>] +[B<-engine> id] + +B<openssl> B<ts> +B<-verify> +[B<-data> file_to_hash] +[B<-digest> digest_bytes] +[B<-queryfile> request.tsq] +[B<-in> response.tsr] +[B<-token_in>] +[B<-CApath> trusted_cert_path] +[B<-CAfile> trusted_certs.pem] +[B<-untrusted> cert_file.pem] + +=head1 DESCRIPTION + +The B<ts> command is a basic Time Stamping Authority (TSA) client and server +application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A +TSA can be part of a PKI deployment and its role is to provide long +term proof of the existence of a certain datum before a particular +time. Here is a brief description of the protocol: + +=over 4 + +=item 1. + +The TSA client computes a one-way hash value for a data file and sends +the hash to the TSA. + +=item 2. + +The TSA attaches the current date and time to the received hash value, +signs them and sends the time stamp token back to the client. By +creating this token the TSA certifies the existence of the original +data file at the time of response generation. + +=item 3. + +The TSA client receives the time stamp token and verifies the +signature on it. It also checks if the token contains the same hash +value that it had sent to the TSA. + +=back + +There is one DER encoded protocol data unit defined for transporting a time +stamp request to the TSA and one for sending the time stamp response +back to the client. The B<ts> command has three main functions: +creating a time stamp request based on a data file, +creating a time stamp response based on a request, verifying if a +response corresponds to a particular request or a data file. + +There is no support for sending the requests/responses automatically +over HTTP or TCP yet as suggested in RFC 3161. The users must send the +requests either by ftp or e-mail. + +=head1 OPTIONS + +=head2 Time Stamp Request generation + +The B<-query> switch can be used for creating and printing a time stamp +request with the following options: + +=over 4 + +=item B<-rand> file:file... + +The files containing random data for seeding the random number +generator. Multiple files can be specified, the separator is B<;> for +MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional) + +=item B<-config> configfile + +The configuration file to use, this option overrides the +B<OPENSSL_CONF> environment variable. Only the OID section +of the config file is used with the B<-query> command. (Optional) + +=item B<-data> file_to_hash + +The data file for which the time stamp request needs to be +created. stdin is the default if neither the B<-data> nor the B<-digest> +parameter is specified. (Optional) + +=item B<-digest> digest_bytes + +It is possible to specify the message imprint explicitly without the data +file. The imprint must be specified in a hexadecimal format, two characters +per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or +1AF601...). The number of bytes must match the message digest algorithm +in use. (Optional) + +=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...> + +The message digest to apply to the data file, it supports all the message +digest algorithms that are supported by the openssl B<dgst> command. +The default is SHA-1. (Optional) + +=item B<-policy> object_id + +The policy that the client expects the TSA to use for creating the +time stamp token. Either the dotted OID notation or OID names defined +in the config file can be used. If no policy is requested the TSA will +use its own default policy. (Optional) + +=item B<-no_nonce> + +No nonce is specified in the request if this option is +given. Otherwise a 64 bit long pseudo-random none is +included in the request. It is recommended to use nonce to +protect against replay-attacks. (Optional) + +=item B<-cert> + +The TSA is expected to include its signing certificate in the +response. (Optional) + +=item B<-in> request.tsq + +This option specifies a previously created time stamp request in DER +format that will be printed into the output file. Useful when you need +to examine the content of a request in human-readable + +format. (Optional) + +=item B<-out> request.tsq + +Name of the output file to which the request will be written. Default +is stdout. (Optional) + +=item B<-text> + +If this option is specified the output is human-readable text format +instead of DER. (Optional) + +=back + +=head2 Time Stamp Response generation + +A time stamp response (TimeStampResp) consists of a response status +and the time stamp token itself (ContentInfo), if the token generation was +successful. The B<-reply> command is for creating a time stamp +response or time stamp token based on a request and printing the +response/token in human-readable format. If B<-token_out> is not +specified the output is always a time stamp response (TimeStampResp), +otherwise it is a time stamp token (ContentInfo). + +=over 4 + +=item B<-config> configfile + +The configuration file to use, this option overrides the +B<OPENSSL_CONF> environment variable. See B<CONFIGURATION FILE +OPTIONS> for configurable variables. (Optional) + +=item B<-section> tsa_section + +The name of the config file section conatining the settings for the +response generation. If not specified the default TSA section is +used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional) + +=item B<-queryfile> request.tsq + +The name of the file containing a DER encoded time stamp request. (Optional) + +=item B<-passin> password_src + +Specifies the password source for the private key of the TSA. See +B<PASS PHRASE ARGUMENTS> in L<openssl(1)|openssl(1)>. (Optional) + +=item B<-signer> tsa_cert.pem + +The signer certificate of the TSA in PEM format. The TSA signing +certificate must have exactly one extended key usage assigned to it: +timeStamping. The extended key usage must also be critical, otherwise +the certificate is going to be refused. Overrides the B<signer_cert> +variable of the config file. (Optional) + +=item B<-inkey> private.pem + +The signer private key of the TSA in PEM format. Overrides the +B<signer_key> config file option. (Optional) + +=item B<-chain> certs_file.pem + +The collection of certificates in PEM format that will all +be included in the response in addition to the signer certificate if +the B<-cert> option was used for the request. This file is supposed to +contain the certificate chain for the signer certificate from its +issuer upwards. The B<-reply> command does not build a certificate +chain automatically. (Optional) + +=item B<-policy> object_id + +The default policy to use for the response unless the client +explicitly requires a particular TSA policy. The OID can be specified +either in dotted notation or with its name. Overrides the +B<default_policy> config file option. (Optional) + +=item B<-in> response.tsr + +Specifies a previously created time stamp response or time stamp token +(if B<-token_in> is also specified) in DER format that will be written +to the output file. This option does not require a request, it is +useful e.g. when you need to examine the content of a response or +token or you want to extract the time stamp token from a response. If +the input is a token and the output is a time stamp response a default +'granted' status info is added to the token. (Optional) + +=item B<-token_in> + +This flag can be used together with the B<-in> option and indicates +that the input is a DER encoded time stamp token (ContentInfo) instead +of a time stamp response (TimeStampResp). (Optional) + +=item B<-out> response.tsr + +The response is written to this file. The format and content of the +file depends on other options (see B<-text>, B<-token_out>). The default is +stdout. (Optional) + +=item B<-token_out> + +The output is a time stamp token (ContentInfo) instead of time stamp +response (TimeStampResp). (Optional) + +=item B<-text> + +If this option is specified the output is human-readable text format +instead of DER. (Optional) + +=item B<-engine> id + +Specifying an engine (by its unique B<id> string) will cause B<ts> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. Default is builtin. (Optional) + +=back + +=head2 Time Stamp Response verification + +The B<-verify> command is for verifying if a time stamp response or time +stamp token is valid and matches a particular time stamp request or +data file. The B<-verify> command does not use the configuration file. + +=over 4 + +=item B<-data> file_to_hash + +The response or token must be verified against file_to_hash. The file +is hashed with the message digest algorithm specified in the token. +The B<-digest> and B<-queryfile> options must not be specified with this one. +(Optional) + +=item B<-digest> digest_bytes + +The response or token must be verified against the message digest specified +with this option. The number of bytes must match the message digest algorithm +specified in the token. The B<-data> and B<-queryfile> options must not be +specified with this one. (Optional) + +=item B<-queryfile> request.tsq + +The original time stamp request in DER format. The B<-data> and B<-digest> +options must not be specified with this one. (Optional) + +=item B<-in> response.tsr + +The time stamp response that needs to be verified in DER format. (Mandatory) + +=item B<-token_in> + +This flag can be used together with the B<-in> option and indicates +that the input is a DER encoded time stamp token (ContentInfo) instead +of a time stamp response (TimeStampResp). (Optional) + +=item B<-CApath> trusted_cert_path + +The name of the directory containing the trused CA certificates of the +client. See the similar option of L<verify(1)|verify(1)> for additional +details. Either this option or B<-CAfile> must be specified. (Optional) + + +=item B<-CAfile> trusted_certs.pem + +The name of the file containing a set of trusted self-signed CA +certificates in PEM format. See the similar option of +L<verify(1)|verify(1)> for additional details. Either this option +or B<-CApath> must be specified. +(Optional) + +=item B<-untrusted> cert_file.pem + +Set of additional untrusted certificates in PEM format which may be +needed when building the certificate chain for the TSA's signing +certificate. This file must contain the TSA signing certificate and +all intermediate CA certificates unless the response includes them. +(Optional) + +=back + +=head1 CONFIGURATION FILE OPTIONS + +The B<-query> and B<-reply> commands make use of a configuration file +defined by the B<OPENSSL_CONF> environment variable. See L<config(5)|config(5)> +for a general description of the syntax of the config file. The +B<-query> command uses only the symbolic OID names section +and it can work without it. However, the B<-reply> command needs the +config file for its operation. + +When there is a command line switch equivalent of a variable the +switch always overrides the settings in the config file. + +=over 4 + +=item B<tsa> section, B<default_tsa> + +This is the main section and it specifies the name of another section +that contains all the options for the B<-reply> command. This default +section can be overriden with the B<-section> command line switch. (Optional) + +=item B<oid_file> + +See L<ca(1)|ca(1)> for description. (Optional) + +=item B<oid_section> + +See L<ca(1)|ca(1)> for description. (Optional) + +=item B<RANDFILE> + +See L<ca(1)|ca(1)> for description. (Optional) + +=item B<serial> + +The name of the file containing the hexadecimal serial number of the +last time stamp response created. This number is incremented by 1 for +each response. If the file does not exist at the time of response +generation a new file is created with serial number 1. (Mandatory) + +=item B<crypto_device> + +Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is builtin, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM). +(Optional) + +=item B<signer_cert> + +TSA signing certificate in PEM format. The same as the B<-signer> +command line option. (Optional) + +=item B<certs> + +A file containing a set of PEM encoded certificates that need to be +included in the response. The same as the B<-chain> command line +option. (Optional) + +=item B<signer_key> + +The private key of the TSA in PEM format. The same as the B<-inkey> +command line option. (Optional) + +=item B<default_policy> + +The default policy to use when the request does not mandate any +policy. The same as the B<-policy> command line option. (Optional) + +=item B<other_policies> + +Comma separated list of policies that are also acceptable by the TSA +and used only if the request explicitly specifies one of them. (Optional) + +=item B<digests> + +The list of message digest algorithms that the TSA accepts. At least +one algorithm must be specified. (Mandatory) + +=item B<accuracy> + +The accuracy of the time source of the TSA in seconds, milliseconds +and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of +the components is missing zero is assumed for that field. (Optional) + +=item B<clock_precision_digits> + +Specifies the maximum number of digits, which represent the fraction of +seconds, that need to be included in the time field. The trailing zeroes +must be removed from the time, so there might actually be fewer digits, +or no fraction of seconds at all. Supported only on UNIX platforms. +The maximum value is 6, default is 0. +(Optional) + +=item B<ordering> + +If this option is yes the responses generated by this TSA can always +be ordered, even if the time difference between two responses is less +than the sum of their accuracies. Default is no. (Optional) + +=item B<tsa_name> + +Set this option to yes if the subject name of the TSA must be included in +the TSA name field of the response. Default is no. (Optional) + +=item B<ess_cert_id_chain> + +The SignedData objects created by the TSA always contain the +certificate identifier of the signing certificate in a signed +attribute (see RFC 2634, Enhanced Security Services). If this option +is set to yes and either the B<certs> variable or the B<-chain> option +is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. If this +variable is set to no, only the signing certificate identifier is +included. Default is no. (Optional) + +=back + +=head1 ENVIRONMENT VARIABLES + +B<OPENSSL_CONF> contains the path of the configuration file and can be +overriden by the B<-config> command line option. + +=head1 EXAMPLES + +All the examples below presume that B<OPENSSL_CONF> is set to a proper +configuration file, e.g. the example configuration file +openssl/apps/openssl.cnf will do. + +=head2 Time Stamp Request + +To create a time stamp request for design1.txt with SHA-1 +without nonce and policy and no certificate is required in the response: + + openssl ts -query -data design1.txt -no_nonce \ + -out design1.tsq + +To create a similar time stamp request with specifying the message imprint +explicitly: + + openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ + -no_nonce -out design1.tsq + +To print the content of the previous request in human readable format: + + openssl ts -query -in design1.tsq -text + +To create a time stamp request which includes the MD-5 digest +of design2.txt, requests the signer certificate and nonce, +specifies a policy id (assuming the tsa_policy1 name is defined in the +OID section of the config file): + + openssl ts -query -data design2.txt -md5 \ + -policy tsa_policy1 -cert -out design2.tsq + +=head2 Time Stamp Response + +Before generating a response a signing certificate must be created for +the TSA that contains the B<timeStamping> critical extended key usage extension +without any other key usage extensions. You can add the +'extendedKeyUsage = critical,timeStamping' line to the user certificate section +of the config file to generate a proper certificate. See L<req(1)|req(1)>, +L<ca(1)|ca(1)>, L<x509(1)|x509(1)> for instructions. The examples +below assume that cacert.pem contains the certificate of the CA, +tsacert.pem is the signing certificate issued by cacert.pem and +tsakey.pem is the private key of the TSA. + +To create a time stamp response for a request: + + openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \ + -signer tsacert.pem -out design1.tsr + +If you want to use the settings in the config file you could just write: + + openssl ts -reply -queryfile design1.tsq -out design1.tsr + +To print a time stamp reply to stdout in human readable format: + + openssl ts -reply -in design1.tsr -text + +To create a time stamp token instead of time stamp response: + + openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out + +To print a time stamp token to stdout in human readable format: + + openssl ts -reply -in design1_token.der -token_in -text -token_out + +To extract the time stamp token from a response: + + openssl ts -reply -in design1.tsr -out design1_token.der -token_out + +To add 'granted' status info to a time stamp token thereby creating a +valid response: + + openssl ts -reply -in design1_token.der -token_in -out design1.tsr + +=head2 Time Stamp Verification + +To verify a time stamp reply against a request: + + openssl ts -verify -queryfile design1.tsq -in design1.tsr \ + -CAfile cacert.pem -untrusted tsacert.pem + +To verify a time stamp reply that includes the certificate chain: + + openssl ts -verify -queryfile design2.tsq -in design2.tsr \ + -CAfile cacert.pem + +To verify a time stamp token against the original data file: + openssl ts -verify -data design2.txt -in design2.tsr \ + -CAfile cacert.pem + +To verify a time stamp token against a message imprint: + openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ + -in design2.tsr -CAfile cacert.pem + +You could also look at the 'test' directory for more examples. + +=head1 BUGS + +If you find any bugs or you have suggestions please write to +Zoltan Glozik <zglozik@opentsa.org>. Known issues: + +=over 4 + +=item * No support for time stamps over SMTP, though it is quite easy +to implement an automatic e-mail based TSA with L<procmail(1)|procmail(1)> +and L<perl(1)|perl(1)>. HTTP server support is provided in the form of +a separate apache module. HTTP client support is provided by +L<tsget(1)|tsget(1)>. Pure TCP/IP protocol is not supported. + +=item * The file containing the last serial number of the TSA is not +locked when being read or written. This is a problem if more than one +instance of L<openssl(1)|openssl(1)> is trying to create a time stamp +response at the same time. This is not an issue when using the apache +server module, it does proper locking. + +=item * Look for the FIXME word in the source files. + +=item * The source code should really be reviewed by somebody else, too. + +=item * More testing is needed, I have done only some basic tests (see +test/testtsa). + +=back + +=cut + +=head1 AUTHOR + +Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org) + +=head1 SEE ALSO + +L<tsget(1)|tsget(1)>, L<openssl(1)|openssl(1)>, L<req(1)|req(1)>, +L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, +L<config(5)|config(5)> + +=cut diff --git a/lib/libssl/src/doc/apps/tsget.pod b/lib/libssl/src/doc/apps/tsget.pod new file mode 100644 index 00000000000..b05957beea6 --- /dev/null +++ b/lib/libssl/src/doc/apps/tsget.pod @@ -0,0 +1,194 @@ +=pod + +=head1 NAME + +tsget - Time Stamping HTTP/HTTPS client + +=head1 SYNOPSIS + +B<tsget> +B<-h> server_url +[B<-e> extension] +[B<-o> output] +[B<-v>] +[B<-d>] +[B<-k> private_key.pem] +[B<-p> key_password] +[B<-c> client_cert.pem] +[B<-C> CA_certs.pem] +[B<-P> CA_path] +[B<-r> file:file...] +[B<-g> EGD_socket] +[request]... + +=head1 DESCRIPTION + +The B<tsget> command can be used for sending a time stamp request, as +specified in B<RFC 3161>, to a time stamp server over HTTP or HTTPS and storing +the time stamp response in a file. This tool cannot be used for creating the +requests and verifying responses, you can use the OpenSSL B<ts(1)> command to +do that. B<tsget> can send several requests to the server without closing +the TCP connection if more than one requests are specified on the command +line. + +The tool sends the following HTTP request for each time stamp request: + + POST url HTTP/1.1 + User-Agent: OpenTSA tsget.pl/<version> + Host: <host>:<port> + Pragma: no-cache + Content-Type: application/timestamp-query + Accept: application/timestamp-reply + Content-Length: length of body + + ...binary request specified by the user... + +B<tsget> expects a response of type application/timestamp-reply, which is +written to a file without any interpretation. + +=head1 OPTIONS + +=over 4 + +=item B<-h> server_url + +The URL of the HTTP/HTTPS server listening for time stamp requests. + +=item B<-e> extension + +If the B<-o> option is not given this argument specifies the extension of the +output files. The base name of the output file will be the same as those of +the input files. Default extension is '.tsr'. (Optional) + +=item B<-o> output + +This option can be specified only when just one request is sent to the +server. The time stamp response will be written to the given output file. '-' +means standard output. In case of multiple time stamp requests or the absence +of this argument the names of the output files will be derived from the names +of the input files and the default or specified extension argument. (Optional) + +=item B<-v> + +The name of the currently processed request is printed on standard +error. (Optional) + +=item B<-d> + +Switches on verbose mode for the underlying B<curl> library. You can see +detailed debug messages for the connection. (Optional) + +=item B<-k> private_key.pem + +(HTTPS) In case of certificate-based client authentication over HTTPS +<private_key.pem> must contain the private key of the user. The private key +file can optionally be protected by a passphrase. The B<-c> option must also +be specified. (Optional) + +=item B<-p> key_password + +(HTTPS) Specifies the passphrase for the private key specified by the B<-k> +argument. If this option is omitted and the key is passphrase protected B<tsget> +will ask for it. (Optional) + +=item B<-c> client_cert.pem + +(HTTPS) In case of certificate-based client authentication over HTTPS +<client_cert.pem> must contain the X.509 certificate of the user. The B<-k> +option must also be specified. If this option is not specified no +certificate-based client authentication will take place. (Optional) + +=item B<-C> CA_certs.pem + +(HTTPS) The trusted CA certificate store. The certificate chain of the peer's +certificate must include one of the CA certificates specified in this file. +Either option B<-C> or option B<-P> must be given in case of HTTPS. (Optional) + +=item B<-P> CA_path + +(HTTPS) The path containing the trusted CA certificates to verify the peer's +certificate. The directory must be prepared with the B<c_rehash> +OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of +HTTPS. (Optional) + +=item B<-rand> file:file... + +The files containing random data for seeding the random number +generator. Multiple files can be specified, the separator is B<;> for +MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional) + +=item B<-g> EGD_socket + +The name of an EGD socket to get random data from. (Optional) + +=item [request]... + +List of files containing B<RFC 3161> DER-encoded time stamp requests. If no +requests are specifed only one request will be sent to the server and it will be +read from the standard input. (Optional) + +=back + +=head1 ENVIRONMENT VARIABLES + +The B<TSGET> environment variable can optionally contain default +arguments. The content of this variable is added to the list of command line +arguments. + +=head1 EXAMPLES + +The examples below presume that B<file1.tsq> and B<file2.tsq> contain valid +time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests +and at port 8443 for HTTPS requests, the TSA service is available at the /tsa +absolute path. + +Get a time stamp response for file1.tsq over HTTP, output is written to +file1.tsr: + + tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq + +Get a time stamp response for file1.tsq and file2.tsq over HTTP showing +progress, output is written to file1.reply and file2.reply respectively: + + tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \ + file1.tsq file2.tsq + +Create a time stamp request, write it to file3.tsq, send it to the server and +write the response to file3.tsr: + + openssl ts -query -data file3.txt -cert | tee file3.tsq \ + | tsget -h http://tsa.opentsa.org:8080/tsa \ + -o file3.tsr + +Get a time stamp response for file1.tsq over HTTPS without client +authentication: + + tsget -h https://tsa.opentsa.org:8443/tsa \ + -C cacerts.pem file1.tsq + +Get a time stamp response for file1.tsq over HTTPS with certificate-based +client authentication (it will ask for the passphrase if client_key.pem is +protected): + + tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \ + -k client_key.pem -c client_cert.pem file1.tsq + +You can shorten the previous command line if you make use of the B<TSGET> +environment variable. The following commands do the same as the previous +example: + + TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \ + -k client_key.pem -c client_cert.pem' + export TSGET + tsget file1.tsq + +=head1 AUTHOR + +Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org) + +=head1 SEE ALSO + +L<openssl(1)|openssl(1)>, L<ts(1)|ts(1)>, L<curl(1)|curl(1)>, +B<RFC 3161> + +=cut diff --git a/lib/libssl/src/doc/apps/x509v3_config.pod b/lib/libssl/src/doc/apps/x509v3_config.pod index 38c46e85c46..0450067cf1d 100644 --- a/lib/libssl/src/doc/apps/x509v3_config.pod +++ b/lib/libssl/src/doc/apps/x509v3_config.pod @@ -52,7 +52,7 @@ use is defined by the extension code itself: check out the certificate policies extension for an example. If an extension type is unsupported then the I<arbitrary> extension syntax -must be used, see the L<ARBITRART EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details. +must be used, see the L<ARBITRARY EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details. =head1 STANDARD EXTENSIONS @@ -178,7 +178,7 @@ preceeding the name with a B<+> character. otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard -ASN1_generate_nconf() format. +L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format. Examples: @@ -226,21 +226,82 @@ Example: =head2 CRL distribution points. -This is a multi-valued extension that supports all the literal options of -subject alternative name. Of the few software packages that currently interpret -this extension most only interpret the URI option. +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. -Currently each option will set a new DistributionPoint with the fullName -field set to the given value. +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. -Other fields like cRLissuer and reasons cannot currently be set or displayed: -at this time no examples were available that used these fields. +In the single option case the section indicated contains values for each +field. In this section: -Examples: +If the name is "fullname" the value field should contain the full name +of the distribution point in the same format as subject alternative name. + +If the name is "relativename" then the value field should contain a section +name whose contents represent a DN fragment to be placed in this field. + +The name "CRLIssuer" if present should contain a value for this field in +subject alternative name format. + +If the name is "reasons" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: "keyCompromise", +"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation", +"certificateHold", "privilegeWithdrawn" and "AACompromise". + + +Simple examples: crlDistributionPoints=URI:http://myhost.com/myca.crl crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +Full distribution point example: + + crlDistributionPoints=crldp1_section + + [crldp1_section] + + fullname=URI:http://myhost.com/myca.crl + CRLissuer=dirName:issuer_sect + reasons=keyCompromise, CACompromise + + [issuer_sect] + C=UK + O=Organisation + CN=Some Name + +=head2 Issuing Distribution Point + +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the "section" pointed to by the CRL distribution +points extension with a few differences. + +The names "reasons" and "CRLissuer" are not recognized. + +The name "onlysomereasons" is accepted which sets this field. The value is +in the same format as the CRL distribution point "reasons" field. + +The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted +the values should be a boolean value (TRUE or FALSE) to indicate the value of +the corresponding field. + +Example: + + issuingDistributionPoint=critical, @idp_section + + [idp_section] + + fullname=URI:http://myhost.com/myca.crl + indirectCRL=TRUE + onlysomereasons=keyCompromise, CACompromise + + [issuer_sect] + C=UK + O=Organisation + CN=Some Name + + =head2 Certificate Policies. This is a I<raw> extension. All the fields of this extension can be set by @@ -329,6 +390,16 @@ Examples: nameConstraints=permitted;email:.somedomain.com nameConstraints=excluded;email:.com +issuingDistributionPoint = idp_section + +=head2 OCSP No Check + +The OCSP No Check extension is a string extension but its value is ignored. + +Example: + + noCheck = ignored + =head1 DEPRECATED EXTENSIONS @@ -370,7 +441,8 @@ the data is formatted correctly for the given extension type. There are two ways to encode arbitrary extensions. The first way is to use the word ASN1 followed by the extension content -using the same syntax as ASN1_generate_nconf(). For example: +using the same syntax as L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>. +For example: 1.2.3.4=critical,ASN1:UTF8String:Some random data @@ -450,7 +522,8 @@ for arbitrary extensions was added in OpenSSL 0.9.8 =head1 SEE ALSO -L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> +L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>, +L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> =cut diff --git a/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod b/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod index 51679bfcd97..9bae40fccf1 100644 --- a/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod +++ b/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod @@ -6,6 +6,8 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions =head1 SYNOPSIS + #include <openssl/asn1.h> + ASN1_OBJECT *ASN1_OBJECT_new(void); void ASN1_OBJECT_free(ASN1_OBJECT *a); diff --git a/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod b/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod index c4ec693f17b..a08e9a0fa47 100644 --- a/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod +++ b/lib/libssl/src/doc/crypto/ASN1_STRING_length.pod @@ -8,6 +8,8 @@ ASN1_STRING utility functions =head1 SYNOPSIS + #include <openssl/asn1.h> + int ASN1_STRING_length(ASN1_STRING *x); unsigned char * ASN1_STRING_data(ASN1_STRING *x); diff --git a/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod b/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod index 5b1bbb7eb21..8ac2a03ae26 100644 --- a/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod +++ b/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod @@ -7,6 +7,8 @@ ASN1_STRING allocation functions =head1 SYNOPSIS + #include <openssl/asn1.h> + ASN1_STRING * ASN1_STRING_new(void); ASN1_STRING * ASN1_STRING_type_new(int type); void ASN1_STRING_free(ASN1_STRING *a); diff --git a/lib/libssl/src/doc/crypto/ASN1_generate_nconf.pod b/lib/libssl/src/doc/crypto/ASN1_generate_nconf.pod index 1157cff510d..542fd1579ab 100644 --- a/lib/libssl/src/doc/crypto/ASN1_generate_nconf.pod +++ b/lib/libssl/src/doc/crypto/ASN1_generate_nconf.pod @@ -6,6 +6,8 @@ ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions =head1 SYNOPSIS + #include <openssl/asn1.h> + ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); @@ -101,7 +103,8 @@ bits is set to zero. =item B<UNIVERSALSTRING>, B<UNIV>, B<IA5>, B<IA5STRING>, B<UTF8>, B<UTF8String>, B<BMP>, B<BMPSTRING>, B<VISIBLESTRING>, B<VISIBLE>, B<PRINTABLESTRING>, B<PRINTABLE>, B<T61>, -B<T61STRING>, B<TELETEXSTRING>, B<GeneralString> +B<T61STRING>, B<TELETEXSTRING>, B<GeneralString>, B<NUMERICSTRING>, +B<NUMERIC> These encode the corresponding string types. B<value> represents the contents of this structure. The format can be B<ASCII> or B<UTF8>. @@ -175,7 +178,7 @@ An IA5String explicitly tagged using APPLICATION tagging: A BITSTRING with bits 1 and 5 set and all others zero: - FORMAT=BITLIST,BITSTRING:1,5 + FORMAT:BITLIST,BITSTRING:1,5 A more complex example using a config file to produce a SEQUENCE consiting of a BOOL an OID and a UTF8String: diff --git a/lib/libssl/src/doc/crypto/BIO_new_CMS.pod b/lib/libssl/src/doc/crypto/BIO_new_CMS.pod new file mode 100644 index 00000000000..9e3a4b7f89e --- /dev/null +++ b/lib/libssl/src/doc/crypto/BIO_new_CMS.pod @@ -0,0 +1,66 @@ +=pod + +=head1 NAME + + BIO_new_CMS - CMS streaming filter BIO + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); + +=head1 DESCRIPTION + +BIO_new_CMS() returns a streaming filter BIO chain based on B<cms>. The output +of the filter is written to B<out>. Any data written to the chain is +automatically translated to a BER format CMS structure of the appropriate type. + +=head1 NOTES + +The chain returned by this function behaves like a standard filter BIO. It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain BIO_flush() must be called +to finalise the structure. + +The B<CMS_STREAM> flag must be included in the corresponding B<flags> +parameter of the B<cms> creation function. + +If an application wishes to write additional data to B<out> BIOs should be +removed from the chain using BIO_pop() and freed with BIO_free() until B<out> +is reached. If no additional data needs to be written BIO_free_all() can be +called to free up the whole chain. + +Any content written through the filter is used verbatim: no canonical +translation is performed. + +It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures. + +Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of OCTET STRING structures. Prepending +a BIO_f_buffer() buffering BIO will prevent this. + +=head1 BUGS + +There is currently no corresponding inverse BIO: i.e. one which can decode +a CMS structure on the fly. + +=head1 RETURN VALUES + +BIO_new_CMS() returns a BIO chain when successful or NULL if an error +occurred. The error can be obtained from ERR_get_error(3). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_encrypt(3)|CMS_encrypt(3)> + +=head1 HISTORY + +BIO_new_CMS() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod b/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod index 7b087f7288f..5f51fdb4706 100644 --- a/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod +++ b/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod @@ -22,8 +22,11 @@ functions. BN_CTX *ctx); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx); + #ifndef OPENSSL_NO_DEPRECATED unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); + #endif + CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, @@ -54,11 +57,11 @@ BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() with B<r> set to NULL. -BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id() -set and get the "thread id" value of the B<BN_BLINDING> structure, -a field provided to users of B<BN_BLINDING> structure to help them -provide proper locking if needed for multi-threaded use. The -"thread id" of a newly allocated B<BN_BLINDING> structure is zero. +BN_BLINDING_thread_id() provides access to the B<CRYPTO_THREADID> +object within the B<BN_BLINDING> structure. This is to help users +provide proper locking if needed for multi-threaded use. The "thread +id" object of a newly allocated B<BN_BLINDING> structure is +initialised to the thread id in which BN_BLINDING_new() was called. BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently there are two supported flags: B<BN_BLINDING_NO_UPDATE> and @@ -83,8 +86,8 @@ BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(), BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on success and 0 if an error occured. -BN_BLINDING_get_thread_id() returns the thread id (a B<unsigned long> -value) or 0 if not set. +BN_BLINDING_thread_id() returns a pointer to the thread id object +within a B<BN_BLINDING> object. BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags (a B<unsigned long> value). @@ -98,6 +101,9 @@ L<bn(3)|bn(3)> =head1 HISTORY +BN_BLINDING_thread_id was first introduced in OpenSSL 1.0.0, and it +deprecates BN_BLINDING_set_thread_id and BN_BLINDING_get_thread_id. + BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8 diff --git a/lib/libssl/src/doc/crypto/CMS_add0_cert.pod b/lib/libssl/src/doc/crypto/CMS_add0_cert.pod new file mode 100644 index 00000000000..9c13f488f61 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_add0_cert.pod @@ -0,0 +1,66 @@ +=pod + +=head1 NAME + + CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_get1_crls, - CMS certificate and CRL utility functions + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); + int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); + STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + + int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); + int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); + STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + + +=head1 DESCRIPTION + +CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>. +must be of type signed data or enveloped data. + +CMS_get1_certs() returns all certificates in B<cms>. + +CMS_add0_crl() and CMS_add1_crl() add CRL B<crl> to B<cms>. CMS_get1_crls() +returns any CRLs in B<cms>. + +=head1 NOTES + +The CMS_ContentInfo structure B<cms> must be of type signed data or enveloped +data or an error will be returned. + +For signed data certificates and CRLs are added to the B<certificates> and +B<crls> fields of SignedData structure. For enveloped data they are added to +B<OriginatorInfo>. + +As the B<0> implies CMS_add0_cert() adds B<cert> internally to B<cms> and it +must not be freed up after the call as opposed to CMS_add1_cert() where B<cert> +must be freed up. + +The same certificate or CRL must not be added to the same cms structure more +than once. + +=head1 RETURN VALUES + +CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return +1 for success and 0 for failure. + +CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs +or NULL if there are none or an error occurs. The only error which will occur +in practice is if the B<cms> type is invalid. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, +L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_encrypt(3)|CMS_encrypt(3)> + +=head1 HISTORY + +CMS_add0_cert(), CMS_add1_cert(), CMS_get1_certs(), CMS_add0_crl() +and CMS_get1_crls() were all first added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_add1_recipient_cert.pod b/lib/libssl/src/doc/crypto/CMS_add1_recipient_cert.pod new file mode 100644 index 00000000000..d7d8e2532c8 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_add1_recipient_cert.pod @@ -0,0 +1,62 @@ +=pod + +=head1 NAME + + CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags); + + CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType); + +=head1 DESCRIPTION + +CMS_add1_recipient_cert() adds recipient B<recip> to CMS_ContentInfo enveloped +data structure B<cms> as a KeyTransRecipientInfo structure. + +CMS_add0_recipient_key() adds symmetric key B<key> of length B<keylen> using +wrapping algorithm B<nid>, identifier B<id> of length B<idlen> and optional +values B<date>, B<otherTypeId> and B<otherType> to CMS_ContentInfo enveloped +data structure B<cms> as a KEKRecipientInfo structure. + +The CMS_ContentInfo structure should be obtained from an initial call to +CMS_encrypt() with the flag B<CMS_PARTIAL> set. + +=head1 NOTES + +The main purpose of this function is to provide finer control over a CMS +enveloped data structure where the simpler CMS_encrypt() function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the CMS attribute utility functions. + +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If B<CMS_USE_KEYID> is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. + +Currently only AES based key wrapping algorithms are supported for B<nid>, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If B<nid> is set to B<NID_undef> then an AES wrap algorithm will be used +consistent with B<keylen>. + +=head1 RETURN VALUES + +CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal +pointer to the CMS_RecipientInfo structure just added or NULL if an error +occurs. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_decrypt(3)|CMS_decrypt(3)>, +L<CMS_final(3)|CMS_final(3)>, + +=head1 HISTORY + +CMS_add1_recipient_cert() and CMS_add0_recipient_key() were added to OpenSSL +0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_compress.pod b/lib/libssl/src/doc/crypto/CMS_compress.pod new file mode 100644 index 00000000000..0a0715271d3 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_compress.pod @@ -0,0 +1,73 @@ +=pod + +=head1 NAME + +CMS_compress - create a CMS CompressedData structure + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +=head1 DESCRIPTION + +CMS_compress() creates and returns a CMS CompressedData structure. B<comp_nid> +is the compression algorithm to use or B<NID_undef> to use the default +algorithm (zlib compression). B<in> is the content to be compressed. +B<flags> is an optional set of flags. + +=head1 NOTES + +The only currently supported compression algorithm is zlib using the NID +NID_zlib_compression. + +If zlib support is not compiled into OpenSSL then CMS_compress() will return +an error. + +If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are +prepended to the data. + +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if B<CMS_BINARY> is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If B<CMS_BINARY> is set then +B<CMS_TEXT> is ignored. + +If the B<CMS_STREAM> flag is set a partial B<CMS_ContentInfo> structure is +returned suitable for streaming I/O: no data is read from the BIO B<in>. + +The compressed data is included in the CMS_ContentInfo structure, unless +B<CMS_DETACHED> is set in which case it is omitted. This is rarely used in +practice and is not supported by SMIME_write_CMS(). + +=head1 NOTES + +If the flag B<CMS_STREAM> is set the returned B<CMS_ContentInfo> structure is +B<not> complete and outputting its contents via a function that does not +properly finalize the B<CMS_ContentInfo> structure will give unpredictable +results. + +Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 B<BIO> directly using +BIO_new_CMS(). + +Additional compression parameters such as the zlib compression level cannot +currently be set. + +=head1 RETURN VALUES + +CMS_compress() returns either a CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_uncompress(3)|CMS_uncompress(3)> + +=head1 HISTORY + +CMS_compress() was added to OpenSSL 0.9.8 +The B<CMS_STREAM> flag was first supported in OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_decrypt.pod b/lib/libssl/src/doc/crypto/CMS_decrypt.pod new file mode 100644 index 00000000000..d857e4f93f6 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_decrypt.pod @@ -0,0 +1,65 @@ +=pod + +=head1 NAME + + CMS_decrypt - decrypt content from a CMS envelopedData structure + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); + +=head1 DESCRIPTION + +CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData +structure. B<pkey> is the private key of the recipient, B<cert> is the +recipient's certificate, B<out> is a BIO to write the content to and +B<flags> is an optional set of flags. + +The B<dcont> parameter is used in the rare case where the encrypted content +is detached. It will normally be set to NULL. + +=head1 NOTES + +OpenSSL_add_all_algorithms() (or equivalent) should be called before using this +function or errors about unknown algorithms will occur. + +Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the CMS +structure. If B<cert> is set to NULL all possible recipients are tried. + +It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the CMS structure +in advance using the CMS utility functions such as CMS_set1_pkey(). In this +case both B<cert> and B<pkey> should be set to NULL. + +To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key() +and CMS_ReceipientInfo_decrypt() should be called before CMS_decrypt() and +B<cert> and B<pkey> set to NULL. + +The following flags can be passed in the B<flags> parameter. + +If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted +from the content. If the content is not of type B<text/plain> then an error is +returned. + +=head1 RETURN VALUES + +CMS_decrypt() returns either 1 for success or 0 for failure. +The error can be obtained from ERR_get_error(3) + +=head1 BUGS + +The lack of single pass processing and the need to hold all data in memory as +mentioned in CMS_verify() also applies to CMS_decrypt(). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> + +=head1 HISTORY + +CMS_decrypt() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_encrypt.pod b/lib/libssl/src/doc/crypto/CMS_encrypt.pod new file mode 100644 index 00000000000..1ee5b275ec8 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_encrypt.pod @@ -0,0 +1,96 @@ +=pod + +=head1 NAME + + CMS_encrypt - create a CMS envelopedData structure + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); + +=head1 DESCRIPTION + +CMS_encrypt() creates and returns a CMS EnvelopedData structure. B<certs> +is a list of recipient certificates. B<in> is the content to be encrypted. +B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags. + +=head1 NOTES + +Only certificates carrying RSA keys are supported so the recipient certificates +supplied to this function must all contain RSA public keys, though they do not +have to be signed using the RSA algorithm. + +EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use +because most clients will support it. + +The algorithm passed in the B<cipher> parameter must support ASN1 encoding of +its parameters. + +Many browsers implement a "sign and encrypt" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory BIO and passing it to +CMS_encrypt(). + +The following flags can be passed in the B<flags> parameter. + +If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are +prepended to the data. + +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if B<CMS_BINARY> is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If B<CMS_BINARY> is set then +B<CMS_TEXT> is ignored. + +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If B<CMS_USE_KEYID> is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. + +If the B<CMS_STREAM> flag is set a partial B<CMS_ContentInfo> structure is +returned suitable for streaming I/O: no data is read from the BIO B<in>. + +If the B<CMS_PARTIAL> flag is set a partial B<CMS_ContentInfo> structure is +returned to which additional recipients and attributes can be added before +finalization. + +The data being encrypted is included in the CMS_ContentInfo structure, unless +B<CMS_DETACHED> is set in which case it is omitted. This is rarely used in +practice and is not supported by SMIME_write_CMS(). + +=head1 NOTES + +If the flag B<CMS_STREAM> is set the returned B<CMS_ContentInfo> structure is +B<not> complete and outputting its contents via a function that does not +properly finalize the B<CMS_ContentInfo> structure will give unpredictable +results. + +Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 B<BIO> directly using +BIO_new_CMS(). + +The recipients specified in B<certs> use a CMS KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag B<CMS_PARTIAL> +and CMS_add0_recipient_key(). + +The parameter B<certs> may be NULL if B<CMS_PARTIAL> is set and recipients +added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key(). + +=head1 RETURN VALUES + +CMS_encrypt() returns either a CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_decrypt(3)|CMS_decrypt(3)> + +=head1 HISTORY + +CMS_decrypt() was added to OpenSSL 0.9.8 +The B<CMS_STREAM> flag was first supported in OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_final.pod b/lib/libssl/src/doc/crypto/CMS_final.pod new file mode 100644 index 00000000000..36cf96b8a0b --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_final.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + + CMS_final - finalise a CMS_ContentInfo structure + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); + +=head1 DESCRIPTION + +CMS_final() finalises the structure B<cms>. It's purpose is to perform any +operations necessary on B<cms> (digest computation for example) and set the +appropriate fields. The parameter B<data> contains the content to be +processed. The B<dcont> parameter contains a BIO to write content to after +processing: this is only used with detached data and will usually be set to +NULL. + +=head1 NOTES + +This function will normally be called when the B<CMS_PARTIAL> flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally. + +=head1 RETURN VALUES + +CMS_final() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_encrypt(3)|CMS_encrypt(3)> + +=head1 HISTORY + +CMS_final() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod b/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod new file mode 100644 index 00000000000..e0355423e6d --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_get0_RecipientInfos.pod @@ -0,0 +1,106 @@ +=pod + +=head1 NAME + + CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt - CMS envelopedData RecipientInfo routines + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); + int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); + + int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); + int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); + int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); + + int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, ASN1_OBJECT **potherid, ASN1_TYPE **pothertype); + int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, size_t idlen); + int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen); + + int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +=head1 DESCRIPTION + +The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo +structures associated with a CMS EnvelopedData structure. + +CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure B<ri>. +It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, +CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER. + +CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure B<ri>, which +must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in +B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>. + +CMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the +CMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS. +It returns zero if the comparison is successful and non zero if not. + +CMS_RecipientInfo_set0_pkey() associates the private key B<pkey> with +the CMS_RecipientInfo structure B<ri>, which must be of type +CMS_RECIPINFO_TRANS. + +CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the +CMS_RecipientInfo structure B<ri> which must be of type CMS_RECIPINFO_KEK. Any +of the remaining parameters can be NULL if the application is not interested in +the value of a field. Where a field is optional and absent NULL will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +B<palg>, the B<keyIdentifier> field is written to B<pid>, the B<date> field if +present is written to B<pdate>, if the B<other> field is present the components +B<keyAttrId> and B<keyAttr> are written to parameters B<potherid> and +B<pothertype>. + +CMS_RecipientInfo_kekri_id_cmp() compares the ID in the B<id> and B<idlen> +parameters against the B<keyIdentifier> CMS_RecipientInfo structure B<ri>, +which must be of type CMS_RECIPINFO_KEK. It returns zero if the comparison is +successful and non zero if not. + +CMS_RecipientInfo_set0_key() associates the symmetric key B<key> of length +B<keylen> with the CMS_RecipientInfo structure B<ri>, which must be of type +CMS_RECIPINFO_KEK. + +CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure +B<ri> in structure B<cms>. A key must have been associated with the structure +first. + +=head1 NOTES + +The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of CMS_decrypt() is not appropriate. + +In typical usage and application will retrieve all CMS_RecipientInfo structures +using CMS_get0_RecipientInfos() and check the type of each using +CMS_RecpientInfo_type(). Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +CMS_RecpientInfo_decrypt() called. If successful CMS_decrypt() can be called +with a NULL key to decrypt the enveloped content. + +=head1 RETURN VALUES + +CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if +an error occurs. + +CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), +CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and +CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. + +CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 +for a successful comparison and non zero otherwise. + +Any error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_decrypt(3)|CMS_decrypt(3)> + +=head1 HISTORY + +These functions were first was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_get0_SignerInfos.pod b/lib/libssl/src/doc/crypto/CMS_get0_SignerInfos.pod new file mode 100644 index 00000000000..47f6d2a0472 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_get0_SignerInfos.pod @@ -0,0 +1,75 @@ +=pod + +=head1 NAME + + CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_cert_cmp, CMS_set1_signer_certs - CMS signedData signer functions. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + + int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); + int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); + void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); + +=head1 DESCRIPTION + +The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures +associated with a CMS signedData structure. + +CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure B<si>. Either the +keyidentifier will be set in B<keyid> or B<both> issuer name and serial number +in B<issuer> and B<sno>. + +CMS_SignerInfo_cert_cmp() compares the certificate B<cert> against the signer +identifier B<si>. It returns zero if the comparison is successful and non zero +if not. + +CMS_SignerInfo_set1_signer_cert() sets the signers certificate of B<si> to +B<signer>. + +=head1 NOTES + +The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of CMS_verify() is not appropriate. + +In typical usage and application will retrieve all CMS_SignerInfo structures +using CMS_get0_SignerInfo() and retrieve the identifier information using +CMS. It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +CMS_SignerInfo_set1_signer_cert(). + +Once all signer certificates have been set CMS_verify() can be used. + +Although CMS_get0_SignerInfos() can return NULL is an error occur B<or> if +there are no signers this is not a problem in practice because the only +error which can occur is if the B<cms> structure is not of type signedData +due to application error. + +=head1 RETURN VALUES + +CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there +are no signers or an error occurs. + +CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure. + +CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non +zero otherwise. + +CMS_SignerInfo_set1_signer_cert() does not return a value. + +Any error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_verify(3)|CMS_verify(3)> + +=head1 HISTORY + +These functions were first was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_get0_type.pod b/lib/libssl/src/doc/crypto/CMS_get0_type.pod new file mode 100644 index 00000000000..8ff1c3115cd --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_get0_type.pod @@ -0,0 +1,63 @@ +=pod + +=head1 NAME + + CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType - get and set CMS content types + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); + const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +=head1 DESCRIPTION + +CMS_get0_type() returns the content type of a CMS_ContentInfo structure as +and ASN1_OBJECT pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value. + +CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo +structure. It should be called with CMS functions with the B<CMS_PARTIAL> +flag and B<before> the structure is finalised, otherwise the results are +undefined. + +ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded +content type. + +=head1 NOTES + +As the B<0> implies CMS_get0_type() and CMS_get0_eContentType() return internal +pointers which should B<not> be freed up. CMS_set1_eContentType() copies the +supplied OID and it B<should> be freed up after use. + +The B<ASN1_OBJECT> values returned can be converted to an integer B<NID> value +using OBJ_obj2nid(). For the currently supported content types the following +values are returned: + + NID_pkcs7_data + NID_pkcs7_signed + NID_pkcs7_digest + NID_id_smime_ct_compressedData: + NID_pkcs7_encrypted + NID_pkcs7_enveloped + + +=head1 RETURN VALUES + +CMS_get0_type() and CMS_get0_eContentType() return and ASN1_OBJECT structure. + +CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The +error can be obtained from ERR_get_error(3). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)> + +=head1 HISTORY + +CMS_get0_type(), CMS_set1_eContentType() and CMS_get0_eContentType() were all +first added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod b/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod new file mode 100644 index 00000000000..f546376a1e6 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_get1_ReceiptRequest.pod @@ -0,0 +1,69 @@ +=pod + +=head1 NAME + + CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo); + int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); + int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); + void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto); + +=head1 DESCRIPTION + +CMS_ReceiptRequest_create0() creates a signed receipt request structure. The +B<signedContentIdentifier> field is set using B<id> and B<idlen>, or it is set +to 32 bytes of pseudo random data if B<id> is NULL. If B<receiptList> is NULL +the allOrFirstTier option in B<receiptsFrom> is used and set to the value of +the B<allorfirst> parameter. If B<receiptList> is not NULL the B<receiptList> +option in B<receiptsFrom> is used. The B<receiptsTo> parameter specifies the +B<receiptsTo> field value. + +The CMS_add1_ReceiptRequest() function adds a signed receipt request B<rr> +to SignerInfo structure B<si>. + +int CMS_get1_ReceiptRequest() looks for a signed receipt request in B<si>, if +any is found it is decoded and written to B<prr>. + +CMS_ReceiptRequest_get0_values() retrieves the values of a receipt request. +The signedContentIdentifier is copied to B<pcid>. If the B<allOrFirstTier> +option of B<receiptsFrom> is used its value is copied to B<pallorfirst> +otherwise the B<receiptList> field is copied to B<plist>. The B<receiptsTo> +parameter is copied to B<prto>. + +=head1 NOTES + +For more details of the meaning of the fields see RFC2634. + +The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +CMS_verify(). + +=head1 RETURN VALUES + +CMS_ReceiptRequest_create0() returns a signed receipt request structure or +NULL if an error occurred. + +CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred. + +CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and -1 if +it is present but malformed. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_sign_receipt(3)|CMS_sign_receipt(3)>, L<CMS_verify(3)|CMS_verify(3)> +L<CMS_verify_receipt(3)|CMS_verify_receipt(3)> + +=head1 HISTORY + +CMS_ReceiptRequest_create0(), CMS_add1_ReceiptRequest(), +CMS_get1_ReceiptRequest() and CMS_ReceiptRequest_get0_values() were added to +OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_sign.pod b/lib/libssl/src/doc/crypto/CMS_sign.pod new file mode 100644 index 00000000000..2cc72de3272 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_sign.pod @@ -0,0 +1,121 @@ +=pod + +=head1 NAME + + CMS_sign - create a CMS SignedData structure + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags); + +=head1 DESCRIPTION + +CMS_sign() creates and returns a CMS SignedData structure. B<signcert> is +the certificate to sign with, B<pkey> is the corresponding private key. +B<certs> is an optional additional set of certificates to include in the CMS +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be B<NULL>, see B<NOTES> below. + +The data to be signed is read from BIO B<data>. + +B<flags> is an optional set of flags. + +=head1 NOTES + +Any of the following flags (ored together) can be passed in the B<flags> +parameter. + +Many S/MIME clients expect the signed content to include valid MIME headers. If +the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are prepended +to the data. + +If B<CMS_NOCERTS> is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the B<signcert> parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. + +The data being signed is included in the CMS_ContentInfo structure, unless +B<CMS_DETACHED> is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example. + +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if B<CMS_BINARY> is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. + +The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If B<CMS_NOATTR> is set then no signedAttributes +will be used. If B<CMS_NOSMIMECAP> is set then just the SMIMECapabilities are +omitted. + +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded. + +OpenSSL will by default identify signing certificates using issuer name +and serial number. If B<CMS_USE_KEYID> is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. + +If the flags B<CMS_STREAM> is set then the returned B<CMS_ContentInfo> +structure is just initialized ready to perform the signing operation. The +signing is however B<not> performed and the data to be signed is not read from +the B<data> parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. + +If the B<CMS_PARTIAL> flag is set a partial B<CMS_ContentInfo> structure is +output to which additional signers and capabilities can be added before +finalization. + +If the flag B<CMS_STREAM> is set the returned B<CMS_ContentInfo> structure is +B<not> complete and outputting its contents via a function that does not +properly finalize the B<CMS_ContentInfo> structure will give unpredictable +results. + +Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 B<BIO> directly using +BIO_new_CMS(). + +If a signer is specified it will use the default digest for the signing +algorithm. This is B<SHA1> for both RSA and DSA keys. + +If B<signcert> and B<pkey> are NULL then a certificates only CMS structure is +output. + +The function CMS_sign() is a basic CMS signing function whose output will be +suitable for many purposes. For finer control of the output format the +B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the +B<CMS_PARTIAL> flag set. Then one or more signers can be added using the +function CMS_sign_add1_signer(), non default digests can be used and custom +attributes added. B<CMS_final()> must then be called to finalize the +structure if streaming is not enabled. + +=head1 BUGS + +Some attributes such as counter signatures are not supported. + +=head1 RETURN VALUES + +CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_verify(3)|CMS_verify(3)> + +=head1 HISTORY + +CMS_sign() was added to OpenSSL 0.9.8 + +The B<CMS_STREAM> flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later. + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod b/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod new file mode 100644 index 00000000000..bda3ca2adbd --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_sign_add1_signer.pod @@ -0,0 +1,101 @@ +=pod + +=head1 NAME + + CMS_sign_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); + + int CMS_SignerInfo_sign(CMS_SignerInfo *si); + + +=head1 DESCRIPTION + +CMS_sign_add1_signer() adds a signer with certificate B<signcert> and private +key B<pkey> using message digest B<md> to CMS_ContentInfo SignedData +structure B<cms>. + +The CMS_ContentInfo structure should be obtained from an initial call to +CMS_sign() with the flag B<CMS_PARTIAL> set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. + +If the B<md> parameter is B<NULL> then the default digest for the public +key algorithm will be used. + +Unless the B<CMS_REUSE_DIGEST> flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to CMS_final(). + +The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo +structure, its main use is when B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags +are both set. + +=head1 NOTES + +The main purpose of CMS_sign_add1_signer() is to provide finer control +over a CMS signed data structure where the simpler CMS_sign() function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the CMS attribute utility functions or the +CMS signed receipt request functions. + +Any of the following flags (ored together) can be passed in the B<flags> +parameter. + +If B<CMS_REUSE_DIGEST> is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. + +If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to CMS_SignerInfo_sign() is +needed to finalize it. + +If B<CMS_NOCERTS> is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the B<signcert> parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. + +The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If B<CMS_NOATTR> is set then no signedAttributes +will be used. If B<CMS_NOSMIMECAP> is set then just the SMIMECapabilities are +omitted. + +OpenSSL will by default identify signing certificates using issuer name +and serial number. If B<CMS_USE_KEYID> is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. + +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded. + +CMS_sign_add1_signer() returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. + +=head1 RETURN VALUES + +CMS_sign1_add_signers() returns an internal pointer to the CMS_SignerInfo +structure just added or NULL if an error occurs. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_final(3)|CMS_final(3)>, + +=head1 HISTORY + +CMS_sign_add1_signer() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_sign_receipt.pod b/lib/libssl/src/doc/crypto/CMS_sign_receipt.pod new file mode 100644 index 00000000000..cae1f833840 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_sign_receipt.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + + CMS_sign_receipt - create a CMS signed receipt + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags); + +=head1 DESCRIPTION + +CMS_sign_receipt() creates and returns a CMS signed receipt structure. B<si> is +the B<CMS_SignerInfo> structure containing the signed receipt request. +B<signcert> is the certificate to sign with, B<pkey> is the corresponding +private key. B<certs> is an optional additional set of certificates to include +in the CMS structure (for example any intermediate CAs in the chain). + +B<flags> is an optional set of flags. + +=head1 NOTES + +This functions behaves in a similar way to CMS_sign() except the flag values +B<CMS_DETACHED>, B<CMS_BINARY>, B<CMS_NOATTR>, B<CMS_TEXT> and B<CMS_STREAM> +are not supported since they do not make sense in the context of signed +receipts. + +=head1 RETURN VALUES + +CMS_sign_receipt() returns either a valid CMS_ContentInfo structure or NULL if +an error occurred. The error can be obtained from ERR_get_error(3). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, +L<CMS_verify_receipt(3)|CMS_verify_receipt(3)>, +L<CMS_sign(3)|CMS_sign(3)> + +=head1 HISTORY + +CMS_sign_receipt() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_uncompress.pod b/lib/libssl/src/doc/crypto/CMS_uncompress.pod new file mode 100644 index 00000000000..c6056b027da --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_uncompress.pod @@ -0,0 +1,54 @@ +=pod + +=head1 NAME + + CMS_uncompress - uncompress a CMS CompressedData structure + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); + +=head1 DESCRIPTION + +CMS_uncompress() extracts and uncompresses the content from a CMS +CompressedData structure B<cms>. B<data> is a BIO to write the content to and +B<flags> is an optional set of flags. + +The B<dcont> parameter is used in the rare case where the compressed content +is detached. It will normally be set to NULL. + +=head1 NOTES + +The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned. + +If zlib support is not compiled into OpenSSL then CMS_uncompress() will always +return an error. + +The following flags can be passed in the B<flags> parameter. + +If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted +from the content. If the content is not of type B<text/plain> then an error is +returned. + +=head1 RETURN VALUES + +CMS_uncompress() returns either 1 for success or 0 for failure. The error can +be obtained from ERR_get_error(3) + +=head1 BUGS + +The lack of single pass processing and the need to hold all data in memory as +mentioned in CMS_verify() also applies to CMS_decompress(). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_compress(3)|CMS_compress(3)> + +=head1 HISTORY + +CMS_uncompress() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_verify.pod b/lib/libssl/src/doc/crypto/CMS_verify.pod new file mode 100644 index 00000000000..8f26fdab093 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_verify.pod @@ -0,0 +1,126 @@ +=pod + +=head1 NAME + + CMS_verify - verify a CMS SignedData structure + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, unsigned int flags); + + STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +=head1 DESCRIPTION + +CMS_verify() verifies a CMS SignedData structure. B<cms> is the CMS_ContentInfo +structure to verify. B<certs> is a set of certificates in which to search for +the signing certificate(s). B<store> is a trusted certificate store used for +chain verification. B<indata> is the detached content if the content is not +present in B<cms>. The content is written to B<out> if it is not NULL. + +B<flags> is an optional set of flags, which can be used to modify the verify +operation. + +CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it must +be called after a successful CMS_verify() operation. + +=head1 VERIFY PROCESS + +Normally the verify process proceeds as follows. + +Initially some sanity checks are performed on B<cms>. The type of B<cms> must +be SignedData. There must be at least one signature on the data and if +the content is detached B<indata> cannot be B<NULL>. + +An attempt is made to locate all the signing certificate(s), first looking in +the B<certs> parameter (if it is not NULL) and then looking in any +certificates contained in the B<cms> structure itself. If any signing +certificate cannot be located the operation fails. + +Each signing certificate is chain verified using the B<smimesign> purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If CRL checking is enabled in B<store> any internal +CRLs are used in addition to attempting to look them up in B<store>. If any +chain verify fails an error code is returned. + +Finally the signed content is read (and written to B<out> is it is not NULL) +and the signature's checked. + +If all signature's verify correctly then the function is successful. + +Any of the following flags (ored together) can be passed in the B<flags> +parameter to change the default verify behaviour. + +If B<CMS_NOINTERN> is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the B<certs> parameter. + +If B<CMS_NOCRL> is set and CRL checking is enabled in B<store> then any +CRLs in the message itself are ignored. + +If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted +from the content. If the content is not of type B<text/plain> then an error is +returned. + +If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not +verified. + +If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not +verified. + +If B<CMS_NO_CONTENT_VERIFY> is set then the content digest is not checked. + +=head1 NOTES + +One application of B<CMS_NOINTERN> is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the B<certs> parameter. In this case if the signer is not one of the +certificates supplied in B<certs> then the verify will fail because the +signer cannot be found. + +In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions. + +Care should be taken when modifying the default verify behaviour, for example +setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification +and any modified content will be considered valid. This combination is however +useful if one merely wishes to write the content to B<out> and its validity +is not considered important. + +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). + +=head1 RETURN VALUES + +CMS_verify() returns 1 for a successful verification and zero if an error +occurred. + +CMS_get0_signers() returns all signers or NULL if an error occurred. + +The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> + +=head1 BUGS + +The trusted certificate store is not searched for the signing certificate, +this is primarily due to the inadequacies of the current B<X509_STORE> +functionality. + +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)> + +=head1 HISTORY + +CMS_verify() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod b/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod new file mode 100644 index 00000000000..9283e0e04b8 --- /dev/null +++ b/lib/libssl/src/doc/crypto/CMS_verify_receipt.pod @@ -0,0 +1,47 @@ +=pod + +=head1 NAME + + CMS_verify_receipt - verify a CMS signed receipt + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags); + +=head1 DESCRIPTION + +CMS_verify_receipt() verifies a CMS signed receipt. B<rcms> is the signed +receipt to verify. B<ocms> is the original SignedData structure containing the +receipt request. B<certs> is a set of certificates in which to search for the +signing certificate. B<store> is a trusted certificate store (used for chain +verification). + +B<flags> is an optional set of flags, which can be used to modify the verify +operation. + +=head1 NOTES + +This functions behaves in a similar way to CMS_verify() except the flag values +B<CMS_DETACHED>, B<CMS_BINARY>, B<CMS_TEXT> and B<CMS_STREAM> are not +supported since they do not make sense in the context of signed receipts. + +=head1 RETURN VALUES + +CMS_verify_receipt() returns 1 for a successful verification and zero if an +error occurred. + +The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, +L<CMS_sign_receipt(3)|CMS_sign_receipt(3)>, +L<CMS_verify(3)|CMS_verify(3)>, + +=head1 HISTORY + +CMS_verify_receipt() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod b/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod new file mode 100644 index 00000000000..37d960e3b22 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_DigestSignInit.pod @@ -0,0 +1,87 @@ +=pod + +=head1 NAME + +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); + int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); + +=head1 DESCRIPTION + +The EVP signature routines are a high level interface to digital signatures. + +EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from +ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with +EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the +EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can +be used to set alternative signing options. + +EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the +signature context B<ctx>. This function can be called several times on the +same B<ctx> to include additional data. This function is currently implemented +usig a macro. + +EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>. +If B<sig> is B<NULL> then the maximum size of the output buffer is written to +the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the +B<siglen> parameter should contain the length of the B<sig> buffer, if the +call is successful the signature is written to B<sig> and the amount of data +written to B<siglen>. + +=head1 RETURN VALUES + +EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return +1 for success and 0 or a negative value for failure. In particular a return +value of -2 indicates the operation is not supported by the public key +algorithm. + +The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 NOTES + +The B<EVP> interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. + +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged. + +For some key types and parameters the random number generator must be seeded +or the operation will fail. + +The call to EVP_DigestSignFinal() internally finalizes a copy of the digest +context. This means that calls to EVP_DigestSignUpdate() and +EVP_DigestSignFinal() can be called later to digest and sign additional data. + +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +will occur. + +The use of EVP_PKEY_size() with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result EVP_PKEY_size() would have to return a value +which indicates the maximum possible signature for any set of parameters. + +=head1 SEE ALSO + +L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>, +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, +L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, +L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, +L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> + +=head1 HISTORY + +EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() +were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod b/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod new file mode 100644 index 00000000000..f2244889783 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_DigestVerifyInit.pod @@ -0,0 +1,82 @@ +=pod + +=head1 NAME + +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); + int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); + +=head1 DESCRIPTION + +The EVP signature routines are a high level interface to digital signatures. + +EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest +B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be initialized +with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the +EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this +can be used to set alternative verification options. + +EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the +verification context B<ctx>. This function can be called several times on the +same B<ctx> to include additional data. This function is currently implemented +using a macro. + +EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in +B<sig> of length B<siglen>. + +=head1 RETURN VALUES + +EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 indicates +the operation is not supported by the public key algorithm. + +Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only +indicates that the signature did not not verify successfully (that is tbs did +not match the original data or the signature was of invalid form) it is not an +indication of a more serious error. + +The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>. + +=head1 NOTES + +The B<EVP> interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. + +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged. + +For some key types and parameters the random number generator must be seeded +or the operation will fail. + +The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest +context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can +be called later to digest and verify additional data. + +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +will occur. + +=head1 SEE ALSO + +L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, +L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, +L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, +L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> + +=head1 HISTORY + +EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() +were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod new file mode 100644 index 00000000000..f2f455990f5 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -0,0 +1,128 @@ +=pod + +=head1 NAME + +EVP_PKEY_ctrl, EVP_PKEY_ctrl_str - algorithm specific control operations + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); + int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + + int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + + #include <openssl/rsa.h> + + int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + + int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); + int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); + int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); + + #include <openssl/dsa.h> + int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); + + #include <openssl/dh.h> + int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); + + #include <openssl/ec.h> + int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); + +=head1 DESCRIPTION + +The function EVP_PKEY_CTX_ctrl() sends a control operation to the context +B<ctx>. The key type used must match B<keytype> if it is not -1. The parameter +B<optype> is a mask indicating which operations the control can be applied to. +The control command is indicated in B<cmd> and any additional arguments in +B<p1> and B<p2>. + +Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will +instead call one of the algorithm specific macros below. + +The function EVP_PKEY_ctrl_str() allows an application to send an algorithm +specific control operation to a context B<ctx> in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option B<-pkeyopt> which is supported by the +B<pkeyutl>, B<genpkey> and B<req> commands. + +All the remaining "functions" are implemented as macros. + +The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used +in a signature. It can be used with any public key algorithm supporting +signature operations. + +The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>. +The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, +RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding, +RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only), +RSA_X931_PADDING for X9.31 padding (signature operations only) and +RSA_PKCS1_PSS_PADDING (sign and verify only). + +Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with RSA and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for RSA the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte. + +The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to +B<len> as its name implies it is only supported for PSS padding. Two special +values are supported: -1 sets the salt length to the digest length. When +signing -2 sets the salt length to the maximum permissible value. When +verifying -2 causes the salt length to be automatically determined based on the +B<PSS> block structure. If this macro is not called a salt length value of -2 +is used by default. + +The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for +RSA key genration to B<bits>. If not specified 1024 bits is used. + +The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value +for RSA key generation to B<pubexp> currently it should be an odd integer. The +B<pubexp> pointer is used internally by this function so it should not be +modified or free after the call. If this macro is not called then 65537 is used. + +The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used +for DSA parameter generation to B<bits>. If not specified 1024 is used. + +The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH +prime parameter B<p> for DH parameter generation. If this macro is not called +then 1024 is used. + +The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen> +for DH parameter generation. If not specified 2 is used. + +The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter +generation to B<nid>. For EC parameter generation this macro must be called +or an error occurs because there is no default curve. + +=head1 RETURN VALUES + +EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> +L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_new.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_new.pod new file mode 100644 index 00000000000..a9af8675801 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_new.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions. + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); + EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); + EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); + void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +=head1 DESCRIPTION + +The EVP_PKEY_CTX_new() function allocates public key algorithm context using +the algorithm specified in B<pkey> and ENGINE B<e>. + +The EVP_PKEY_CTX_new_id() function allocates public key algorithm context +using the algorithm specified by B<id> and ENGINE B<e>. It is normally used +when no B<EVP_PKEY> structure is associated with the operations, for example +during parameter generation of key genration for some algorithms. + +EVP_PKEY_CTX_dup() duplicates the context B<ctx>. + +EVP_PKEY_CTX_free() frees up the context B<ctx>. + +=head1 NOTES + +The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used +by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads. + +=head1 RETURN VALUES + +EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either +the newly allocated B<EVP_PKEY_CTX> structure of B<NULL> if an error occurred. + +EVP_PKEY_CTX_free() does not return a value. + +=head1 SEE ALSO + +L<EVP_PKEY_new(3)|EVP_PKEY_new(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_cmp.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_cmp.pod new file mode 100644 index 00000000000..4f8185e36cd --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_cmp.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); + int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); + + int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +=head1 DESCRIPTION + +The function EVP_PKEY_missing_parameters() returns 1 if the public key +parameters of B<pkey> are missing and 0 if they are present or the algorithm +doesn't use parameters. + +The function EVP_PKEY_copy_parameters() copies the parameters from key +B<from> to key B<to>. + +The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys +B<a> and B<b>. + +The funcion EVP_PKEY_cmp() compares the public key components and paramters +(if present) of keys B<a> and B<b>. + +=head1 NOTES + +The main purpose of the functions EVP_PKEY_missing_parameters() and +EVP_PKEY_copy_parameters() is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the CA that signed it. + +Since OpenSSL private keys contain public key components too the function +EVP_PKEY_cmp() can also be used to determine if a private key matches +a public key. + +=head1 RETURN VALUES + +The function EVP_PKEY_missing_parameters() returns 1 if the public key +parameters of B<pkey> are missing and 0 if they are present or the algorithm +doesn't use parameters. + +These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for +failure. + +The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the +keys match, 0 if they don't match, -1 if the key types are different and +-2 if the operation is not supported. + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod new file mode 100644 index 00000000000..42b2a8c44ed --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod @@ -0,0 +1,93 @@ +=pod + +=head1 NAME + +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +=head1 DESCRIPTION + +The EVP_PKEY_decrypt_init() function initializes a public key algorithm +context using key B<pkey> for a decryption operation. + +The EVP_PKEY_decrypt() function performs a public key decryption operation +using B<ctx>. The data to be decrypted is specified using the B<in> and +B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output +buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then +before the call the B<outlen> parameter should contain the length of the +B<out> buffer, if the call is successful the decrypted data is written to +B<out> and the amount of data written to B<outlen>. + +=head1 NOTES + +After the call to EVP_PKEY_decrypt_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_decrypt() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Decrypt data using OAEP (for RSA keys): + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *out, *in; + size_t outlen, inlen; + EVP_PKEY *key; + /* NB: assumes key in, inlen are already set up + * and that key is an RSA private key + */ + ctx = EVP_PKEY_CTX_new(key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_decrypt_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) + /* Error */ + + out = OPENSSL_malloc(outlen); + + if (!out) + /* malloc failure */ + + if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) + /* Error */ + + /* Decrypted data is outlen bytes written to buffer out */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod new file mode 100644 index 00000000000..d9d6d76c721 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod @@ -0,0 +1,93 @@ +=pod + +=head1 NAME + +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret. + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); + int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +=head1 DESCRIPTION + +The EVP_PKEY_derive_init() function initializes a public key algorithm +context using key B<pkey> for shared secret derivation. + +The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally +be a public key. + +The EVP_PKEY_derive() derives a shared secret using B<ctx>. +If B<key> is B<NULL> then the maximum size of the output buffer is written to +the B<keylen> parameter. If B<key> is not B<NULL> then before the call the +B<keylen> parameter should contain the length of the B<key> buffer, if the call +is successful the shared secret is written to B<key> and the amount of data +written to B<keylen>. + +=head1 NOTES + +After the call to EVP_PKEY_derive_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_derive() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Derive shared secret (for example DH or EC keys): + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *skey; + size_t skeylen; + EVP_PKEY *pkey, *peerkey; + /* NB: assumes pkey, peerkey have been already set up */ + + ctx = EVP_PKEY_CTX_new(pkey); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_derive_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) + /* Error */ + + skey = OPENSSL_malloc(skeylen); + + if (!skey) + /* malloc failure */ + + if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) + /* Error */ + + /* Shared secret is skey bytes written to buffer skey */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod new file mode 100644 index 00000000000..91c9c5d0a5d --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod @@ -0,0 +1,93 @@ +=pod + +=head1 NAME + +EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +=head1 DESCRIPTION + +The EVP_PKEY_encrypt_init() function initializes a public key algorithm +context using key B<pkey> for an encryption operation. + +The EVP_PKEY_encrypt() function performs a public key encryption operation +using B<ctx>. The data to be encrypted is specified using the B<in> and +B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output +buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then +before the call the B<outlen> parameter should contain the length of the +B<out> buffer, if the call is successful the encrypted data is written to +B<out> and the amount of data written to B<outlen>. + +=head1 NOTES + +After the call to EVP_PKEY_encrypt_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_encrypt() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Encrypt data using OAEP (for RSA keys): + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *out, *in; + size_t outlen, inlen; + EVP_PKEY *key; + /* NB: assumes key in, inlen are already set up + * and that key is an RSA public key + */ + ctx = EVP_PKEY_CTX_new(key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_encrypt_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) + /* Error */ + + out = OPENSSL_malloc(outlen); + + if (!out) + /* malloc failure */ + + if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) + /* Error */ + + /* Encrypted data is outlen bytes written to buffer out */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod new file mode 100644 index 00000000000..1a9c7954c55 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +EVP_PKEY_get_default_digest_nid - get default signature digest + +=head1 SYNOPSIS + + #include <openssl/evp.h> + int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +=head1 DESCRIPTION + +The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default +message digest NID for the public key signature operations associated with key +B<pkey>. + +=head1 NOTES + +For all current standard OpenSSL public key algorithms SHA1 is returned. + +=head1 RETURN VALUES + +The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest +is advisory (that is other digests can be used) and 2 if it is mandatory (other +digests can not be used). It returns 0 or a negative value for failure. In +particular a return value of -2 indicates the operation is not supported by the +public key algorithm. + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, + +=head1 HISTORY + +This function was first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod new file mode 100644 index 00000000000..37c6fe95030 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod @@ -0,0 +1,161 @@ +=pod + +=head1 NAME + +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + + typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + + void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); + EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + + int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + + void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); + void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +=head1 DESCRIPTION + +The EVP_PKEY_keygen_init() function initializes a public key algorithm +context using key B<pkey> for a key genration operation. + +The EVP_PKEY_keygen() function performs a key generation operation, the +generated key is written to B<ppkey>. + +The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar +except parameters are generated. + +The function EVP_PKEY_set_cb() sets the key or parameter generation callback +to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter +generation callback. + +The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated +with the generation operation. If B<idx> is -1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for +B<idx> should only be called within the generation callback. + +If the callback returns 0 then the key genration operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a "cancel" button. + +The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a "progress dialog". + +=head1 NOTES + +After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. + +The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than +once on the same context if several operations are performed using the same +parameters. + +The meaning of the parameters passed to the callback will depend on the +algorithm and the specifiic implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback. + +The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. EC with a supplied named curve) the "generation" +option merely sets the appropriate fields in an EVP_PKEY structure. + +In OpenSSL an EVP_PKEY structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a "key pair". A private key can be used +in functions which require the use of a public key or parameters. + +=head1 RETURN VALUES + +EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and +EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. + +=head1 EXAMPLES + +Generate a 2048 bit RSA key: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + EVP_PKEY *pkey = NULL; + ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_keygen_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) + /* Error */ + + /* Generate key */ + if (EVP_PKEY_keygen(ctx, &pkey) <= 0) + /* Error */ + +Generate a key from a set of parameters: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + EVP_PKEY *pkey = NULL, *param; + /* Assumed param is set up already */ + ctx = EVP_PKEY_CTX_new(param); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_keygen_init(ctx) <= 0) + /* Error */ + + /* Generate key */ + if (EVP_PKEY_keygen(ctx, &pkey) <= 0) + /* Error */ + +Example of generation callback for OpenSSL public key implementations: + + /* Application data is a BIO to output status to */ + + EVP_PKEY_CTX_set_app_data(ctx, status_bio); + + static int genpkey_cb(EVP_PKEY_CTX *ctx) + { + char c='*'; + BIO *b = EVP_PKEY_CTX_get_app_data(ctx); + int p; + p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write(b,&c,1); + (void)BIO_flush(b); + return 1; + } + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_print_private.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_print_private.pod new file mode 100644 index 00000000000..ce9d70d7a7a --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_print_private.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines. + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +=head1 DESCRIPTION + +The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and +EVP_PKEY_print_params() print out the public, private or parameter components +of key B<pkey> respectively. The key is sent to BIO B<out> in human readable +form. The parameter B<indent> indicated how far the printout should be indented. + +The B<pctx> parameter allows the print output to be finely tuned by using +ASN1 printing options. If B<pctx> is set to NULL then default values will +be used. + +=head1 NOTES + +Currently no public key algorithms include any options in the B<pctx> parameter +parameter. + +If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to EVP_PKEY_print_private() will only print the public components. + +=head1 RETURN VALUES + +These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod new file mode 100644 index 00000000000..2fb52c34863 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod @@ -0,0 +1,96 @@ +=pod + +=head1 NAME + +EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + +=head1 DESCRIPTION + +The EVP_PKEY_sign_init() function initializes a public key algorithm +context using key B<pkey> for a signing operation. + +The EVP_PKEY_sign() function performs a public key signing operation +using B<ctx>. The data to be signed is specified using the B<tbs> and +B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output +buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then +before the call the B<siglen> parameter should contain the length of the +B<sig> buffer, if the call is successful the signature is written to +B<sig> and the amount of data written to B<siglen>. + +=head1 NOTES + +After the call to EVP_PKEY_sign_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_sign() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Sign data using RSA with PKCS#1 padding and SHA256 digest: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *md, *sig; + size_t mdlen, siglen; + EVP_PKEY *signing_key; + /* NB: assumes signing_key, md and mdlen are already set up + * and that signing_key is an RSA private key + */ + ctx = EVP_PKEY_CTX_new(signing_key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_sign_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) + /* Error */ + + sig = OPENSSL_malloc(siglen); + + if (!sig) + /* malloc failure */ + + if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) + /* Error */ + + /* Signature is siglen bytes written to buffer sig */ + + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod new file mode 100644 index 00000000000..10633da3f23 --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod @@ -0,0 +1,91 @@ +=pod + +=head1 NAME + +EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + +=head1 DESCRIPTION + +The EVP_PKEY_verify_init() function initializes a public key algorithm +context using key B<pkey> for a signature verification operation. + +The EVP_PKEY_verify() function performs a public key verification operation +using B<ctx>. The signature is specified using the B<sig> and +B<siglen> parameters. The verified data (i.e. the data believed originally +signed) is specified using the B<tbs> and B<tbslen> parameters. + +=head1 NOTES + +After the call to EVP_PKEY_verify_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_verify() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +EVP_PKEY_verify() only indicates that the signature did not not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. + +A negative value indicates an error other that signature verification failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. + +=head1 EXAMPLE + +Verify signature using PKCS#1 and SHA256 digest: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *md, *sig; + size_t mdlen, siglen; + EVP_PKEY *verify_key; + /* NB: assumes verify_key, sig, siglen md and mdlen are already set up + * and that verify_key is an RSA public key + */ + ctx = EVP_PKEY_CTX_new(verify_key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_verify_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + + /* Perform operation */ + ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen); + + /* ret == 1 indicates success, 0 verify failure and < 0 for some + * other error. + */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod new file mode 100644 index 00000000000..e2a2a8c6f8d --- /dev/null +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod @@ -0,0 +1,103 @@ +=pod + +=head1 NAME + +EVP_PKEY_verifyrecover_init, EVP_PKEY_verifyrecover - recover signature using a public key algorithm + +=head1 SYNOPSIS + + #include <openssl/evp.h> + + int EVP_PKEY_verifyrecover_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_verifyrecover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + +=head1 DESCRIPTION + +The EVP_PKEY_verifyrecover_init() function initializes a public key algorithm +context using key B<pkey> for a verify recover operation. + +The EVP_PKEY_verifyrecover() function recovers signed data +using B<ctx>. The signature is specified using the B<sig> and +B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output +buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then +before the call the B<routlen> parameter should contain the length of the +B<rout> buffer, if the call is successful recovered data is written to +B<rout> and the amount of data written to B<routlen>. + +=head1 NOTES + +Normally an application is only interested in whether a signature verification +operation is successful in those cases the EVP_verify() function should be +used. + +Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example RSA in PKCS padding mode). + +After the call to EVP_PKEY_verifyrecover_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. + +The function EVP_PKEY_verifyrecover() can be called more than once on the same +context if several operations are performed using the same parameters. + +=head1 RETURN VALUES + +EVP_PKEY_verifyrecover_init() and EVP_PKEY_verifyrecover() return 1 for success +and 0 or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 EXAMPLE + +Recover digest originally signed using PKCS#1 and SHA256 digest: + + #include <openssl/evp.h> + #include <openssl/rsa.h> + + EVP_PKEY_CTX *ctx; + unsigned char *rout, *sig; + size_t routlen, siglen; + EVP_PKEY *verify_key; + /* NB: assumes verify_key, sig and siglen are already set up + * and that verify_key is an RSA public key + */ + ctx = EVP_PKEY_CTX_new(verify_key); + if (!ctx) + /* Error occurred */ + if (EVP_PKEY_verifyrecover_init(ctx) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + + /* Determine buffer length */ + if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0) + /* Error */ + + rout = OPENSSL_malloc(routlen); + + if (!rout) + /* malloc failure */ + + if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0) + /* Error */ + + /* Recovered data is routlen bytes written to buffer rout */ + +=head1 SEE ALSO + +L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod b/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod index 7dcc07923ff..1e45dd40f6b 100644 --- a/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod +++ b/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod @@ -8,6 +8,8 @@ functions =head1 SYNOPSIS + #include <openssl/objects.h> + ASN1_OBJECT * OBJ_nid2obj(int n); const char * OBJ_nid2ln(int n); const char * OBJ_nid2sn(int n); diff --git a/lib/libssl/src/doc/crypto/PEM_write_bio_CMS_stream.pod b/lib/libssl/src/doc/crypto/PEM_write_bio_CMS_stream.pod new file mode 100644 index 00000000000..e070c45c2e9 --- /dev/null +++ b/lib/libssl/src/doc/crypto/PEM_write_bio_CMS_stream.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + + PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + #include <openssl/pem.h> + + int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); + +=head1 DESCRIPTION + +PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format. + +It is otherwise identical to the function SMIME_write_CMS(). + +=head1 NOTES + +This function is effectively a version of the PEM_write_bio_CMS() supporting +streaming. + +=head1 RETURN VALUES + +PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<CMS_decrypt(3)|CMS_decrypt(3)>, +L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>, +L<i2d_CMS_bio_stream(3)|i2d_CMS_bio_stream(3)> + +=head1 HISTORY + +PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libssl/src/doc/crypto/PEM_write_bio_PKCS7_stream.pod b/lib/libssl/src/doc/crypto/PEM_write_bio_PKCS7_stream.pod new file mode 100644 index 00000000000..16fc9b68458 --- /dev/null +++ b/lib/libssl/src/doc/crypto/PEM_write_bio_PKCS7_stream.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format. + +=head1 SYNOPSIS + + #include <openssl/pkcs7.h> + #include <openssl/pem.h> + + int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); + +=head1 DESCRIPTION + +PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format. + +It is otherwise identical to the function SMIME_write_PKCS7(). + +=head1 NOTES + +This function is effectively a version of the PEM_write_bio_PKCS7() supporting +streaming. + +=head1 RETURN VALUES + +PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, +L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> +L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>, +L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>, +L<i2d_PKCS7_bio_stream(3)|i2d_PKCS7_bio_stream(3)> + +=head1 HISTORY + +PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libssl/src/doc/crypto/PKCS12_parse.pod b/lib/libssl/src/doc/crypto/PKCS12_parse.pod index 51344f883a9..c54cf2ad613 100644 --- a/lib/libssl/src/doc/crypto/PKCS12_parse.pod +++ b/lib/libssl/src/doc/crypto/PKCS12_parse.pod @@ -20,24 +20,31 @@ certificate to B<*cert> and any additional certificates to B<*ca>. =head1 NOTES -The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> -in which case additional certificates will be discarded. B<*ca> can also -be a valid STACK in which case additional certificates are appended to -B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated. +The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> in +which case additional certificates will be discarded. B<*ca> can also be a +valid STACK in which case additional certificates are appended to B<*ca>. If +B<*ca> is B<NULL> a new STACK will be allocated. -The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate -will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure. +The B<friendlyName> and B<localKeyID> attributes (if present) on each +certificate will be stored in the B<alias> and B<keyid> attributes of the +B<X509> structure. + +=head1 RETURN VALUES + +PKCS12_parse() returns 1 for success and zero if an error occurred. + +The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)> =head1 BUGS -Only a single private key and corresponding certificate is returned by this function. -More complex PKCS#12 files with multiple private keys will only return the first -match. +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. -Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates. -Other attributes are discarded. +Only B<friendlyName> and B<localKeyID> attributes are currently stored in +certificates. Other attributes are discarded. -Attributes currently cannot be store in the private key B<EVP_PKEY> structure. +Attributes currently cannot be stored in the private key B<EVP_PKEY> structure. =head1 SEE ALSO diff --git a/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod b/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod index b0ca067b892..325699d0b6d 100644 --- a/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod +++ b/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod @@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure =head1 SYNOPSIS -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); + #include <openssl/pkcs7.h> + + int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod b/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod index 1a507b22a29..2cd925a7e0b 100644 --- a/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod +++ b/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod @@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure =head1 SYNOPSIS -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); + #include <openssl/pkcs7.h> + + PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); =head1 DESCRIPTION @@ -16,43 +18,55 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags. =head1 NOTES -Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not have to -be signed using the RSA algorithm. +Only RSA keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain RSA public keys, though +they do not have to be signed using the RSA algorithm. -EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because -most clients will support it. +EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use +because most clients will support it. -Some old "export grade" clients may only support weak encryption using 40 or 64 bit -RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively. +Some old "export grade" clients may only support weak encryption using 40 or 64 +bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() +respectively. -The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its -parameters. +The algorithm passed in the B<cipher> parameter must support ASN1 encoding of +its parameters. -Many browsers implement a "sign and encrypt" option which is simply an S/MIME +Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory BIO and passing it to PKCS7_encrypt(). The following flags can be passed in the B<flags> parameter. -If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended -to the data. +If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are +prepended to the data. -Normally the supplied content is translated into MIME canonical format (as required -by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This -option should be used if the supplied data is in binary format otherwise the translation -will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored. +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If B<PKCS7_BINARY> is set then +B<PKCS7_TEXT> is ignored. -=head1 RETURN VALUES +If the B<PKCS7_STREAM> flag is set a partial B<PKCS7> structure is output +suitable for streaming I/O: no data is read from the BIO B<in>. -PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred. -The error can be obtained from ERR_get_error(3). +=head1 NOTES -=head1 BUGS +If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not> +complete and outputting its contents via a function that does not +properly finalize the B<PKCS7> structure will give unpredictable +results. -The lack of single pass processing and need to hold all data in memory as -mentioned in PKCS7_sign() also applies to PKCS7_verify(). +Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), +PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 B<BIO> directly using +BIO_new_PKCS7(). + +=head1 RETURN VALUES + +PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred. +The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -61,5 +75,6 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)> =head1 HISTORY PKCS7_decrypt() was added to OpenSSL 0.9.5 +The B<PKCS7_STREAM> flag was first supported in OpenSSL 1.0.0. =cut diff --git a/lib/libssl/src/doc/crypto/PKCS7_sign.pod b/lib/libssl/src/doc/crypto/PKCS7_sign.pod index ffd0c734b09..64a35144f8c 100644 --- a/lib/libssl/src/doc/crypto/PKCS7_sign.pod +++ b/lib/libssl/src/doc/crypto/PKCS7_sign.pod @@ -6,14 +6,16 @@ PKCS7_sign - create a PKCS#7 signedData structure =head1 SYNOPSIS -PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); + #include <openssl/pkcs7.h> + + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); =head1 DESCRIPTION -PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> -is the certificate to sign with, B<pkey> is the corresponsding private key. -B<certs> is an optional additional set of certificates to include in the -PKCS#7 structure (for example any intermediate CAs in the chain). +PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is +the certificate to sign with, B<pkey> is the corresponsding private key. +B<certs> is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). The data to be signed is read from BIO B<data>. @@ -21,72 +23,83 @@ B<flags> is an optional set of flags. =head1 NOTES -Any of the following flags (ored together) can be passed in the B<flags> parameter. +Any of the following flags (ored together) can be passed in the B<flags> +parameter. Many S/MIME clients expect the signed content to include valid MIME headers. If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended to the data. If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the -PKCS7 structure, the signer's certificate must still be supplied in the B<signcert> -parameter though. This can reduce the size of the signature if the signers certificate -can be obtained by other means: for example a previously signed message. - -The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> -is set in which case it is omitted. This is used for PKCS7 detached signatures -which are used in S/MIME plaintext signed messages for example. +PKCS7 structure, the signer's certificate must still be supplied in the +B<signcert> parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. + +The data being signed is included in the PKCS7 structure, unless +B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7 +detached signatures which are used in S/MIME plaintext signed messages for +example. + +Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. + +The signedData structure includes several PKCS#7 autenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no +authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just +the SMIMECapabilities are omitted. -Normally the supplied content is translated into MIME canonical format (as required -by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This -option should be used if the supplied data is in binary format otherwise the translation -will corrupt it. +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of +these algorithms is disabled then it will not be included. -The signedData structure includes several PKCS#7 autenticatedAttributes including -the signing time, the PKCS#7 content type and the supported list of ciphers in -an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes -will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are -omitted. +If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is +just initialized ready to perform the signing operation. The signing is however +B<not> performed and the data to be signed is not read from the B<data> +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass. -If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any -of these algorithms is disabled then it will not be included. +If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to +which additional signers and capabilities can be added before finalization. -If the flags B<PKCS7_PARTSIGN> is set then the returned B<PKCS7> structure -is just initialized ready to perform the signing operation. The signing -is however B<not> performed and the data to be signed is not read from -the B<data> parameter. Signing is deferred until after the data has been -written. In this way data can be signed in a single pass. Currently the -flag B<PKCS7_DETACHED> B<must> also be set. =head1 NOTES -Currently the flag B<PKCS7_PARTSIGN> is only supported for detached -data. If this flag is set the returned B<PKCS7> structure is B<not> -complete and outputting its contents via a function that does not -properly finalize the B<PKCS7> structure will give unpredictable -results. +If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not> +complete and outputting its contents via a function that does not properly +finalize the B<PKCS7> structure will give unpredictable results. -At present only the SMIME_write_PKCS7() function properly finalizes the -structure. +Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), +PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 B<BIO> directly using +BIO_new_PKCS7(). -=head1 BUGS +If a signer is specified it will use the default digest for the signing +algorithm. This is B<SHA1> for both RSA and DSA keys. + +In OpenSSL 1.0.0 the B<certs>, B<signcert> and B<pkey> parameters can all be +B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added +using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method. -PKCS7_sign() is somewhat limited. It does not support multiple signers, some -advanced attributes such as counter signatures are not supported. +In OpenSSL 1.0.0 if B<signcert> and B<pkey> are NULL then a certificates only +PKCS#7 structure is output. -The SHA1 digest algorithm is currently always used. +In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must +B<NOT> be NULL. -When the signed data is not detached it will be stored in memory within the -B<PKCS7> structure. This effectively limits the size of messages which can be -signed due to memory restraints. There should be a way to sign data without -having to hold it all in memory, this would however require fairly major -revisions of the OpenSSL ASN1 code. +=head1 BUGS +Some advanced attributes such as counter signatures are not supported. =head1 RETURN VALUES -PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred. -The error can be obtained from ERR_get_error(3). +PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -96,6 +109,8 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)> PKCS7_sign() was added to OpenSSL 0.9.5 -The B<PKCS7_PARTSIGN> flag was added in OpenSSL 0.9.8 +The B<PKCS7_PARTIAL> flag was added in OpenSSL 1.0.0 + +The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0 =cut diff --git a/lib/libssl/src/doc/crypto/PKCS7_sign_add_signer.pod b/lib/libssl/src/doc/crypto/PKCS7_sign_add_signer.pod new file mode 100644 index 00000000000..ebec4d57dea --- /dev/null +++ b/lib/libssl/src/doc/crypto/PKCS7_sign_add_signer.pod @@ -0,0 +1,87 @@ +=pod + +=head1 NAME + +PKCS7_sign_add_signer - add a signer PKCS7 signed data structure. + +=head1 SYNOPSIS + + #include <openssl/pkcs7.h> + + PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags); + + +=head1 DESCRIPTION + +PKCS7_sign_add_signer() adds a signer with certificate B<signcert> and private +key B<pkey> using message digest B<md> to a PKCS7 signed data structure +B<p7>. + +The PKCS7 structure should be obtained from an initial call to PKCS7_sign() +with the flag B<PKCS7_PARTIAL> set or in the case or re-signing a valid PKCS7 +signed data structure. + +If the B<md> parameter is B<NULL> then the default digest for the public +key algorithm will be used. + +Unless the B<PKCS7_REUSE_DIGEST> flag is set the returned PKCS7 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to PKCS7_final(). + + +=head1 NOTES + +The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler PKCS7_sign() function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed. + +Any of the following flags (ored together) can be passed in the B<flags> +parameter. + +If B<PKCS7_REUSE_DIGEST> is set then an attempt is made to copy the content +digest value from the PKCS7 struture: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned PKCS7 structure will be valid and finalized when this flag is set. + +If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the +B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes +can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is +needed to finalize it. + +If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the +PKCS7 structure, the signer's certificate must still be supplied in the +B<signcert> parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. + +The signedData structure includes several PKCS#7 autenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no +authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just +the SMIMECapabilities are omitted. + +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of +these algorithms is disabled then it will not be included. + + +PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +structure just added, this can be used to set additional attributes +before it is finalized. + +=head1 RETURN VALUES + +PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +structure just added or NULL if an error occurs. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, +L<PKCS7_final(3)|PKCS7_final(3)>, + +=head1 HISTORY + +PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libssl/src/doc/crypto/PKCS7_verify.pod b/lib/libssl/src/doc/crypto/PKCS7_verify.pod index 3490b5dc825..7c10a4cc3c0 100644 --- a/lib/libssl/src/doc/crypto/PKCS7_verify.pod +++ b/lib/libssl/src/doc/crypto/PKCS7_verify.pod @@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedData structure =head1 SYNOPSIS -int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); + #include <openssl/pkcs7.h> -STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); + + STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/SMIME_read_CMS.pod b/lib/libssl/src/doc/crypto/SMIME_read_CMS.pod new file mode 100644 index 00000000000..acc5524c140 --- /dev/null +++ b/lib/libssl/src/doc/crypto/SMIME_read_CMS.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + + SMIME_read_CMS - parse S/MIME message. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); + +=head1 DESCRIPTION + +SMIME_read_CMS() parses a message in S/MIME format. + +B<in> is a BIO to read the message from. + +If cleartext signing is used then the content is saved in a memory bio which is +written to B<*bcont>, otherwise B<*bcont> is set to NULL. + +The parsed CMS_ContentInfo structure is returned or NULL if an +error occurred. + +=head1 NOTES + +If B<*bcont> is not NULL then the message is clear text signed. B<*bcont> can +then be passed to CMS_verify() with the B<CMS_DETACHED> flag set. + +Otherwise the type of the returned structure can be determined +using CMS_get0_type(). + +To support future functionality if B<bcont> is not NULL B<*bcont> should be +initialized to NULL. For example: + + BIO *cont = NULL; + CMS_ContentInfo *cms; + + cms = SMIME_read_CMS(in, &cont); + +=head1 BUGS + +The MIME parser used by SMIME_read_CMS() is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. + +The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format. + +The use of a memory BIO to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. + +=head1 RETURN VALUES + +SMIME_read_CMS() returns a valid B<CMS_ContentInfo> structure or B<NULL> +if an error occurred. The error can be obtained from ERR_get_error(3). + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_type(3)|CMS_type(3)> +L<SMIME_read_CMS(3)|SMIME_read_CMS(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<CMS_decrypt(3)|CMS_decrypt(3)> + +=head1 HISTORY + +SMIME_read_CMS() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod b/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod index ffafa378877..9d467159418 100644 --- a/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod +++ b/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod @@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message. =head1 SYNOPSIS -PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); + #include <openssl/pkcs7.h> + + PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/SMIME_write_CMS.pod b/lib/libssl/src/doc/crypto/SMIME_write_CMS.pod new file mode 100644 index 00000000000..04bedfb4297 --- /dev/null +++ b/lib/libssl/src/doc/crypto/SMIME_write_CMS.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + + SMIME_write_CMS - convert CMS structure to S/MIME format. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); + +=head1 DESCRIPTION + +SMIME_write_CMS() adds the appropriate MIME headers to a CMS +structure to produce an S/MIME message. + +B<out> is the BIO to write the data to. B<cms> is the appropriate +B<CMS_ContentInfo> structure. If streaming is enabled then the content must be +supplied in the B<data> argument. B<flags> is an optional set of flags. + +=head1 NOTES + +The following flags can be passed in the B<flags> parameter. + +If B<CMS_DETACHED> is set then cleartext signing will be used, this option only +makes sense for SignedData where B<CMS_DETACHED> is also set when CMS_sign() is +called. + +If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are added to +the content, this only makes sense if B<CMS_DETACHED> is also set. + +If the B<CMS_STREAM> flag is set streaming is performed. This flag should only +be set if B<CMS_STREAM> was also set in the previous call to a CMS_ContentInfo +creation function. + +If cleartext signing is being used and B<CMS_STREAM> not set then the data must +be read twice: once to compute the signature in CMS_sign() and once to output +the S/MIME message. + +If streaming is performed the content is output in BER format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and DER format is used. + +=head1 BUGS + +SMIME_write_CMS() always base64 encodes CMS structures, there should be an +option to disable this. + +=head1 RETURN VALUES + +SMIME_write_CMS() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<CMS_decrypt(3)|CMS_decrypt(3)> + +=head1 HISTORY + +SMIME_write_CMS() was added to OpenSSL 0.9.8 + +=cut diff --git a/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod b/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod index 61945b38872..ca6bd027635 100644 --- a/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod +++ b/lib/libssl/src/doc/crypto/SMIME_write_PKCS7.pod @@ -6,17 +6,18 @@ SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format. =head1 SYNOPSIS -int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); + #include <openssl/pkcs7.h> + + int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); =head1 DESCRIPTION SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7 structure to produce an S/MIME message. -B<out> is the BIO to write the data to. B<p7> is the appropriate -B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is -being used then the signed data must be supplied in the B<data> -argument. B<flags> is an optional set of flags. +B<out> is the BIO to write the data to. B<p7> is the appropriate B<PKCS7> +structure. If streaming is enabled then the content must be supplied in the +B<data> argument. B<flags> is an optional set of flags. =head1 NOTES @@ -30,15 +31,18 @@ If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are added to the content, this only makes sense if B<PKCS7_DETACHED> is also set. -If the B<PKCS7_PARTSIGN> flag is set the signed data is finalized -and output along with the content. This flag should only be set -if B<PKCS7_DETACHED> is also set and the previous call to PKCS7_sign() -also set these flags. +If the B<PKCS7_STREAM> flag is set streaming is performed. This flag should +only be set if B<PKCS7_STREAM> was also set in the previous call to +PKCS7_sign() or B<PKCS7_encrypt()>. -If cleartext signing is being used and B<PKCS7_PARTSIGN> not set then +If cleartext signing is being used and B<PKCS7_STREAM> not set then the data must be read twice: once to compute the signature in PKCS7_sign() and once to output the S/MIME message. +If streaming is performed the content is output in BER format using indefinite +length constructuted encoding except in the case of signed data with detached +content where the content is absent and DER format is used. + =head1 BUGS SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there diff --git a/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod b/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod index 11b35f6fd35..41902c0d455 100644 --- a/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod +++ b/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod @@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions =head1 SYNOPSIS -ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + #include <openssl/x509.h> -int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); + ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); + ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); + int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); + int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod b/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod index e2ab4b0d2bb..1afd008cb37 100644 --- a/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod +++ b/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod @@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions =head1 SYNOPSIS -int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); + #include <openssl/x509.h> -int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); -int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); -int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); -X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); + int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); + + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod b/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod index 333323d734e..3b1f9ff43b6 100644 --- a/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functions =head1 SYNOPSIS -int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); -int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); + #include <openssl/x509.h> -int X509_NAME_entry_count(X509_NAME *name); -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); + int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); -int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); + int X509_NAME_entry_count(X509_NAME *name); + X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); + int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod b/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod new file mode 100644 index 00000000000..a883f6c0978 --- /dev/null +++ b/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod @@ -0,0 +1,303 @@ +=pod + +=head1 NAME + +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information + +=head1 SYNOPSIS + + #include <openssl/x509.h> + #include <openssl/x509_vfy.h> + + int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); + + const char *X509_verify_cert_error_string(long n); + +=head1 DESCRIPTION + +These functions are typically called after X509_verify_cert() has indicated +an error or in a verification callback to determine the nature of an error. + +X509_STORE_CTX_get_error() returns the error code of B<ctx>, see +the B<ERROR CODES> section for a full description of all error codes. + +X509_STORE_CTX_set_error() sets the error code of B<ctx> to B<s>. For example +it might be used in a verification callback to set an error based on additional +checks. + +X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occured in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on. + +X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which +caused the error or B<NULL> if no certificate is relevant. + +X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous +call to X509_verify_cert() is successful. If the call to X509_verify_cert() +is B<not> successful the returned chain may be incomplete or invalid. The +returned chain persists after the B<ctx> structure is freed, when it is +no longer needed it should be free up using: + + sk_X509_pop_free(chain, X509_free); + +X509_verify_cert_error_string() returns a human readable error string for +verification error B<n>. + +=head1 RETURN VALUES + +X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code. + +X509_STORE_CTX_get_error_depth() returns a non-negative error depth. + +X509_STORE_CTX_get_current_cert() returns the cerificate which caused the +error or B<NULL> if no certificate is relevant to the error. + +X509_verify_cert_error_string() returns a human readable error string for +verification error B<n>. + +=head1 ERROR CODES + +A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +"unused". + +=over 4 + +=item B<X509_V_OK: ok> + +the operation was successful. + +=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate> + +the issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. + +=item B<X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL> + +the CRL of a certificate could not be found. + +=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature> + +the certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for RSA keys. + +=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature> + +the CRL signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused. + +=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key> + +the public key in the certificate SubjectPublicKeyInfo could not be read. + +=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure> + +the signature of the certificate is invalid. + +=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure> + +the signature of the certificate is invalid. + +=item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid> + +the certificate is not yet valid: the notBefore date is after the current time. + +=item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired> + +the certificate has expired: that is the notAfter date is before the current time. + +=item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> + +the CRL is not yet valid. + +=item B<X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired> + +the CRL has expired. + +=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field> + +the certificate notBefore field contains an invalid time. + +=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field> + +the certificate notAfter field contains an invalid time. + +=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field> + +the CRL lastUpdate field contains an invalid time. + +=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field> + +the CRL nextUpdate field contains an invalid time. + +=item B<X509_V_ERR_OUT_OF_MEM: out of memory> + +an error occurred trying to allocate memory. This should never happen. + +=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate> + +the passed certificate is self signed and the same certificate cannot be found +in the list of trusted certificates. + +=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain> + +the certificate chain could be built up using the untrusted certificates but +the root could not be found locally. + +=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate> + +the issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. + +=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate> + +no signatures could be verified because the chain contains only one certificate +and it is not self signed. + +=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long> + +the certificate chain length is greater than the supplied maximum depth. Unused. + +=item B<X509_V_ERR_CERT_REVOKED: certificate revoked> + +the certificate has been revoked. + +=item B<X509_V_ERR_INVALID_CA: invalid CA certificate> + +a CA certificate is invalid. Either it is not a CA or its extensions are not +consistent with the supplied purpose. + +=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded> + +the basicConstraints pathlength parameter has been exceeded. + +=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose> + +the supplied certificate cannot be used for the specified purpose. + +=item B<X509_V_ERR_CERT_UNTRUSTED: certificate not trusted> + +the root CA is not marked as trusted for the specified purpose. + +=item B<X509_V_ERR_CERT_REJECTED: certificate rejected> + +the root CA is marked to reject the specified purpose. + +=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch> + +the current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. This is only set +if issuer check debugging is enabled it is used for status notification and +is B<not> in itself an error. + +=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch> + +the current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. This is only set if issuer check debugging is enabled it is used +for status notification and is B<not> in itself an error. + +=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch> + +the current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. This is only set if issuer check debugging is enabled +it is used for status notification and is B<not> in itself an error. + +=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing> + +the current candidate issuer certificate was rejected because its keyUsage +extension does not permit certificate signing. This is only set if issuer check +debugging is enabled it is used for status notification and is B<not> in itself +an error. + +=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension> + +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. + + +=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension> + +A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled. + +=item B<X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy> + +The verification flags were set to require and explicit policy but none was +present. + +=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope> + +The only CRLs that could be found did not match the scope of the certificate. + +=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature> + +Some feature of a certificate extension is not supported. Unused. + +=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation> + +A name constraint violation occured in the permitted subtrees. + +=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation> + +A name constraint violation occured in the excluded subtrees. + +=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported> + +A certificate name constraints extension included a minimum or maximum field: +this is not supported. + +=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type> + +An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, DNS name, email and URI types. + +=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax> + +The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in RFC3280. This could be caused by +a garbage extension or some new feature not currently supported. + +=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error> + +An error occured when attempting to verify the CRL path. This error can only +happen if extended CRL checking is enabled. + +=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure> + +an application specific error. This will never be returned unless explicitly +set by an application. + +=head1 NOTES + +The above functions should be used instead of directly referencing the fields +in the B<X509_VERIFY_CTX> structure. + +In versions of OpenSSL before 1.0 the current certificate returned by +X509_STORE_CTX_get_current_cert() was never B<NULL>. Applications should +check the return value before printing out any debugging information relating +to the current certificate. + +If an unrecognised error code is passed to X509_verify_cert_error_string() the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed. + +=head1 SEE ALSO + +L<X509_verify_cert(3)|X509_verify_cert(3)> + +=head1 HISTORY + +TBA + +=cut diff --git a/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod b/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod new file mode 100644 index 00000000000..8d6b9dda47e --- /dev/null +++ b/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX structures + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + + int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg); + + char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx); + +=head1 DESCRIPTION + +These functions handle application specific data in X509_STORE_CTX structures. +Their usage is identical to that of RSA_get_ex_new_index(), RSA_set_ex_data() +and RSA_get_ex_data() as described in L<RSA_get_ex_new_index(3)>. + +=head1 NOTES + +This mechanism is used internally by the B<ssl> library to store the B<SSL> +structure associated with a verification operation in an B<X509_STORE_CTX> +structure. + +=head1 SEE ALSO + +L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)> + +=head1 HISTORY + +X509_STORE_CTX_get_ex_new_index(), X509_STORE_CTX_set_ex_data() and +X509_STORE_CTX_get_ex_data() are available since OpenSSL 0.9.5. + +=cut diff --git a/lib/libssl/src/doc/crypto/X509_STORE_CTX_new.pod b/lib/libssl/src/doc/crypto/X509_STORE_CTX_new.pod new file mode 100644 index 00000000000..b17888f149e --- /dev/null +++ b/lib/libssl/src/doc/crypto/X509_STORE_CTX_new.pod @@ -0,0 +1,122 @@ +=pod + +=head1 NAME + +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX initialisation + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + X509_STORE_CTX *X509_STORE_CTX_new(void); + void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + void X509_STORE_CTX_free(X509_STORE_CTX *ctx); + + int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); + + void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); + + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x); + void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk); + void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); + + X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +=head1 DESCRIPTION + +These functions initialise an B<X509_STORE_CTX> structure for subsequent use +by X509_verify_cert(). + +X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure. + +X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure. +The context can then be reused with an new call to X509_STORE_CTX_init(). + +X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx> +is no longer valid. + +X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation. +The trusted certificate store is set to B<store>, the end entity certificate +to be verified is set to B<x509> and a set of additional certificates (which +will be untrusted but may be used to build the chain) in B<chain>. Any or +all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>. + +X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx> +to B<sk>. This is an alternative way of specifying trusted certificates +instead of using an B<X509_STORE>. + +X509_STORE_CTX_set_cert() sets the certificate to be vertified in B<ctx> to +B<x>. + +X509_STORE_CTX_set_chain() sets the additional certificate chain used by B<ctx> +to B<sk>. + +X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate +verification to B<sk>. These CRLs will only be used if CRL verification is +enabled in the associated B<X509_VERIFY_PARAM> structure. This might be +used where additional "useful" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure. + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an intenal pointer +to the verification parameters associated with B<ctx>. + +X509_STORE_CTX_set0_param() sets the intenal verification parameter pointer +to B<param>. After this call B<param> should not be used. + +X509_STORE_CTX_set_default() looks up and sets the default verification +method to B<name>. This uses the function X509_VERIFY_PARAM_lookup() to +find an appropriate set of parameters from B<name>. + +=head1 NOTES + +The certificates and CRLs in a store are used internally and should B<not> +be freed up until after the associated B<X509_STORE_CTX> is freed. Legacy +applications might implicitly use an B<X509_STORE_CTX> like this: + + X509_STORE_CTX ctx; + X509_STORE_CTX_init(&ctx, store, cert, chain); + +this is B<not> recommended in new applications they should instead do: + + X509_STORE_CTX *ctx; + ctx = X509_STORE_CTX_new(); + if (ctx == NULL) + /* Bad error */ + X509_STORE_CTX_init(ctx, store, cert, chain); + +=head1 BUGS + +The certificates and CRLs in a context are used internally and should B<not> +be freed up until after the associated B<X509_STORE_CTX> is freed. Copies +should be made or reference counts increased instead. + +=head1 RETURN VALUES + +X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an +error occurred. + +X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred. + +X509_STORE_CTX_get0_param() returns a pointer to an B<X509_VERIFY_PARAM> +structure or B<NULL> if an error occurred. + +X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_trusted_stack(), +X509_STORE_CTX_set_cert(), X509_STORE_CTX_set_chain(), +X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return +values. + +X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred. + +=head1 SEE ALSO + +L<X509_verify_cert(3)|X509_verify_cert(3)> +L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)> + +=head1 HISTORY + +X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod new file mode 100644 index 00000000000..b9787a6ca6f --- /dev/null +++ b/lib/libssl/src/doc/crypto/X509_STORE_CTX_set_verify_cb.pod @@ -0,0 +1,161 @@ +=pod + +=head1 NAME + +X509_STORE_CTX_set_verify_cb - set verification callback + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); + +=head1 DESCRIPTION + +X509_STORE_CTX_set_verify_cb() sets the verification callback of B<ctx> to +B<verify_cb> overwriting any existing callback. + +The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes. + +However a verification callback is B<not> essential and the default operation +is often sufficient. + +The B<ok> parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then and error condition +is indicated. If it is 1 then no error occurred. If the flag +B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the +policy checking is complete. + +The B<ctx> parameter to the callback is the B<X509_STORE_CTX> structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling X509_STORE_CTX_get_current_cert(). Additional application data can +be passed to the callback via the B<ex_data> mechanism. + +=head1 WARNING + +In general a verification callback should B<NOT> unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because B<any> certificate (including untrusted generated ones) will be +accepted. + +=head1 NOTES + +The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +B<X509_STORE_CTX> structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated B<X509_STORE>. + +=head1 RETURN VALUES + +X509_STORE_CTX_set_verify_cb() does not return a value. + +=head1 EXAMPLES + +Default callback operation: + + int verify_callback(int ok, X509_STORE_CTX *ctx) + { + return ok; + } + +Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error: + + int verify_callback(int ok, X509_STORE_CTX *ctx) + { + /* Tolerate certificate expiration */ + if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) + return 1; + /* Otherwise don't override */ + return ok; + } + +More complex example, we don't wish to continue after B<any> certificate has +expired just one specific case: + + int verify_callback(int ok, X509_STORE_CTX *ctx) + { + int err = X509_STORE_CTX_get_error(ctx); + X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); + if (err == X509_V_ERR_CERT_HAS_EXPIRED) + { + if (check_is_acceptable_expired_cert(err_cert) + return 1; + } + return ok; + } + +Full featured logging callback. In this case the B<bio_err> is assumed to be +a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using +B<ex_data>. + + int verify_callback(int ok, X509_STORE_CTX *ctx) + { + X509 *err_cert; + int err,depth; + + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + BIO_printf(bio_err,"depth=%d ",depth); + if (err_cert) + { + X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), + 0, XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); + } + else + BIO_puts(bio_err, "<no cert>\n"); + if (!ok) + BIO_printf(bio_err,"verify error:num=%d:%s\n",err, + X509_verify_cert_error_string(err)); + switch (err) + { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + BIO_puts(bio_err,"issuer= "); + X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), + 0, XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + BIO_printf(bio_err,"notBefore="); + ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); + BIO_printf(bio_err,"\n"); + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + BIO_printf(bio_err,"notAfter="); + ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); + BIO_printf(bio_err,"\n"); + break; + case X509_V_ERR_NO_EXPLICIT_POLICY: + policies_print(bio_err, ctx); + break; + } + if (err == X509_V_OK && ok == 2) + /* print out policies */ + + BIO_printf(bio_err,"verify return:%d\n",ok); + return(ok); + } + +=head1 SEE ALSO + +L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> +L<X509_STORE_set_verify_cb_func(3)|X509_STORE_set_verify_cb_func(3)> +L<X509_STORE_CTX_get_ex_new_index(3)|X509_STORE_CTX_get_ex_new_index(3)> + +=head1 HISTORY + +X509_STORE_CTX_set_verify_cb() is available in all versions of SSLeay and +OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/X509_STORE_set_verify_cb_func.pod b/lib/libssl/src/doc/crypto/X509_STORE_set_verify_cb_func.pod new file mode 100644 index 00000000000..29e3bbe3bce --- /dev/null +++ b/lib/libssl/src/doc/crypto/X509_STORE_set_verify_cb_func.pod @@ -0,0 +1,54 @@ +=pod + +=head1 NAME + +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callback + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + void X509_STORE_set_verify_cb(X509_STORE *st, + int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); + + void X509_STORE_set_verify_cb_func(X509_STORE *st, + int (*verify_cb)(int ok, X509_STORE_CTX *ctx)); + +=head1 DESCRIPTION + +X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to +B<verify_cb> overwriting any existing callback. + +X509_STORE_set_verify_cb_func() also sets the verification callback but it +is implemented as a macro. + +=head1 NOTES + +The verification callback from an B<X509_STORE> is inherited by +the corresponding B<X509_STORE_CTX> structure when it is initialized. This can +be used to set the verification callback when the B<X509_STORE_CTX> is +otherwise inaccessible (for example during S/MIME verification). + +=head1 BUGS + +The macro version of this function was the only one available before +OpenSSL 1.0.0. + +=head1 RETURN VALUES + +X509_STORE_set_verify_cb() and X509_STORE_set_verify_cb_func() do not return +a value. + +=head1 SEE ALSO + +L<X509_STORE_CTX_set_verify_cb(3)|X509_STORE_CTX_set_verify_cb(3)> +L<CMS_verify(3)|CMS_verify(3)> + +=head1 HISTORY + +X509_STORE_set_verify_cb_func() is available in all versions of SSLeay and +OpenSSL. + +X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0. + +=cut diff --git a/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod new file mode 100644 index 00000000000..b68eece0338 --- /dev/null +++ b/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -0,0 +1,171 @@ +=pod + +=head1 NAME + +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters + +=head1 SYNOPSIS + + #include <openssl/x509_vfy.h> + + int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); + int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); + unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); + + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); + int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); + + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); + + int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); + int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + + void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); + +=head1 DESCRIPTION + +These functions manipulate the B<X509_VERIFY_PARAM> structure associated with +a certificate verification operation. + +The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring +it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete +description of values the B<flags> parameter can take. + +X509_VERIFY_PARAM_get_flags() returns the flags in B<param>. + +X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>. + +X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param> +to B<purpose>. This determines the acceptable purpose of the certificate +chain, for example SSL client or SSL server. + +X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to +B<trust>. + +X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to +B<t>. Normally the current time is used. + +X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +by default) and adds B<policy> to the acceptable policy set. + +X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled +by default) and sets the acceptable policy set to B<policies>. Any existing +policy set is cleared. The B<policies> parameter can be B<NULL> to clear +an existing policy set. + +X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>. +That is the maximum number of untrusted CA certificates that can appear in a +chain. + +=head1 RETURN VALUES + +X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), +X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(), +X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1 +for success and 0 for failure. + +X509_VERIFY_PARAM_get_flags() returns the current verification flags. + +X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return +values. + +X509_VERIFY_PARAM_get_depth() returns the current verification depth. + +=head1 VERIFICATION FLAGS + +The verification flags consists of zero or more of the following flags +ored together. + +B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf +certificate. An error occurs if a suitable CRL cannot be found. + +B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate +chain. + +B<X509_V_FLAG_IGNORE_CRITICAL> disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. B<WARNING> setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback. + +THe B<X509_V_FLAG_X509_STRICT> flag disables workarounds for some broken +certificates and makes the verification strictly apply B<X509> rules. + +B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification. + +B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default +no policy checking is peformed. Additional information is sent to the +verification callback relating to policy checking. + +B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and +B<X509_V_FLAG_INHIBIT_MAP> set the B<require explicit policy>, B<inhibit any +policy> and B<inhibit policy mapping> flags respectively as defined in +B<RFC3280>. Policy checking is automatically enabled if any of these flags +are set. + +If B<X509_V_FLAG_NOTIFY_POLICY> is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes. + +By default some addtional features such as indirect CRLs and CRLs signed by +different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set +they are enabled. + +If B<X509_V_FLAG_USE_DELTAS> ise set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored. + +B<X509_V_FLAG_CHECK_SS_SIGNATURE> enables checking of the root CA self signed +cerificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root CA +signature is that disabled or unsupported message digests on the root CA +are not treated as fatal errors. + +The B<X509_V_FLAG_CB_ISSUER_CHECK> flag enables debugging of certificate +issuer checks. It is B<not> needed unless you are logging certificate +verification. If this flag is set then additional status codes will be sent +to the verification callback and it B<must> be prepared to handle such cases +without assuming they are hard errors. + +=head1 NOTES + +The above functions should be used to manipulate verification parameters +instead of legacy functions which work in specific structures such as +X509_STORE_CTX_set_flags(). + +=head1 BUGS + +Delta CRL checking is currently primitive. Only a single delta can be used and +(partly due to limitations of B<X509_STORE>) constructed CRLs are not +maintained. + +If CRLs checking is enable CRLs are expected to be available in the +corresponding B<X509_STORE> structure. No attempt is made to download +CRLs from the CRL distribution points extension. + +=head1 EXAMPLE + +Enable CRL checking when performing certificate verification during SSL +connections associated with an B<SSL_CTX> structure B<ctx>: + + X509_VERIFY_PARAM *param; + param = X509_VERIFY_PARAM_new(); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); + SSL_CTX_set1_param(ctx, param); + X509_VERIFY_PARAM_free(param); + +=head1 SEE ALSO + +L<X509_verify_cert(3)|X509_verify_cert(3)> + +=head1 HISTORY + +TBA + +=cut diff --git a/lib/libssl/src/doc/crypto/X509_new.pod b/lib/libssl/src/doc/crypto/X509_new.pod index fd5fc65ce15..d38872335fd 100644 --- a/lib/libssl/src/doc/crypto/X509_new.pod +++ b/lib/libssl/src/doc/crypto/X509_new.pod @@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate ASN1 allocation functions =head1 SYNOPSIS + #include <openssl/x509.h> + X509 *X509_new(void); void X509_free(X509 *a); diff --git a/lib/libssl/src/doc/crypto/X509_verify_cert.pod b/lib/libssl/src/doc/crypto/X509_verify_cert.pod new file mode 100644 index 00000000000..5253bdcd707 --- /dev/null +++ b/lib/libssl/src/doc/crypto/X509_verify_cert.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +X509_verify_cert - discover and verify X509 certificte chain + +=head1 SYNOPSIS + + #include <openssl/x509.h> + + int X509_verify_cert(X509_STORE_CTX *ctx); + +=head1 DESCRIPTION + +The X509_verify_cert() function attempts to discover and validate a +certificate chain based on parameters in B<ctx>. A complete description of +the process is contained in the L<verify(1)|verify(1)> manual page. + +=head1 RETURN VALUES + +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. + +If the function fails additional error information can be obtained by +examining B<ctx> using, for example X509_STORE_CTX_get_error(). + +=head1 NOTES + +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +SSL/TLS code. + +The negative return value from X509_verify_cert() can only occur if no +certificate is set in B<ctx> (due to a programming error) or if a retry +operation is requested during internal lookups (which never happens with +standard lookup methods). It is however recommended that application check +for <= 0 return value on error. + +=head1 BUGS + +This function uses the header B<x509.h> as opposed to most chain verification +functiosn which use B<x509_vfy.h>. + +=head1 SEE ALSO + +L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> + +=head1 HISTORY + +X509_verify_cert() is available in all versions of SSLeay and OpenSSL. + +=cut diff --git a/lib/libssl/src/doc/crypto/d2i_X509.pod b/lib/libssl/src/doc/crypto/d2i_X509.pod index 5bfa18afbb3..298ec54a4c3 100644 --- a/lib/libssl/src/doc/crypto/d2i_X509.pod +++ b/lib/libssl/src/doc/crypto/d2i_X509.pod @@ -15,8 +15,8 @@ i2d_X509_fp - X509 encode and decode functions X509 *d2i_X509_bio(BIO *bp, X509 **x); X509 *d2i_X509_fp(FILE *fp, X509 **x); - int i2d_X509_bio(X509 *x, BIO *bp); - int i2d_X509_fp(X509 *x, FILE *fp); + int i2d_X509_bio(BIO *bp, X509 *x); + int i2d_X509_fp(FILE *fp, X509 *x); =head1 DESCRIPTION @@ -212,11 +212,11 @@ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure or B<NULL> if an error occurs. The error code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. -i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes -successfully encoded or a negative value if an error occurs. The error code -can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +i2d_X509() returns the number of bytes successfully encoded or a negative +value if an error occurs. The error code can be obtained by +L<ERR_get_error(3)|ERR_get_error(3)>. -i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error +i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 SEE ALSO diff --git a/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod b/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod index e7295a5d615..224f9e082b7 100644 --- a/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod +++ b/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod @@ -15,8 +15,8 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions. X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x); X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x); - int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp); - int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp); + int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x); + int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod b/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod index ae32a3891d6..91c0c1974b4 100644 --- a/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod +++ b/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod @@ -15,8 +15,8 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions. X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x); X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x); - int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp); - int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp); + int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x); + int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/i2d_CMS_bio_stream.pod b/lib/libssl/src/doc/crypto/i2d_CMS_bio_stream.pod new file mode 100644 index 00000000000..558bdd0812c --- /dev/null +++ b/lib/libssl/src/doc/crypto/i2d_CMS_bio_stream.pod @@ -0,0 +1,44 @@ +=pod + +=head1 NAME + + i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format. + +=head1 SYNOPSIS + + #include <openssl/cms.h> + + int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); + +=head1 DESCRIPTION + +i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format. + +It is otherwise identical to the function SMIME_write_CMS(). + +=head1 NOTES + +This function is effectively a version of the i2d_CMS_bio() supporting +streaming. + +=head1 BUGS + +The prefix "i2d" is arguably wrong because the function outputs BER format. + +=head1 RETURN VALUES + +i2d_CMS_bio_stream() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, +L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)> +L<CMS_decrypt(3)|CMS_decrypt(3)>, +L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>, +L<PEM_write_bio_CMS_stream(3)|PEM_write_bio_CMS_stream(3)> + +=head1 HISTORY + +i2d_CMS_bio_stream() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libssl/src/doc/crypto/i2d_PKCS7_bio_stream.pod b/lib/libssl/src/doc/crypto/i2d_PKCS7_bio_stream.pod new file mode 100644 index 00000000000..dc4d884c597 --- /dev/null +++ b/lib/libssl/src/doc/crypto/i2d_PKCS7_bio_stream.pod @@ -0,0 +1,44 @@ +=pod + +=head1 NAME + +i2d_PKCS7_bio_stream - output PKCS7 structure in BER format. + +=head1 SYNOPSIS + + #include <openssl/pkcs7.h> + + int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); + +=head1 DESCRIPTION + +i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format. + +It is otherwise identical to the function SMIME_write_PKCS7(). + +=head1 NOTES + +This function is effectively a version of the d2i_PKCS7_bio() supporting +streaming. + +=head1 BUGS + +The prefix "d2i" is arguably wrong because the function outputs BER format. + +=head1 RETURN VALUES + +i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>, +L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)> +L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>, +L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>, +L<PEM_write_bio_PKCS7_stream(3)|PEM_write_bio_PKCS7_stream(3)> + +=head1 HISTORY + +i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0 + +=cut diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_psk_client_callback.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_psk_client_callback.pod new file mode 100644 index 00000000000..573f89a9220 --- /dev/null +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_psk_client_callback.pod @@ -0,0 +1,81 @@ +=pod + +=begin comment + +Copyright 2005 Nokia. All rights reserved. + +The portions of the attached software ("Contribution") is developed by +Nokia Corporation and is licensed pursuant to the OpenSSL open source +license. + +The Contribution, originally written by Mika Kousa and Pasi Eronen of +Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites +support (see RFC 4279) to OpenSSL. + +No patent licenses or other rights except those expressly stated in +the OpenSSL open source license shall be deemed granted or received +expressly, by implication, estoppel, or otherwise. + +No assurances are provided by Nokia that the Contribution does not +infringe the patent or other intellectual property rights of any third +party or that the license provides you with all the necessary rights +to make use of the Contribution. + +THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN +ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA +SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY +OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR +OTHERWISE. + +=end comment + +=head1 NAME + +SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - set PSK client callback + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, + unsigned int (*callback)(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, + unsigned char *psk, unsigned int max_psk_len)); + void SSL_set_psk_client_callback(SSL *ssl, + unsigned int (*callback)(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, + unsigned char *psk, unsigned int max_psk_len)); + + +=head1 DESCRIPTION + +A client application must provide a callback function which is called +when the client is sending the ClientKeyExchange message to the server. + +The purpose of the callback function is to select the PSK identity and +the pre-shared key to use during the connection setup phase. + +The callback is set using functions SSL_CTX_set_psk_client_callback() +or SSL_set_psk_client_callback(). The callback function is given the +connection in parameter B<ssl>, a B<NULL>-terminated PSK identity hint +sent by the server in parameter B<hint>, a buffer B<identity> of +length B<max_identity_len> bytes where the the resulting +B<NULL>-terminated identity is to be stored, and a buffer B<psk> of +length B<max_psk_len> bytes where the resulting pre-shared key is to +be stored. + +=head1 NOTES + +Note that parameter B<hint> given to the callback may be B<NULL>. + +=head1 RETURN VALUES + +Return values from the client callback are interpreted as follows: + +On success (callback found a PSK identity and a pre-shared key to use) +the length (> 0) of B<psk> in bytes is returned. + +Otherwise or on errors callback should return 0. In this case +the connection setup fails. + +=cut diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod new file mode 100644 index 00000000000..b80e25be7ea --- /dev/null +++ b/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod @@ -0,0 +1,102 @@ +=pod + +=begin comment + +Copyright 2005 Nokia. All rights reserved. + +The portions of the attached software ("Contribution") is developed by +Nokia Corporation and is licensed pursuant to the OpenSSL open source +license. + +The Contribution, originally written by Mika Kousa and Pasi Eronen of +Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites +support (see RFC 4279) to OpenSSL. + +No patent licenses or other rights except those expressly stated in +the OpenSSL open source license shall be deemed granted or received +expressly, by implication, estoppel, or otherwise. + +No assurances are provided by Nokia that the Contribution does not +infringe the patent or other intellectual property rights of any third +party or that the license provides you with all the necessary rights +to make use of the Contribution. + +THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN +ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA +SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY +OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR +OTHERWISE. + +=end comment + +=head1 NAME + +SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, +SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback - set PSK +identity hint to use + + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); + int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); + + void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, + unsigned int (*callback)(SSL *ssl, const char *identity, + unsigned char *psk, int max_psk_len)); + void SSL_set_psk_server_callback(SSL *ssl, + unsigned int (*callback)(SSL *ssl, const char *identity, + unsigned char *psk, int max_psk_len)); + + +=head1 DESCRIPTION + +SSL_CTX_use_psk_identity_hint() sets the given B<NULL>-terminated PSK +identity hint B<hint> to SSL context object +B<ctx>. SSL_use_psk_identity_hint() sets the given B<NULL>-terminated +PSK identity hint B<hint> to SSL connection object B<ssl>. If B<hint> +is B<NULL> the current hint from B<ctx> or B<ssl> is deleted. + +In the case where PSK identity hint is B<NULL>, the server +does not send the ServerKeyExchange message to the client. + +A server application must provide a callback function which is called +when the server receives the ClientKeyExchange message from the +client. The purpose of the callback function is to validate the +received PSK identity and to fetch the pre-shared key used during the +connection setup phase. The callback is set using functions +SSL_CTX_set_psk_server_callback() or +SSL_set_psk_server_callback(). The callback function is given the +connection in parameter B<ssl>, B<NULL>-terminated PSK identity sent +by the client in parameter B<identity>, and a buffer B<psk> of length +B<max_psk_len> bytes where the pre-shared key is to be stored. + + +=head1 RETURN VALUES + +SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return +1 on success, 0 otherwise. + +Return values from the server callback are interpreted as follows: + +=item > 0 + +PSK identity was found and the server callback has provided the PSK +successfully in parameter B<psk>. Return value is the length of +B<psk> in bytes. It is an error to return a value greater than +B<max_psk_len>. + +If the PSK identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to B<psk> and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely. + +=item 0 + +PSK identity was not found. An "unknown_psk_identity" alert message +will be sent and the connection setup fails. + +=cut diff --git a/lib/libssl/src/doc/ssl/SSL_get_psk_identity.pod b/lib/libssl/src/doc/ssl/SSL_get_psk_identity.pod new file mode 100644 index 00000000000..fe6291649ce --- /dev/null +++ b/lib/libssl/src/doc/ssl/SSL_get_psk_identity.pod @@ -0,0 +1,63 @@ +=pod + +=begin comment + +Copyright 2005 Nokia. All rights reserved. + +The portions of the attached software ("Contribution") is developed by +Nokia Corporation and is licensed pursuant to the OpenSSL open source +license. + +The Contribution, originally written by Mika Kousa and Pasi Eronen of +Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites +support (see RFC 4279) to OpenSSL. + +No patent licenses or other rights except those expressly stated in +the OpenSSL open source license shall be deemed granted or received +expressly, by implication, estoppel, or otherwise. + +No assurances are provided by Nokia that the Contribution does not +infringe the patent or other intellectual property rights of any third +party or that the license provides you with all the necessary rights +to make use of the Contribution. + +THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN +ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA +SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY +OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR +OTHERWISE. + +=end comment + +=head1 NAME + +SSL_get_psk_identity, SSL_get_psk_identity_hint - get PSK client identity and hint + + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + const char *SSL_get_psk_identity_hint(const SSL *ssl); + const char *SSL_get_psk_identity(const SSL *ssl); + + +=head1 DESCRIPTION + +SSL_get_psk_identity_hint() is used to retrieve the PSK identity hint +used during the connection setup related to SSL object +B<ssl>. Similarly, SSL_get_psk_identity() is used to retrieve the PSK +identity used during the connection setup. + + +=head1 RETURN VALUES + +If non-B<NULL>, SSL_get_psk_identity_hint() returns the PSK identity +hint and SSL_get_psk_identity() returns the PSK identity. Both are +B<NULL>-terminated. SSL_get_psk_identity_hint() may return B<NULL> if +no PSK identity hint was used during the connection setup. + +Note that the return value is valid only during the lifetime of the +SSL object B<ssl>. + +=cut diff --git a/lib/libssl/src/engines/alpha.opt b/lib/libssl/src/engines/alpha.opt new file mode 100644 index 00000000000..1dc71bf4b7e --- /dev/null +++ b/lib/libssl/src/engines/alpha.opt @@ -0,0 +1 @@ +SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE) diff --git a/lib/libssl/src/engines/capierr.bat b/lib/libssl/src/engines/capierr.bat new file mode 100644 index 00000000000..274ffac2fe6 --- /dev/null +++ b/lib/libssl/src/engines/capierr.bat @@ -0,0 +1 @@ +perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c diff --git a/lib/libssl/src/engines/ccgost/Makefile b/lib/libssl/src/engines/ccgost/Makefile new file mode 100644 index 00000000000..64be962f39a --- /dev/null +++ b/lib/libssl/src/engines/ccgost/Makefile @@ -0,0 +1,275 @@ +DIR=ccgost +TOP=../.. +CC=cc +INCLUDES= -I../../include +CFLAG=-g +MAKEFILE= Makefile +AR= ar r +CFLAGS= $(INCLUDES) $(CFLAG) +LIB=$(TOP)/libcrypto.a + +LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c + +LIBOBJ= e_gost_err.o gost2001_keyx.o gost2001.o gost89.o gost94_keyx.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o gost_sign.o + +SRC=$(LIBSRC) + +LIBNAME=gost + +top: + (cd $(TOP); $(MAKE) DIRS=engines EDIRS=$(DIR) sub_all) + +all: lib + +tags: + ctags $(SRC) + +errors: + $(PERL) ../../util/mkerr.pl -conf gost.ec -nostatic -write $(SRC) + +lib: $(LIBOBJ) + if [ -n "$(SHARED_LIBS)" ]; then \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + LIBNAME=$(LIBNAME) \ + LIBEXTRAS='$(LIBOBJ)' \ + LIBDEPS='-L$(TOP) -lcrypto' \ + link_o.$(SHLIB_TARGET); \ + else \ + $(AR) $(LIB) $(LIBOBJ); \ + fi + @touch lib + +install: + [ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + echo installing $(LIBNAME); \ + pfx=lib; \ + if [ "$(PLATFORM)" != "Cygwin" ]; then \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ + *DSO_DLFCN*) sfx=".so";; \ + *DSO_DL*) sfx=".sl";; \ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + sfx=".so"; \ + cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + fi; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + +links: + +tests: + +depend: + @if [ -z "$(THIS)" ]; then \ + $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ + else \ + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ + fi + +files: + + + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +gost2001.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost2001.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost2001.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost2001.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost2001.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost2001.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost2001.o: ../../include/openssl/err.h ../../include/openssl/evp.h +gost2001.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost2001.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +gost2001.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gost2001.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +gost2001.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +gost2001.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +gost2001.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +gost2001.o: e_gost_err.h gost2001.c gost89.h gost_lcl.h gost_params.h +gost2001.o: gosthash.h +gost2001_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost2001_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost2001_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost2001_keyx.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost2001_keyx.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost2001_keyx.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost2001_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +gost2001_keyx.o: ../../include/openssl/obj_mac.h +gost2001_keyx.o: ../../include/openssl/objects.h +gost2001_keyx.o: ../../include/openssl/opensslconf.h +gost2001_keyx.o: ../../include/openssl/opensslv.h +gost2001_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +gost2001_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +gost2001_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +gost2001_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +gost2001_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost2001_keyx.c +gost2001_keyx.o: gost2001_keyx.h gost89.h gost_keywrap.h gost_lcl.h gosthash.h +gost89.o: gost89.c gost89.h +gost94_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost94_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost94_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost94_keyx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +gost94_keyx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +gost94_keyx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +gost94_keyx.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +gost94_keyx.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost94_keyx.o: ../../include/openssl/objects.h +gost94_keyx.o: ../../include/openssl/opensslconf.h +gost94_keyx.o: ../../include/openssl/opensslv.h +gost94_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +gost94_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +gost94_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +gost94_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +gost94_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h +gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h +gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost_ameth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +gost_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost_ameth.o: ../../include/openssl/objects.h +gost_ameth.o: ../../include/openssl/opensslconf.h +gost_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h +gost_ameth.o: gost_ameth.c gost_lcl.h gost_params.h gosthash.h +gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +gost_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +gost_asn1.o: ../../include/openssl/opensslconf.h +gost_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gost_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +gost_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +gost_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +gost_asn1.o: ../../include/openssl/x509_vfy.h gost89.h gost_asn1.c gost_lcl.h +gost_asn1.o: gosthash.h +gost_crypt.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_crypt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_crypt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost_crypt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost_crypt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost_crypt.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost_crypt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +gost_crypt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +gost_crypt.o: ../../include/openssl/opensslconf.h +gost_crypt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gost_crypt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +gost_crypt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +gost_crypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +gost_crypt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +gost_crypt.o: e_gost_err.h gost89.h gost_crypt.c gost_lcl.h gosthash.h +gost_ctl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_ctl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_ctl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost_ctl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost_ctl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost_ctl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost_ctl.o: ../../include/openssl/err.h ../../include/openssl/evp.h +gost_ctl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost_ctl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +gost_ctl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gost_ctl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +gost_ctl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +gost_ctl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +gost_ctl.o: ../../include/openssl/x509_vfy.h gost89.h gost_ctl.c gost_lcl.h +gost_ctl.o: gosthash.h +gost_eng.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost_eng.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h +gost_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +gost_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gost_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +gost_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +gost_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +gost_eng.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h gost_eng.c +gost_eng.o: gost_lcl.h gosthash.h +gost_keywrap.o: gost89.h gost_keywrap.c gost_keywrap.h +gost_md.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_md.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost_md.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost_md.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost_md.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +gost_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +gost_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +gost_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +gost_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h +gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +gost_params.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +gost_params.o: ../../include/openssl/opensslconf.h +gost_params.o: ../../include/openssl/opensslv.h +gost_params.o: ../../include/openssl/ossl_typ.h +gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +gost_params.o: ../../include/openssl/symhacks.h gost_params.c gost_params.h +gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +gost_pmeth.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +gost_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost_pmeth.o: ../../include/openssl/objects.h +gost_pmeth.o: ../../include/openssl/opensslconf.h +gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_pmeth.c +gost_pmeth.o: gosthash.h +gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +gost_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +gost_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +gost_sign.o: ../../include/openssl/opensslconf.h +gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_params.h gost_sign.c +gost_sign.o: gosthash.h +gosthash.o: gost89.h gosthash.c gosthash.h diff --git a/lib/libssl/src/engines/ccgost/README.gost b/lib/libssl/src/engines/ccgost/README.gost new file mode 100644 index 00000000000..c96cccc7b40 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/README.gost @@ -0,0 +1,300 @@ +GOST ENGINE + +This engine provides implementation of Russian cryptography standard. +This is also an example of adding new cryptoalgorithms into OpenSSL +without changing its core. If OpenSSL is compiled with dynamic engine +support, new algorithms can be added even without recompilation of +OpenSSL and applications which use it. + +ALGORITHMS SUPPORTED + +GOST R 34.10-94 and GOST R 34.10-2001 - digital signature algorithms. + Also support key exchange based on public keys. See RFC 4357 for + details of VKO key exchange algorithm. These algorithms use + 256 bit private keys. Public keys are 1024 bit for 94 and 512 bit for + 2001 (which is elliptic-curve based). Key exchange algorithms + (VKO R 34.10) are supported on these keys too. + +GOST R 34.11-94 Message digest algorithm. 256-bit hash value + +GOST 28147-89 - Symmetric cipher with 256-bit key. Various modes are + defined in the standard, but only CFB and CNT modes are implemented + in the engine. To make statistical analysis more difficult, key + meshing is supported (see RFC 4357). + +GOST 28147-89 MAC mode. Message authentication code. While most MAC + algorithms out there are based on hash functions using HMAC + algorithm, this algoritm is based on symmetric cipher. + It has 256-bit symmetric key and only 32 bits of MAC value + (while HMAC has same key size and value size). + + It is implemented as combination of EVP_PKEY type and EVP_MD type. + +USAGE OF THESE ALGORITHMS + +This engine is designed to allow usage of this algorithms in the +high-level openssl functions, such as PKI, S/MIME and TLS. + +See RFC 4490 for S/MIME with GOST algorithms and RFC 4491 for PKI. +TLS support is implemented according IETF +draft-chudov-cryptopro-cptls-03.txt and is compatible with +CryptoPro CSP 3.0 and 3.6 as well as with MagPro CSP. +GOST ciphersuites implemented in CryptoPro CSP 2.0 are not supported +because they use ciphersuite numbers used now by AES ciphersuites. + +To use the engine you have to load it via openssl configuration +file. Applications should read openssl configuration file or provide +their own means to load engines. Also, applications which operate with +private keys, should use generic EVP_PKEY API instead of using RSA or +other algorithm-specific API. + +CONFIGURATION FILE + +Configuration file should include following statement in the global +section, i.e. before first bracketed section header (see config(5) for details) + + openssl_conf = openssl_def + +where openssl_def is name of the section in configuration file which +describes global defaults. + +This section should contain following statement: + + [openssl_def] + engines = engine_section + +which points to the section which describes list of the engines to be +loaded. This section should contain: + + [engine_section] + gost = gost_section + +And section which describes configuration of the engine should contain + + [gost_section] + engine_id = gost + dynamic_path = /usr/lib/ssl/engines/libgost.so + default_algorithms = ALL + CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet + +Where engine_id parameter specifies name of engine (should be "gost"). +dynamic_path is a location of the loadable shared library implementing the +engine. If the engine is compiled statically or is located in the OpenSSL +engines directory, this line can be omitted. +default_algorithms parameter specifies that all algorithms, provided by +engine, should be used. + +The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose +between different parameter sets of symmetric cipher algorithm. RFC 4357 +specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL +doesn't provide user interface to choose one when encrypting. So use engine +configuration parameter instead. + +Value of this parameter can be either short name, defined in OpenSSL +obj_dat.h header file or numeric representation of OID, defined in RFC +4357. + +USAGE WITH COMMAND LINE openssl UTILITY + +1. Generation of private key + + openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out seckey.pem + + Use -algorithm option to specify algorithm. + Use -pkeyopt option to pass paramset to algorithm. The following paramsets + are supported by + gost94: 0,A,B,C,D,XA,XB,XC + gost2001: 0,A,B,C,XA,XB + You can also use numeric representation of OID as to destinate + paramset. + + Paramsets starting with X are intended to use for key exchange keys. + Paramsets without X are for digital signature keys. + + Paramset for both algorithms 0 is the test paramset which should be used + only for test purposes. + +There are no algorithm-specific things with generation of certificate +request once you have a private key. + +2. Generation of certificate request along with private/public keypar + + openssl req -newkey gost2001 -pkeyopt paramset:A + + Syntax of -pkeyopt parameter is identical with genpkey command. + + You can also use oldstyle syntax -newkey gost2001:paramfile, but in + this case you should create parameter file first. + + It can be created with + + openssl genpkey -genparam -algorithm gost2001 -pkeyopt paramset:A\ + -out paramfile. + +3. S/MIME operations + +If you want to send encrypted mail using GOST algorithms, don't forget +to specify -gost89 as encryption algorithm for OpenSSL smime command. +While OpenSSL is clever enough to find out that GOST R 34.11-94 digest +must be used for digital signing with GOST private key, it have no way +to derive symmetric encryption algorithm from key exchange keys. + +4. TLS operations + +OpenSSL supports all four ciphersuites defined in the IETF draft. +Once you've loaded GOST key and certificate into your TLS server, +ciphersuites which use GOST 28147-89 encryption are enabled. + +Ciphersuites with NULL encryption should be enabled explicitely if +needed. + +GOST2001-GOST89-GOST89 Uses GOST R 34.10-2001 for auth and key exchange + GOST 28147-89 for encryption and GOST 28147-89 MAC +GOST94-GOST89-GOST89 Uses GOST R 34.10-94 for auth and key exchange + GOST 28147-89 for encryption and GOST 28147-89 MAC +GOST2001-NULL-GOST94 Uses GOST R 34.10-2001 for auth and key exchange, + no encryption and HMAC, based on GOST R 34.11-94 +GOST94-NULL-GOST94 Uses GOST R 34.10-94 for auth and key exchange, + no encryption and HMAC, based on GOST R 34.11-94 + +Gost 94 and gost 2001 keys can be used simultaneously in the TLS server. +RSA, DSA and EC keys can be used simultaneously with GOST keys, if +server implementation supports loading more than two private +key/certificate pairs. In this case ciphersuites which use any of loaded +keys would be supported and clients can negotiate ones they wish. + +This allows creation of TLS servers which use GOST ciphersuites for +Russian clients and RSA/DSA ciphersuites for foreign clients. + +5. Calculation of digests and symmetric encryption + OpenSSL provides specific commands (like sha1, aes etc) for calculation + of digests and symmetric encryption. Since such commands cannot be + added dynamically, no such commands are provided for GOST algorithms. + Use generic commands 'dgst' and 'enc'. + + Calculation of GOST R 34.11-94 message digest + + openssl dgst -md_gost94 datafile + + Note that GOST R 34.11-94 specifies that digest value should be + interpreted as little-endian number, but OpenSSL outputs just hex dump + of digest value. + + So, to obtain correct digest value, such as produced by gostsum utility + included in the engine distribution, bytes of output should be + reversed. + + Calculation of HMAC based on GOST R 34.11-94 + + openssl dgst -md_gost94 -mac hmac -macopt key:<32 bytes of key> datafile + + (or use hexkey if key contain NUL bytes) + Calculation of GOST 28147 MAC + + openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile + + Note absense of an option that specifies digest algorithm. gost-mac + algorithm supports only one digest (which is actually part of + implementation of this mac) and OpenSSL is clever enough to find out + this. + + Encryption with GOST 28147 CFB mode + openssl enc -gost89 -out encrypted-file -in plain-text-file -k <passphrase> + Encryption with GOST 28147 CNT mode + openssl enc -gost89-cnt -out encrypted-file -in plain-text-file -k <passphrase> + + +6. Encrypting private keys and PKCS12 + +To produce PKCS12 files compatible with MagPro CSP, you need to use +GOST algorithm for encryption of PKCS12 file and also GOST R 34.11-94 +hash to derive key from password. + +openssl pksc12 -export -inkey gost.pem -in gost_cert.pem -keypbe gost89\ + -certpbe gost89 -macalg md_gost94 + +7. Testing speed of symmetric ciphers. + +To test performance of GOST symmetric ciphers you should use -evp switch +of the openssl speed command. Engine-provided ciphers couldn't be +accessed by cipher-specific functions, only via generic evp interface + + openssl speed -evp gost89 + openssl speed -evp gost89-cnt + + +PROGRAMMING INTERFACES DETAILS + +Applications never should access engine directly. They only use provided +EVP_PKEY API. But there are some details, which should be taken into +account. + +EVP provides two kinds of API for key exchange: + +1. EVP_PKEY_encrypt/EVP_PKEY_decrypt functions, intended to use with + RSA-like public key encryption algorithms + +2. EVP_PKEY_derive, intended to use with Diffie-Hellman-like shared key +computing algorithms. + +Although VKO R 34.10 algorithms, described in the RFC 4357 are +definitely second case, engine provides BOTH API for GOST R 34.10 keys. + +EVP_PKEY_derive just invokes appropriate VKO algorithm and computes +256 bit shared key. VKO R 34.10-2001 requires 64 bits of random user key +material (UKM). This UKM should be transmitted to other party, so it is +not generated inside derive function. + +It should be set by EVP_PKEY_CTX_ctrl function using +EVP_PKEY_CTRL_SET_IV command after call of EVP_PKEY_derive_init, but +before EVP_PKEY_derive. + unsigned char ukm[8]; + RAND_bytes(ukm,8); + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, 8, ukm) + +EVP_PKEY_encrypt encrypts provided session key with VKO shared key and +packs it into GOST key transport structure, described in the RFC 4490. + +It typically uses ephemeral key pair to compute shared key and packs its +public part along with encrypted key. So, for most cases use of +EVP_PKEY_encrypt/EVP_PKEY_decrypt with GOST keys is almost same as with +RSA. + +However, if peerkey field in the EVP_PKEY_CTX structure is set (using +EVP_PKEY_derive_set_peerkey function) to EVP_PKEY structure which has private +key and uses same parameters as the public key from which this EVP_PKEY_CTX is +created, EVP_PKEY_encrypt will use this private key to compute shared key and +set ephemeral key in the GOST_key_transport structure to NULL. In this case +pkey and peerkey fields in the EVP_PKEY_CTX are used upside-down. + +If EVP_PKEY_decrypt encounters GOST_key_transport structure with NULL +public key field, it tries to use peerkey field from the context to +compute shared key. In this case peerkey field should really contain +peer public key. + +Encrypt operation supports EVP_PKEY_CTRL_SET_IV operation as well. +It can be used when some specific restriction on UKM are imposed by +higher level protocol. For instance, description of GOST ciphersuites +requires UKM to be derived from shared secret. + +If UKM is not set by this control command, encrypt operation would +generate random UKM. + + +This sources include implementation of GOST 28147-89 and GOST R 34.11-94 +which are completely indepentent from OpenSSL and can be used separately +(files gost89.c, gost89.h, gosthash.c, gosthash.h) Utility gostsum (file +gostsum.c) is provided as example of such separate usage. This is +program, simular to md5sum and sha1sum utilities, but calculates GOST R +34.11-94 hash. + +Makefile doesn't include rule for compiling gostsum. +Use command + +$(CC) -o gostsum gostsum.c gost89.c gosthash.c +where $(CC) is name of your C compiler. + +Implementations of GOST R 34.10-xx, including VKO algorithms heavily +depends on OpenSSL BIGNUM and Elliptic Curve libraries. + + diff --git a/lib/libssl/src/engines/ccgost/e_gost_err.c b/lib/libssl/src/engines/ccgost/e_gost_err.c new file mode 100644 index 00000000000..9a79a374e28 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/e_gost_err.c @@ -0,0 +1,212 @@ +/* e_gost_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include <stdio.h> +#include <openssl/err.h> +#include "e_gost_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(0,func,0) +#define ERR_REASON(reason) ERR_PACK(0,0,reason) + +static ERR_STRING_DATA GOST_str_functs[]= + { +{ERR_FUNC(GOST_F_DECODE_GOST_ALGOR_PARAMS), "DECODE_GOST_ALGOR_PARAMS"}, +{ERR_FUNC(GOST_F_ENCODE_GOST_ALGOR_PARAMS), "ENCODE_GOST_ALGOR_PARAMS"}, +{ERR_FUNC(GOST_F_FILL_GOST2001_PARAMS), "FILL_GOST2001_PARAMS"}, +{ERR_FUNC(GOST_F_FILL_GOST94_PARAMS), "FILL_GOST94_PARAMS"}, +{ERR_FUNC(GOST_F_GET_ENCRYPTION_PARAMS), "GET_ENCRYPTION_PARAMS"}, +{ERR_FUNC(GOST_F_GOST2001_COMPUTE_PUBLIC), "GOST2001_COMPUTE_PUBLIC"}, +{ERR_FUNC(GOST_F_GOST2001_DO_SIGN), "GOST2001_DO_SIGN"}, +{ERR_FUNC(GOST_F_GOST2001_DO_VERIFY), "GOST2001_DO_VERIFY"}, +{ERR_FUNC(GOST_F_GOST2001_KEYGEN), "GOST2001_KEYGEN"}, +{ERR_FUNC(GOST_F_GOST89_GET_ASN1_PARAMETERS), "GOST89_GET_ASN1_PARAMETERS"}, +{ERR_FUNC(GOST_F_GOST89_SET_ASN1_PARAMETERS), "GOST89_SET_ASN1_PARAMETERS"}, +{ERR_FUNC(GOST_F_GOST94_COMPUTE_PUBLIC), "GOST94_COMPUTE_PUBLIC"}, +{ERR_FUNC(GOST_F_GOST_CIPHER_CTL), "GOST_CIPHER_CTL"}, +{ERR_FUNC(GOST_F_GOST_DO_SIGN), "GOST_DO_SIGN"}, +{ERR_FUNC(GOST_F_GOST_DO_VERIFY), "GOST_DO_VERIFY"}, +{ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"}, +{ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"}, +{ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"}, +{ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"}, +{ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"}, +{ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"}, +{ERR_FUNC(GOST_F_PKEY_GOST01CP_ENCRYPT), "PKEY_GOST01CP_ENCRYPT"}, +{ERR_FUNC(GOST_F_PKEY_GOST01CP_KEYGEN), "PKEY_GOST01CP_KEYGEN"}, +{ERR_FUNC(GOST_F_PKEY_GOST01_PARAMGEN), "PKEY_GOST01_PARAMGEN"}, +{ERR_FUNC(GOST_F_PKEY_GOST2001_DERIVE), "PKEY_GOST2001_DERIVE"}, +{ERR_FUNC(GOST_F_PKEY_GOST94CP_DECRYPT), "PKEY_GOST94CP_DECRYPT"}, +{ERR_FUNC(GOST_F_PKEY_GOST94CP_ENCRYPT), "PKEY_GOST94CP_ENCRYPT"}, +{ERR_FUNC(GOST_F_PKEY_GOST94CP_KEYGEN), "PKEY_GOST94CP_KEYGEN"}, +{ERR_FUNC(GOST_F_PKEY_GOST94_PARAMGEN), "PKEY_GOST94_PARAMGEN"}, +{ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"}, +{ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"}, +{ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"}, +{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"}, +{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"}, +{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"}, +{ERR_FUNC(GOST_F_PRINT_GOST_01), "PRINT_GOST_01"}, +{ERR_FUNC(GOST_F_PRIV_DECODE_GOST), "PRIV_DECODE_GOST"}, +{ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"}, +{ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"}, +{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"}, +{ERR_FUNC(GOST_F_UNPACK_CC_SIGNATURE), "UNPACK_CC_SIGNATURE"}, +{ERR_FUNC(GOST_F_UNPACK_CP_SIGNATURE), "UNPACK_CP_SIGNATURE"}, +{0,NULL} + }; + +static ERR_STRING_DATA GOST_str_reasons[]= + { +{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"}, +{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"}, +{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"}, +{ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"}, +{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"}, +{ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),"error packing key transport info"}, +{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"}, +{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"}, +{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"}, +{ERR_REASON(GOST_R_INVALID_CIPHER_PARAMS),"invalid cipher params"}, +{ERR_REASON(GOST_R_INVALID_CIPHER_PARAM_OID),"invalid cipher param oid"}, +{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, +{ERR_REASON(GOST_R_INVALID_GOST94_PARMSET),"invalid gost94 parmset"}, +{ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"}, +{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"}, +{ERR_REASON(GOST_R_INVALID_PARAMSET) ,"invalid paramset"}, +{ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED),"key is not initalized"}, +{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"}, +{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"}, +{ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"}, +{ERR_REASON(GOST_R_MALLOC_FAILURE) ,"malloc failure"}, +{ERR_REASON(GOST_R_NO_MEMORY) ,"no memory"}, +{ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"}, +{ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, +{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, +{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, +{ERR_REASON(GOST_R_RANDOM_GENERATOR_ERROR),"random generator error"}, +{ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE),"random generator failure"}, +{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, +{ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, +{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, +{ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"}, +{ERR_REASON(GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND),"unsupported cipher ctl command"}, +{ERR_REASON(GOST_R_UNSUPPORTED_PARAMETER_SET),"unsupported parameter set"}, +{0,NULL} + }; + +#endif + +#ifdef GOST_LIB_NAME +static ERR_STRING_DATA GOST_lib_name[]= + { +{0 ,GOST_LIB_NAME}, +{0,NULL} + }; +#endif + + +static int GOST_lib_error_code=0; +static int GOST_error_init=1; + +void ERR_load_GOST_strings(void) + { + if (GOST_lib_error_code == 0) + GOST_lib_error_code=ERR_get_next_error_library(); + + if (GOST_error_init) + { + GOST_error_init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(GOST_lib_error_code,GOST_str_functs); + ERR_load_strings(GOST_lib_error_code,GOST_str_reasons); +#endif + +#ifdef GOST_LIB_NAME + GOST_lib_name->error = ERR_PACK(GOST_lib_error_code,0,0); + ERR_load_strings(0,GOST_lib_name); +#endif + } + } + +void ERR_unload_GOST_strings(void) + { + if (GOST_error_init == 0) + { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(GOST_lib_error_code,GOST_str_functs); + ERR_unload_strings(GOST_lib_error_code,GOST_str_reasons); +#endif + +#ifdef GOST_LIB_NAME + ERR_unload_strings(0,GOST_lib_name); +#endif + GOST_error_init=1; + } + } + +void ERR_GOST_error(int function, int reason, char *file, int line) + { + if (GOST_lib_error_code == 0) + GOST_lib_error_code=ERR_get_next_error_library(); + ERR_PUT_error(GOST_lib_error_code,function,reason,file,line); + } diff --git a/lib/libssl/src/engines/ccgost/e_gost_err.h b/lib/libssl/src/engines/ccgost/e_gost_err.h new file mode 100644 index 00000000000..6dc500079d5 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/e_gost_err.h @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_GOST_ERR_H +#define HEADER_GOST_ERR_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_GOST_strings(void); +void ERR_unload_GOST_strings(void); +void ERR_GOST_error(int function, int reason, char *file, int line); +#define GOSTerr(f,r) ERR_GOST_error((f),(r),__FILE__,__LINE__) + +/* Error codes for the GOST functions. */ + +/* Function codes. */ +#define GOST_F_DECODE_GOST_ALGOR_PARAMS 99 +#define GOST_F_ENCODE_GOST_ALGOR_PARAMS 100 +#define GOST_F_FILL_GOST2001_PARAMS 101 +#define GOST_F_FILL_GOST94_PARAMS 102 +#define GOST_F_GET_ENCRYPTION_PARAMS 103 +#define GOST_F_GOST2001_COMPUTE_PUBLIC 104 +#define GOST_F_GOST2001_DO_SIGN 105 +#define GOST_F_GOST2001_DO_VERIFY 106 +#define GOST_F_GOST2001_KEYGEN 107 +#define GOST_F_GOST89_GET_ASN1_PARAMETERS 108 +#define GOST_F_GOST89_SET_ASN1_PARAMETERS 109 +#define GOST_F_GOST94_COMPUTE_PUBLIC 110 +#define GOST_F_GOST_CIPHER_CTL 111 +#define GOST_F_GOST_DO_SIGN 112 +#define GOST_F_GOST_DO_VERIFY 113 +#define GOST_F_GOST_IMIT_CTRL 114 +#define GOST_F_GOST_IMIT_FINAL 140 +#define GOST_F_GOST_IMIT_UPDATE 115 +#define GOST_F_PARAM_COPY_GOST01 116 +#define GOST_F_PARAM_COPY_GOST94 117 +#define GOST_F_PKEY_GOST01CP_DECRYPT 118 +#define GOST_F_PKEY_GOST01CP_ENCRYPT 119 +#define GOST_F_PKEY_GOST01CP_KEYGEN 120 +#define GOST_F_PKEY_GOST01_PARAMGEN 138 +#define GOST_F_PKEY_GOST2001_DERIVE 121 +#define GOST_F_PKEY_GOST94CP_DECRYPT 122 +#define GOST_F_PKEY_GOST94CP_ENCRYPT 123 +#define GOST_F_PKEY_GOST94CP_KEYGEN 124 +#define GOST_F_PKEY_GOST94_PARAMGEN 139 +#define GOST_F_PKEY_GOST_CTRL 125 +#define GOST_F_PKEY_GOST_CTRL01_STR 126 +#define GOST_F_PKEY_GOST_CTRL94_STR 127 +#define GOST_F_PKEY_GOST_MAC_CTRL 128 +#define GOST_F_PKEY_GOST_MAC_CTRL_STR 129 +#define GOST_F_PKEY_GOST_MAC_KEYGEN 130 +#define GOST_F_PRINT_GOST_01 131 +#define GOST_F_PRIV_DECODE_GOST 132 +#define GOST_F_PUB_DECODE_GOST01 133 +#define GOST_F_PUB_DECODE_GOST94 134 +#define GOST_F_PUB_ENCODE_GOST01 135 +#define GOST_F_UNPACK_CC_SIGNATURE 136 +#define GOST_F_UNPACK_CP_SIGNATURE 137 + +/* Reason codes. */ +#define GOST_R_BAD_KEY_PARAMETERS_FORMAT 99 +#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 100 +#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 101 +#define GOST_R_CTRL_CALL_FAILED 132 +#define GOST_R_ERROR_COMPUTING_SHARED_KEY 102 +#define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 103 +#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 104 +#define GOST_R_INCOMPATIBLE_ALGORITHMS 105 +#define GOST_R_INCOMPATIBLE_PEER_KEY 131 +#define GOST_R_INVALID_CIPHER_PARAMS 106 +#define GOST_R_INVALID_CIPHER_PARAM_OID 107 +#define GOST_R_INVALID_DIGEST_TYPE 108 +#define GOST_R_INVALID_GOST94_PARMSET 109 +#define GOST_R_INVALID_IV_LENGTH 110 +#define GOST_R_INVALID_MAC_KEY_LENGTH 111 +#define GOST_R_INVALID_PARAMSET 112 +#define GOST_R_KEY_IS_NOT_INITALIZED 113 +#define GOST_R_KEY_IS_NOT_INITIALIZED 114 +#define GOST_R_KEY_PARAMETERS_MISSING 115 +#define GOST_R_MAC_KEY_NOT_SET 116 +#define GOST_R_MALLOC_FAILURE 117 +#define GOST_R_NO_MEMORY 118 +#define GOST_R_NO_PARAMETERS_SET 119 +#define GOST_R_NO_PEER_KEY 120 +#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 121 +#define GOST_R_PUBLIC_KEY_UNDEFINED 122 +#define GOST_R_RANDOM_GENERATOR_ERROR 123 +#define GOST_R_RANDOM_GENERATOR_FAILURE 124 +#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 125 +#define GOST_R_SIGNATURE_MISMATCH 126 +#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 127 +#define GOST_R_UKM_NOT_SET 128 +#define GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND 129 +#define GOST_R_UNSUPPORTED_PARAMETER_SET 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/lib/libssl/src/engines/ccgost/e_gost_err.proto b/lib/libssl/src/engines/ccgost/e_gost_err.proto new file mode 100644 index 00000000000..c57bd1bd8f8 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/e_gost_err.proto @@ -0,0 +1,61 @@ +/* ==================================================================== + * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_GOST_ERR_H +#define HEADER_GOST_ERR_H + +#define GOST_LIB_NAME "GOST engine" +#ifdef __cplusplus + extern "C" { +#endif diff --git a/lib/libssl/src/engines/ccgost/gost.ec b/lib/libssl/src/engines/ccgost/gost.ec new file mode 100644 index 00000000000..6c2c85e57c0 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost.ec @@ -0,0 +1,5 @@ +L GOST e_gost_err.h e_gost_err.c +L NONE asymm.h NONE +L NONE md.h NONE +L NONE crypt.h NONE +L NONE gostkeyx.h NONE diff --git a/lib/libssl/src/engines/ccgost/gost2001.c b/lib/libssl/src/engines/ccgost/gost2001.c new file mode 100644 index 00000000000..dacd82d2b92 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost2001.c @@ -0,0 +1,343 @@ +/********************************************************************** + * gost2001.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of GOST R 34.10-2001 * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include "gost_lcl.h" +#include "gost_params.h" +#include <string.h> +#include <openssl/rand.h> +#include <openssl/ecdsa.h> +#include <openssl/err.h> +#include "e_gost_err.h" +#ifdef DEBUG_SIGN +extern +void dump_signature(const char *message,const unsigned char *buffer,size_t len); +void dump_dsa_sig(const char *message, DSA_SIG *sig); +#else + +#define dump_signature(a,b,c) +#define dump_dsa_sig(a,b) +#endif + +/* + * Fills EC_KEY structure hidden in the app_data field of DSA structure + * with parameter information, extracted from parameter array in + * params.c file. + * + * Also fils DSA->q field with copy of EC_GROUP order field to make + * DSA_size function work + */ +int fill_GOST2001_params(EC_KEY *eckey, int nid) + { + R3410_2001_params *params = R3410_2001_paramset; + EC_GROUP *grp=NULL; + BIGNUM *p=NULL,*q=NULL,*a=NULL,*b=NULL,*x=NULL,*y=NULL; + EC_POINT *P=NULL; + BN_CTX *ctx=BN_CTX_new(); + int ok=0; + + BN_CTX_start(ctx); + p=BN_CTX_get(ctx); + a=BN_CTX_get(ctx); + b=BN_CTX_get(ctx); + x=BN_CTX_get(ctx); + y=BN_CTX_get(ctx); + q=BN_CTX_get(ctx); + while (params->nid!=NID_undef && params->nid != nid) params++; + if (params->nid == NID_undef) + { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS,GOST_R_UNSUPPORTED_PARAMETER_SET); + goto err; + } + BN_hex2bn(&p,params->p); + BN_hex2bn(&a,params->a); + BN_hex2bn(&b,params->b); + + grp = EC_GROUP_new_curve_GFp(p,a,b,ctx); + + P = EC_POINT_new(grp); + + BN_hex2bn(&x,params->x); + BN_hex2bn(&y,params->y); + EC_POINT_set_affine_coordinates_GFp(grp,P,x,y,ctx); + BN_hex2bn(&q,params->q); +#ifdef DEBUG_KEYS + fprintf(stderr,"Set params index %d oid %s\nq=", + (params-R3410_2001_paramset),OBJ_nid2sn(params->nid)); + BN_print_fp(stderr,q); + fprintf(stderr,"\n"); +#endif + + EC_GROUP_set_generator(grp,P,q,NULL); + EC_GROUP_set_curve_name(grp,params->nid); + + EC_KEY_set_group(eckey,grp); + ok=1; + err: + EC_POINT_free(P); + EC_GROUP_free(grp); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ok; + } + + +/* + * Computes gost2001 signature as DSA_SIG structure + * + * + */ +DSA_SIG *gost2001_do_sign(const unsigned char *dgst,int dlen, EC_KEY *eckey) + { + DSA_SIG *newsig = NULL; + BIGNUM *md = hashsum2bn(dgst); + BIGNUM *order = NULL; + const EC_GROUP *group; + const BIGNUM *priv_key; + BIGNUM *r=NULL,*s=NULL,*X=NULL,*tmp=NULL,*tmp2=NULL, *k=NULL,*e=NULL; + EC_POINT *C=NULL; + BN_CTX *ctx = BN_CTX_new(); + BN_CTX_start(ctx); + OPENSSL_assert(dlen==32); + newsig=DSA_SIG_new(); + if (!newsig) + { + GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_NO_MEMORY); + goto err; + } + group = EC_KEY_get0_group(eckey); + order=BN_CTX_get(ctx); + EC_GROUP_get_order(group,order,ctx); + priv_key = EC_KEY_get0_private_key(eckey); + e = BN_CTX_get(ctx); + BN_mod(e,md,order,ctx); +#ifdef DEBUG_SIGN + fprintf(stderr,"digest as bignum="); + BN_print_fp(stderr,md); + fprintf(stderr,"\ndigest mod q="); + BN_print_fp(stderr,e); + fprintf(stderr,"\n"); +#endif + if (BN_is_zero(e)) + { + BN_one(e); + } + k =BN_CTX_get(ctx); + C=EC_POINT_new(group); + do + { + do + { + if (!BN_rand_range(k,order)) + { + GOSTerr(GOST_F_GOST2001_DO_SIGN,GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); + DSA_SIG_free(newsig); + newsig = NULL; + goto err; + } + if (!EC_POINT_mul(group,C,k,NULL,NULL,ctx)) + { + GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB); + DSA_SIG_free(newsig); + newsig = NULL; + goto err; + } + if (!X) X=BN_CTX_get(ctx); + if (!EC_POINT_get_affine_coordinates_GFp(group,C,X,NULL,ctx)) + { + GOSTerr(GOST_F_GOST2001_DO_SIGN,ERR_R_EC_LIB); + DSA_SIG_free(newsig); + newsig = NULL; + goto err; + } + if (!r) r=BN_CTX_get(ctx); + BN_nnmod(r,X,order,ctx); + } + while (BN_is_zero(r)); + /* s = (r*priv_key+k*e) mod order */ + if (!tmp) tmp = BN_CTX_get(ctx); + BN_mod_mul(tmp,priv_key,r,order,ctx); + if (!tmp2) tmp2 = BN_CTX_get(ctx); + BN_mod_mul(tmp2,k,e,order,ctx); + if (!s) s=BN_CTX_get(ctx); + BN_mod_add(s,tmp,tmp2,order,ctx); + } + while (BN_is_zero(s)); + + newsig->s=BN_dup(s); + newsig->r=BN_dup(r); + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + EC_POINT_free(C); + BN_free(md); + return newsig; + } +/* + * Verifies gost 2001 signature + * + */ +int gost2001_do_verify(const unsigned char *dgst,int dgst_len, + DSA_SIG *sig, EC_KEY *ec) + { + BN_CTX *ctx=BN_CTX_new(); + const EC_GROUP *group = EC_KEY_get0_group(ec); + BIGNUM *order; + BIGNUM *md = NULL,*e=NULL,*R=NULL,*v=NULL,*z1=NULL,*z2=NULL; + BIGNUM *X=NULL,*tmp=NULL; + EC_POINT *C = NULL; + const EC_POINT *pub_key=NULL; + int ok=0; + + BN_CTX_start(ctx); + order = BN_CTX_get(ctx); + e = BN_CTX_get(ctx); + z1 = BN_CTX_get(ctx); + z2 = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + X= BN_CTX_get(ctx); + R=BN_CTX_get(ctx); + v=BN_CTX_get(ctx); + + EC_GROUP_get_order(group,order,ctx); + pub_key = EC_KEY_get0_public_key(ec); + if (BN_is_zero(sig->s) || BN_is_zero(sig->r) || + (BN_cmp(sig->s,order)>=1) || (BN_cmp(sig->r,order)>=1)) + { + GOSTerr(GOST_F_GOST2001_DO_VERIFY,GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); + goto err; + + } + md = hashsum2bn(dgst); + + BN_mod(e,md,order,ctx); +#ifdef DEBUG_SIGN + fprintf(stderr,"digest as bignum: "); + BN_print_fp(stderr,md); + fprintf(stderr,"\ndigest mod q: "); + BN_print_fp(stderr,e); +#endif + if (BN_is_zero(e)) BN_one(e); + v=BN_mod_inverse(v,e,order,ctx); + BN_mod_mul(z1,sig->s,v,order,ctx); + BN_sub(tmp,order,sig->r); + BN_mod_mul(z2,tmp,v,order,ctx); +#ifdef DEBUG_SIGN + fprintf(stderr,"\nInverted digest value: "); + BN_print_fp(stderr,v); + fprintf(stderr,"\nz1: "); + BN_print_fp(stderr,z1); + fprintf(stderr,"\nz2: "); + BN_print_fp(stderr,z2); +#endif + C = EC_POINT_new(group); + if (!EC_POINT_mul(group,C,z1,pub_key,z2,ctx)) + { + GOSTerr(GOST_F_GOST2001_DO_VERIFY,ERR_R_EC_LIB); + goto err; + } + if (!EC_POINT_get_affine_coordinates_GFp(group,C,X,NULL,ctx)) + { + GOSTerr(GOST_F_GOST2001_DO_VERIFY,ERR_R_EC_LIB); + goto err; + } + BN_mod(R,X,order,ctx); +#ifdef DEBUG_SIGN + fprintf(stderr,"\nX="); + BN_print_fp(stderr,X); + fprintf(stderr,"\nX mod q="); + BN_print_fp(stderr,R); + fprintf(stderr,"\n"); +#endif + if (BN_cmp(R,sig->r)!=0) + { + GOSTerr(GOST_F_GOST2001_DO_VERIFY,GOST_R_SIGNATURE_MISMATCH); + } + else + { + ok = 1; + } + err: + EC_POINT_free(C); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + BN_free(md); + return ok; + } +/* + * Computes GOST R 34.10-2001 public key + * + * + */ +int gost2001_compute_public(EC_KEY *ec) + { + const EC_GROUP *group = EC_KEY_get0_group(ec); + EC_POINT *pub_key=NULL; + const BIGNUM *priv_key=NULL; + BN_CTX *ctx=NULL; + int ok=0; + + if (!group) + { + GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,GOST_R_KEY_IS_NOT_INITIALIZED); + return 0; + } + ctx=BN_CTX_new(); + BN_CTX_start(ctx); + if (!(priv_key=EC_KEY_get0_private_key(ec))) + { + GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB); + goto err; + } + + pub_key = EC_POINT_new(group); + if (!EC_POINT_mul(group,pub_key,priv_key,NULL,NULL,ctx)) + { + GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB); + goto err; + } + if (!EC_KEY_set_public_key(ec,pub_key)) + { + GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC,ERR_R_EC_LIB); + goto err; + } + ok = 256; + err: + BN_CTX_end(ctx); + EC_POINT_free(pub_key); + BN_CTX_free(ctx); + return ok; + } +/* + * + * Generates GOST R 34.10-2001 keypair + * + * + */ +int gost2001_keygen(EC_KEY *ec) + { + BIGNUM *order = BN_new(),*d=BN_new(); + const EC_GROUP *group = EC_KEY_get0_group(ec); + EC_GROUP_get_order(group,order,NULL); + + do + { + if (!BN_rand_range(d,order)) + { + GOSTerr(GOST_F_GOST2001_KEYGEN,GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); + BN_free(d); + BN_free(order); + return 0; + } + } + while (BN_is_zero(d)); + EC_KEY_set_private_key(ec,d); + BN_free(d); + BN_free(order); + return gost2001_compute_public(ec); + } + diff --git a/lib/libssl/src/engines/ccgost/gost2001_keyx.c b/lib/libssl/src/engines/ccgost/gost2001_keyx.c new file mode 100644 index 00000000000..00759bcab06 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost2001_keyx.c @@ -0,0 +1,304 @@ +/********************************************************************** + * gost_keyx.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * VK0 34.10-2001 key exchange and GOST R 34.10-2001 * + * based PKCS7/SMIME support * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <openssl/evp.h> +#include <openssl/rand.h> +#include <string.h> +#include <openssl/objects.h> +#include "gost89.h" +#include "gosthash.h" +#include "e_gost_err.h" +#include "gost_keywrap.h" +#include "gost_lcl.h" +#include "gost2001_keyx.h" + + + +/* Implementation of CryptoPro VKO 34.10-2001 algorithm */ +static int VKO_compute_key(unsigned char *shared_key,size_t shared_key_size,const EC_POINT *pub_key,EC_KEY *priv_key,const unsigned char *ukm) + { + unsigned char ukm_be[8],databuf[64],hashbuf[64]; + BIGNUM *UKM=NULL,*p=NULL,*order=NULL,*X=NULL,*Y=NULL; + const BIGNUM* key=EC_KEY_get0_private_key(priv_key); + EC_POINT *pnt=EC_POINT_new(EC_KEY_get0_group(priv_key)); + int i; + gost_hash_ctx hash_ctx; + BN_CTX *ctx = BN_CTX_new(); + + for (i=0;i<8;i++) + { + ukm_be[7-i]=ukm[i]; + } + BN_CTX_start(ctx); + UKM=getbnfrombuf(ukm_be,8); + p=BN_CTX_get(ctx); + order = BN_CTX_get(ctx); + X=BN_CTX_get(ctx); + Y=BN_CTX_get(ctx); + EC_GROUP_get_order(EC_KEY_get0_group(priv_key),order,ctx); + BN_mod_mul(p,key,UKM,order,ctx); + EC_POINT_mul(EC_KEY_get0_group(priv_key),pnt,NULL,pub_key,p,ctx); + EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key), + pnt,X,Y,ctx); + /*Serialize elliptic curve point same way as we do it when saving + * key */ + store_bignum(Y,databuf,32); + store_bignum(X,databuf+32,32); + /* And reverse byte order of whole buffer */ + for (i=0;i<64;i++) + { + hashbuf[63-i]=databuf[i]; + } + init_gost_hash_ctx(&hash_ctx,&GostR3411_94_CryptoProParamSet); + start_hash(&hash_ctx); + hash_block(&hash_ctx,hashbuf,64); + finish_hash(&hash_ctx,shared_key); + done_gost_hash_ctx(&hash_ctx); + BN_free(UKM); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + EC_POINT_free(pnt); + return 32; + } + + +/* + * EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-2001 + * algorithm + */ +int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) +{ + /* Public key of peer in the ctx field peerkey + * Our private key in the ctx pkey + * ukm is in the algorithm specific context data + */ + EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx); + EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx); + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + + if (!data->shared_ukm) { + GOSTerr(GOST_F_PKEY_GOST2001_DERIVE, GOST_R_UKM_NOT_SET); + return 0; + } + + if (key == NULL) { + *keylen = 32; + return 32; + } + + *keylen=VKO_compute_key(key, 32, EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), + (EC_KEY *)EVP_PKEY_get0(my_key),data->shared_ukm); + return 1; +} + + + + +/* + * EVP_PKEY_METHOD callback encrypt + * Implementation of GOST2001 key transport, cryptocom variation + */ +/* Generates ephemeral key based on pubk algorithm + * computes shared key using VKO and returns filled up + * GOST_KEY_TRANSPORT structure + */ + +/* + * EVP_PKEY_METHOD callback encrypt + * Implementation of GOST2001 key transport, cryptopo variation + */ + +int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, const unsigned char *key,size_t key_len) + { + GOST_KEY_TRANSPORT *gkt=NULL; + EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); + const struct gost_cipher_info *param=get_encryption_params(NULL); + unsigned char ukm[8], shared_key[32], crypted_key[44]; + int ret=0; + int key_is_ephemeral=1; + gost_ctx cctx; + EVP_PKEY *sec_key=EVP_PKEY_CTX_get0_peerkey(pctx); + if (data->shared_ukm) + { + memcpy(ukm, data->shared_ukm,8); + } + else if (out) + { + + if (RAND_bytes(ukm,8)<=0) + { + GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, + GOST_R_RANDOM_GENERATOR_FAILURE); + return 0; + } + } + /* Check for private key in the peer_key of context */ + if (sec_key) + { + key_is_ephemeral=0; + if (!gost_get0_priv_key(sec_key)) + { + GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, + GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); + goto err; + } + } + else + { + key_is_ephemeral=1; + if (out) + { + sec_key = EVP_PKEY_new(); + EVP_PKEY_assign(sec_key,EVP_PKEY_base_id(pubk),EC_KEY_new()); + EVP_PKEY_copy_parameters(sec_key,pubk); + if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) + { + goto err; + } + } + } + if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list) + { + param= gost_cipher_list+1; + } + if (out) + { + VKO_compute_key(shared_key,32,EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),EVP_PKEY_get0(sec_key),ukm); + gost_init(&cctx,param->sblock); + keyWrapCryptoPro(&cctx,shared_key,ukm,key,crypted_key); + } + gkt = GOST_KEY_TRANSPORT_new(); + if (!gkt) + { + goto err; + } + if(!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, + ukm,8)) + { + goto err; + } + if (!ASN1_OCTET_STRING_set(gkt->key_info->imit,crypted_key+40,4)) + { + goto err; + } + if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key,crypted_key+8,32)) + { + goto err; + } + if (key_is_ephemeral) { + if (!X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,out?sec_key:pubk)) + { + GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, + GOST_R_CANNOT_PACK_EPHEMERAL_KEY); + goto err; + } + } + ASN1_OBJECT_free(gkt->key_agreement_info->cipher); + gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); + if (key_is_ephemeral && sec_key) EVP_PKEY_free(sec_key); + if (!key_is_ephemeral) + { + /* Set control "public key from client certificate used" */ + if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) + { + GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, + GOST_R_CTRL_CALL_FAILED); + goto err; + } + } + if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL))>0) ret =1; + GOST_KEY_TRANSPORT_free(gkt); + return ret; + err: + if (key_is_ephemeral && sec_key) EVP_PKEY_free(sec_key); + GOST_KEY_TRANSPORT_free(gkt); + return -1; + } +/* + * EVP_PKEY_METHOD callback decrypt + * Implementation of GOST2001 key transport, cryptopo variation + */ +int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_len, const unsigned char *in, size_t in_len) + { + const unsigned char *p = in; + EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx); + GOST_KEY_TRANSPORT *gkt = NULL; + int ret=0; + unsigned char wrappedKey[44]; + unsigned char sharedKey[32]; + gost_ctx ctx; + const struct gost_cipher_info *param=NULL; + EVP_PKEY *eph_key=NULL, *peerkey=NULL; + + if (!key) + { + *key_len = 32; + return 1; + } + gkt = d2i_GOST_KEY_TRANSPORT(NULL,(const unsigned char **)&p, + in_len); + if (!gkt) + { + GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT,GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); + return -1; + } + + /* If key transport structure contains public key, use it */ + eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); + if (eph_key) + { + if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) + { + GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, + GOST_R_INCOMPATIBLE_PEER_KEY); + goto err; + } + } + else + { + /* Set control "public key from client certificate used" */ + if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) + { + GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, + GOST_R_CTRL_CALL_FAILED); + goto err; + } + } + peerkey = EVP_PKEY_CTX_get0_peerkey(pctx); + if (!peerkey) + { + GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, + GOST_R_NO_PEER_KEY); + goto err; + } + + param = get_encryption_params(gkt->key_agreement_info->cipher); + gost_init(&ctx,param->sblock); + OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); + memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); + OPENSSL_assert(gkt->key_info->encrypted_key->length==32); + memcpy(wrappedKey+8,gkt->key_info->encrypted_key->data,32); + OPENSSL_assert(gkt->key_info->imit->length==4); + memcpy(wrappedKey+40,gkt->key_info->imit->data,4); + VKO_compute_key(sharedKey,32,EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)), + EVP_PKEY_get0(priv),wrappedKey); + if (!keyUnwrapCryptoPro(&ctx,sharedKey,wrappedKey,key)) + { + GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, + GOST_R_ERROR_COMPUTING_SHARED_KEY); + goto err; + } + + ret=1; +err: + if (eph_key) EVP_PKEY_free(eph_key); + if (gkt) GOST_KEY_TRANSPORT_free(gkt); + return ret; + } diff --git a/lib/libssl/src/engines/ccgost/gost2001_keyx.h b/lib/libssl/src/engines/ccgost/gost2001_keyx.h new file mode 100644 index 00000000000..a014d9c1e2c --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost2001_keyx.h @@ -0,0 +1,10 @@ +GOST_KEY_TRANSPORT * +make_rfc4490_keytransport_2001(EVP_PKEY *pubk, BIGNUM *eph_key, + const unsigned char *key, size_t keylen, + unsigned char *ukm, size_t ukm_len); + +int decrypt_rfc4490_shared_key_2001(EVP_PKEY *priv, + GOST_KEY_TRANSPORT *gkt, + unsigned char *key_buf, + int key_buf_len) ; + diff --git a/lib/libssl/src/engines/ccgost/gost89.c b/lib/libssl/src/engines/ccgost/gost89.c new file mode 100644 index 00000000000..7ebae0f71f8 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost89.c @@ -0,0 +1,409 @@ +/********************************************************************** + * gost89.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of GOST 28147-89 encryption algorithm * + * No OpenSSL libraries required to compile and use * + * this code * + **********************************************************************/ +#include <string.h> +#include "gost89.h" +/* Substitution blocks from RFC 4357 + + Note: our implementation of gost 28147-89 algorithm + uses S-box matrix rotated 90 degrees counterclockwise, relative to + examples given in RFC. + + +*/ + +/* Substitution blocks from test examples for GOST R 34.11-94*/ +gost_subst_block GostR3411_94_TestParamSet = { + {0X1,0XF,0XD,0X0,0X5,0X7,0XA,0X4,0X9,0X2,0X3,0XE,0X6,0XB,0X8,0XC}, + {0XD,0XB,0X4,0X1,0X3,0XF,0X5,0X9,0X0,0XA,0XE,0X7,0X6,0X8,0X2,0XC}, + {0X4,0XB,0XA,0X0,0X7,0X2,0X1,0XD,0X3,0X6,0X8,0X5,0X9,0XC,0XF,0XE}, + {0X6,0XC,0X7,0X1,0X5,0XF,0XD,0X8,0X4,0XA,0X9,0XE,0X0,0X3,0XB,0X2}, + {0X7,0XD,0XA,0X1,0X0,0X8,0X9,0XF,0XE,0X4,0X6,0XC,0XB,0X2,0X5,0X3}, + {0X5,0X8,0X1,0XD,0XA,0X3,0X4,0X2,0XE,0XF,0XC,0X7,0X6,0X0,0X9,0XB}, + {0XE,0XB,0X4,0XC,0X6,0XD,0XF,0XA,0X2,0X3,0X8,0X1,0X0,0X7,0X5,0X9}, + {0X4,0XA,0X9,0X2,0XD,0X8,0X0,0XE,0X6,0XB,0X1,0XC,0X7,0XF,0X5,0X3} + }; +/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */ +gost_subst_block GostR3411_94_CryptoProParamSet= { + {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC}, + {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB}, + {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3}, + {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5}, + {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3}, + {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD}, + {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8}, + {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF} + } ; + +/* Test paramset from GOST 28147 */ +gost_subst_block Gost28147_TestParamSet = + { + {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8}, + {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD}, + {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4}, + {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4}, + {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8}, + {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB}, + {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5}, + {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6} + }; + + + + +/* 1.2.643.2.2.31.1 */ +gost_subst_block Gost28147_CryptoProParamSetA= { + {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4}, + {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE}, + {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6}, + {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6}, + {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6}, + {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9}, + {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1}, + {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5} + }; +/* 1.2.643.2.2.31.2 */ +gost_subst_block Gost28147_CryptoProParamSetB= + { + {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC}, + {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE}, + {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5}, + {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3}, + {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8}, + {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4}, + {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE}, + {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF} + }; +/* 1.2.643.2.2.31.3 */ +gost_subst_block Gost28147_CryptoProParamSetC= + { + {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8}, + {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7}, + {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD}, + {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7}, + {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4}, + {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB}, + {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3}, + {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3} + }; + +/* 1.2.643.2.2.31.4 */ +gost_subst_block Gost28147_CryptoProParamSetD= + { + {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE}, + {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7}, + {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6}, + {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1}, + {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8}, + {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2}, + {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1}, + {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3} + }; + + +const byte CryptoProKeyMeshingKey[]={ + 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23, + 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4, + 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12, + 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B + }; +/* Initialization of gost_ctx subst blocks*/ +static void kboxinit(gost_ctx *c, const gost_subst_block *b) + { + int i; + + for (i = 0; i < 256; i++) + { + c->k87[i] = (b->k8[i>>4] <<4 | b->k7 [i &15])<<24; + c->k65[i] = (b->k6[i>>4] << 4 | b->k5 [i &15])<<16; + c->k43[i] = (b->k4[i>>4] <<4 | b->k3 [i &15])<<8; + c->k21[i] = b->k2[i>>4] <<4 | b->k1 [i &15]; + + } + } + +/* Part of GOST 28147 algorithm moved into separate function */ +static word32 f(gost_ctx *c,word32 x) + { + x = c->k87[x>>24 & 255] | c->k65[x>>16 & 255]| + c->k43[x>> 8 & 255] | c->k21[x & 255]; + /* Rotate left 11 bits */ + return x<<11 | x>>(32-11); + } +/* Low-level encryption routine - encrypts one 64 bit block*/ +void gostcrypt(gost_ctx *c, const byte *in, byte *out) + { + register word32 n1, n2; /* As named in the GOST */ + n1 = in[0]|(in[1]<<8)|(in[2]<<16)|(in[3]<<24); + n2 = in[4]|(in[5]<<8)|(in[6]<<16)|(in[7]<<24); + /* Instead of swapping halves, swap names each round */ + + n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]); + n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]); + n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]); + n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]); + + n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]); + n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]); + n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]); + n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]); + + n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]); + n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]); + n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]); + n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]); + + n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]); + n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]); + n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]); + n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]); + + out[0] = (byte)(n2&0xff); out[1] = (byte)((n2>>8)&0xff); + out[2] = (byte)((n2>>16)&0xff); out[3]=(byte)(n2>>24); + out[4] = (byte)(n1&0xff); out[5] = (byte)((n1>>8)&0xff); + out[6] = (byte)((n1>>16)&0xff); out[7] = (byte)(n1>>24); + } +/* Low-level decryption routine. Decrypts one 64-bit block */ +void gostdecrypt(gost_ctx *c, const byte *in,byte *out) + { + register word32 n1, n2; /* As named in the GOST */ + n1 = in[0]|(in[1]<<8)|(in[2]<<16)|(in[3]<<24); + n2 = in[4]|(in[5]<<8)|(in[6]<<16)|(in[7]<<24); + + n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]); + n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]); + n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]); + n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]); + + n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]); + n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]); + n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]); + n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]); + + n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]); + n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]); + n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]); + n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]); + + n2 ^= f(c,n1+c->k[7]); n1 ^= f(c,n2+c->k[6]); + n2 ^= f(c,n1+c->k[5]); n1 ^= f(c,n2+c->k[4]); + n2 ^= f(c,n1+c->k[3]); n1 ^= f(c,n2+c->k[2]); + n2 ^= f(c,n1+c->k[1]); n1 ^= f(c,n2+c->k[0]); + + out[0] = (byte)(n2&0xff); out[1] = (byte)((n2>>8)&0xff); + out[2] = (byte)((n2>>16)&0xff); out[3]=(byte)(n2>>24); + out[4] = (byte)(n1&0xff); out[5] = (byte)((n1>>8)&0xff); + out[6] = (byte)((n1>>16)&0xff); out[7] = (byte)(n1>>24); + } + +/* Encrypts several blocks in ECB mode */ +void gost_enc(gost_ctx *c,const byte *clear,byte *cipher, int blocks) + { + int i; + for(i=0;i<blocks;i++) + { + gostcrypt(c,clear,cipher); + clear+=8; + cipher+=8; + } + } +/* Decrypts several blocks in ECB mode */ +void gost_dec(gost_ctx *c, const byte *cipher,byte *clear, int blocks) + { + int i; + for(i=0;i<blocks;i++) + { + gostdecrypt(c,cipher,clear); + clear+=8; + cipher+=8; + } + } + +/* Encrypts several full blocks in CFB mode using 8byte IV */ +void gost_enc_cfb(gost_ctx *ctx,const byte *iv,const byte *clear,byte *cipher, int blocks) + { + byte cur_iv[8]; + byte gamma[8]; + int i,j; + const byte *in; + byte *out; + memcpy(cur_iv,iv,8); + for(i=0,in=clear,out=cipher;i<blocks;i++,in+=8,out+=8) + { + gostcrypt(ctx,cur_iv,gamma); + for (j=0;j<8;j++) + { + cur_iv[j]=out[j]=in[j]^gamma[j]; + } + } + } +/* Decrypts several full blocks in CFB mode using 8byte IV */ +void gost_dec_cfb(gost_ctx *ctx,const byte *iv,const byte *cipher,byte *clear, int blocks) + { + byte cur_iv[8]; + byte gamma[8]; + int i,j; + const byte *in; + byte *out; + memcpy(cur_iv,iv,8); + for(i=0,in=cipher,out=clear;i<blocks;i++,in+=8,out+=8) + { + gostcrypt(ctx,cur_iv,gamma); + for (j=0;j<8;j++) + { + out[j]=(cur_iv[j]=in[j])^gamma[j]; + } + } + } + +/* Encrypts one block using specified key */ +void gost_enc_with_key(gost_ctx *c,byte *key,byte *inblock,byte *outblock) + { + gost_key(c,key); + gostcrypt(c,inblock,outblock); + } + +/* Set 256 bit key into context */ +void gost_key(gost_ctx *c, const byte *k) + { + int i,j; + for(i=0,j=0;i<8;i++,j+=4) + { + c->k[i]=k[j]|(k[j+1]<<8)|(k[j+2]<<16)|(k[j+3]<<24); + } + } + +/* Retrieve 256-bit key from context */ +void gost_get_key(gost_ctx *c, byte *k) + { + int i,j; + for(i=0,j=0;i<8;i++,j+=4) + { + k[j]=(byte)(c->k[i]& 0xFF); + k[j+1]=(byte)((c->k[i]>>8 )&0xFF); + k[j+2]=(byte)((c->k[i]>>16) &0xFF); + k[j+3]=(byte)((c->k[i]>>24) &0xFF); + } + } + +/* Initalize context. Provides default value for subst_block */ +void gost_init(gost_ctx *c, const gost_subst_block *b) + { + if(!b) + { + b=&GostR3411_94_TestParamSet; + } + kboxinit(c,b); + } + +/* Cleans up key from context */ +void gost_destroy(gost_ctx *c) + { + int i; for(i=0;i<8;i++) c->k[i]=0; + } + +/* Compute GOST 28147 mac block + * + * Parameters + * gost_ctx *c - context initalized with substitution blocks and key + * buffer - 8-byte mac state buffer + * block 8-byte block to process. + * */ +void mac_block(gost_ctx *c,byte *buffer,const byte *block) + { + register word32 n1, n2; /* As named in the GOST */ + int i; + for (i=0; i<8; i++) + { + buffer[i]^=block[i]; + } + n1 = buffer[0]|(buffer[1]<<8)|(buffer[2]<<16)|(buffer[3]<<24); + n2 = buffer[4]|(buffer[5]<<8)|(buffer[6]<<16)|(buffer[7]<<24); + /* Instead of swapping halves, swap names each round */ + + n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]); + n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]); + n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]); + n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]); + + n2 ^= f(c,n1+c->k[0]); n1 ^= f(c,n2+c->k[1]); + n2 ^= f(c,n1+c->k[2]); n1 ^= f(c,n2+c->k[3]); + n2 ^= f(c,n1+c->k[4]); n1 ^= f(c,n2+c->k[5]); + n2 ^= f(c,n1+c->k[6]); n1 ^= f(c,n2+c->k[7]); + + buffer[0] = (byte)(n1&0xff); buffer[1] = (byte)((n1>>8)&0xff); + buffer[2] = (byte)((n1>>16)&0xff); buffer[3] = (byte)(n1>>24); + buffer[4] = (byte)(n2&0xff); buffer[5] = (byte)((n2>>8)&0xff); + buffer[6] = (byte)((n2>>16)&0xff); buffer[7] = (byte)(n2>>24); + } + +/* Get mac with specified number of bits from MAC state buffer */ +void get_mac(byte *buffer,int nbits,byte *out) + { + int nbytes= nbits >> 3; + int rembits = nbits & 7; + int mask =rembits?((1<rembits)-1):0; + int i; + for (i=0;i<nbytes;i++) out[i]=buffer[i]; + if (rembits) out[i]=buffer[i]&mask; + } + +/* Compute mac of specified length (in bits) from data. + * Context should be initialized with key and subst blocks */ +int gost_mac(gost_ctx *ctx,int mac_len,const unsigned char *data, + unsigned int data_len,unsigned char *mac) + { + byte buffer[8]={0,0,0,0,0,0,0,0}; + byte buf2[8]; + unsigned int i; + for (i=0;i+8<=data_len;i+=8) + mac_block(ctx,buffer,data+i); + if (i<data_len) + { + memset(buf2,0,8); + memcpy(buf2,data+i,data_len-i); + mac_block(ctx,buffer,buf2); + } + get_mac(buffer,mac_len,mac); + return 1; + } + +/* Compute MAC with non-zero IV. Used in some RFC 4357 algorithms */ +int gost_mac_iv(gost_ctx *ctx,int mac_len,const unsigned char *iv,const unsigned char *data, + unsigned int data_len,unsigned char *mac) + { + byte buffer[8]; + byte buf2[8]; + unsigned int i; + memcpy (buffer,iv,8); + for (i=0;i+8<=data_len;i+=8) + mac_block(ctx,buffer,data+i); + if (i<data_len) + { + memset(buf2,0,8); + memcpy(buf2,data+i,data_len-i); + mac_block(ctx,buffer,buf2); + } + get_mac(buffer,mac_len,mac); + return 1; + } + +/* Implements key meshing algorithm by modifing ctx and IV in place */ +void cryptopro_key_meshing(gost_ctx *ctx, unsigned char *iv) + { + unsigned char newkey[32],newiv[8]; + /* Set static keymeshing key */ + /* "Decrypt" key with keymeshing key */ + gost_dec(ctx,CryptoProKeyMeshingKey,newkey,4); + /* set new key */ + gost_key(ctx,newkey); + /* Encrypt iv with new key */ + gostcrypt(ctx,iv,newiv); + memcpy(iv,newiv,8); + } diff --git a/lib/libssl/src/engines/ccgost/gost89.h b/lib/libssl/src/engines/ccgost/gost89.h new file mode 100644 index 00000000000..2157852519f --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost89.h @@ -0,0 +1,96 @@ +/********************************************************************** + * gost89.h * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Declarations for GOST 28147-89 encryption algorithm * + * No OpenSSL libraries required to compile and use * + * this code * + **********************************************************************/ +#ifndef GOST89_H +#define GOST89_H + +/* Typedef for unsigned 32-bit integer */ +#if __LONG_MAX__ > 2147483647L +typedef unsigned int u4; +#else +typedef unsigned long u4; +#endif +/* Typedef for unsigned 8-bit integer */ +typedef unsigned char byte; + +/* Internal representation of GOST substitution blocks */ +typedef struct { + byte k8[16]; + byte k7[16]; + byte k6[16]; + byte k5[16]; + byte k4[16]; + byte k3[16]; + byte k2[16]; + byte k1[16]; +} gost_subst_block; + + +/* Cipher context includes key and preprocessed substitution block */ +typedef struct { + u4 k[8]; + /* Constant s-boxes -- set up in gost_init(). */ + u4 k87[256],k65[256],k43[256],k21[256]; +} gost_ctx; +/* Note: encrypt and decrypt expect full blocks--padding blocks is + caller's responsibility. All bulk encryption is done in + ECB mode by these calls. Other modes may be added easily + enough. */ +/* Encrypt several full blocks in ECB mode */ +void gost_enc(gost_ctx *ctx, const byte *clear,byte *cipher, int blocks); +/* Decrypt several full blocks in ECB mode */ +void gost_dec(gost_ctx *ctx, const byte *cipher,byte *clear, int blocks); +/* Encrypts several full blocks in CFB mode using 8byte IV */ +void gost_enc_cfb(gost_ctx *ctx,const byte *iv,const byte *clear,byte *cipher,int blocks); +/* Decrypts several full blocks in CFB mode using 8byte IV */ +void gost_dec_cfb(gost_ctx *ctx,const byte *iv,const byte *cipher,byte *clear,int blocks); + +/* Encrypt one block */ +void gostcrypt(gost_ctx *c, const byte *in, byte *out); +/* Decrypt one block */ +void gostdecrypt(gost_ctx *c, const byte *in,byte *out); +/* Set key into context */ +void gost_key(gost_ctx *ctx, const byte *key); +/* Get key from context */ +void gost_get_key(gost_ctx *ctx, byte *key); +/* Set S-blocks into context */ +void gost_init(gost_ctx *ctx, const gost_subst_block *subst_block); +/* Clean up context */ +void gost_destroy(gost_ctx *ctx); +/* Intermediate function used for calculate hash */ +void gost_enc_with_key(gost_ctx *,byte *key,byte *inblock,byte *outblock); +/* Compute MAC of given length in bits from data */ +int gost_mac(gost_ctx *ctx,int hmac_len,const unsigned char *data, + unsigned int data_len,unsigned char *hmac) ; +/* Compute MAC of given length in bits from data, using non-zero 8-byte + * IV (non-standard, for use in CryptoPro key transport only */ +int gost_mac_iv(gost_ctx *ctx,int hmac_len,const unsigned char *iv,const unsigned char *data, + unsigned int data_len,unsigned char *hmac) ; +/* Perform one step of MAC calculation like gostcrypt */ +void mac_block(gost_ctx *c,byte *buffer,const byte *block); +/* Extracts MAC value from mac state buffer */ +void get_mac(byte *buffer,int nbits,byte *out); +/* Implements cryptopro key meshing algorithm. Expect IV to be 8-byte size*/ +void cryptopro_key_meshing(gost_ctx *ctx, unsigned char *iv); +/* Parameter sets specified in RFC 4357 */ +extern gost_subst_block GostR3411_94_TestParamSet; +extern gost_subst_block GostR3411_94_CryptoProParamSet; +extern gost_subst_block Gost28147_TestParamSet; +extern gost_subst_block Gost28147_CryptoProParamSetA; +extern gost_subst_block Gost28147_CryptoProParamSetB; +extern gost_subst_block Gost28147_CryptoProParamSetC; +extern gost_subst_block Gost28147_CryptoProParamSetD; +extern const byte CryptoProKeyMeshingKey[]; +#if __LONG_MAX__ > 2147483647L +typedef unsigned int word32; +#else +typedef unsigned long word32; +#endif + +#endif diff --git a/lib/libssl/src/engines/ccgost/gost94_keyx.c b/lib/libssl/src/engines/ccgost/gost94_keyx.c new file mode 100644 index 00000000000..624be586a5b --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost94_keyx.c @@ -0,0 +1,287 @@ +/********************************************************************** + * gost94_keyx.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implements generation and parsing of GOST_KEY_TRANSPORT for * + * GOST R 34.10-94 algorithms * + * * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <string.h> +#include <openssl/dh.h> +#include <openssl/rand.h> +#include <openssl/evp.h> +#include <openssl/objects.h> + +#include "gost89.h" +#include "gosthash.h" +#include "e_gost_err.h" +#include "gost_keywrap.h" +#include "gost_lcl.h" +/* Common functions for both 94 and 2001 key exchange schemes */ +/* Implementation of the Diffi-Hellman key agreement scheme based on + * GOST-94 keys */ + +/* Computes Diffie-Hellman key and stores it into buffer in + * little-endian byte order as expected by both versions of GOST 94 + * algorithm + */ +static int compute_pair_key_le(unsigned char *pair_key,BIGNUM *pub_key,DH *dh) + { + unsigned char be_key[128]; + int i,key_size; + key_size=DH_compute_key(be_key,pub_key,dh); + if (!key_size) return 0; + memset(pair_key,0,128); + for (i=0;i<key_size;i++) + { + pair_key[i]=be_key[key_size-1-i]; + } + return key_size; + } + +/* + * Computes 256 bit Key exchange key as specified in RFC 4357 + */ +static int make_cp_exchange_key(BIGNUM *priv_key,EVP_PKEY *pubk, unsigned char *shared_key) + { + unsigned char dh_key [128]; + int ret; + gost_hash_ctx hash_ctx; + DH *dh = DH_new(); + + if (!dh) + return 0; + memset(dh_key,0,128); + dh->g = BN_dup(pubk->pkey.dsa->g); + dh->p = BN_dup(pubk->pkey.dsa->p); + dh->priv_key = BN_dup(priv_key); + ret=compute_pair_key_le(dh_key,((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,dh) ; + DH_free(dh); + if (!ret) return 0; + init_gost_hash_ctx(&hash_ctx,&GostR3411_94_CryptoProParamSet); + start_hash(&hash_ctx); + hash_block(&hash_ctx,dh_key,128); + finish_hash(&hash_ctx,shared_key); + done_gost_hash_ctx(&hash_ctx); + return 1; + } + +/* EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-94 */ + +int pkey_gost94_derive(EVP_PKEY_CTX *ctx,unsigned char *key,size_t *keylen) + { + EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx); + EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx); + *keylen = 32; + if (key == NULL) return 1; + + return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key); + } + +/* EVP_PKEY_METHOD callback encrypt for + * GOST R 34.10-94 cryptopro modification + */ + + +int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len ) + { + GOST_KEY_TRANSPORT *gkt=NULL; + unsigned char shared_key[32], ukm[8],crypted_key[44]; + const struct gost_cipher_info *param=get_encryption_params(NULL); + EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx); + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + gost_ctx cctx; + int key_is_ephemeral=1; + EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); + + /* Do not use vizir cipher parameters with cryptopro */ + if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list) + { + param= gost_cipher_list+1; + } + + if (mykey) + { + /* If key already set, it is not ephemeral */ + key_is_ephemeral=0; + if (!gost_get0_priv_key(mykey)) + { + GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, + GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); + goto err; + } + } + else + { + /* Otherwise generate ephemeral key */ + key_is_ephemeral = 1; + if (out) + { + mykey = EVP_PKEY_new(); + EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk),DSA_new()); + EVP_PKEY_copy_parameters(mykey,pubk); + if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) + { + goto err; + } + } + } + if (out) + make_cp_exchange_key(gost_get0_priv_key(mykey),pubk,shared_key); + if (data->shared_ukm) + { + memcpy(ukm,data->shared_ukm,8); + } + else if (out) + { + if (RAND_bytes(ukm,8)<=0) + { + GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, + GOST_R_RANDOM_GENERATOR_FAILURE); + goto err; + } + } + + if (out) { + gost_init(&cctx,param->sblock); + keyWrapCryptoPro(&cctx,shared_key,ukm,key,crypted_key); + } + gkt = GOST_KEY_TRANSPORT_new(); + if (!gkt) + { + goto memerr; + } + if(!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, + ukm,8)) + { + goto memerr; + } + if (!ASN1_OCTET_STRING_set(gkt->key_info->imit,crypted_key+40,4)) + { + goto memerr; + } + if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key,crypted_key+8,32)) + { + goto memerr; + } + if (key_is_ephemeral) { + if (!X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,out?mykey:pubk)) + { + GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_CANNOT_PACK_EPHEMERAL_KEY); + goto err; + } + if (out) EVP_PKEY_free(mykey); + } + ASN1_OBJECT_free(gkt->key_agreement_info->cipher); + gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); + *outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL); + if (*outlen <= 0) + { + GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); + goto err; + } + if (!key_is_ephemeral) + { + /* Set control "public key from client certificate used" */ + if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) + { + GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, + GOST_R_CTRL_CALL_FAILED); + goto err; + } + } + GOST_KEY_TRANSPORT_free(gkt); + return 1; + memerr: + if (key_is_ephemeral) { + EVP_PKEY_free(mykey); + } + GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, + GOST_R_MALLOC_FAILURE); + err: + GOST_KEY_TRANSPORT_free(gkt); + return -1; + } + + +/* EVP_PLEY_METHOD callback decrypt for + * GOST R 34.10-94 cryptopro modification + */ +int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len,const unsigned char *in, size_t in_len) { + const unsigned char *p = in; + GOST_KEY_TRANSPORT *gkt = NULL; + unsigned char wrappedKey[44]; + unsigned char sharedKey[32]; + gost_ctx cctx; + const struct gost_cipher_info *param=NULL; + EVP_PKEY *eph_key=NULL, *peerkey=NULL; + EVP_PKEY *priv= EVP_PKEY_CTX_get0_pkey(ctx); + + if (!key) + { + *key_len = 32; + return 1; + } + + gkt = d2i_GOST_KEY_TRANSPORT(NULL,(const unsigned char **)&p, + in_len); + if (!gkt) + { + GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); + return 0; + } + eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); + if (eph_key) + { + if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) + { + GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, + GOST_R_INCOMPATIBLE_PEER_KEY); + goto err; + } + } + else + { + /* Set control "public key from client certificate used" */ + if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) + { + GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, + GOST_R_CTRL_CALL_FAILED); + goto err; + } + } + peerkey = EVP_PKEY_CTX_get0_peerkey(ctx); + if (!peerkey) + { + GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, + GOST_R_NO_PEER_KEY); + goto err; + } + + param = get_encryption_params(gkt->key_agreement_info->cipher); + gost_init(&cctx,param->sblock); + OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); + memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); + OPENSSL_assert(gkt->key_info->encrypted_key->length==32); + memcpy(wrappedKey+8,gkt->key_info->encrypted_key->data,32); + OPENSSL_assert(gkt->key_info->imit->length==4); + memcpy(wrappedKey+40,gkt->key_info->imit->data,4); + make_cp_exchange_key(gost_get0_priv_key(priv),peerkey,sharedKey); + if (!keyUnwrapCryptoPro(&cctx,sharedKey,wrappedKey,key)) + { + GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, + GOST_R_ERROR_COMPUTING_SHARED_KEY); + goto err; + } + + EVP_PKEY_free(eph_key); + GOST_KEY_TRANSPORT_free(gkt); + return 1; +err: + EVP_PKEY_free(eph_key); + GOST_KEY_TRANSPORT_free(gkt); + return -1; + } + diff --git a/lib/libssl/src/engines/ccgost/gost_ameth.c b/lib/libssl/src/engines/ccgost/gost_ameth.c new file mode 100644 index 00000000000..f620a216c81 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_ameth.c @@ -0,0 +1,910 @@ +/********************************************************************** + * gost_ameth.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of RFC 4490/4491 ASN1 method * + * for OpenSSL * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <string.h> +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/engine.h> +#include <openssl/evp.h> +#include <openssl/asn1.h> +#include "gost_params.h" +#include "gost_lcl.h" +#include "e_gost_err.h" + +int gost94_nid_by_params(DSA *p) + { + R3410_params *gost_params; + BIGNUM *q=BN_new(); + for (gost_params = R3410_paramset;gost_params->q!=NULL; gost_params++) + { + BN_dec2bn(&q,gost_params->q); + if (!BN_cmp(q,p->q)) + { + BN_free(q); + return gost_params->nid; + } + } + BN_free(q); + return NID_undef; + } + +static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) + { + ASN1_STRING *params = ASN1_STRING_new(); + GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); + int pkey_param_nid = NID_undef; + int cipher_param_nid = NID_undef; + if (!params || !gkp) + { + GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, + ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(params); + params = NULL; + goto err; + } + switch (EVP_PKEY_base_id(key)) + { + case NID_id_GostR3410_2001: + pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key))); + cipher_param_nid = get_encryption_params(NULL)->nid; + break; + case NID_id_GostR3410_94: + pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key)); + if (pkey_param_nid == NID_undef) + { + GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, + GOST_R_INVALID_GOST94_PARMSET); + ASN1_STRING_free(params); + params=NULL; + goto err; + } + cipher_param_nid = get_encryption_params(NULL)->nid; + break; + } + gkp->key_params = OBJ_nid2obj(pkey_param_nid); + gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet); + /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);*/ + params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data); + if (params->length <=0 ) + { + GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, + ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(params); + params = NULL; + goto err; + } + params ->type = V_ASN1_SEQUENCE; + err: + GOST_KEY_PARAMS_free(gkp); + return params; + } + +/* Parses GOST algorithm parameters from X509_ALGOR and + * modifies pkey setting NID and parameters + */ +static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg) + { + ASN1_OBJECT *palg_obj =NULL; + int ptype = V_ASN1_UNDEF; + int pkey_nid = NID_undef,param_nid = NID_undef; + void *_pval; + ASN1_STRING *pval = NULL; + const unsigned char *p; + GOST_KEY_PARAMS *gkp = NULL; + + X509_ALGOR_get0(&palg_obj, &ptype, &_pval, palg); + pval = _pval; + if (ptype != V_ASN1_SEQUENCE) + { + GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, + GOST_R_BAD_KEY_PARAMETERS_FORMAT); + return 0; + } + p=pval->data; + pkey_nid = OBJ_obj2nid(palg_obj); + + gkp = d2i_GOST_KEY_PARAMS(NULL,&p,pval->length); + if (!gkp) + { + GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, + GOST_R_BAD_PKEY_PARAMETERS_FORMAT); + return 0; + } + param_nid = OBJ_obj2nid(gkp->key_params); + GOST_KEY_PARAMS_free(gkp); + EVP_PKEY_set_type(pkey,pkey_nid); + switch (pkey_nid) + { + case NID_id_GostR3410_94: + { + DSA *dsa= EVP_PKEY_get0(pkey); + if (!dsa) + { + dsa = DSA_new(); + if (!EVP_PKEY_assign(pkey,pkey_nid,dsa)) return 0; + } + if (!fill_GOST94_params(dsa,param_nid)) return 0; + break; + } + case NID_id_GostR3410_2001: + { + EC_KEY *ec = EVP_PKEY_get0(pkey); + if (!ec) + { + ec = EC_KEY_new(); + if (!EVP_PKEY_assign(pkey,pkey_nid,ec)) return 0; + } + if (!fill_GOST2001_params(ec,param_nid)) return 0; + } + } + + return 1; + } + +static int gost_set_priv_key(EVP_PKEY *pkey,BIGNUM *priv) + { + switch (EVP_PKEY_base_id(pkey)) + { + case NID_id_GostR3410_94: + { + DSA *dsa = EVP_PKEY_get0(pkey); + if (!dsa) + { + dsa = DSA_new(); + EVP_PKEY_assign(pkey,EVP_PKEY_base_id(pkey),dsa); + } + dsa->priv_key = BN_dup(priv); + if (!EVP_PKEY_missing_parameters(pkey)) + gost94_compute_public(dsa); + break; + } + case NID_id_GostR3410_2001: + { + EC_KEY *ec = EVP_PKEY_get0(pkey); + if (!ec) + { + ec = EC_KEY_new(); + EVP_PKEY_assign(pkey,EVP_PKEY_base_id(pkey),ec); + } + if (!EC_KEY_set_private_key(ec,priv)) return 0; + if (!EVP_PKEY_missing_parameters(pkey)) + gost2001_compute_public(ec); + break; + } + } + return 1; + } +BIGNUM* gost_get0_priv_key(const EVP_PKEY *pkey) + { + switch (EVP_PKEY_base_id(pkey)) + { + case NID_id_GostR3410_94: + { + DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey); + if (!dsa) + { + return NULL; + } + if (!dsa->priv_key) return NULL; + return dsa->priv_key; + break; + } + case NID_id_GostR3410_2001: + { + EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey); + const BIGNUM* priv; + if (!ec) + { + return NULL; + } + if (!(priv=EC_KEY_get0_private_key(ec))) return NULL; + return (BIGNUM *)priv; + break; + } + } + return NULL; + } + +static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, + long arg1, void *arg2) + { + switch (op) + { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + { + X509_ALGOR *alg1 = NULL, *alg2 = NULL; + int nid = EVP_PKEY_base_id(pkey); + PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO*)arg2, + NULL, &alg1, &alg2); + X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94), + V_ASN1_NULL, 0); + if (nid == NID_undef) + { + return (-1); + } + X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0); + } + return 1; + case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (arg1 == 0) + { + X509_ALGOR *alg; + ASN1_STRING * params = encode_gost_algor_params(pkey); + if (!params) + { + return -1; + } + PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO*)arg2, &alg); + X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type), + V_ASN1_SEQUENCE, params); + } + return 1; + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_id_GostR3411_94; + return 2; + } + + return -2; + } +/*----------------------- free functions * ------------------------------*/ +static void pkey_free_gost94(EVP_PKEY *key) + { + if (key->pkey.dsa) + { + DSA_free(key->pkey.dsa); + } + } + +static void pkey_free_gost01(EVP_PKEY *key) + { + if (key->pkey.ec) + { + EC_KEY_free(key->pkey.ec); + } + } + +/* ------------------ private key functions -----------------------------*/ +static int priv_decode_gost( EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf) + { + const unsigned char *pkey_buf = NULL,*p=NULL; + int priv_len = 0; + BIGNUM *pk_num=NULL; + int ret =0; + X509_ALGOR *palg =NULL; + ASN1_OBJECT *palg_obj = NULL; + ASN1_INTEGER *priv_key=NULL; + + if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf)) + return 0; + p = pkey_buf; + if (!decode_gost_algor_params(pk,palg)) + { + return 0; + } + if (V_ASN1_OCTET_STRING == *p) + { + /* New format - Little endian octet string */ + unsigned char rev_buf[32]; + int i; + ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len); + if (!s||s->length !=32) + { + GOSTerr(GOST_F_PRIV_DECODE_GOST, + EVP_R_DECODE_ERROR); + return 0; + } + for (i=0;i<32;i++) + { + rev_buf[31-i]=s->data[i]; + } + ASN1_STRING_free(s); + pk_num = getbnfrombuf(rev_buf,32); + } + else + { + priv_key=d2i_ASN1_INTEGER(NULL,&p,priv_len); + if (!priv_key) return 0; + ret= ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL))!=NULL) ; + ASN1_INTEGER_free(priv_key); + if (!ret) + { + GOSTerr(GOST_F_PRIV_DECODE_GOST, + EVP_R_DECODE_ERROR); + return 0; + } + } + + ret= gost_set_priv_key(pk,pk_num); + BN_free(pk_num); + return ret; + } + +/* ----------------------------------------------------------------------*/ +static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) + { + ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); + ASN1_STRING *params = encode_gost_algor_params(pk); + unsigned char *priv_buf = NULL; + int priv_len; + + ASN1_INTEGER *asn1key=NULL; + if (!params) + { + return 0; + } + asn1key = BN_to_ASN1_INTEGER(gost_get0_priv_key(pk),NULL); + priv_len = i2d_ASN1_INTEGER(asn1key,&priv_buf); + ASN1_INTEGER_free(asn1key); + return PKCS8_pkey_set0(p8,algobj,0,V_ASN1_SEQUENCE,params, + priv_buf,priv_len); + } +/* --------- printing keys --------------------------------*/ +static int print_gost_94(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx, int type) + { + int param_nid = NID_undef; + + if (type == 2) + { + BIGNUM *key; + + if (!BIO_indent(out,indent,128)) return 0; + BIO_printf(out,"Private key: "); + key = gost_get0_priv_key(pkey); + if (!key) + BIO_printf(out,"<undefined>"); + else + BN_print(out,key); + BIO_printf(out,"\n"); + } + if (type >= 1) + { + BIGNUM *pubkey; + + pubkey = ((DSA *)EVP_PKEY_get0((EVP_PKEY *)pkey))->pub_key; + BIO_indent(out,indent,128); + BIO_printf(out,"Public key: "); + BN_print(out,pubkey); + BIO_printf(out,"\n"); + } + + param_nid = gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey)); + BIO_indent(out,indent,128); + BIO_printf(out, "Parameter set: %s\n",OBJ_nid2ln(param_nid)); + return 1; +} + +static int param_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) + { + return print_gost_94(out, pkey, indent, pctx,0); + } + +static int pub_print_gost94(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) + { + return print_gost_94(out,pkey, indent, pctx,1); + } +static int priv_print_gost94(BIO *out,const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) + { + return print_gost_94(out,pkey,indent,pctx,2); + } + +static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx, int type) + { + int param_nid = NID_undef; + if (type == 2) + { + BIGNUM *key; + + if (!BIO_indent(out,indent,128)) return 0; + BIO_printf(out,"Private key: "); + key = gost_get0_priv_key(pkey); + if (!key) + BIO_printf(out,"<undefined)"); + else + BN_print(out,key); + BIO_printf(out,"\n"); + } + if (type >= 1) + { + BN_CTX *ctx = BN_CTX_new(); + BIGNUM *X,*Y; + const EC_POINT *pubkey; + const EC_GROUP *group; + + if (!ctx) + { + GOSTerr(GOST_F_PRINT_GOST_01,ERR_R_MALLOC_FAILURE); + return 0; + } + BN_CTX_start(ctx); + X = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + pubkey = EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey)); + group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey)); + if (!EC_POINT_get_affine_coordinates_GFp(group,pubkey,X,Y,ctx)) + { + GOSTerr(GOST_F_PRINT_GOST_01,ERR_R_EC_LIB); + BN_CTX_free(ctx); + return 0; + } + if (!BIO_indent(out,indent,128)) return 0; + BIO_printf(out,"Public key:\n"); + if (!BIO_indent(out,indent+3,128)) return 0; + BIO_printf(out,"X:"); + BN_print(out,X); + BIO_printf(out,"\n"); + BIO_indent(out,indent+3,128); + BIO_printf(out,"Y:"); + BN_print(out,Y); + BIO_printf(out,"\n"); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + + param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey))); + if (!BIO_indent(out,indent,128)) return 0; + BIO_printf(out,"Parameter set: %s\n",OBJ_nid2ln(param_nid)); + return 1; +} +static int param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) + { + return print_gost_01(out,pkey,indent,pctx,0); + } +static int pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) + { + return print_gost_01(out,pkey, indent, pctx,1); + } +static int priv_print_gost01(BIO *out,const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) + { + return print_gost_01(out,pkey,indent,pctx,2); + } +/* ---------------------------------------------------------------------*/ +static int param_missing_gost94(const EVP_PKEY *pk) + { + const DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk); + if (!dsa) return 1; + if (!dsa->q) return 1; + return 0; + } + +static int param_missing_gost01(const EVP_PKEY *pk) + { + const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk); + if (!ec) return 1; + if (!EC_KEY_get0_group(ec)) return 1; + return 0; + } + +static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from) + { + const DSA *dfrom = EVP_PKEY_get0((EVP_PKEY *)from); + DSA *dto = EVP_PKEY_get0(to); + if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) + { + GOSTerr(GOST_F_PARAM_COPY_GOST94, + GOST_R_INCOMPATIBLE_ALGORITHMS); + return 0; + } + if (!dfrom) + { + GOSTerr(GOST_F_PARAM_COPY_GOST94, + GOST_R_KEY_PARAMETERS_MISSING); + return 0; + } + if (!dto) + { + dto = DSA_new(); + EVP_PKEY_assign(to,EVP_PKEY_base_id(from),dto); + } +#define COPYBIGNUM(a,b,x) if (a->x) BN_free(a->x); a->x=BN_dup(b->x); + COPYBIGNUM(dto,dfrom,p) + COPYBIGNUM(dto,dfrom,q) + COPYBIGNUM(dto,dfrom,g) + + if (dto->priv_key) + gost94_compute_public(dto); + return 1; + } +static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from) + { + EC_KEY *eto = EVP_PKEY_get0(to); + const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from); + if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) + { + GOSTerr(GOST_F_PARAM_COPY_GOST01, + GOST_R_INCOMPATIBLE_ALGORITHMS); + return 0; + } + if (!efrom) + { + GOSTerr(GOST_F_PARAM_COPY_GOST01, + GOST_R_KEY_PARAMETERS_MISSING); + return 0; + } + if (!eto) + { + eto = EC_KEY_new(); + EVP_PKEY_assign(to,EVP_PKEY_base_id(from),eto); + } + EC_KEY_set_group(eto,EC_KEY_get0_group(efrom)); + if (EC_KEY_get0_private_key(eto)) + { + gost2001_compute_public(eto); + } + return 1; + } + +static int param_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b) + { + const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a); + const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b); + if (!BN_cmp(da->q,db->q)) return 1; + return 0; + } + +static int param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)a)))== + EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)b)))) + { + return 1; + } + return 0; + + } + +/* ---------- Public key functions * --------------------------------------*/ +static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub) + { + X509_ALGOR *palg = NULL; + const unsigned char *pubkey_buf = NULL; + unsigned char *databuf; + ASN1_OBJECT *palgobj = NULL; + int pub_len,i,j; + DSA *dsa; + ASN1_OCTET_STRING *octet= NULL; + + if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len, + &palg, pub)) return 0; + EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL); + if (!decode_gost_algor_params(pk,palg)) return 0; + octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len); + if (!octet) + { + GOSTerr(GOST_F_PUB_DECODE_GOST94,ERR_R_MALLOC_FAILURE); + return 0; + } + databuf = OPENSSL_malloc(octet->length); + for (i=0,j=octet->length-1;i<octet->length;i++,j--) + { + databuf[j]=octet->data[i]; + } + dsa = EVP_PKEY_get0(pk); + dsa->pub_key=BN_bin2bn(databuf,octet->length,NULL); + ASN1_OCTET_STRING_free(octet); + OPENSSL_free(databuf); + return 1; + + } + +static int pub_encode_gost94(X509_PUBKEY *pub,const EVP_PKEY *pk) + { + ASN1_OBJECT *algobj = NULL; + ASN1_OCTET_STRING *octet = NULL; + void *pval = NULL; + unsigned char *buf=NULL,*databuf,*sptr; + int i,j,data_len,ret=0; + + int ptype = V_ASN1_UNDEF; + DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk); + algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); + if (pk->save_parameters) + { + ASN1_STRING *params = encode_gost_algor_params(pk); + pval = params; + ptype = V_ASN1_SEQUENCE; + } + data_len = BN_num_bytes(dsa->pub_key); + databuf = OPENSSL_malloc(data_len); + BN_bn2bin(dsa->pub_key,databuf); + octet = ASN1_OCTET_STRING_new(); + ASN1_STRING_set(octet,NULL,data_len); + sptr = ASN1_STRING_data(octet); + for (i=0,j=data_len-1; i< data_len;i++,j--) + { + sptr[i]=databuf[j]; + } + OPENSSL_free(databuf); + ret = i2d_ASN1_OCTET_STRING(octet,&buf); + ASN1_BIT_STRING_free(octet); + if (ret <0) return 0; + return X509_PUBKEY_set0_param(pub,algobj,ptype,pval,buf,ret); + } + +static int pub_decode_gost01(EVP_PKEY *pk,X509_PUBKEY *pub) + { + X509_ALGOR *palg = NULL; + const unsigned char *pubkey_buf = NULL; + unsigned char *databuf; + ASN1_OBJECT *palgobj = NULL; + int pub_len,i,j; + EC_POINT *pub_key; + BIGNUM *X,*Y; + ASN1_OCTET_STRING *octet= NULL; + int len; + const EC_GROUP *group; + + if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len, + &palg, pub)) return 0; + EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL); + if (!decode_gost_algor_params(pk,palg)) return 0; + group = EC_KEY_get0_group(EVP_PKEY_get0(pk)); + octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len); + if (!octet) + { + GOSTerr(GOST_F_PUB_DECODE_GOST01,ERR_R_MALLOC_FAILURE); + return 0; + } + databuf = OPENSSL_malloc(octet->length); + for (i=0,j=octet->length-1;i<octet->length;i++,j--) + { + databuf[j]=octet->data[i]; + } + len=octet->length/2; + ASN1_OCTET_STRING_free(octet); + + Y= getbnfrombuf(databuf,len); + X= getbnfrombuf(databuf+len,len); + OPENSSL_free(databuf); + pub_key = EC_POINT_new(group); + if (!EC_POINT_set_affine_coordinates_GFp(group + ,pub_key,X,Y,NULL)) + { + GOSTerr(GOST_F_PUB_DECODE_GOST01, + ERR_R_EC_LIB); + EC_POINT_free(pub_key); + BN_free(X); + BN_free(Y); + return 0; + } + BN_free(X); + BN_free(Y); + if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk),pub_key)) + { + GOSTerr(GOST_F_PUB_DECODE_GOST01, + ERR_R_EC_LIB); + EC_POINT_free(pub_key); + return 0; + } + EC_POINT_free(pub_key); + return 1; + + } + +static int pub_encode_gost01(X509_PUBKEY *pub,const EVP_PKEY *pk) + { + ASN1_OBJECT *algobj = NULL; + ASN1_OCTET_STRING *octet = NULL; + void *pval = NULL; + unsigned char *buf=NULL,*databuf,*sptr; + int i,j,data_len,ret=0; + const EC_POINT *pub_key; + BIGNUM *X,*Y,*order; + const EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pk); + int ptype = V_ASN1_UNDEF; + + algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); + if (pk->save_parameters) + { + ASN1_STRING *params = encode_gost_algor_params(pk); + pval = params; + ptype = V_ASN1_SEQUENCE; + } + order = BN_new(); + EC_GROUP_get_order(EC_KEY_get0_group(ec),order,NULL); + pub_key=EC_KEY_get0_public_key(ec); + if (!pub_key) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST01, + GOST_R_PUBLIC_KEY_UNDEFINED); + return 0; + } + X=BN_new(); + Y=BN_new(); + EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec), + pub_key,X,Y,NULL); + data_len = 2*BN_num_bytes(order); + BN_free(order); + databuf = OPENSSL_malloc(data_len); + memset(databuf,0,data_len); + + store_bignum(X,databuf+data_len/2,data_len/2); + store_bignum(Y,databuf,data_len/2); + + BN_free(X); + BN_free(Y); + octet = ASN1_OCTET_STRING_new(); + ASN1_STRING_set(octet,NULL,data_len); + sptr=ASN1_STRING_data(octet); + for (i=0,j=data_len-1;i<data_len;i++,j--) + { + sptr[i]=databuf[j]; + } + OPENSSL_free(databuf); + ret = i2d_ASN1_OCTET_STRING(octet,&buf); + ASN1_BIT_STRING_free(octet); + if (ret <0) return 0; + return X509_PUBKEY_set0_param(pub,algobj,ptype,pval,buf,ret); + } + +static int pub_cmp_gost94(const EVP_PKEY *a, const EVP_PKEY *b) + { + const DSA *da = EVP_PKEY_get0((EVP_PKEY *)a); + const DSA *db = EVP_PKEY_get0((EVP_PKEY *)b); + if (da && db && da->pub_key && db->pub_key + && !BN_cmp(da->pub_key,db->pub_key)) + { + return 1; + } + return 0; + } + +static int pub_cmp_gost01(const EVP_PKEY *a,const EVP_PKEY *b) + { + const EC_KEY *ea = EVP_PKEY_get0((EVP_PKEY *)a); + const EC_KEY *eb = EVP_PKEY_get0((EVP_PKEY *)b); + const EC_POINT *ka,*kb; + int ret=0; + if (!ea || !eb) return 0; + ka = EC_KEY_get0_public_key(ea); + kb = EC_KEY_get0_public_key(eb); + if (!ka || !kb) return 0; + ret = (0==EC_POINT_cmp(EC_KEY_get0_group(ea),ka,kb,NULL)) ; + return ret; + } + + + + +static int pkey_size_gost(const EVP_PKEY *pk) + { + return 64; + } + +static int pkey_bits_gost(const EVP_PKEY *pk) + { + return 256; + } +/*------------------------ ASN1 METHOD for GOST MAC -------------------*/ +static void mackey_free_gost(EVP_PKEY *pk) + { + if (pk->pkey.ptr) { + OPENSSL_free(pk->pkey.ptr); + } + } +static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + switch (op) + { + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_id_Gost28147_89_MAC; + return 2; + } + return -2; +} + +static int gost94_param_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + int nid=gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)pkey)); + return i2d_ASN1_OBJECT(OBJ_nid2obj(nid),pder); +} +static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey))); + return i2d_ASN1_OBJECT(OBJ_nid2obj(nid),pder); +} + +static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ + ASN1_OBJECT *obj=NULL; + DSA *dsa = EVP_PKEY_get0(pkey); + int nid; + if (d2i_ASN1_OBJECT(&obj,pder,derlen)==NULL) { + return 0; + } + nid = OBJ_obj2nid(obj); + ASN1_OBJECT_free(obj); + if (!dsa) + { + dsa=DSA_new(); + if (!EVP_PKEY_assign(pkey,NID_id_GostR3410_94,dsa)) return 0; + } + if (!fill_GOST94_params(dsa,nid)) return 0; + return 1; +} + +static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { + ASN1_OBJECT *obj=NULL; + int nid; + EC_KEY *ec = EVP_PKEY_get0(pkey); + if (d2i_ASN1_OBJECT(&obj,pder,derlen)==NULL) { + return 0; + } + nid = OBJ_obj2nid(obj); + ASN1_OBJECT_free(obj); + if (!ec) + { + ec = EC_KEY_new(); + if (!EVP_PKEY_assign(pkey,NID_id_GostR3410_2001,ec)) return 0; + } + if (!fill_GOST2001_params(ec, nid)) return 0; + return 1; +} + + + + + +/* ----------------------------------------------------------------------*/ +int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pemstr, const char* info) + { + *ameth = EVP_PKEY_asn1_new(nid, + ASN1_PKEY_SIGPARAM_NULL, pemstr, info); + if (!*ameth) return 0; + switch (nid) + { + case NID_id_GostR3410_94: + EVP_PKEY_asn1_set_free (*ameth, pkey_free_gost94); + EVP_PKEY_asn1_set_private (*ameth, + priv_decode_gost, priv_encode_gost, + priv_print_gost94); + + EVP_PKEY_asn1_set_param (*ameth, + gost94_param_decode, gost94_param_encode, + param_missing_gost94, param_copy_gost94, + param_cmp_gost94,param_print_gost94 ); + EVP_PKEY_asn1_set_public (*ameth, + pub_decode_gost94, pub_encode_gost94, + pub_cmp_gost94, pub_print_gost94, + pkey_size_gost, pkey_bits_gost); + + EVP_PKEY_asn1_set_ctrl (*ameth, pkey_ctrl_gost); + break; + case NID_id_GostR3410_2001: + EVP_PKEY_asn1_set_free (*ameth, pkey_free_gost01); + EVP_PKEY_asn1_set_private (*ameth, + priv_decode_gost, priv_encode_gost, + priv_print_gost01); + + EVP_PKEY_asn1_set_param (*ameth, + gost2001_param_decode, gost2001_param_encode, + param_missing_gost01, param_copy_gost01, + param_cmp_gost01, param_print_gost01); + EVP_PKEY_asn1_set_public (*ameth, + pub_decode_gost01, pub_encode_gost01, + pub_cmp_gost01, pub_print_gost01, + pkey_size_gost, pkey_bits_gost); + + EVP_PKEY_asn1_set_ctrl (*ameth, pkey_ctrl_gost); + break; + case NID_id_Gost28147_89_MAC: + EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost); + EVP_PKEY_asn1_set_ctrl(*ameth,mac_ctrl_gost); + break; + } + return 1; + } diff --git a/lib/libssl/src/engines/ccgost/gost_asn1.c b/lib/libssl/src/engines/ccgost/gost_asn1.c new file mode 100644 index 00000000000..318ecfce571 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_asn1.c @@ -0,0 +1,55 @@ +/********************************************************************** + * gost_keytrans.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * ASN1 structure definition for GOST key transport * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <stdio.h> +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include "gost_lcl.h" + +ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = { + ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO), + ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, GOST_KEY_AGREEMENT_INFO, 0) +} ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT) + +IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT) + +ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = { + ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING), + ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING) +} ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO) + +IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO) + +ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = { + ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT), + ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0), + ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING) +} ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO) + +IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO) + +ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = { + ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT), + ASN1_SIMPLE(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT), + ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT), +} ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS) + +IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS) + +ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = { + ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING), + ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT), +} ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS) + +IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS) + +ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /*FIXME incomplete*/ + ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT) +} ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS) + +IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) diff --git a/lib/libssl/src/engines/ccgost/gost_crypt.c b/lib/libssl/src/engines/ccgost/gost_crypt.c new file mode 100644 index 00000000000..4977d1dcf50 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_crypt.c @@ -0,0 +1,616 @@ +/********************************************************************** + * gost_crypt.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * OpenSSL interface to GOST 28147-89 cipher functions * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <string.h> +#include "gost89.h" +#include <openssl/rand.h> +#include "e_gost_err.h" +#include "gost_lcl.h" +static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +/* Handles block of data in CFB mode */ +static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +/* Handles block of data in CNT mode */ +static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +/* Cleanup function */ +static int gost_cipher_cleanup(EVP_CIPHER_CTX *); +/* set/get cipher parameters */ +static int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params); +static int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params); +/* Control function */ +static int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr); + +EVP_CIPHER cipher_gost = + { + NID_id_Gost28147_89, + 1,/*block_size*/ + 32,/*key_size*/ + 8,/*iv_len */ + EVP_CIPH_CFB_MODE| EVP_CIPH_NO_PADDING | + EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, + gost_cipher_init, + gost_cipher_do_cfb, + gost_cipher_cleanup, + sizeof(struct ossl_gost_cipher_ctx),/* ctx_size */ + gost89_set_asn1_parameters, + gost89_get_asn1_parameters, + gost_cipher_ctl, + NULL, + }; + +EVP_CIPHER cipher_gost_cpacnt = + { + NID_gost89_cnt, + 1,/*block_size*/ + 32,/*key_size*/ + 8,/*iv_len */ + EVP_CIPH_OFB_MODE| EVP_CIPH_NO_PADDING | + EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, + gost_cipher_init_cpa, + gost_cipher_do_cnt, + gost_cipher_cleanup, + sizeof(struct ossl_gost_cipher_ctx), /* ctx_size */ + gost89_set_asn1_parameters, + gost89_get_asn1_parameters, + gost_cipher_ctl, + NULL, + }; + +/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */ +/* Init functions which set specific parameters */ +static int gost_imit_init_cpa(EVP_MD_CTX *ctx); +/* process block of data */ +static int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count); +/* Return computed value */ +static int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md); +/* Copies context */ +static int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from); +static int gost_imit_cleanup(EVP_MD_CTX *ctx); +/* Control function, knows how to set MAC key.*/ +static int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr); + +EVP_MD imit_gost_cpa = + { + NID_id_Gost28147_89_MAC, + NID_undef, + 4, + 0, + gost_imit_init_cpa, + gost_imit_update, + gost_imit_final, + gost_imit_copy, + gost_imit_cleanup, + NULL, + NULL, + {0,0,0,0,0}, + 8, + sizeof(struct ossl_gost_imit_ctx), + gost_imit_ctrl + }; + +/* + * Correspondence between gost parameter OIDs and substitution blocks + * NID field is filed by register_gost_NID function in engine.c + * upon engine initialization + */ + +struct gost_cipher_info gost_cipher_list[]= + { +/* NID */ /* Subst block */ /* Key meshing*/ +/*{NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0},*/ + {NID_id_Gost28147_89_cc,&GostR3411_94_CryptoProParamSet,0}, + {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1}, + {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1}, + {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1}, + {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1}, + {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,1}, + {NID_undef,NULL,0} + }; + +/* get encryption parameters from crypto network settings + FIXME For now we use environment var CRYPT_PARAMS as place to + store these settings. Actually, it is better to use engine control command, read from configuration file to set them */ +const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj) + { + int nid; + struct gost_cipher_info *param; + if (!obj) + { + const char * params = get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS); + if (!params || !strlen(params)) + return &gost_cipher_list[1]; + + nid = OBJ_txt2nid(params); + if (nid == NID_undef) + { + GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS, + GOST_R_INVALID_CIPHER_PARAM_OID); + return NULL; + } + } + else + { + nid= OBJ_obj2nid(obj); + } + for (param=gost_cipher_list;param->sblock!=NULL && param->nid!=nid; + param++); + if (!param->sblock) + { + GOSTerr(GOST_F_GET_ENCRYPTION_PARAMS,GOST_R_INVALID_CIPHER_PARAMS); + return NULL; + } + return param; + } + +/* Sets cipher param from paramset NID. */ +static int gost_cipher_set_param(struct ossl_gost_cipher_ctx *c,int nid) + { + const struct gost_cipher_info *param; + param=get_encryption_params((nid==NID_undef?NULL:OBJ_nid2obj(nid))); + if (!param) return 0; + + c->paramNID = param->nid; + c->key_meshing=param->key_meshing; + c->count=0; + gost_init(&(c->cctx), param->sblock); + return 1; + } + +/* Initializes EVP_CIPHER_CTX by paramset NID */ +static int gost_cipher_init_param(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc, int paramNID,int mode) + { + struct ossl_gost_cipher_ctx *c=ctx->cipher_data; + if (ctx->app_data == NULL) + { + if (!gost_cipher_set_param(c,paramNID)) return 0; + ctx->app_data = ctx->cipher_data; + } + if (key) gost_key(&(c->cctx),key); + if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + return 1; + } + +static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + struct ossl_gost_cipher_ctx *c=ctx->cipher_data; + gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA); + c->key_meshing=1; + c->count=0; + if(key) gost_key(&(c->cctx),key); + if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + return 1; + } + +/* Initializes EVP_CIPHER_CTX with default values */ +int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + return gost_cipher_init_param(ctx,key,iv,enc,NID_undef,EVP_CIPH_CFB_MODE); + } +/* Wrapper around gostcrypt function from gost89.c which perform + * key meshing when nesseccary + */ +static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf) + { + struct ossl_gost_cipher_ctx *c = ctx; + if (c->count&&c->key_meshing && c->count%1024==0) + { + cryptopro_key_meshing(&(c->cctx),iv); + } + gostcrypt(&(c->cctx),iv,buf); + c->count+=8; + } + +static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf) + { + struct ossl_gost_cipher_ctx *c = ctx; + word32 g,go; + unsigned char buf1[8]; + if (c->count && c->key_meshing && c->count %1024 ==0) + { + cryptopro_key_meshing(&(c->cctx),iv); + } + if (c->count==0) + { + gostcrypt(&(c->cctx),iv,buf1); + } + else + { + memcpy(buf1,iv,8); + } + g = buf1[0]|(buf1[1]<<8)|(buf1[2]<<16)|(buf1[3]<<24); + g += 0x01010101; + buf1[0]=(unsigned char)(g&0xff); + buf1[1]=(unsigned char)((g>>8)&0xff); + buf1[2]=(unsigned char)((g>>16)&0xff); + buf1[3]=(unsigned char)((g>>24)&0xff); + g = buf1[4]|(buf1[5]<<8)|(buf1[6]<<16)|(buf1[7]<<24); + go = g; + g += 0x01010104; + if (go > g) /* overflow*/ + g++; + buf1[4]=(unsigned char)(g&0xff); + buf1[5]=(unsigned char)((g>>8)&0xff); + buf1[6]=(unsigned char)((g>>16)&0xff); + buf1[7]=(unsigned char)((g>>24)&0xff); + memcpy(iv,buf1,8); + gostcrypt(&(c->cctx),buf1,buf); + c->count +=8; + } + +/* GOST encryption in CFB mode */ +int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + const unsigned char *in_ptr=in; + unsigned char *out_ptr=out; + size_t i=0; + size_t j=0; +/* process partial block if any */ + if (ctx->num) + { + for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++) + { + if (!ctx->encrypt) ctx->buf[j+8]=*in_ptr; + *out_ptr=ctx->buf[j]^(*in_ptr); + if (ctx->encrypt) ctx->buf[j+8]=*out_ptr; + } + if (j==8) + { + memcpy(ctx->iv,ctx->buf+8,8); + ctx->num=0; + } + else + { + ctx->num=j; + return 1; + } + } + + for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8) + { + /*block cipher current iv */ + gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf); + /*xor next block of input text with it and output it*/ + /*output this block */ + if (!ctx->encrypt) memcpy(ctx->iv,in_ptr,8); + for (j=0;j<8;j++) + { + out_ptr[j]=ctx->buf[j]^in_ptr[j]; + } + /* Encrypt */ + /* Next iv is next block of cipher text*/ + if (ctx->encrypt) memcpy(ctx->iv,out_ptr,8); + } +/* Process rest of buffer */ + if (i<inl) + { + gost_crypt_mesh(ctx->cipher_data,ctx->iv,ctx->buf); + if (!ctx->encrypt) memcpy(ctx->buf+8,in_ptr,inl-i); + for (j=0;i<inl;j++,i++) + { + out_ptr[j]=ctx->buf[j]^in_ptr[j]; + } + ctx->num = j; + if (ctx->encrypt) memcpy(ctx->buf+8,out_ptr,j); + } + else + { + ctx->num = 0; + } + return 1; + } + +static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + const unsigned char *in_ptr=in; + unsigned char *out_ptr=out; + size_t i=0; + size_t j; +/* process partial block if any */ + if (ctx->num) + { + for (j=ctx->num,i=0;j<8 && i<inl;j++,i++,in_ptr++,out_ptr++) + { + *out_ptr=ctx->buf[j]^(*in_ptr); + } + if (j==8) + { + ctx->num=0; + } + else + { + ctx->num=j; + return 1; + } + } + + for (;i+8<inl;i+=8,in_ptr+=8,out_ptr+=8) + { + /*block cipher current iv */ + /* Encrypt */ + gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf); + /*xor next block of input text with it and output it*/ + /*output this block */ + for (j=0;j<8;j++) + { + out_ptr[j]=ctx->buf[j]^in_ptr[j]; + } + } +/* Process rest of buffer */ + if (i<inl) + { + gost_cnt_next(ctx->cipher_data,ctx->iv,ctx->buf); + for (j=0;i<inl;j++,i++) + { + out_ptr[j]=ctx->buf[j]^in_ptr[j]; + } + ctx->num = j; + } + else + { + ctx->num = 0; + } + return 1; + } + +/* Cleaning up of EVP_CIPHER_CTX */ +int gost_cipher_cleanup(EVP_CIPHER_CTX *ctx) + { + gost_destroy(&((struct ossl_gost_cipher_ctx *)ctx->cipher_data)->cctx); + ctx->app_data = NULL; + return 1; + } + +/* Control function for gost cipher */ +int gost_cipher_ctl(EVP_CIPHER_CTX *ctx,int type,int arg,void *ptr) + { + switch (type) + { + case EVP_CTRL_RAND_KEY: + { + if (RAND_bytes((unsigned char *)ptr,ctx->key_len)<=0) + { + GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_RANDOM_GENERATOR_ERROR); + return -1; + } + break; + } + case EVP_CTRL_PBE_PRF_NID: + if (ptr) { + *((int *)ptr)= NID_id_HMACGostR3411_94; + return 1; + } else { + return 0; + } + + default: + GOSTerr(GOST_F_GOST_CIPHER_CTL,GOST_R_UNSUPPORTED_CIPHER_CTL_COMMAND); + return -1; + } + return 1; + } + +/* Set cipher parameters from ASN1 structure */ +int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params) + { + int len=0; + unsigned char *buf=NULL; + unsigned char *p=NULL; + struct ossl_gost_cipher_ctx *c = ctx->cipher_data; + GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new(); + ASN1_OCTET_STRING *os = NULL; + if (!gcp) + { + GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY); + return 0; + } + if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len)) + { + GOST_CIPHER_PARAMS_free(gcp); + GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY); + return 0; + } + ASN1_OBJECT_free(gcp->enc_param_set); + gcp->enc_param_set = OBJ_nid2obj(c->paramNID); + + len = i2d_GOST_CIPHER_PARAMS(gcp, NULL); + p = buf = (unsigned char*)OPENSSL_malloc(len); + if (!buf) + { + GOST_CIPHER_PARAMS_free(gcp); + GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY); + return 0; + } + i2d_GOST_CIPHER_PARAMS(gcp, &p); + GOST_CIPHER_PARAMS_free(gcp); + + os = ASN1_OCTET_STRING_new(); + + if(!os || !ASN1_OCTET_STRING_set(os, buf, len)) + { + OPENSSL_free(buf); + GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY); + return 0; + } + OPENSSL_free(buf); + + ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os); + return 1; + } + +/* Store parameters into ASN1 structure */ +int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params) + { + int ret = -1; + int len; + GOST_CIPHER_PARAMS *gcp = NULL; + unsigned char *p; + struct ossl_gost_cipher_ctx *c=ctx->cipher_data; + if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) + { + return ret; + } + + p = params->value.sequence->data; + + gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p, + params->value.sequence->length); + + len = gcp->iv->length; + if (len != ctx->cipher->iv_len) + { + GOST_CIPHER_PARAMS_free(gcp); + GOSTerr(GOST_F_GOST89_GET_ASN1_PARAMETERS, + GOST_R_INVALID_IV_LENGTH); + return -1; + } + if (!gost_cipher_set_param(c,OBJ_obj2nid(gcp->enc_param_set))) + { + GOST_CIPHER_PARAMS_free(gcp); + return -1; + } + memcpy(ctx->oiv, gcp->iv->data, len); + + GOST_CIPHER_PARAMS_free(gcp); + + return 1; + } + + +int gost_imit_init_cpa(EVP_MD_CTX *ctx) + { + struct ossl_gost_imit_ctx *c = ctx->md_data; + memset(c->buffer,0,16); + c->count = 0; + c->bytes_left=0; + c->key_meshing=1; + gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA); + return 1; + } + +static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *data) + { + unsigned char buffer[8]; + /* We are using local buffer for iv because CryptoPro doesn't + * interpret internal state of MAC algorithm as iv during keymeshing + * (but does initialize internal state from iv in key transport + */ + if (c->key_meshing&& c->count && c->count %1024 ==0) + { + cryptopro_key_meshing(&(c->cctx),buffer); + } + mac_block(&(c->cctx),c->buffer,data); + c->count +=8; + } + +int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) + { + struct ossl_gost_imit_ctx *c = ctx->md_data; + const unsigned char *p = data; + size_t bytes = count,i; + if (!(c->key_set)) { + GOSTerr(GOST_F_GOST_IMIT_UPDATE, GOST_R_MAC_KEY_NOT_SET); + return 0; + } + if (c->bytes_left) + { + for (i=c->bytes_left;i<8&&bytes>0;bytes--,i++,p++) + { + c->partial_block[i]=*p; + } + if (i==8) + { + mac_block_mesh(c,c->partial_block); + } + else + { + c->bytes_left = i; + return 1; + } + } + while (bytes>8) + { + mac_block_mesh(c,p); + p+=8; + bytes-=8; + } + if (bytes>0) + { + memcpy(c->partial_block,p,bytes); + } + c->bytes_left=bytes; + return 1; + } + +int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md) + { + struct ossl_gost_imit_ctx *c = ctx->md_data; + if (!c->key_set) { + GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET); + return 0; + } + if (c->bytes_left) + { + int i; + for (i=c->bytes_left;i<8;i++) + { + c->partial_block[i]=0; + } + mac_block_mesh(c,c->partial_block); + } + get_mac(c->buffer,32,md); + return 1; + } + +int gost_imit_ctrl(EVP_MD_CTX *ctx,int type, int arg, void *ptr) + { + switch (type) + { + case EVP_MD_CTRL_KEY_LEN: + *((unsigned int*)(ptr)) = 32; + return 1; + case EVP_MD_CTRL_SET_KEY: + { + if (arg!=32) { + GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH); + return 0; + } + + gost_key(&(((struct ossl_gost_imit_ctx*)(ctx->md_data))->cctx),ptr) ; + ((struct ossl_gost_imit_ctx*)(ctx->md_data))->key_set = 1; + return 1; + + } + default: + return 0; + } + } + +int gost_imit_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) + { + memcpy(to->md_data,from->md_data,sizeof(struct ossl_gost_imit_ctx)); + return 1; + } + +/* Clean up imit ctx */ +int gost_imit_cleanup(EVP_MD_CTX *ctx) + { + memset(ctx->md_data,0,sizeof(struct ossl_gost_imit_ctx)); + return 1; + } + diff --git a/lib/libssl/src/engines/ccgost/gost_ctl.c b/lib/libssl/src/engines/ccgost/gost_ctl.c new file mode 100644 index 00000000000..d3cd171818a --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_ctl.c @@ -0,0 +1,89 @@ +/********************************************************************** + * gost_ctl.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of control commands for GOST engine * + * OpenSSL 0.9.9 libraries required * + **********************************************************************/ +#include <stdlib.h> +#include <string.h> +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/engine.h> +#include <openssl/buffer.h> +#include "gost_lcl.h" + +static char *gost_params[GOST_PARAM_MAX+1]={NULL}; +static const char *gost_envnames[]={"CRYPT_PARAMS"}; +const ENGINE_CMD_DEFN gost_cmds[]= + { +/* { GOST_CTRL_RNG, + "RNG", + "Type of random number generator to use", + ENGINE_CMD_FLAG_STRING + }, + { GOST_CTRL_RNG_PARAMS, + "RNG_PARAMS", + "Parameter for random number generator", + ENGINE_CMD_FLAG_STRING + }, +*/ { GOST_CTRL_CRYPT_PARAMS, + "CRYPT_PARAMS", + "OID of default GOST 28147-89 parameters", + ENGINE_CMD_FLAG_STRING + }, +{0,NULL,NULL,0} + }; + +void gost_param_free() +{ + int i; + for (i=0;i<=GOST_PARAM_MAX;i++) + if (gost_params[i]!=NULL) + { + OPENSSL_free(gost_params[i]); + gost_params[i]=NULL; + } + +} + +int gost_control_func(ENGINE *e,int cmd,long i, void *p, void (*f)(void)) + { + int param = cmd-ENGINE_CMD_BASE; + int ret=0; + if (param <0 || param >GOST_PARAM_MAX) return -1; + ret=gost_set_default_param(param,p); + return ret; + } + +const char *get_gost_engine_param(int param) + { + char *tmp; + if (param <0 || param >GOST_PARAM_MAX) return NULL; + if (gost_params[param]!=NULL) + { + return gost_params[param]; + } + tmp = getenv(gost_envnames[param]); + if (tmp) + { + if (gost_params[param]) OPENSSL_free(gost_params[param]); + gost_params[param] = BUF_strdup(tmp); + return gost_params[param]; + } + return NULL; + } + +int gost_set_default_param(int param, const char *value) + { + const char *tmp; + if (param <0 || param >GOST_PARAM_MAX) return 0; + tmp = getenv(gost_envnames[param]); + /* if there is value in the environment, use it, else -passed string * */ + if (!tmp) tmp=value; + if (gost_params[param]) OPENSSL_free(gost_params[param]); + gost_params[param] = BUF_strdup(tmp); + + return 1; + } diff --git a/lib/libssl/src/engines/ccgost/gost_eng.c b/lib/libssl/src/engines/ccgost/gost_eng.c new file mode 100644 index 00000000000..d2cbe3b8314 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_eng.c @@ -0,0 +1,273 @@ +/********************************************************************** + * gost_eng.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Main file of GOST engine * + * for OpenSSL * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <string.h> +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/engine.h> +#include <openssl/obj_mac.h> +#include "e_gost_err.h" +#include "gost_lcl.h" +static const char *engine_gost_id = "gost"; +static const char *engine_gost_name = "Reference implementation of GOST engine"; + +/* Symmetric cipher and digest function registrar */ + +static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid); + +static int gost_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int ind); + +static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth, + const int **nids, int nid); + +static int gost_pkey_asn1_meths (ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, + const int **nids, int nid); + +static int gost_cipher_nids[] = + {NID_id_Gost28147_89, NID_gost89_cnt,0}; + +static int gost_digest_nids[] = + {NID_id_GostR3411_94,NID_id_Gost28147_89_MAC, 0}; + +static int gost_pkey_meth_nids[] = + {NID_id_GostR3410_94, + NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0}; + +static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL, + *pmeth_GostR3410_2001 = NULL, + *pmeth_Gost28147_MAC = NULL; + +static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL, + *ameth_GostR3410_2001 = NULL, + *ameth_Gost28147_MAC = NULL; + + +static int gost_engine_init(ENGINE *e) + { + return 1; + } + +static int gost_engine_finish(ENGINE *e) + { + return 1; + } + +static int gost_engine_destroy(ENGINE *e) + { + gost_param_free(); + return 1; + } + +static int bind_gost (ENGINE *e,const char *id) + { + int ret = 0; + if (id && strcmp(id, engine_gost_id)) return 0; + + if (!ENGINE_set_id(e, engine_gost_id)) + { + printf("ENGINE_set_id failed\n"); + goto end; + } + if (!ENGINE_set_name(e, engine_gost_name)) + { + printf("ENGINE_set_name failed\n"); + goto end; + } + if (!ENGINE_set_digests(e, gost_digests)) + { + printf("ENGINE_set_digests failed\n"); + goto end; + } + if (! ENGINE_set_ciphers(e, gost_ciphers)) + { + printf("ENGINE_set_ciphers failed\n"); + goto end; + } + if (! ENGINE_set_pkey_meths(e, gost_pkey_meths)) + { + printf("ENGINE_set_pkey_meths failed\n"); + goto end; + } + if (! ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths)) + { + printf("ENGINE_set_pkey_asn1_meths failed\n"); + goto end; + } + /* Control function and commands */ + if (!ENGINE_set_cmd_defns(e,gost_cmds)) + { + fprintf(stderr,"ENGINE_set_cmd_defns failed\n"); + goto end; + } + if (!ENGINE_set_ctrl_function(e,gost_control_func)) + { + fprintf(stderr,"ENGINE_set_ctrl_func failed\n"); + goto end; + } + if ( ! ENGINE_set_destroy_function(e, gost_engine_destroy) + || ! ENGINE_set_init_function(e,gost_engine_init) + || ! ENGINE_set_finish_function(e,gost_engine_finish)) + { + goto end; + } + + if (!register_ameth_gost(NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94", "GOST R 34.10-94")) goto end; + if (!register_ameth_gost(NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001", "GOST R 34.10-2001")) goto end; + if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC, + "GOST-MAC", "GOST 28147-89 MAC")) goto end; + + if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0)) goto end; + if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0)) goto end; + if (!register_pmeth_gost(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0)) + goto end; + if ( ! ENGINE_register_ciphers(e) + || ! ENGINE_register_digests(e) + || ! ENGINE_register_pkey_meths(e) + /* These two actually should go in LIST_ADD command */ + || ! EVP_add_cipher(&cipher_gost) + || ! EVP_add_cipher(&cipher_gost_cpacnt) + || ! EVP_add_digest(&digest_gost) + || ! EVP_add_digest(&imit_gost_cpa) + ) + { + goto end; + } + + ERR_load_GOST_strings(); + ret = 1; + end: + return ret; + } + +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +IMPLEMENT_DYNAMIC_BIND_FN(bind_gost) +IMPLEMENT_DYNAMIC_CHECK_FN() +#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */ + +static int gost_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid) + { + int ok =1 ; + if (!digest) + { + *nids = gost_digest_nids; + return 2; + } + /*printf("Digest no %d requested\n",nid);*/ + if(nid == NID_id_GostR3411_94) + { + *digest = &digest_gost; + } + else if (nid == NID_id_Gost28147_89_MAC) + { + *digest = &imit_gost_cpa; + } + else + { + ok =0; + *digest = NULL; + } + return ok; + } + +static int gost_ciphers (ENGINE *e,const EVP_CIPHER **cipher, + const int **nids, int nid) + { + int ok = 1; + if (!cipher) + { + *nids = gost_cipher_nids; + return 2; /* two ciphers are supported */ + } + + if(nid == NID_id_Gost28147_89) + { + *cipher = &cipher_gost; + } + else if (nid == NID_gost89_cnt) + { + *cipher = &cipher_gost_cpacnt; + } + else + { + ok = 0; + *cipher = NULL; + } + return ok; + } + +static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth, + const int **nids, int nid) + { + if (!pmeth) + { + *nids = gost_pkey_meth_nids; + return 3; + } + + switch (nid) + { + case NID_id_GostR3410_94: *pmeth = pmeth_GostR3410_94; return 1; + case NID_id_GostR3410_2001: *pmeth = pmeth_GostR3410_2001; return 1; + case NID_id_Gost28147_89_MAC: *pmeth = pmeth_Gost28147_MAC; return 1; + default:; + } + + *pmeth = NULL; + return 0; + } + +static int gost_pkey_asn1_meths (ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, + const int **nids, int nid) + { + if (!ameth) + { + *nids = gost_pkey_meth_nids; + return 3; + } + switch (nid) + { + case NID_id_GostR3410_94: *ameth = ameth_GostR3410_94; return 1; + case NID_id_GostR3410_2001: *ameth = ameth_GostR3410_2001; return 1; + case NID_id_Gost28147_89_MAC: *ameth = ameth_Gost28147_MAC; return 1; + + default:; + } + + *ameth = NULL; + return 0; + } + +#ifdef OPENSSL_NO_DYNAMIC_ENGINE +static ENGINE *engine_gost(void) + { + ENGINE *ret = ENGINE_new(); + if (!ret) + return NULL; + if (!bind_gost(ret,engine_gost_id)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +void ENGINE_load_gost(void) + { + ENGINE *toadd =engine_gost(); + if (!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } +#endif + diff --git a/lib/libssl/src/engines/ccgost/gost_keywrap.c b/lib/libssl/src/engines/ccgost/gost_keywrap.c new file mode 100644 index 00000000000..c618f6da283 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_keywrap.c @@ -0,0 +1,109 @@ +/********************************************************************** + * keywrap.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of CryptoPro key wrap algorithm, as defined in * + * RFC 4357 p 6.3 and 6.4 * + * Doesn't need OpenSSL * + **********************************************************************/ +#include <string.h> +#include "gost89.h" +#include "gost_keywrap.h" + +/* Diversifies key using random UserKey Material + * Implements RFC 4357 p 6.5 key diversification algorithm + * + * inputKey - 32byte key to be diversified + * ukm - 8byte user key material + * outputKey - 32byte buffer to store diversified key + * + */ +void keyDiversifyCryptoPro(gost_ctx *ctx,const unsigned char *inputKey, const unsigned char *ukm, unsigned char *outputKey) + { + + u4 k,s1,s2; + int i,j,mask; + unsigned char S[8]; + memcpy(outputKey,inputKey,32); + for (i=0;i<8;i++) + { + /* Make array of integers from key */ + /* Compute IV S*/ + s1=0,s2=0; + for (j=0,mask=1;j<8;j++,mask<<=1) + { + k=((u4)outputKey[4*j])|(outputKey[4*j+1]<<8)| + (outputKey[4*j+2]<<16)|(outputKey[4*j+3]<<24); + if (mask & ukm[i]) + { + s1+=k; + } + else + { + s2+=k; + } + } + S[0]=(unsigned char)(s1&0xff); + S[1]=(unsigned char)((s1>>8)&0xff); + S[2]=(unsigned char)((s1>>16)&0xff); + S[3]=(unsigned char)((s1>>24)&0xff); + S[4]=(unsigned char)(s2&0xff); + S[5]=(unsigned char)((s2>>8)&0xff); + S[6]=(unsigned char)((s2>>16)&0xff); + S[7]=(unsigned char)((s2>>24)&0xff); + gost_key(ctx,outputKey); + gost_enc_cfb(ctx,S,outputKey,outputKey,4); + } + } + + +/* + * Wraps key using RFC 4357 6.3 + * ctx - gost encryption context, initialized with some S-boxes + * keyExchangeKey (KEK) 32-byte (256-bit) shared key + * ukm - 8 byte (64 bit) user key material, + * sessionKey - 32-byte (256-bit) key to be wrapped + * wrappedKey - 44-byte buffer to store wrapped key + */ + +int keyWrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, const unsigned char *ukm, + const unsigned char *sessionKey, unsigned char *wrappedKey) + { + unsigned char kek_ukm[32]; + keyDiversifyCryptoPro(ctx,keyExchangeKey,ukm,kek_ukm); + gost_key(ctx,kek_ukm); + memcpy(wrappedKey,ukm,8); + gost_enc(ctx,sessionKey,wrappedKey+8,4); + gost_mac_iv(ctx,32,ukm,sessionKey,32,wrappedKey+40); + return 1; + } +/* + * Unwraps key using RFC 4357 6.4 + * ctx - gost encryption context, initialized with some S-boxes + * keyExchangeKey 32-byte shared key + * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM, + * 32 byte encrypted key and 4 byte MAC + * + * sessionKEy - 32byte buffer to store sessionKey in + * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match + */ + +int keyUnwrapCryptoPro(gost_ctx *ctx,const unsigned char *keyExchangeKey, + const unsigned char *wrappedKey, unsigned char *sessionKey) + { + unsigned char kek_ukm[32],cek_mac[4]; + keyDiversifyCryptoPro(ctx,keyExchangeKey,wrappedKey + /* First 8 bytes of wrapped Key is ukm */ + ,kek_ukm); + gost_key(ctx,kek_ukm); + gost_dec(ctx,wrappedKey+8,sessionKey,4); + gost_mac_iv(ctx,32,wrappedKey,sessionKey,32,cek_mac); + if (memcmp(cek_mac,wrappedKey+40,4)) + { + return 0; + } + return 1; + } + + diff --git a/lib/libssl/src/engines/ccgost/gost_keywrap.h b/lib/libssl/src/engines/ccgost/gost_keywrap.h new file mode 100644 index 00000000000..37c2a0f73da --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_keywrap.h @@ -0,0 +1,56 @@ +/********************************************************************** + * gost_keywrap.h * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of CryptoPro key wrap algorithm, as defined in * + * RFC 4357 p 6.3 and 6.4 * + * Doesn't need OpenSSL * + **********************************************************************/ +#ifndef GOST_KEYWRAP_H +#define GOST_KEYWRAP_H +#include <string.h> +#include "gost89.h" +/* Diversifies key using random UserKey Material + * Implements RFC 4357 p 6.5 key diversification algorithm + * + * inputKey - 32byte key to be diversified + * ukm - 8byte user key material + * outputKey - 32byte buffer to store diversified key + * + */ +void keyDiversifyCryptoPro(gost_ctx *ctx, + const unsigned char *inputKey, + const unsigned char *ukm, + unsigned char *outputKey); +/* + * Wraps key using RFC 4357 6.3 + * ctx - gost encryption context, initialized with some S-boxes + * keyExchangeKey (KEK) 32-byte (256-bit) shared key + * ukm - 8 byte (64 bit) user key material, + * sessionKey - 32-byte (256-bit) key to be wrapped + * wrappedKey - 44-byte buffer to store wrapped key + */ + +int keyWrapCryptoPro(gost_ctx *ctx, + const unsigned char *keyExchangeKey, + const unsigned char *ukm, + const unsigned char *sessionKey, + unsigned char *wrappedKey) ; +/* + * Unwraps key using RFC 4357 6.4 + * ctx - gost encryption context, initialized with some S-boxes + * keyExchangeKey 32-byte shared key + * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM, + * 32 byte encrypted key and 4 byte MAC + * + * sessionKEy - 32byte buffer to store sessionKey in + * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match + */ + + +int keyUnwrapCryptoPro(gost_ctx *ctx, + const unsigned char *keyExchangeKey, + const unsigned char *wrappedKey, + unsigned char *sessionKey) ; +#endif diff --git a/lib/libssl/src/engines/ccgost/gost_lcl.h b/lib/libssl/src/engines/ccgost/gost_lcl.h new file mode 100644 index 00000000000..437a48cc86c --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_lcl.h @@ -0,0 +1,218 @@ +#ifndef GOST_TOOLS_H +#define GOST_TOOLS_H +/********************************************************************** + * gost_lcl.h * + * Copyright (c) 2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Internal declarations used in GOST engine * + * OpenSSL 0.9.9 libraries required to compile and use * + * this code * + **********************************************************************/ +#include <openssl/bn.h> +#include <openssl/evp.h> +#include <openssl/dsa.h> +#include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/engine.h> +#include <openssl/ec.h> +#include "gost89.h" +#include "gosthash.h" +/* Control commands */ +#define GOST_PARAM_CRYPT_PARAMS 0 +#define GOST_PARAM_MAX 0 +#define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS) + + extern const ENGINE_CMD_DEFN gost_cmds[]; + int gost_control_func(ENGINE *e,int cmd, long i, void *p, void (*f)(void)); + const char *get_gost_engine_param(int param); + int gost_set_default_param(int param, const char *value); + void gost_param_free(void); + +/* method registration */ + + int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pemstr, const char* info); + int register_pmeth_gost (int id, EVP_PKEY_METHOD **pmeth, int flags); + +/* Gost-specific pmeth control-function parameters */ +/* For GOST R34.10 parameters */ +#define param_ctrl_string "paramset" +#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1) +/* For GOST 28147 MAC */ +#define key_ctrl_string "key" +#define hexkey_ctrl_string "hexkey" +#define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3) +/* Pmeth internal representation */ + struct gost_pmeth_data { + int sign_param_nid; /* Should be set whenever parameters are filled */ + EVP_MD *md; + unsigned char *shared_ukm; + int peer_key_used; + }; + + struct gost_mac_pmeth_data { + int key_set; + EVP_MD *md; + unsigned char key[32]; + } ; +/* GOST-specific ASN1 structures */ + + +typedef struct { + ASN1_OCTET_STRING *encrypted_key; + ASN1_OCTET_STRING *imit; +} GOST_KEY_INFO; + +DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO) + +typedef struct { + ASN1_OBJECT *cipher; + X509_PUBKEY *ephem_key; + ASN1_OCTET_STRING *eph_iv; +} GOST_KEY_AGREEMENT_INFO; + +DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO) + +typedef struct { + GOST_KEY_INFO *key_info; + GOST_KEY_AGREEMENT_INFO *key_agreement_info; +} GOST_KEY_TRANSPORT; + +DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT) + +typedef struct { /* FIXME incomplete */ + GOST_KEY_TRANSPORT *gkt; +} GOST_CLIENT_KEY_EXCHANGE_PARAMS; + +/* Hacks to shorten symbols to 31 characters or less, or OpenVMS. + This mimics what's done in symhacks.h, but since this is a very + local header file, I prefered to put this hack directly here. + -- Richard Levitte */ +#ifdef OPENSSL_SYS_VMS +#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it +#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it GOST_CLIENT_KEY_EXC_PARAMS_it +#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new +#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new GOST_CLIENT_KEY_EXC_PARAMS_new +#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free +#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free GOST_CLIENT_KEY_EXC_PARAMS_free +#undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS +#define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS d2i_GOST_CLIENT_KEY_EXC_PARAMS +#undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS +#define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS i2d_GOST_CLIENT_KEY_EXC_PARAMS +#endif /* End of hack */ +DECLARE_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) +typedef struct { + ASN1_OBJECT *key_params; + ASN1_OBJECT *hash_params; + ASN1_OBJECT *cipher_params; +} GOST_KEY_PARAMS; + +DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS) + +typedef struct { + ASN1_OCTET_STRING *iv; + ASN1_OBJECT *enc_param_set; +} GOST_CIPHER_PARAMS; + +DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS) +/*============== Message digest and cipher related structures ==========*/ + /* Structure used as EVP_MD_CTX-md_data. + * It allows to avoid storing in the md-data pointers to + * dynamically allocated memory. + * + * I cannot invent better way to avoid memory leaks, because + * openssl insist on invoking Init on Final-ed digests, and there + * is no reliable way to find out whether pointer in the passed + * md_data is valid or not. + * */ +struct ossl_gost_digest_ctx { + gost_hash_ctx dctx; + gost_ctx cctx; +}; +/* EVP_MD structure for GOST R 34.11 */ +extern EVP_MD digest_gost; +/* EVP_MD structure for GOST 28147 in MAC mode */ +extern EVP_MD imit_gost_cpa; +/* Cipher context used for EVP_CIPHER operation */ +struct ossl_gost_cipher_ctx { + int paramNID; + off_t count; + int key_meshing; + gost_ctx cctx; +}; +/* Structure to map parameter NID to S-block */ +struct gost_cipher_info { + int nid; + gost_subst_block *sblock; + int key_meshing; +}; +/* Context for MAC */ +struct ossl_gost_imit_ctx { + gost_ctx cctx; + unsigned char buffer[8]; + unsigned char partial_block[8]; + off_t count; + int key_meshing; + int bytes_left; + int key_set; +}; +/* Table which maps parameter NID to S-blocks */ +extern struct gost_cipher_info gost_cipher_list[]; +/* Find encryption params from ASN1_OBJECT */ +const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj); +/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */ +extern EVP_CIPHER cipher_gost; +extern EVP_CIPHER cipher_gost_cpacnt; +#define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3) +#define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4) +/* EVP_PKEY_METHOD key encryption callbacks */ +/* From gost94_keyx.c */ +int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len ); + +int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* in, size_t in_len ); +/* From gost2001_keyx.c */ +int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len ); + +int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* in, size_t in_len ); +/* derive functions */ +/* From gost2001_keyx.c */ +int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +/* From gost94_keyx.c */ +int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +/* Internal functions for signature algorithms */ +int fill_GOST94_params(DSA *dsa,int nid); +int fill_GOST2001_params(EC_KEY *eckey, int nid); +int gost_sign_keygen(DSA *dsa) ; +int gost2001_keygen(EC_KEY *ec) ; + +DSA_SIG *gost_do_sign(const unsigned char *dgst,int dlen, DSA *dsa) ; +DSA_SIG *gost2001_do_sign(const unsigned char *dgst,int dlen, EC_KEY *eckey); + +int gost_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa) ; +int gost2001_do_verify(const unsigned char *dgst,int dgst_len, + DSA_SIG *sig, EC_KEY *ec); +int gost2001_compute_public(EC_KEY *ec) ; +int gost94_compute_public(DSA *dsa) ; +/*============== miscellaneous functions============================= */ +/* from gost_sign.c */ +/* Convert GOST R 34.11 hash sum to bignum according to standard */ +BIGNUM *hashsum2bn(const unsigned char *dgst) ; +/* Store bignum in byte array of given length, prepending by zeros + * if nesseccary */ +int store_bignum(BIGNUM *bn, unsigned char *buf,int len); +/* Read bignum, which can have few MSB all-zeros from buffer*/ +BIGNUM *getbnfrombuf(const unsigned char *buf,size_t len); +/* Pack GOST R 34.10 signature according to CryptoPro rules */ +int pack_sign_cp(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen); +/* Unpack GOST R 34.10 signature according to CryptoPro rules */ +DSA_SIG *unpack_cp_signature(const unsigned char *sig,size_t siglen) ; +/* from ameth.c */ +/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001 keys*/ +/* Returns pointer into EVP_PKEY structure */ +BIGNUM* gost_get0_priv_key(const EVP_PKEY *pkey) ; +/* Find NID by GOST 94 parameters */ +int gost94_nid_by_params(DSA *p) ; + + +#endif diff --git a/lib/libssl/src/engines/ccgost/gost_md.c b/lib/libssl/src/engines/ccgost/gost_md.c new file mode 100644 index 00000000000..417e10887bc --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_md.c @@ -0,0 +1,75 @@ +/********************************************************************** + * md_gost.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * OpenSSL interface to GOST R 34.11-94 hash functions * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <string.h> +#include "gost_lcl.h" +#include "gosthash.h" +#include "e_gost_err.h" + +/* implementation of GOST 34.11 hash function See gost_md.c*/ +static int gost_digest_init(EVP_MD_CTX *ctx); +static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count); +static int gost_digest_final(EVP_MD_CTX *ctx,unsigned char *md); +static int gost_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from); +static int gost_digest_cleanup(EVP_MD_CTX *ctx); + +EVP_MD digest_gost= + { + NID_id_GostR3411_94, + NID_undef, + 32, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + gost_digest_init, + gost_digest_update, + gost_digest_final, + gost_digest_copy, + gost_digest_cleanup, + NULL, + NULL, + {NID_undef,NID_undef,0,0,0}, + 32, + sizeof(struct ossl_gost_digest_ctx ), + NULL + }; + +int gost_digest_init(EVP_MD_CTX *ctx) + { + struct ossl_gost_digest_ctx *c = ctx->md_data; + memset(&(c->dctx),0,sizeof(gost_hash_ctx)); + gost_init(&(c->cctx),&GostR3411_94_CryptoProParamSet); + c->dctx.cipher_ctx= &(c->cctx); + return 1; + } + +int gost_digest_update(EVP_MD_CTX *ctx,const void *data,size_t count) + { + return hash_block((gost_hash_ctx *)ctx->md_data,data,count); + } + +int gost_digest_final(EVP_MD_CTX *ctx,unsigned char *md) + { + return finish_hash((gost_hash_ctx *)ctx->md_data,md); + + } + +int gost_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) + { + struct ossl_gost_digest_ctx *md_ctx=to->md_data; + if (to->md_data && from->md_data) { + memcpy(to->md_data,from->md_data,sizeof(struct ossl_gost_digest_ctx)); + md_ctx->dctx.cipher_ctx=&(md_ctx->cctx); + } + return 1; + } + +int gost_digest_cleanup(EVP_MD_CTX *ctx) + { + if (ctx->md_data) + memset(ctx->md_data,0,sizeof(struct ossl_gost_digest_ctx)); + return 1; + } diff --git a/lib/libssl/src/engines/ccgost/gost_params.c b/lib/libssl/src/engines/ccgost/gost_params.c new file mode 100644 index 00000000000..40fc343af16 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_params.c @@ -0,0 +1,198 @@ +/********************************************************************** + * params.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Definitions of GOST R 34.10 parameter sets, defined in RFC 4357 * + * OpenSSL 0.9.9 libraries required to compile and use * + * this code * + **********************************************************************/ +#include "gost_params.h" +#include <openssl/objects.h> +/* Parameters of GOST 34.10 */ + +R3410_params R3410_paramset[]={ +/* Paramset A */ +{NID_id_GostR3410_94_CryptoPro_A_ParamSet, +"100997906755055304772081815535925224869" +"8410825720534578748235158755771479905292727772441528526992987964833" +"5669968284202797289605274717317548059048560713474685214192868091256" +"1502802222185647539190902656116367847270145019066794290930185446216" +"3997308722217328898303231940973554032134009725883228768509467406639" +"62", +"127021248288932417465907042777176443525" +"7876535089165358128175072657050312609850984974231883334834011809259" +"9999512098893413065920561499672425412104927434935707492031276956145" +"1689224110579311248812610229678534638401693520013288995000362260684" +"2227508135323070045173416336850045410625869714168836867788425378203" +"83", +"683631961449557007844441656118272528951" +"02170888761442055095051287550314083023"}, +{NID_id_GostR3410_94_CryptoPro_B_ParamSet, +"429418261486158041438734477379555023926" +"7234596860714306679811299408947123142002706038521669956384871995765" +"7284814898909770759462613437669456364882730370838934791080835932647" +"9767786019153434744009610342313166725786869204821949328786333602033" +"8479709268434224762105576023501613261478065276102850944540333865234" +"1", +"139454871199115825601409655107690713107" +"0417070599280317977580014543757653577229840941243685222882398330391" +"1468164807668823692122073732267216074074777170091113455043205380464" +"7694904686120113087816240740184800477047157336662926249423571248823" +"9685422217536601433914856808405203368594584948031873412885804895251" +"63", +"79885141663410976897627118935756323747307951916507639758300472692338873533959" +}, +{NID_id_GostR3410_94_CryptoPro_C_ParamSet, +"816552717970881016017893191415300348226" +"2544051353358162468249467681876621283478212884286545844013955142622" +"2087723485023722868022275009502224827866201744494021697716482008353" +"6398202298024892620480898699335508064332313529725332208819456895108" +"5155178100221003459370588291073071186553005962149936840737128710832" +"3", +"110624679233511963040518952417017040248" +"5862954819831383774196396298584395948970608956170224210628525560327" +"8638246716655439297654402921844747893079518669992827880792192992701" +"1428546551433875806377110443534293554066712653034996277099320715774" +"3542287621283671843703709141350171945045805050291770503634517804938" +"01", +"113468861199819350564868233378875198043" +"267947776488510997961231672532899549103" +}, +{NID_id_GostR3410_94_CryptoPro_D_ParamSet, +"756976611021707301782128757801610628085" +"5283803109571158829574281419208532589041660017017859858216341400371" +"4687551412794400562878935266630754392677014598582103365983119173924" +"4732511225464712252386803315902707727668715343476086350472025298282" +"7271461690125050616858238384366331089777463541013033926723743254833" +"7", +"905457649621929965904290958774625315611" +"3056083907389766971404812524422262512556054474620855996091570786713" +"5849550236741915584185990627801066465809510095784713989819413820871" +"5964648914493053407920737078890520482730623038837767710173664838239" +"8574828787891286471201460474326612697849693665518073864436497893214" +"9", +"108988435796353506912374591498972192620" +"190487557619582334771735390599299211593" +}, + +{NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, +"1335318132727206734338595199483190012179423759678474868994823595993" +"6964252873471246159040332773182141032801252925387191478859899310331" +"0567744136196364803064721377826656898686468463277710150809401182608" +"7702016153249904683329312949209127762411378780302243557466062839716" +"59376426832674269780880061631528163475887", +"14201174159756348119636828602231808974327613839524373876287257344192" +"74593935127189736311660784676003608489466235676257952827747192122419" +"29071046134208380636394084512691828894000571524625445295769349356752" +"72895683154177544176313938445719175509684710784659566254794231229333" +"8483924514339614727760681880609734239", +"91771529896554605945588149018382750217296858393520724172743325725474" +"374979801" +}, +{NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, +"8890864727828423151699995801875757891031463338652579140051973659" +"3048131440685857067369829407947744496306656291505503608252399443" +"7900272386749145996230867832228661977543992816745254823298629859" +"8753575466286051738837854736167685769017780335804511440773337196" +"2538423532919394477873664752824509986617878992443177", +"1028946126624994859676552074360530315217970499989304888248413244" +"8474923022758470167998871003604670704877377286176171227694098633" +"1539089568784129110109512690503345393869871295783467257264868341" +"7200196629860561193666752429682367397084815179752036423595736533" +"68957392061769855284593965042530895046088067160269433", +"9109671391802626916582318050603555673628769498182593088388796888" +"5281641595199" +}, +{NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, +"4430618464297584182473135030809859326863990650118941756995270074" +"8609973181426950235239623239110557450826919295792878938752101867" +"7047181623251027516953100431855964837602657827828194249605561893" +"6965865325513137194483136247773653468410118796740709840825496997" +"9375560722345106704721086025979309968763193072908334", +"1246996366993477513607147265794064436203408861395055989217248455" +"7299870737698999651480662364723992859320868822848751165438350943" +"3276647222625940615560580450040947211826027729977563540237169063" +"0448079715771649447778447000597419032457722226253269698374446528" +"35352729304393746106576383349151001715930924115499549", +"6787876137336591234380295020065682527118129468050147943114675429" +"4748422492761" +}, + + +{NID_undef,NULL, NULL, NULL} +}; + +R3410_2001_params R3410_2001_paramset[]={ + /* default_cc_sign01_param 1.2.643.2.9.1.8.1 */ + {NID_id_GostR3410_2001_ParamSet_cc, + /* A */ + "C0000000000000000000000000000000000000000000000000000000000003c4", + /* B */ + "2d06B4265ebc749ff7d0f1f1f88232e81632e9088fd44b7787d5e407e955080c", + /* P */ + "C0000000000000000000000000000000000000000000000000000000000003C7", + /* Q */ + "5fffffffffffffffffffffffffffffff606117a2f4bde428b7458a54b6e87b85", + /* X */ + "2", + /* Y */ + "a20e034bf8813ef5c18d01105e726a17eb248b264ae9706f440bedc8ccb6b22c" + }, + /* 1.2.643.2.2.35.0 */ + {NID_id_GostR3410_2001_TestParamSet, + "7", + "5FBFF498AA938CE739B8E022FBAFEF40563F6E6A3472FC2A514C0CE9DAE23B7E", + "8000000000000000000000000000000000000000000000000000000000000431", + "8000000000000000000000000000000150FE8A1892976154C59CFC193ACCF5B3", + "2", + "08E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA267122B96ABBCEA7E8FC8" + }, + /*1.2.643.2.2.35.1*/ + {NID_id_GostR3410_2001_CryptoPro_A_ParamSet, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", + "a6", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", + "1", + "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14" + }, + /*1.2.643.2.2.35.2*/ + {NID_id_GostR3410_2001_CryptoPro_B_ParamSet, + "8000000000000000000000000000000000000000000000000000000000000C96", + "3E1AF419A269A5F866A7D3C25C3DF80AE979259373FF2B182F49D4CE7E1BBC8B", + "8000000000000000000000000000000000000000000000000000000000000C99", + "800000000000000000000000000000015F700CFFF1A624E5E497161BCC8A198F", + "1", + "3FA8124359F96680B83D1C3EB2C070E5C545C9858D03ECFB744BF8D717717EFC" + }, + /*1.2.643.2.2.35.3*/ + {NID_id_GostR3410_2001_CryptoPro_C_ParamSet, + "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598", + "805a", + "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B", + "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9", + "0", + "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67" + }, + /*1.2.643.2.2.36.0*/ + {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", + "a6", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", + "1", + "8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14" + }, + /*1.2.643.2.2.36.1*/ + {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, + "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D7598", + "805a", + "9B9F605F5A858107AB1EC85E6B41C8AACF846E86789051D37998F7B9022D759B", + "9B9F605F5A858107AB1EC85E6B41C8AA582CA3511EDDFB74F02F3A6598980BB9", + "0", + "41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67" + }, + { 0,NULL,NULL,NULL,NULL,NULL,NULL + } +}; diff --git a/lib/libssl/src/engines/ccgost/gost_params.h b/lib/libssl/src/engines/ccgost/gost_params.h new file mode 100644 index 00000000000..4c3f5567d7f --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_params.h @@ -0,0 +1,34 @@ +/********************************************************************** + * gost_params.h * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Declaration of structures used to represent GOST R 34.10 * + * parameter sets, defined in RFC 4357 * + * OpenSSL 0.9.9 libraries required to compile and use * + * this code * + **********************************************************************/ +#ifndef GOST_PARAMSET_H +#define GOST_PARAMSET_H +typedef struct R3410 { + int nid; + char *a; + char *p; + char *q; +} R3410_params; + +extern R3410_params R3410_paramset[]; + +typedef struct R3410_2001 { + int nid; + char *a; + char *b; + char *p; + char *q; + char *x; + char *y; +} R3410_2001_params; + +extern R3410_2001_params R3410_2001_paramset[]; + +#endif diff --git a/lib/libssl/src/engines/ccgost/gost_pmeth.c b/lib/libssl/src/engines/ccgost/gost_pmeth.c new file mode 100644 index 00000000000..caaea99d360 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_pmeth.c @@ -0,0 +1,621 @@ +/********************************************************************** + * gost_pmeth.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of RFC 4357 (GOST R 34.10) Publick key method * + * for OpenSSL * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/ec.h> +#include <openssl/x509v3.h> /*For string_to_hex */ +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include "gost_params.h" +#include "gost_lcl.h" +#include "e_gost_err.h" +/*-------init, cleanup, copy - uniform for all algs ---------------*/ +/* Allocates new gost_pmeth_data structure and assigns it as data */ +static int pkey_gost_init(EVP_PKEY_CTX *ctx) + { + struct gost_pmeth_data *data; + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + data = OPENSSL_malloc(sizeof(struct gost_pmeth_data)); + if (!data) return 0; + memset(data,0,sizeof(struct gost_pmeth_data)); + if (pkey && EVP_PKEY_get0(pkey)) + { + switch (EVP_PKEY_base_id(pkey)) { + case NID_id_GostR3410_94: + data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey)); + break; + case NID_id_GostR3410_2001: + data->sign_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey))); + break; + default: + return 0; + } + } + EVP_PKEY_CTX_set_data(ctx,data); + return 1; + } + +/* Copies contents of gost_pmeth_data structure */ +static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + struct gost_pmeth_data *dst_data,*src_data; + if (!pkey_gost_init(dst)) + { + return 0; + } + src_data = EVP_PKEY_CTX_get_data(src); + dst_data = EVP_PKEY_CTX_get_data(dst); + *dst_data = *src_data; + if (src_data -> shared_ukm) { + dst_data->shared_ukm=NULL; + } + return 1; + } + +/* Frees up gost_pmeth_data structure */ +static void pkey_gost_cleanup (EVP_PKEY_CTX *ctx) + { + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + if (data->shared_ukm) OPENSSL_free(data->shared_ukm); + OPENSSL_free(data); + } + +/* --------------------- control functions ------------------------------*/ +static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + struct gost_pmeth_data *pctx = (struct gost_pmeth_data*)EVP_PKEY_CTX_get_data(ctx); + switch (type) + { + case EVP_PKEY_CTRL_MD: + { + if (EVP_MD_type((const EVP_MD *)p2) != NID_id_GostR3411_94) + { + GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE); + return 0; + } + pctx->md = (EVP_MD *)p2; + return 1; + } + break; + + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: + case EVP_PKEY_CTRL_PKCS7_DECRYPT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + return 1; + + case EVP_PKEY_CTRL_GOST_PARAMSET: + pctx->sign_param_nid = (int)p1; + return 1; + case EVP_PKEY_CTRL_SET_IV: + pctx->shared_ukm=OPENSSL_malloc((int)p1); + memcpy(pctx->shared_ukm,p2,(int) p1); + return 1; + case EVP_PKEY_CTRL_PEER_KEY: + if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */ + return 1; + if (p1 == 2) /* TLS: peer key used? */ + return pctx->peer_key_used; + if (p1 == 3) /* TLS: peer key used! */ + return (pctx->peer_key_used = 1); + return -2; + } + return -2; + } + + +static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + int param_nid=0; + if(!strcmp(type, param_ctrl_string)) + { + if (!value) + { + return 0; + } + if (strlen(value) == 1) + { + switch(toupper(value[0])) + { + case 'A': + param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet; + break; + case 'B': + param_nid = NID_id_GostR3410_94_CryptoPro_B_ParamSet; + break; + case 'C': + param_nid = NID_id_GostR3410_94_CryptoPro_C_ParamSet; + break; + case 'D': + param_nid = NID_id_GostR3410_94_CryptoPro_D_ParamSet; + break; + default: + return 0; + break; + } + } + else if ((strlen(value) == 2) && (toupper(value[0]) == 'X')) + { + switch (toupper(value[1])) + { + case 'A': + param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet; + break; + case 'B': + param_nid = NID_id_GostR3410_94_CryptoPro_XchB_ParamSet; + break; + case 'C': + param_nid = NID_id_GostR3410_94_CryptoPro_XchC_ParamSet; + break; + default: + return 0; + break; + } + } + else + { + R3410_params *p = R3410_paramset; + param_nid = OBJ_txt2nid(value); + if (param_nid == NID_undef) + { + return 0; + } + for (;p->nid != NID_undef;p++) + { + if (p->nid == param_nid) break; + } + if (p->nid == NID_undef) + { + GOSTerr(GOST_F_PKEY_GOST_CTRL94_STR, + GOST_R_INVALID_PARAMSET); + return 0; + } + } + + return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, + param_nid, NULL); + } + return -2; + } + +static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + int param_nid=0; + if(!strcmp(type, param_ctrl_string)) + { + if (!value) + { + return 0; + } + if (strlen(value) == 1) + { + switch(toupper(value[0])) + { + case 'A': + param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet; + break; + case 'B': + param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet; + break; + case 'C': + param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet; + break; + case '0': + param_nid = NID_id_GostR3410_2001_TestParamSet; + break; + default: + return 0; + break; + } + } + else if ((strlen(value) == 2) && (toupper(value[0]) == 'X')) + { + switch (toupper(value[1])) + { + case 'A': + param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet; + break; + case 'B': + param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet; + break; + default: + return 0; + break; + } + } + else + { + R3410_2001_params *p = R3410_2001_paramset; + param_nid = OBJ_txt2nid(value); + if (param_nid == NID_undef) + { + return 0; + } + for (;p->nid != NID_undef;p++) + { + if (p->nid == param_nid) break; + } + if (p->nid == NID_undef) + { + GOSTerr(GOST_F_PKEY_GOST_CTRL01_STR, + GOST_R_INVALID_PARAMSET); + return 0; + } + } + + return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, + param_nid, NULL); + } + return -2; + } + +/* --------------------- key generation --------------------------------*/ + +static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx) { + return 1; +} +static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + DSA *dsa=NULL; + if (data->sign_param_nid == NID_undef) + { + GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, + GOST_R_NO_PARAMETERS_SET); + return 0; + } + dsa = DSA_new(); + if (!fill_GOST94_params(dsa,data->sign_param_nid)) + { + DSA_free(dsa); + return 0; + } + EVP_PKEY_assign(pkey,NID_id_GostR3410_94,dsa); + return 1; + } +static int pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + EC_KEY *ec=NULL; + + if (data->sign_param_nid == NID_undef) + { + GOSTerr(GOST_F_PKEY_GOST01_PARAMGEN, + GOST_R_NO_PARAMETERS_SET); + return 0; + } + if (!ec) + ec = EC_KEY_new(); + if (!fill_GOST2001_params(ec,data->sign_param_nid)) + { + EC_KEY_free(ec); + return 0; + } + EVP_PKEY_assign(pkey,NID_id_GostR3410_2001,ec); + return 1; + } + +/* Generates Gost_R3410_94_cp key */ +static int pkey_gost94cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DSA *dsa; + if (!pkey_gost94_paramgen(ctx,pkey)) return 0; + dsa = EVP_PKEY_get0(pkey); + gost_sign_keygen(dsa); + return 1; + } + +/* Generates GOST_R3410 2001 key and assigns it using specified type */ +static int pkey_gost01cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + EC_KEY *ec; + if (!pkey_gost01_paramgen(ctx,pkey)) return 0; + ec = EVP_PKEY_get0(pkey); + gost2001_keygen(ec); + return 1; + } + + + +/* ----------- sign callbacks --------------------------------------*/ + +static int pkey_gost94_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbs_len) + { + DSA_SIG *unpacked_sig=NULL; + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + if (!siglen) return 0; + if (!sig) + { + *siglen= 64; /* better to check size of pkey->pkey.dsa-q */ + return 1; + } + unpacked_sig = gost_do_sign(tbs,tbs_len,EVP_PKEY_get0(pkey)); + if (!unpacked_sig) + { + return 0; + } + return pack_sign_cp(unpacked_sig,32,sig,siglen); + } + +static int pkey_gost01_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbs_len) + { + DSA_SIG *unpacked_sig=NULL; + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + if (!siglen) return 0; + if (!sig) + { + *siglen= 64; /* better to check size of curve order*/ + return 1; + } + unpacked_sig = gost2001_do_sign(tbs,tbs_len,EVP_PKEY_get0(pkey)); + if (!unpacked_sig) + { + return 0; + } + return pack_sign_cp(unpacked_sig,32,sig,siglen); + } + +/* ------------------- verify callbacks ---------------------------*/ + +static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, size_t tbs_len) + { + int ok = 0; + EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx); + DSA_SIG *s=unpack_cp_signature(sig,siglen); + if (!s) return 0; + if (pub_key) ok = gost_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key)); + DSA_SIG_free(s); + return ok; + } + + +static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, size_t tbs_len) + { + int ok = 0; + EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx); + DSA_SIG *s=unpack_cp_signature(sig,siglen); + if (!s) return 0; +#ifdef DEBUG_SIGN + fprintf(stderr,"R="); + BN_print_fp(stderr,s->r); + fprintf(stderr,"\nS="); + BN_print_fp(stderr,s->s); + fprintf(stderr,"\n"); +#endif + if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key)); + DSA_SIG_free(s); + return ok; + } + +/* ------------- encrypt init -------------------------------------*/ +/* Generates ephermeral key */ +static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx) + { + return 1; + } +/* --------------- Derive init ------------------------------------*/ +static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx) +{ + return 1; +} +/* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/ +static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx) + { + struct gost_mac_pmeth_data *data; + data = OPENSSL_malloc(sizeof(struct gost_mac_pmeth_data)); + if (!data) return 0; + memset(data,0,sizeof(struct gost_mac_pmeth_data)); + EVP_PKEY_CTX_set_data(ctx,data); + return 1; + } +static void pkey_gost_mac_cleanup (EVP_PKEY_CTX *ctx) + { + struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + OPENSSL_free(data); + } +static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + struct gost_mac_pmeth_data *dst_data,*src_data; + if (!pkey_gost_mac_init(dst)) + { + return 0; + } + src_data = EVP_PKEY_CTX_get_data(src); + dst_data = EVP_PKEY_CTX_get_data(dst); + *dst_data = *src_data; + return 1; + } + +static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + struct gost_mac_pmeth_data *data = +(struct gost_mac_pmeth_data*)EVP_PKEY_CTX_get_data(ctx); + + switch (type) + { + case EVP_PKEY_CTRL_MD: + { + if (EVP_MD_type((const EVP_MD *)p2) != NID_id_Gost28147_89_MAC) + { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_DIGEST_TYPE); + return 0; + } + data->md = (EVP_MD *)p2; + return 1; + } + break; + + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: + case EVP_PKEY_CTRL_PKCS7_DECRYPT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + return 1; + case EVP_PKEY_CTRL_SET_MAC_KEY: + if (p1 != 32) + { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, + GOST_R_INVALID_MAC_KEY_LENGTH); + return 0; + } + + memcpy(data->key,p2,32); + data->key_set = 1; + return 1; + case EVP_PKEY_CTRL_DIGESTINIT: + { + EVP_MD_CTX *mctx = p2; + void *key; + if (!data->key_set) + { + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + if (!pkey) + { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET); + return 0; + } + key = EVP_PKEY_get0(pkey); + if (!key) + { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_MAC_KEY_NOT_SET); + return 0; + } + } else { + key = &(data->key); + } + return mctx->digest->md_ctrl(mctx,EVP_MD_CTRL_SET_KEY,32,key); + } + } + return -2; + } +static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, key_ctrl_string)) + { + if (strlen(value)!=32) + { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, + GOST_R_INVALID_MAC_KEY_LENGTH); + return 0; + } + return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, + 32,(char *)value); + } + if (!strcmp(type, hexkey_ctrl_string)) + { + long keylen; int ret; + unsigned char *keybuf=string_to_hex(value,&keylen); + if (keylen != 32) + { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, + GOST_R_INVALID_MAC_KEY_LENGTH); + return 0; + } + ret= pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, + 32,keybuf); + OPENSSL_free(keybuf); + return ret; + + } + return -2; + } + +static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + unsigned char *keydata; + if (!data->key_set) + { + GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN,GOST_R_MAC_KEY_NOT_SET); + return 0; + } + keydata = OPENSSL_malloc(32); + memcpy(keydata,data->key,32); + EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata); + return 1; + } + +static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) + { + return 1; +} + +static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx) + { + unsigned int tmpsiglen=*siglen; /* for platforms where sizeof(int)!=sizeof(size_t)*/ + int ret; + if (!sig) + { + *siglen = 4; + return 1; + } + ret=EVP_DigestFinal_ex(mctx,sig,&tmpsiglen); + *siglen = tmpsiglen; + return ret; + } +/* ----------------------------------------------------------------*/ +int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth,int flags) + { + *pmeth = EVP_PKEY_meth_new(id, flags); + if (!*pmeth) return 0; + + switch (id) + { + case NID_id_GostR3410_94: + EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_ctrl, pkey_gost_ctrl94_str); + EVP_PKEY_meth_set_keygen(*pmeth,NULL,pkey_gost94cp_keygen); + EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost94_cp_sign); + EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost94_cp_verify); + EVP_PKEY_meth_set_encrypt(*pmeth, + pkey_gost_encrypt_init, pkey_GOST94cp_encrypt); + EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST94cp_decrypt); + EVP_PKEY_meth_set_derive(*pmeth, + pkey_gost_derive_init, pkey_gost94_derive); + EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,pkey_gost94_paramgen); + break; + case NID_id_GostR3410_2001: + EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_ctrl, pkey_gost_ctrl01_str); + EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost01_cp_sign); + EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost01_cp_verify); + + EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost01cp_keygen); + + EVP_PKEY_meth_set_encrypt(*pmeth, + pkey_gost_encrypt_init, pkey_GOST01cp_encrypt); + EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_GOST01cp_decrypt); + EVP_PKEY_meth_set_derive(*pmeth, + pkey_gost_derive_init, pkey_gost2001_derive); + EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,pkey_gost01_paramgen); + break; + case NID_id_Gost28147_89_MAC: + EVP_PKEY_meth_set_ctrl(*pmeth,pkey_gost_mac_ctrl, pkey_gost_mac_ctrl_str); + EVP_PKEY_meth_set_signctx(*pmeth,pkey_gost_mac_signctx_init, pkey_gost_mac_signctx); + EVP_PKEY_meth_set_keygen(*pmeth,NULL, pkey_gost_mac_keygen); + EVP_PKEY_meth_set_init(*pmeth,pkey_gost_mac_init); + EVP_PKEY_meth_set_cleanup(*pmeth,pkey_gost_mac_cleanup); + EVP_PKEY_meth_set_copy(*pmeth,pkey_gost_mac_copy); + return 1; + default: /*Unsupported method*/ + return 0; + } + EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init); + EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup); + + EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy); + /*FIXME derive etc...*/ + + return 1; + } + diff --git a/lib/libssl/src/engines/ccgost/gost_sign.c b/lib/libssl/src/engines/ccgost/gost_sign.c new file mode 100644 index 00000000000..4095654358f --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gost_sign.c @@ -0,0 +1,321 @@ +/********************************************************************** + * gost_sign.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of GOST R 34.10-94 signature algorithm * + * for OpenSSL * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ +#include <string.h> +#include <openssl/rand.h> +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/evp.h> + +#include "gost_params.h" +#include "gost_lcl.h" +#include "e_gost_err.h" + +#ifdef DEBUG_SIGN +void dump_signature(const char *message,const unsigned char *buffer,size_t len) + { + size_t i; + fprintf(stderr,"signature %s Length=%d",message,len); + for (i=0; i<len; i++) + { + if (i% 16 ==0) fputc('\n',stderr); + fprintf (stderr," %02x",buffer[i]); + } + fprintf(stderr,"\nEnd of signature\n"); + } + +void dump_dsa_sig(const char *message, DSA_SIG *sig) + { + fprintf(stderr,"%s\nR=",message); + BN_print_fp(stderr,sig->r); + fprintf(stderr,"\nS="); + BN_print_fp(stderr,sig->s); + fprintf(stderr,"\n"); + } + +#else + +#define dump_signature(a,b,c) +#define dump_dsa_sig(a,b) +#endif + +/* + * Computes signature and returns it as DSA_SIG structure + */ +DSA_SIG *gost_do_sign(const unsigned char *dgst,int dlen, DSA *dsa) + { + BIGNUM *k=NULL,*tmp=NULL,*tmp2=NULL; + DSA_SIG *newsig = DSA_SIG_new(); + BIGNUM *md = hashsum2bn(dgst); + /* check if H(M) mod q is zero */ + BN_CTX *ctx=BN_CTX_new(); + BN_CTX_start(ctx); + if (!newsig) + { + GOSTerr(GOST_F_GOST_DO_SIGN,GOST_R_NO_MEMORY); + goto err; + } + tmp=BN_CTX_get(ctx); + k = BN_CTX_get(ctx); + tmp2 = BN_CTX_get(ctx); + BN_mod(tmp,md,dsa->q,ctx); + if (BN_is_zero(tmp)) + { + BN_one(md); + } + do + { + do + { + /*Generate random number k less than q*/ + BN_rand_range(k,dsa->q); + /* generate r = (a^x mod p) mod q */ + BN_mod_exp(tmp,dsa->g, k, dsa->p,ctx); + if (!(newsig->r)) newsig->r=BN_new(); + BN_mod(newsig->r,tmp,dsa->q,ctx); + } + while (BN_is_zero(newsig->r)); + /* generate s = (xr + k(Hm)) mod q */ + BN_mod_mul(tmp,dsa->priv_key,newsig->r,dsa->q,ctx); + BN_mod_mul(tmp2,k,md,dsa->q,ctx); + if (!newsig->s) newsig->s=BN_new(); + BN_mod_add(newsig->s,tmp,tmp2,dsa->q,ctx); + } + while (BN_is_zero(newsig->s)); + err: + BN_free(md); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return newsig; + } + + +/* + * Packs signature according to Cryptocom rules + * and frees up DSA_SIG structure + */ +/* +int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen) + { + *siglen = 2*order; + memset(sig,0,*siglen); + store_bignum(s->r, sig,order); + store_bignum(s->s, sig + order,order); + dump_signature("serialized",sig,*siglen); + DSA_SIG_free(s); + return 1; + } +*/ +/* + * Packs signature according to Cryptopro rules + * and frees up DSA_SIG structure + */ +int pack_sign_cp(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen) + { + *siglen = 2*order; + memset(sig,0,*siglen); + store_bignum(s->s, sig, order); + store_bignum(s->r, sig+order,order); + dump_signature("serialized",sig,*siglen); + DSA_SIG_free(s); + return 1; + } + +/* + * Verifies signature passed as DSA_SIG structure + * + */ + +int gost_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa) + { + BIGNUM *md, *tmp=NULL; + BIGNUM *q2=NULL; + BIGNUM *u=NULL,*v=NULL,*z1=NULL,*z2=NULL; + BIGNUM *tmp2=NULL,*tmp3=NULL; + int ok; + BN_CTX *ctx = BN_CTX_new(); + + BN_CTX_start(ctx); + if (BN_cmp(sig->s,dsa->q)>=1|| + BN_cmp(sig->r,dsa->q)>=1) + { + GOSTerr(GOST_F_GOST_DO_VERIFY,GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); + return 0; + } + md=hashsum2bn(dgst); + + tmp=BN_CTX_get(ctx); + v=BN_CTX_get(ctx); + q2=BN_CTX_get(ctx); + z1=BN_CTX_get(ctx); + z2=BN_CTX_get(ctx); + tmp2=BN_CTX_get(ctx); + tmp3=BN_CTX_get(ctx); + u = BN_CTX_get(ctx); + + BN_mod(tmp,md,dsa->q,ctx); + if (BN_is_zero(tmp)) + { + BN_one(md); + } + BN_copy(q2,dsa->q); + BN_sub_word(q2,2); + BN_mod_exp(v,md,q2,dsa->q,ctx); + BN_mod_mul(z1,sig->s,v,dsa->q,ctx); + BN_sub(tmp,dsa->q,sig->r); + BN_mod_mul(z2,tmp,v,dsa->p,ctx); + BN_mod_exp(tmp,dsa->g,z1,dsa->p,ctx); + BN_mod_exp(tmp2,dsa->pub_key,z2,dsa->p,ctx); + BN_mod_mul(tmp3,tmp,tmp2,dsa->p,ctx); + BN_mod(u,tmp3,dsa->q,ctx); + ok= BN_cmp(u,sig->r); + + BN_free(md); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + if (ok!=0) + { + GOSTerr(GOST_F_GOST_DO_VERIFY,GOST_R_SIGNATURE_MISMATCH); + } + return (ok==0); + } + +/* + * Computes public keys for GOST R 34.10-94 algorithm + * + */ +int gost94_compute_public(DSA *dsa) + { + /* Now fill algorithm parameters with correct values */ + BN_CTX *ctx = BN_CTX_new(); + if (!dsa->g) + { + GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC,GOST_R_KEY_IS_NOT_INITALIZED); + return 0; + } + /* Compute public key y = a^x mod p */ + dsa->pub_key=BN_new(); + BN_mod_exp(dsa->pub_key, dsa->g,dsa->priv_key,dsa->p,ctx); + BN_CTX_free(ctx); + return 1; + } + +/* + * Fill GOST 94 params, searching them in R3410_paramset array + * by nid of paramset + * + */ +int fill_GOST94_params(DSA *dsa,int nid) + { + R3410_params *params=R3410_paramset; + while (params->nid!=NID_undef && params->nid !=nid) params++; + if (params->nid == NID_undef) + { + GOSTerr(GOST_F_FILL_GOST94_PARAMS,GOST_R_UNSUPPORTED_PARAMETER_SET); + return 0; + } +#define dump_signature(a,b,c) + if (dsa->p) { BN_free(dsa->p); } + dsa->p=NULL; + BN_dec2bn(&(dsa->p),params->p); + if (dsa->q) { BN_free(dsa->q); } + dsa->q=NULL; + BN_dec2bn(&(dsa->q),params->q); + if (dsa->g) { BN_free(dsa->g); } + dsa->g=NULL; + BN_dec2bn(&(dsa->g),params->a); + return 1; + } + +/* + * Generate GOST R 34.10-94 keypair + * + * + */ +int gost_sign_keygen(DSA *dsa) + { + dsa->priv_key = BN_new(); + BN_rand_range(dsa->priv_key,dsa->q); + return gost94_compute_public( dsa); + } + +/* Unpack signature according to cryptocom rules */ +/* +DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen) + { + DSA_SIG *s; + s = DSA_SIG_new(); + if (s == NULL) + { + GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY); + return(NULL); + } + s->r = getbnfrombuf(sig, siglen/2); + s->s = getbnfrombuf(sig + siglen/2, siglen/2); + return s; + } +*/ +/* Unpack signature according to cryptopro rules */ +DSA_SIG *unpack_cp_signature(const unsigned char *sig,size_t siglen) + { + DSA_SIG *s; + + s = DSA_SIG_new(); + if (s == NULL) + { + GOSTerr(GOST_F_UNPACK_CP_SIGNATURE,GOST_R_NO_MEMORY); + return NULL; + } + s->s = getbnfrombuf(sig , siglen/2); + s->r = getbnfrombuf(sig + siglen/2, siglen/2); + return s; + } + +/* Convert little-endian byte array into bignum */ +BIGNUM *hashsum2bn(const unsigned char *dgst) + { + unsigned char buf[32]; + int i; + for (i=0;i<32;i++) + { + buf[31-i]=dgst[i]; + } + return getbnfrombuf(buf,32); + } + +/* Convert byte buffer to bignum, skipping leading zeros*/ +BIGNUM *getbnfrombuf(const unsigned char *buf,size_t len) + { + while (*buf==0&&len>0) + { + buf++; len--; + } + if (len) + { + return BN_bin2bn(buf,len,NULL); + } + else + { + BIGNUM *b=BN_new(); + BN_zero(b); + return b; + } + } + +/* Pack bignum into byte buffer of given size, filling all leading bytes + * by zeros */ +int store_bignum(BIGNUM *bn, unsigned char *buf,int len) + { + int bytes = BN_num_bytes(bn); + if (bytes>len) return 0; + memset(buf,0,len); + BN_bn2bin(bn,buf+len-bytes); + return 1; + } diff --git a/lib/libssl/src/engines/ccgost/gosthash.c b/lib/libssl/src/engines/ccgost/gosthash.c new file mode 100644 index 00000000000..a5c0662ffc3 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gosthash.c @@ -0,0 +1,255 @@ +/********************************************************************** + * gosthash.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Implementation of GOST R 34.11-94 hash function * + * uses on gost89.c and gost89.h Doesn't need OpenSSL * + **********************************************************************/ +#include <string.h> + +#include "gost89.h" +#include "gosthash.h" + + +/* Use OPENSSL_malloc for memory allocation if compiled with + * -DOPENSSL_BUILD, and libc malloc otherwise + */ +#ifndef MYALLOC +# ifdef OPENSSL_BUILD +# include <openssl/crypto.h> +# define MYALLOC(size) OPENSSL_malloc(size) +# define MYFREE(ptr) OPENSSL_free(ptr) +# else +# define MYALLOC(size) malloc(size) +# define MYFREE(ptr) free(ptr) +# endif +#endif +/* Following functions are various bit meshing routines used in + * GOST R 34.11-94 algorithms */ +static void swap_bytes (byte *w, byte *k) + { + int i,j; + for (i=0;i<4;i++) + for (j=0;j<8;j++) + k[i+4*j]=w[8*i+j]; + + } + +/* was A_A */ +static void circle_xor8 (const byte *w, byte *k) + { + byte buf[8]; + int i; + memcpy(buf,w,8); + memcpy(k,w+8,24); + for(i=0;i<8;i++) + k[i+24]=buf[i]^k[i]; + } + +/* was R_R */ +static void transform_3 (byte *data) + { + unsigned short int acc; + acc=(data[0]^data[2]^data[4]^data[6]^data[24]^data[30])| + ((data[1]^data[3]^data[5]^data[7]^data[25]^data[31])<<8); + memmove(data,data+2,30); + data[30]=acc&0xff; + data[31]=acc>>8; + } + +/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/ +static int add_blocks(int n,byte *left, const byte *right) + { + int i; + int carry=0; + int sum; + for (i=0;i<n;i++) + { + sum=(int)left[i]+(int)right[i]+carry; + left[i]=sum & 0xff; + carry=sum>>8; + } + return carry; + } + +/* Xor two sequences of bytes */ +static void xor_blocks (byte *result,const byte *a,const byte *b,size_t len) + { + size_t i; + for (i=0;i<len;i++) result[i]=a[i]^b[i]; + } + +/* + * Calculate H(i+1) = Hash(Hi,Mi) + * Where H and M are 32 bytes long + */ +static int hash_step(gost_ctx *c,byte *H,const byte *M) + { + byte U[32],W[32],V[32],S[32],Key[32]; + int i; + /* Compute first key */ + xor_blocks(W,H,M,32); + swap_bytes(W,Key); + /* Encrypt first 8 bytes of H with first key*/ + gost_enc_with_key(c,Key,H,S); + /* Compute second key*/ + circle_xor8(H,U); + circle_xor8(M,V); + circle_xor8(V,V); + xor_blocks(W,U,V,32); + swap_bytes(W,Key); + /* encrypt second 8 bytes of H with second key*/ + gost_enc_with_key(c,Key,H+8,S+8); + /* compute third key */ + circle_xor8(U,U); + U[31]=~U[31]; U[29]=~U[29]; U[28]=~U[28]; U[24]=~U[24]; + U[23]=~U[23]; U[20]=~U[20]; U[18]=~U[18]; U[17]=~U[17]; + U[14]=~U[14]; U[12]=~U[12]; U[10]=~U[10]; U[ 8]=~U[ 8]; + U[ 7]=~U[ 7]; U[ 5]=~U[ 5]; U[ 3]=~U[ 3]; U[ 1]=~U[ 1]; + circle_xor8(V,V); + circle_xor8(V,V); + xor_blocks(W,U,V,32); + swap_bytes(W,Key); + /* encrypt third 8 bytes of H with third key*/ + gost_enc_with_key(c,Key,H+16,S+16); + /* Compute fourth key */ + circle_xor8(U,U); + circle_xor8(V,V); + circle_xor8(V,V); + xor_blocks(W,U,V,32); + swap_bytes(W,Key); + /* Encrypt last 8 bytes with fourth key */ + gost_enc_with_key(c,Key,H+24,S+24); + for (i=0;i<12;i++) + transform_3(S); + xor_blocks(S,S,M,32); + transform_3(S); + xor_blocks(S,S,H,32); + for (i=0;i<61;i++) + transform_3(S); + memcpy(H,S,32); + return 1; + } + +/* Initialize gost_hash ctx - cleans up temporary structures and + * set up substitution blocks + */ +int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block) + { + memset(ctx,0,sizeof(gost_hash_ctx)); + ctx->cipher_ctx = (gost_ctx *)MYALLOC(sizeof(gost_ctx)); + if (!ctx->cipher_ctx) + { + return 0; + } + gost_init(ctx->cipher_ctx,subst_block); + return 1; + } + +/* + * Free cipher CTX if it is dynamically allocated. Do not use + * if cipher ctx is statically allocated as in OpenSSL implementation of + * GOST hash algroritm + * + */ +void done_gost_hash_ctx(gost_hash_ctx *ctx) + { + /* No need to use gost_destroy, because cipher keys are not really + * secret when hashing */ + MYFREE(ctx->cipher_ctx); + } + +/* + * reset state of hash context to begin hashing new message + */ +int start_hash(gost_hash_ctx *ctx) + { + if (!ctx->cipher_ctx) return 0; + memset(&(ctx->H),0,32); + memset(&(ctx->S),0,32); + ctx->len = 0L; + ctx->left=0; + return 1; + } + +/* + * Hash block of arbitrary length + * + * + */ +int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length) + { + const byte *curptr=block; + const byte *barrier=block+(length-32);/* Last byte we can safely hash*/ + if (ctx->left) + { + /*There are some bytes from previous step*/ + unsigned int add_bytes = 32-ctx->left; + if (add_bytes>length) + { + add_bytes = length; + } + memcpy(&(ctx->remainder[ctx->left]),block,add_bytes); + ctx->left+=add_bytes; + if (ctx->left<32) + { + return 1; + } + curptr=block+add_bytes; + hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder); + add_blocks(32,ctx->S,ctx->remainder); + ctx->len+=32; + ctx->left=0; + } + while (curptr<=barrier) + { + hash_step(ctx->cipher_ctx,ctx->H,curptr); + + add_blocks(32,ctx->S,curptr); + ctx->len+=32; + curptr+=32; + } + if (curptr!=block+length) + { + ctx->left=block+length-curptr; + memcpy(ctx->remainder,curptr,ctx->left); + } + return 1; + } + +/* + * Compute hash value from current state of ctx + * state of hash ctx becomes invalid and cannot be used for further + * hashing. + */ +int finish_hash(gost_hash_ctx *ctx,byte *hashval) + { + byte buf[32]; + byte H[32]; + byte S[32]; + ghosthash_len fin_len=ctx->len; + byte *bptr; + memcpy(H,ctx->H,32); + memcpy(S,ctx->S,32); + if (ctx->left) + { + memset(buf,0,32); + memcpy(buf,ctx->remainder,ctx->left); + hash_step(ctx->cipher_ctx,H,buf); + add_blocks(32,S,buf); + fin_len+=ctx->left; + } + memset(buf,0,32); + bptr=buf; + fin_len<<=3; /* Hash length in BITS!!*/ + while(fin_len>0) + { + *(bptr++)=(byte)(fin_len&0xFF); + fin_len>>=8; + }; + hash_step(ctx->cipher_ctx,H,buf); + hash_step(ctx->cipher_ctx,H,S); + memcpy(hashval,H,32); + return 1; + } diff --git a/lib/libssl/src/engines/ccgost/gosthash.h b/lib/libssl/src/engines/ccgost/gosthash.h new file mode 100644 index 00000000000..4a2e441ece2 --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gosthash.h @@ -0,0 +1,48 @@ +/********************************************************************** + * gosthash.h * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Declaration of GOST R 34.11-94 hash functions * + * uses and gost89.h Doesn't need OpenSSL * + **********************************************************************/ +#ifndef GOSTHASH_H +#define GOSTHASH_H +#include "gost89.h" +#include <stdlib.h> + +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +typedef __int64 ghosthash_len; +#elif defined(__arch64__) +typedef long ghosthash_len; +#else +typedef long long ghosthash_len; +#endif + +typedef struct gost_hash_ctx { + ghosthash_len len; + gost_ctx *cipher_ctx; + int left; + byte H[32]; + byte S[32]; + byte remainder[32]; +} gost_hash_ctx; + + +/* Initalizes gost hash ctx, including creation of gost cipher ctx */ + +int init_gost_hash_ctx(gost_hash_ctx *ctx, const gost_subst_block *subst_block); +void done_gost_hash_ctx(gost_hash_ctx *ctx); + +/* Cleans up all fields, except cipher ctx preparing ctx for computing + * of new hash value */ +int start_hash(gost_hash_ctx *ctx); + +/* Hashes block of data */ +int hash_block(gost_hash_ctx *ctx, const byte *block, size_t length); + +/* Finalizes computation of hash and fills buffer (which should be at + * least 32 bytes long) with value of computed hash. */ +int finish_hash(gost_hash_ctx *ctx, byte *hashval); + +#endif diff --git a/lib/libssl/src/engines/ccgost/gostsum.c b/lib/libssl/src/engines/ccgost/gostsum.c new file mode 100644 index 00000000000..d57112eb54a --- /dev/null +++ b/lib/libssl/src/engines/ccgost/gostsum.c @@ -0,0 +1,210 @@ +/********************************************************************** + * gostsum.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * Almost drop-in replacement for md5sum and sha1sum * + * which computes GOST R 34.11-94 hashsum instead * + * * + **********************************************************************/ +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <limits.h> +#include <fcntl.h> +#include <string.h> +#include "gosthash.h" +#define BUF_SIZE 262144 +int hash_file(gost_hash_ctx *ctx,char *filename,char *sum,int mode); +int hash_stream(gost_hash_ctx *ctx,int fd, char *sum); +int get_line(FILE *f,char *hash,char *filename); +void help() + { + fprintf(stderr,"gostsum [-bvt] [-c [file]]| [files]\n" + "\t-c check message digests (default is generate)\n" + "\t-v verbose, print file names when checking\n" + "\t-b read files in binary mode\n" + "\t-t use test GOST paramset (default is CryptoPro paramset)\n" + "The input for -c should be the list of message digests and file names\n" + "that is printed on stdout by this program when it generates digests.\n"); + exit(3); + } + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +int main(int argc,char **argv) + { + int c,i; + int verbose=0; + int errors=0; + int open_mode = O_RDONLY; + gost_subst_block *b= &GostR3411_94_CryptoProParamSet; + FILE *check_file = NULL; + gost_hash_ctx ctx; + + while( (c=getopt(argc,argv,"bc::tv"))!=-1) + { + switch (c) + { + case 'v': verbose=1; break; + case 't': b= &GostR3411_94_TestParamSet; break; + case 'b': open_mode |= O_BINARY; break; + case 'c': + if (optarg) + { + check_file = fopen(optarg,"r"); + if (!check_file) + { + perror(optarg); + exit(2); + } + } + else + { + check_file= stdin; + } + break; + default: + fprintf(stderr,"invalid option %c",optopt); + help(); + } + } + init_gost_hash_ctx(&ctx,b); + if (check_file) + { + char inhash[65],calcsum[65],filename[PATH_MAX]; + int failcount=0,count=0;; + if (check_file==stdin && optind<argc) + { + check_file=fopen(argv[optind],"r"); + if (!check_file) + { + perror(argv[optind]); + exit(2); + } + } + while (get_line(check_file,inhash,filename)) + { + if (!hash_file(&ctx,filename,calcsum,open_mode)) + { + exit (2); + } + count++; + if (!strncmp(calcsum,inhash,65)) + { + if (verbose) + { + fprintf(stderr,"%s\tOK\n",filename); + } + } + else + { + if (verbose) + { + fprintf(stderr,"%s\tFAILED\n",filename); + } + else + { + fprintf(stderr,"%s: GOST hash sum check failed for '%s'\n", + argv[0],filename); + } + failcount++; + } + } + if (verbose && failcount) + { + fprintf(stderr,"%s: %d of %d file(f) failed GOST hash sum check\n", + argv[0],failcount,count); + } + exit (failcount?1:0); + } + if (optind==argc) + { + char sum[65]; + if (!hash_stream(&ctx,fileno(stdin),sum)) + { + perror("stdin"); + exit(1); + } + printf("%s -\n",sum); + exit(0); + } + for (i=optind;i<argc;i++) + { + char sum[65]; + if (!hash_file(&ctx,argv[i],sum,open_mode)) + { + errors++; + } + else + { + printf("%s %s\n",sum,argv[i]); + } + } + exit(errors?1:0); + } + +int hash_file(gost_hash_ctx *ctx,char *filename,char *sum,int mode) + { + int fd; + if ((fd=open(filename,mode))<0) + { + perror(filename); + return 0; + } + if (!hash_stream(ctx,fd,sum)) + { + perror(filename); + return 0; + } + close(fd); + return 1; + } + +int hash_stream(gost_hash_ctx *ctx,int fd, char *sum) + { + unsigned char buffer[BUF_SIZE]; + ssize_t bytes; + int i; + start_hash(ctx); + while ((bytes=read(fd,buffer,BUF_SIZE))>0) + { + hash_block(ctx,buffer,bytes); + } + if (bytes<0) + { + return 0; + } + finish_hash(ctx,buffer); + for (i=0;i<32;i++) + { + sprintf(sum+2*i,"%02x",buffer[31-i]); + } + return 1; + } + +int get_line(FILE *f,char *hash,char *filename) + { + int i; + if (fread(hash,1,64,f)<64) return 0; + hash[64]=0; + for (i=0;i<64;i++) + { + if (hash[i]<'0' || (hash[i]>'9' && hash[i]<'A') || (hash[i]>'F' + && hash[i]<'a')||hash[i]>'f') + { + fprintf(stderr,"Not a hash value '%s'\n",hash); + return 0; + } + } + if (fgetc(f)!=' ') + { + fprintf(stderr,"Malformed input line\n"); + return 0; + } + i=strlen(fgets(filename,PATH_MAX,f)); + while (filename[--i]=='\n'||filename[i]=='\r') filename[i]=0; + return 1; + } diff --git a/lib/libssl/src/engines/e_4758cca.c b/lib/libssl/src/engines/e_4758cca.c index 0f1dae7567a..443182bd31e 100644 --- a/lib/libssl/src/engines/e_4758cca.c +++ b/lib/libssl/src/engines/e_4758cca.c @@ -92,7 +92,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from, static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa); static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); + const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); /* utility functions */ /*-----------------------*/ @@ -108,7 +108,7 @@ static int getModulusAndExponent(const unsigned char *token, long *exponentLengt /* RAND number functions */ /*-----------------------*/ -static int cca_get_random_bytes(unsigned char*, int ); +static int cca_get_random_bytes(unsigned char*, int); static int cca_random_status(void); #ifndef OPENSSL_NO_RSA @@ -482,10 +482,6 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, err: if (keyToken) OPENSSL_free(keyToken); - if (res) - EVP_PKEY_free(res); - if (rtmp) - RSA_free(rtmp); return NULL; } @@ -560,10 +556,6 @@ static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, err: if (keyToken) OPENSSL_free(keyToken); - if (res) - EVP_PKEY_free(res); - if (rtmp) - RSA_free(rtmp); return NULL; } @@ -626,7 +618,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from, #define SSL_SIG_LEN 36 static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) + const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) { long returnCode; long reasonCode; @@ -735,7 +727,8 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength, exitData, &ruleArrayLength, ruleArray, &keyTokenLength, - keyToken, &length, hashBuffer, &lsiglen, sigbuf); + keyToken, &length, hashBuffer, &lsiglen, + (unsigned char *)sigbuf); if (type == NID_sha1 || type == NID_md5) { diff --git a/lib/libssl/src/engines/e_aep.c b/lib/libssl/src/engines/e_aep.c index e24e4b424e4..742b4f9b186 100644 --- a/lib/libssl/src/engines/e_aep.c +++ b/lib/libssl/src/engines/e_aep.c @@ -57,7 +57,7 @@ #include <string.h> #include <openssl/e_os2.h> -#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) +#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) || defined(__MINGW32__) #include <sys/types.h> #include <unistd.h> #else diff --git a/lib/libssl/src/engines/e_chil.c b/lib/libssl/src/engines/e_chil.c index e1847622ea7..9c2729c96db 100644 --- a/lib/libssl/src/engines/e_chil.c +++ b/lib/libssl/src/engines/e_chil.c @@ -111,11 +111,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, #ifndef OPENSSL_NO_RSA /* RSA stuff */ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -#endif -#ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +static int hwcrhk_rsa_finish(RSA *rsa); #endif #ifndef OPENSSL_NO_DH @@ -135,10 +134,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data); static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data); -#ifndef OPENSSL_NO_RSA -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int ind,long argl, void *argp); -#endif /* Interaction stuff */ static int hwcrhk_insert_card(const char *prompt_info, @@ -193,7 +188,7 @@ static RSA_METHOD hwcrhk_rsa = hwcrhk_rsa_mod_exp, hwcrhk_mod_exp_mont, NULL, - NULL, + hwcrhk_rsa_finish, 0, NULL, NULL, @@ -232,7 +227,6 @@ static RAND_METHOD hwcrhk_rand = /* Constants used when creating the ENGINE */ static const char *engine_hwcrhk_id = "chil"; static const char *engine_hwcrhk_name = "CHIL hardware engine support"; - #ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Compatibility hack, the dynamic library uses this form in the path */ static const char *engine_hwcrhk_id_alt = "ncipher"; @@ -603,7 +597,7 @@ static int hwcrhk_init(ENGINE *e) if (hndidx_rsa == -1) hndidx_rsa = RSA_get_ex_new_index(0, "nFast HWCryptoHook RSA key handle", - NULL, NULL, hwcrhk_ex_free); + NULL, NULL, NULL); #endif return 1; err: @@ -847,8 +841,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, return res; err: - if (res) - EVP_PKEY_free(res); #ifndef OPENSSL_NO_RSA if (rtmp) RSA_free(rtmp); @@ -1081,6 +1073,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, { return hwcrhk_mod_exp(r, a, p, m, ctx); } + +static int hwcrhk_rsa_finish(RSA *rsa) + { + HWCryptoHook_RSAKeyHandle *hptr; + int ret; + hptr = RSA_get_ex_data(rsa, hndidx_rsa); + if (hptr) + { + ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); + OPENSSL_free(hptr); + RSA_set_ex_data(rsa, hndidx_rsa, NULL); + } + return 1; + } + #endif #ifndef OPENSSL_NO_DH @@ -1139,34 +1146,6 @@ static int hwcrhk_rand_status(void) return 1; } -/* This cleans up an RSA KM key, called when ex_data is freed */ -#ifndef OPENSSL_NO_RSA -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int ind,long argl, void *argp) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; -#ifndef OPENSSL_NO_RSA - HWCryptoHook_RSAKeyHandle *hptr; -#endif -#if !defined(OPENSSL_NO_RSA) - int ret; -#endif - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - -#ifndef OPENSSL_NO_RSA - hptr = (HWCryptoHook_RSAKeyHandle *) item; - if(hptr) - { - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); - OPENSSL_free(hptr); - } -#endif -} -#endif - /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model * these just wrap the POSIX functions and add some logging. */ @@ -1204,6 +1183,11 @@ static int hwcrhk_get_pass(const char *prompt_info, pem_password_cb *callback = NULL; void *callback_data = NULL; UI_METHOD *ui_method = NULL; + /* Despite what the documentation says prompt_info can be + * an empty string. + */ + if (prompt_info && !*prompt_info) + prompt_info = NULL; if (cactx) { @@ -1305,10 +1289,14 @@ static int hwcrhk_insert_card(const char *prompt_info, { char answer; char buf[BUFSIZ]; - - if (wrong_info) + /* Despite what the documentation says wrong_info can be + * an empty string. + */ + if (wrong_info && *wrong_info) BIO_snprintf(buf, sizeof(buf)-1, "Current card: \"%s\"\n", wrong_info); + else + buf[0] = 0; ok = UI_dup_info_string(ui, buf); if (ok >= 0 && prompt_info) { diff --git a/lib/libssl/src/engines/e_padlock.c b/lib/libssl/src/engines/e_padlock.c new file mode 100644 index 00000000000..381a746058a --- /dev/null +++ b/lib/libssl/src/engines/e_padlock.c @@ -0,0 +1,1227 @@ +/* + * Support for VIA PadLock Advanced Cryptography Engine (ACE) + * Written by Michal Ludvig <michal@logix.cz> + * http://www.logix.cz/michal + * + * Big thanks to Andy Polyakov for a help with optimization, + * assembler fixes, port to MS Windows and a lot of other + * valuable work on this engine! + */ + +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include <stdio.h> +#include <string.h> + +#include <openssl/opensslconf.h> +#include <openssl/crypto.h> +#include <openssl/dso.h> +#include <openssl/engine.h> +#include <openssl/evp.h> +#ifndef OPENSSL_NO_AES +#include <openssl/aes.h> +#endif +#include <openssl/rand.h> +#include <openssl/err.h> + +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_PADLOCK + +/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ +#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) +# ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define DYNAMIC_ENGINE +# endif +#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L) +# ifdef ENGINE_DYNAMIC_SUPPORT +# define DYNAMIC_ENGINE +# endif +#else +# error "Only OpenSSL >= 0.9.7 is supported" +#endif + +/* VIA PadLock AES is available *ONLY* on some x86 CPUs. + Not only that it doesn't exist elsewhere, but it + even can't be compiled on other platforms! + + In addition, because of the heavy use of inline assembler, + compiler choice is limited to GCC and Microsoft C. */ +#undef COMPILE_HW_PADLOCK +#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) +# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ + (defined(_MSC_VER) && defined(_M_IX86)) +# define COMPILE_HW_PADLOCK +static ENGINE *ENGINE_padlock (void); +# endif +#endif + +void ENGINE_load_padlock (void) +{ +/* On non-x86 CPUs it just returns. */ +#ifdef COMPILE_HW_PADLOCK + ENGINE *toadd = ENGINE_padlock (); + if (!toadd) return; + ENGINE_add (toadd); + ENGINE_free (toadd); + ERR_clear_error (); +#endif +} + +#ifdef COMPILE_HW_PADLOCK +/* We do these includes here to avoid header problems on platforms that + do not have the VIA padlock anyway... */ +#include <stdlib.h> +#ifdef _WIN32 +# include <malloc.h> +# ifndef alloca +# define alloca _alloca +# endif +#elif defined(__GNUC__) +# ifndef alloca +# define alloca(s) __builtin_alloca(s) +# endif +#endif + +/* Function for ENGINE detection and control */ +static int padlock_available(void); +static int padlock_init(ENGINE *e); + +/* RNG Stuff */ +static RAND_METHOD padlock_rand; + +/* Cipher Stuff */ +#ifndef OPENSSL_NO_AES +static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); +#endif + +/* Engine names */ +static const char *padlock_id = "padlock"; +static char padlock_name[100]; + +/* Available features */ +static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +static int padlock_use_rng = 0; /* Random Number Generator */ +#ifndef OPENSSL_NO_AES +static int padlock_aes_align_required = 1; +#endif + +/* ===== Engine "management" functions ===== */ + +/* Prepare the ENGINE structure for registration */ +static int +padlock_bind_helper(ENGINE *e) +{ + /* Check available features */ + padlock_available(); + +#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ + padlock_use_rng=0; +#endif + + /* Generate a nice engine name with available features */ + BIO_snprintf(padlock_name, sizeof(padlock_name), + "VIA PadLock (%s, %s)", + padlock_use_rng ? "RNG" : "no-RNG", + padlock_use_ace ? "ACE" : "no-ACE"); + + /* Register everything or return with an error */ + if (!ENGINE_set_id(e, padlock_id) || + !ENGINE_set_name(e, padlock_name) || + + !ENGINE_set_init_function(e, padlock_init) || +#ifndef OPENSSL_NO_AES + (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || +#endif + (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { + return 0; + } + + /* Everything looks good */ + return 1; +} + +/* Constructor */ +static ENGINE * +ENGINE_padlock(void) +{ + ENGINE *eng = ENGINE_new(); + + if (!eng) { + return NULL; + } + + if (!padlock_bind_helper(eng)) { + ENGINE_free(eng); + return NULL; + } + + return eng; +} + +/* Check availability of the engine */ +static int +padlock_init(ENGINE *e) +{ + return (padlock_use_rng || padlock_use_ace); +} + +/* This stuff is needed if this ENGINE is being compiled into a self-contained + * shared-library. + */ +#ifdef DYNAMIC_ENGINE +static int +padlock_bind_fn(ENGINE *e, const char *id) +{ + if (id && (strcmp(id, padlock_id) != 0)) { + return 0; + } + + if (!padlock_bind_helper(e)) { + return 0; + } + + return 1; +} + +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn) +#endif /* DYNAMIC_ENGINE */ + +/* ===== Here comes the "real" engine ===== */ + +#ifndef OPENSSL_NO_AES +/* Some AES-related constants */ +#define AES_BLOCK_SIZE 16 +#define AES_KEY_SIZE_128 16 +#define AES_KEY_SIZE_192 24 +#define AES_KEY_SIZE_256 32 + +/* Here we store the status information relevant to the + current context. */ +/* BIG FAT WARNING: + * Inline assembler in PADLOCK_XCRYPT_ASM() + * depends on the order of items in this structure. + * Don't blindly modify, reorder, etc! + */ +struct padlock_cipher_data +{ + unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */ + union { unsigned int pad[4]; + struct { + int rounds:4; + int dgst:1; /* n/a in C3 */ + int align:1; /* n/a in C3 */ + int ciphr:1; /* n/a in C3 */ + unsigned int keygen:1; + int interm:1; + unsigned int encdec:1; + int ksize:2; + } b; + } cword; /* Control word */ + AES_KEY ks; /* Encryption key */ +}; + +/* + * Essentially this variable belongs in thread local storage. + * Having this variable global on the other hand can only cause + * few bogus key reloads [if any at all on single-CPU system], + * so we accept the penatly... + */ +static volatile struct padlock_cipher_data *padlock_saved_context; +#endif + +/* + * ======================================================= + * Inline assembler section(s). + * ======================================================= + * Order of arguments is chosen to facilitate Windows port + * using __fastcall calling convention. If you wish to add + * more routines, keep in mind that first __fastcall + * argument is passed in %ecx and second - in %edx. + * ======================================================= + */ +#if defined(__GNUC__) && __GNUC__>=2 +/* + * As for excessive "push %ebx"/"pop %ebx" found all over. + * When generating position-independent code GCC won't let + * us use "b" in assembler templates nor even respect "ebx" + * in "clobber description." Therefore the trouble... + */ + +/* Helper function - check if a CPUID instruction + is available on this CPU */ +static int +padlock_insn_cpuid_available(void) +{ + int result = -1; + + /* We're checking if the bit #21 of EFLAGS + can be toggled. If yes = CPUID is available. */ + asm volatile ( + "pushf\n" + "popl %%eax\n" + "xorl $0x200000, %%eax\n" + "movl %%eax, %%ecx\n" + "andl $0x200000, %%ecx\n" + "pushl %%eax\n" + "popf\n" + "pushf\n" + "popl %%eax\n" + "andl $0x200000, %%eax\n" + "xorl %%eax, %%ecx\n" + "movl %%ecx, %0\n" + : "=r" (result) : : "eax", "ecx"); + + return (result == 0); +} + +/* Load supported features of the CPU to see if + the PadLock is available. */ +static int +padlock_available(void) +{ + char vendor_string[16]; + unsigned int eax, edx; + + /* First check if the CPUID instruction is available at all... */ + if (! padlock_insn_cpuid_available()) + return 0; + + /* Are we running on the Centaur (VIA) CPU? */ + eax = 0x00000000; + vendor_string[12] = 0; + asm volatile ( + "pushl %%ebx\n" + "cpuid\n" + "movl %%ebx,(%%edi)\n" + "movl %%edx,4(%%edi)\n" + "movl %%ecx,8(%%edi)\n" + "popl %%ebx" + : "+a"(eax) : "D"(vendor_string) : "ecx", "edx"); + if (strcmp(vendor_string, "CentaurHauls") != 0) + return 0; + + /* Check for Centaur Extended Feature Flags presence */ + eax = 0xC0000000; + asm volatile ("pushl %%ebx; cpuid; popl %%ebx" + : "+a"(eax) : : "ecx", "edx"); + if (eax < 0xC0000001) + return 0; + + /* Read the Centaur Extended Feature Flags */ + eax = 0xC0000001; + asm volatile ("pushl %%ebx; cpuid; popl %%ebx" + : "+a"(eax), "=d"(edx) : : "ecx"); + + /* Fill up some flags */ + padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); + padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); + + return padlock_use_ace + padlock_use_rng; +} + +#ifndef OPENSSL_NO_AES +/* Our own htonl()/ntohl() */ +static inline void +padlock_bswapl(AES_KEY *ks) +{ + size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); + unsigned int *key = ks->rd_key; + + while (i--) { + asm volatile ("bswapl %0" : "+r"(*key)); + key++; + } +} +#endif + +/* Force key reload from memory to the CPU microcode. + Loading EFLAGS from the stack clears EFLAGS[30] + which does the trick. */ +static inline void +padlock_reload_key(void) +{ + asm volatile ("pushfl; popfl"); +} + +#ifndef OPENSSL_NO_AES +/* + * This is heuristic key context tracing. At first one + * believes that one should use atomic swap instructions, + * but it's not actually necessary. Point is that if + * padlock_saved_context was changed by another thread + * after we've read it and before we compare it with cdata, + * our key *shall* be reloaded upon thread context switch + * and we are therefore set in either case... + */ +static inline void +padlock_verify_context(struct padlock_cipher_data *cdata) +{ + asm volatile ( + "pushfl\n" +" btl $30,(%%esp)\n" +" jnc 1f\n" +" cmpl %2,%1\n" +" je 1f\n" +" popfl\n" +" subl $4,%%esp\n" +"1: addl $4,%%esp\n" +" movl %2,%0" + :"+m"(padlock_saved_context) + : "r"(padlock_saved_context), "r"(cdata) : "cc"); +} + +/* Template for padlock_xcrypt_* modes */ +/* BIG FAT WARNING: + * The offsets used with 'leal' instructions + * describe items of the 'padlock_cipher_data' + * structure. + */ +#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ +static inline void *name(size_t cnt, \ + struct padlock_cipher_data *cdata, \ + void *out, const void *inp) \ +{ void *iv; \ + asm volatile ( "pushl %%ebx\n" \ + " leal 16(%0),%%edx\n" \ + " leal 32(%0),%%ebx\n" \ + rep_xcrypt "\n" \ + " popl %%ebx" \ + : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ + : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ + : "edx", "cc", "memory"); \ + return iv; \ +} + +/* Generate all functions with appropriate opcodes */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ +#endif + +/* The RNG call itself */ +static inline unsigned int +padlock_xstore(void *addr, unsigned int edx_in) +{ + unsigned int eax_out; + + asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */ + : "=a"(eax_out),"=m"(*(unsigned *)addr) + : "D"(addr), "d" (edx_in) + ); + + return eax_out; +} + +/* Why not inline 'rep movsd'? I failed to find information on what + * value in Direction Flag one can expect and consequently have to + * apply "better-safe-than-sorry" approach and assume "undefined." + * I could explicitly clear it and restore the original value upon + * return from padlock_aes_cipher, but it's presumably too much + * trouble for too little gain... + * + * In case you wonder 'rep xcrypt*' instructions above are *not* + * affected by the Direction Flag and pointers advance toward + * larger addresses unconditionally. + */ +static inline unsigned char * +padlock_memcpy(void *dst,const void *src,size_t n) +{ + long *d=dst; + const long *s=src; + + n /= sizeof(*d); + do { *d++ = *s++; } while (--n); + + return dst; +} + +#elif defined(_MSC_VER) +/* + * Unlike GCC these are real functions. In order to minimize impact + * on performance we adhere to __fastcall calling convention in + * order to get two first arguments passed through %ecx and %edx. + * Which kind of suits very well, as instructions in question use + * both %ecx and %edx as input:-) + */ +#define REP_XCRYPT(code) \ + _asm _emit 0xf3 \ + _asm _emit 0x0f _asm _emit 0xa7 \ + _asm _emit code + +/* BIG FAT WARNING: + * The offsets used with 'lea' instructions + * describe items of the 'padlock_cipher_data' + * structure. + */ +#define PADLOCK_XCRYPT_ASM(name,code) \ +static void * __fastcall \ + name (size_t cnt, void *cdata, \ + void *outp, const void *inp) \ +{ _asm mov eax,edx \ + _asm lea edx,[eax+16] \ + _asm lea ebx,[eax+32] \ + _asm mov edi,outp \ + _asm mov esi,inp \ + REP_XCRYPT(code) \ +} + +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8) + +static int __fastcall +padlock_xstore(void *outp,unsigned int code) +{ _asm mov edi,ecx + _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 +} + +static void __fastcall +padlock_reload_key(void) +{ _asm pushfd _asm popfd } + +static void __fastcall +padlock_verify_context(void *cdata) +{ _asm { + pushfd + bt DWORD PTR[esp],30 + jnc skip + cmp ecx,padlock_saved_context + je skip + popfd + sub esp,4 + skip: add esp,4 + mov padlock_saved_context,ecx + } +} + +static int +padlock_available(void) +{ _asm { + pushfd + pop eax + mov ecx,eax + xor eax,1<<21 + push eax + popfd + pushfd + pop eax + xor eax,ecx + bt eax,21 + jnc noluck + mov eax,0 + cpuid + xor eax,eax + cmp ebx,'tneC' + jne noluck + cmp edx,'Hrua' + jne noluck + cmp ecx,'slua' + jne noluck + mov eax,0xC0000000 + cpuid + mov edx,eax + xor eax,eax + cmp edx,0xC0000001 + jb noluck + mov eax,0xC0000001 + cpuid + xor eax,eax + bt edx,6 + jnc skip_a + bt edx,7 + jnc skip_a + mov padlock_use_ace,1 + inc eax + skip_a: bt edx,2 + jnc skip_r + bt edx,3 + jnc skip_r + mov padlock_use_rng,1 + inc eax + skip_r: + noluck: + } +} + +static void __fastcall +padlock_bswapl(void *key) +{ _asm { + pushfd + cld + mov esi,ecx + mov edi,ecx + mov ecx,60 + up: lodsd + bswap eax + stosd + loop up + popfd + } +} + +/* MS actually specifies status of Direction Flag and compiler even + * manages to compile following as 'rep movsd' all by itself... + */ +#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U)) +#endif + +/* ===== AES encryption/decryption ===== */ +#ifndef OPENSSL_NO_AES + +#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) +#define NID_aes_128_cfb NID_aes_128_cfb128 +#endif + +#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) +#define NID_aes_128_ofb NID_aes_128_ofb128 +#endif + +#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) +#define NID_aes_192_cfb NID_aes_192_cfb128 +#endif + +#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) +#define NID_aes_192_ofb NID_aes_192_ofb128 +#endif + +#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) +#define NID_aes_256_cfb NID_aes_256_cfb128 +#endif + +#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) +#define NID_aes_256_ofb NID_aes_256_ofb128 +#endif + +/* List of supported ciphers. */ +static int padlock_cipher_nids[] = { + NID_aes_128_ecb, + NID_aes_128_cbc, + NID_aes_128_cfb, + NID_aes_128_ofb, + + NID_aes_192_ecb, + NID_aes_192_cbc, + NID_aes_192_cfb, + NID_aes_192_ofb, + + NID_aes_256_ecb, + NID_aes_256_cbc, + NID_aes_256_cfb, + NID_aes_256_ofb, +}; +static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/ + sizeof(padlock_cipher_nids[0])); + +/* Function prototypes ... */ +static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t nbytes); + +#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ + ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) +#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ + NEAREST_ALIGNED(ctx->cipher_data)) + +#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_OFB 1 +#define EVP_CIPHER_block_size_CFB 1 + +/* Declaring so many ciphers by hand would be a pain. + Instead introduce a bit of preprocessor magic :-) */ +#define DECLARE_AES_EVP(ksize,lmode,umode) \ +static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ + NID_aes_##ksize##_##lmode, \ + EVP_CIPHER_block_size_##umode, \ + AES_KEY_SIZE_##ksize, \ + AES_BLOCK_SIZE, \ + 0 | EVP_CIPH_##umode##_MODE, \ + padlock_aes_init_key, \ + padlock_aes_cipher, \ + NULL, \ + sizeof(struct padlock_cipher_data) + 16, \ + EVP_CIPHER_set_asn1_iv, \ + EVP_CIPHER_get_asn1_iv, \ + NULL, \ + NULL \ +} + +DECLARE_AES_EVP(128,ecb,ECB); +DECLARE_AES_EVP(128,cbc,CBC); +DECLARE_AES_EVP(128,cfb,CFB); +DECLARE_AES_EVP(128,ofb,OFB); + +DECLARE_AES_EVP(192,ecb,ECB); +DECLARE_AES_EVP(192,cbc,CBC); +DECLARE_AES_EVP(192,cfb,CFB); +DECLARE_AES_EVP(192,ofb,OFB); + +DECLARE_AES_EVP(256,ecb,ECB); +DECLARE_AES_EVP(256,cbc,CBC); +DECLARE_AES_EVP(256,cfb,CFB); +DECLARE_AES_EVP(256,ofb,OFB); + +static int +padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) +{ + /* No specific cipher => return a list of supported nids ... */ + if (!cipher) { + *nids = padlock_cipher_nids; + return padlock_cipher_nids_num; + } + + /* ... or the requested "cipher" otherwise */ + switch (nid) { + case NID_aes_128_ecb: + *cipher = &padlock_aes_128_ecb; + break; + case NID_aes_128_cbc: + *cipher = &padlock_aes_128_cbc; + break; + case NID_aes_128_cfb: + *cipher = &padlock_aes_128_cfb; + break; + case NID_aes_128_ofb: + *cipher = &padlock_aes_128_ofb; + break; + + case NID_aes_192_ecb: + *cipher = &padlock_aes_192_ecb; + break; + case NID_aes_192_cbc: + *cipher = &padlock_aes_192_cbc; + break; + case NID_aes_192_cfb: + *cipher = &padlock_aes_192_cfb; + break; + case NID_aes_192_ofb: + *cipher = &padlock_aes_192_ofb; + break; + + case NID_aes_256_ecb: + *cipher = &padlock_aes_256_ecb; + break; + case NID_aes_256_cbc: + *cipher = &padlock_aes_256_cbc; + break; + case NID_aes_256_cfb: + *cipher = &padlock_aes_256_cfb; + break; + case NID_aes_256_ofb: + *cipher = &padlock_aes_256_ofb; + break; + + default: + /* Sorry, we don't support this NID */ + *cipher = NULL; + return 0; + } + + return 1; +} + +/* Prepare the encryption key for PadLock usage */ +static int +padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + struct padlock_cipher_data *cdata; + int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8; + + if (key==NULL) return 0; /* ERROR */ + + cdata = ALIGNED_CIPHER_DATA(ctx); + memset(cdata, 0, sizeof(struct padlock_cipher_data)); + + /* Prepare Control word. */ + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) + cdata->cword.b.encdec = 0; + else + cdata->cword.b.encdec = (ctx->encrypt == 0); + cdata->cword.b.rounds = 10 + (key_len - 128) / 32; + cdata->cword.b.ksize = (key_len - 128) / 64; + + switch(key_len) { + case 128: + /* PadLock can generate an extended key for + AES128 in hardware */ + memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128); + cdata->cword.b.keygen = 0; + break; + + case 192: + case 256: + /* Generate an extended AES key in software. + Needed for AES192/AES256 */ + /* Well, the above applies to Stepping 8 CPUs + and is listed as hardware errata. They most + likely will fix it at some point and then + a check for stepping would be due here. */ + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || + EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || + enc) + AES_set_encrypt_key(key, key_len, &cdata->ks); + else + AES_set_decrypt_key(key, key_len, &cdata->ks); +#ifndef AES_ASM + /* OpenSSL C functions use byte-swapped extended key. */ + padlock_bswapl(&cdata->ks); +#endif + cdata->cword.b.keygen = 1; + break; + + default: + /* ERROR */ + return 0; + } + + /* + * This is done to cover for cases when user reuses the + * context for new key. The catch is that if we don't do + * this, padlock_eas_cipher might proceed with old key... + */ + padlock_reload_key (); + + return 1; +} + +/* + * Simplified version of padlock_aes_cipher() used when + * 1) both input and output buffers are at aligned addresses. + * or when + * 2) running on a newer CPU that doesn't require aligned buffers. + */ +static int +padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, + const unsigned char *in_arg, size_t nbytes) +{ + struct padlock_cipher_data *cdata; + void *iv; + + cdata = ALIGNED_CIPHER_DATA(ctx); + padlock_verify_context(cdata); + + switch (EVP_CIPHER_CTX_mode(ctx)) { + case EVP_CIPH_ECB_MODE: + padlock_xcrypt_ecb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); + break; + + case EVP_CIPH_CBC_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + iv = padlock_xcrypt_cbc(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + break; + + case EVP_CIPH_CFB_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + iv = padlock_xcrypt_cfb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + break; + + case EVP_CIPH_OFB_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + padlock_xcrypt_ofb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); + memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); + break; + + default: + return 0; + } + + memset(cdata->iv, 0, AES_BLOCK_SIZE); + + return 1; +} + +#ifndef PADLOCK_CHUNK +# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ +#endif +#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) +# error "insane PADLOCK_CHUNK..." +#endif + +/* Re-align the arguments to 16-Bytes boundaries and run the + encryption function itself. This function is not AES-specific. */ +static int +padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, + const unsigned char *in_arg, size_t nbytes) +{ + struct padlock_cipher_data *cdata; + const void *inp; + unsigned char *out; + void *iv; + int inp_misaligned, out_misaligned, realign_in_loop; + size_t chunk, allocated=0; + + /* ctx->num is maintained in byte-oriented modes, + such as CFB and OFB... */ + if ((chunk = ctx->num)) { /* borrow chunk variable */ + unsigned char *ivp=ctx->iv; + + switch (EVP_CIPHER_CTX_mode(ctx)) { + case EVP_CIPH_CFB_MODE: + if (chunk >= AES_BLOCK_SIZE) + return 0; /* bogus value */ + + if (ctx->encrypt) + while (chunk<AES_BLOCK_SIZE && nbytes!=0) { + ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk]; + chunk++, nbytes--; + } + else while (chunk<AES_BLOCK_SIZE && nbytes!=0) { + unsigned char c = *(in_arg++); + *(out_arg++) = c ^ ivp[chunk]; + ivp[chunk++] = c, nbytes--; + } + + ctx->num = chunk%AES_BLOCK_SIZE; + break; + case EVP_CIPH_OFB_MODE: + if (chunk >= AES_BLOCK_SIZE) + return 0; /* bogus value */ + + while (chunk<AES_BLOCK_SIZE && nbytes!=0) { + *(out_arg++) = *(in_arg++) ^ ivp[chunk]; + chunk++, nbytes--; + } + + ctx->num = chunk%AES_BLOCK_SIZE; + break; + } + } + + if (nbytes == 0) + return 1; +#if 0 + if (nbytes % AES_BLOCK_SIZE) + return 0; /* are we expected to do tail processing? */ +#else + /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC + modes and arbitrary value in byte-oriented modes, such as + CFB and OFB... */ +#endif + + /* VIA promises CPUs that won't require alignment in the future. + For now padlock_aes_align_required is initialized to 1 and + the condition is never met... */ + /* C7 core is capable to manage unaligned input in non-ECB[!] + mode, but performance penalties appear to be approximately + same as for software alignment below or ~3x. They promise to + improve it in the future, but for now we can just as well + pretend that it can only handle aligned input... */ + if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0) + return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); + + inp_misaligned = (((size_t)in_arg) & 0x0F); + out_misaligned = (((size_t)out_arg) & 0x0F); + + /* Note that even if output is aligned and input not, + * I still prefer to loop instead of copy the whole + * input and then encrypt in one stroke. This is done + * in order to improve L1 cache utilization... */ + realign_in_loop = out_misaligned|inp_misaligned; + + if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0) + return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); + + /* this takes one "if" out of the loops */ + chunk = nbytes; + chunk %= PADLOCK_CHUNK; + if (chunk==0) chunk = PADLOCK_CHUNK; + + if (out_misaligned) { + /* optmize for small input */ + allocated = (chunk<nbytes?PADLOCK_CHUNK:nbytes); + out = alloca(0x10 + allocated); + out = NEAREST_ALIGNED(out); + } + else + out = out_arg; + + cdata = ALIGNED_CIPHER_DATA(ctx); + padlock_verify_context(cdata); + + switch (EVP_CIPHER_CTX_mode(ctx)) { + case EVP_CIPH_ECB_MODE: + do { + if (inp_misaligned) + inp = padlock_memcpy(out, in_arg, chunk); + else + inp = in_arg; + in_arg += chunk; + + padlock_xcrypt_ecb(chunk/AES_BLOCK_SIZE, cdata, out, inp); + + if (out_misaligned) + out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; + else + out = out_arg+=chunk; + + nbytes -= chunk; + chunk = PADLOCK_CHUNK; + } while (nbytes); + break; + + case EVP_CIPH_CBC_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + goto cbc_shortcut; + do { + if (iv != cdata->iv) + memcpy(cdata->iv, iv, AES_BLOCK_SIZE); + chunk = PADLOCK_CHUNK; + cbc_shortcut: /* optimize for small input */ + if (inp_misaligned) + inp = padlock_memcpy(out, in_arg, chunk); + else + inp = in_arg; + in_arg += chunk; + + iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp); + + if (out_misaligned) + out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; + else + out = out_arg+=chunk; + + } while (nbytes -= chunk); + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + break; + + case EVP_CIPH_CFB_MODE: + memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); + chunk &= ~(AES_BLOCK_SIZE-1); + if (chunk) goto cfb_shortcut; + else goto cfb_skiploop; + do { + if (iv != cdata->iv) + memcpy(cdata->iv, iv, AES_BLOCK_SIZE); + chunk = PADLOCK_CHUNK; + cfb_shortcut: /* optimize for small input */ + if (inp_misaligned) + inp = padlock_memcpy(out, in_arg, chunk); + else + inp = in_arg; + in_arg += chunk; + + iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp); + + if (out_misaligned) + out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; + else + out = out_arg+=chunk; + + nbytes -= chunk; + } while (nbytes >= AES_BLOCK_SIZE); + + cfb_skiploop: + if (nbytes) { + unsigned char *ivp = cdata->iv; + + if (iv != ivp) { + memcpy(ivp, iv, AES_BLOCK_SIZE); + iv = ivp; + } + ctx->num = nbytes; + if (cdata->cword.b.encdec) { + cdata->cword.b.encdec=0; + padlock_reload_key(); + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + cdata->cword.b.encdec=1; + padlock_reload_key(); + while(nbytes) { + unsigned char c = *(in_arg++); + *(out_arg++) = c ^ *ivp; + *(ivp++) = c, nbytes--; + } + } + else { padlock_reload_key(); + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + padlock_reload_key(); + while (nbytes) { + *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; + ivp++, nbytes--; + } + } + } + + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + break; + + case EVP_CIPH_OFB_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + chunk &= ~(AES_BLOCK_SIZE-1); + if (chunk) do { + if (inp_misaligned) + inp = padlock_memcpy(out, in_arg, chunk); + else + inp = in_arg; + in_arg += chunk; + + padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp); + + if (out_misaligned) + out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; + else + out = out_arg+=chunk; + + nbytes -= chunk; + chunk = PADLOCK_CHUNK; + } while (nbytes >= AES_BLOCK_SIZE); + + if (nbytes) { + unsigned char *ivp = cdata->iv; + + ctx->num = nbytes; + padlock_reload_key(); /* empirically found */ + padlock_xcrypt_ecb(1,cdata,ivp,ivp); + padlock_reload_key(); /* empirically found */ + while (nbytes) { + *(out_arg++) = *(in_arg++) ^ *ivp; + ivp++, nbytes--; + } + } + + memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); + break; + + default: + return 0; + } + + /* Clean the realign buffer if it was used */ + if (out_misaligned) { + volatile unsigned long *p=(void *)out; + size_t n = allocated/sizeof(*p); + while (n--) *p++=0; + } + + memset(cdata->iv, 0, AES_BLOCK_SIZE); + + return 1; +} + +#endif /* OPENSSL_NO_AES */ + +/* ===== Random Number Generator ===== */ +/* + * This code is not engaged. The reason is that it does not comply + * with recommendations for VIA RNG usage for secure applications + * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it + * provide meaningful error control... + */ +/* Wrapper that provides an interface between the API and + the raw PadLock RNG */ +static int +padlock_rand_bytes(unsigned char *output, int count) +{ + unsigned int eax, buf; + + while (count >= 8) { + eax = padlock_xstore(output, 0); + if (!(eax&(1<<6))) return 0; /* RNG disabled */ + /* this ---vv--- covers DC bias, Raw Bits and String Filter */ + if (eax&(0x1F<<10)) return 0; + if ((eax&0x1F)==0) continue; /* no data, retry... */ + if ((eax&0x1F)!=8) return 0; /* fatal failure... */ + output += 8; + count -= 8; + } + while (count > 0) { + eax = padlock_xstore(&buf, 3); + if (!(eax&(1<<6))) return 0; /* RNG disabled */ + /* this ---vv--- covers DC bias, Raw Bits and String Filter */ + if (eax&(0x1F<<10)) return 0; + if ((eax&0x1F)==0) continue; /* no data, retry... */ + if ((eax&0x1F)!=1) return 0; /* fatal failure... */ + *output++ = (unsigned char)buf; + count--; + } + *(volatile unsigned int *)&buf=0; + + return 1; +} + +/* Dummy but necessary function */ +static int +padlock_rand_status(void) +{ + return 1; +} + +/* Prepare structure for registration */ +static RAND_METHOD padlock_rand = { + NULL, /* seed */ + padlock_rand_bytes, /* bytes */ + NULL, /* cleanup */ + NULL, /* add */ + padlock_rand_bytes, /* pseudorand */ + padlock_rand_status, /* rand status */ +}; + +#else /* !COMPILE_HW_PADLOCK */ +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } +IMPLEMENT_DYNAMIC_CHECK_FN() +#endif +#endif /* COMPILE_HW_PADLOCK */ + +#endif /* !OPENSSL_NO_HW_PADLOCK */ +#endif /* !OPENSSL_NO_HW */ diff --git a/lib/libssl/src/engines/e_padlock.ec b/lib/libssl/src/engines/e_padlock.ec new file mode 100644 index 00000000000..5c8a1d26a5b --- /dev/null +++ b/lib/libssl/src/engines/e_padlock.ec @@ -0,0 +1 @@ +L PADLOCK e_padlock_err.h e_padlock_err.c diff --git a/lib/libssl/src/engines/e_sureware.c b/lib/libssl/src/engines/e_sureware.c index 58fa9a98ee2..cd0fa4c3979 100644 --- a/lib/libssl/src/engines/e_sureware.c +++ b/lib/libssl/src/engines/e_sureware.c @@ -758,8 +758,6 @@ static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,un } return res; err: - if (res) - EVP_PKEY_free(res); #ifndef OPENSSL_NO_RSA if (rsatmp) RSA_free(rsatmp); diff --git a/lib/libssl/src/engines/ia64.opt b/lib/libssl/src/engines/ia64.opt new file mode 100644 index 00000000000..1dc71bf4b7e --- /dev/null +++ b/lib/libssl/src/engines/ia64.opt @@ -0,0 +1 @@ +SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE) diff --git a/lib/libssl/src/engines/makeengines.com b/lib/libssl/src/engines/makeengines.com index 840864f7cf0..6cf42360776 100644 --- a/lib/libssl/src/engines/makeengines.com +++ b/lib/libssl/src/engines/makeengines.com @@ -1,11 +1,11 @@ $! -$! MAKEAPPS.COM +$! MAKEENGINES.COM $! Written By: Richard Levitte $! richard@levitte.org $! $! This command file compiles and creates the various engines in form $! of shared images. They are placed in [.xxx.EXE.ENGINES], where "xxx" -$! is either AXP or VAX depending on your hardware. +$! is ALPHA, IA64 or VAX, depending on your hardware. $! $! P1 if this is ENGINES or ALL, the engines will build, otherwise not. $! @@ -30,22 +30,49 @@ $! all available engines are built. $! $!----------------------------------------------------------------------------- $! +$! Set the default TCP/IP library to link against if needed +$! +$ TCPIP_LIB = "" +$! +$! Check What Architecture We Are Using. +$! +$ IF (F$GETSYI("CPU").LT.128) +$ THEN +$! +$! The Architecture Is VAX. +$! +$ ARCH = "VAX" +$! +$! Else... +$! +$ ELSE +$! +$! The Architecture Is Alpha, IA64 or whatever comes in the future. +$! +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" +$! +$! End The Architecture Check. +$! +$ ENDIF +$! $! Set the names of the engines we want to build +$! NOTE: Some might think this list ugly. However, it's made this way to +$! reflect the LIBNAMES variable in Makefile as closely as possible, +$! thereby making it fairly easy to verify that the lists are the same. +$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another +$! library that isn't necessarely ported to VMS. $! $ ENGINES = "," + P6 $ IF ENGINES .EQS. "," THEN - - ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,capi" + ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock," $! -$! Set the default TCP/IP library to link against if needed -$! -$ TCPIP_LIB = "" +$! GOST requires a 64-bit integer type, unavailable on VAX. $! -$! Set the architecture name +$ IF (ARCH .NES. "VAX") THEN - + ENGINES = ENGINES+ ",ccgost" $! -$ ARCH := VAX -$ IF F$GETSYI("CPU") .GE. 128 THEN ARCH := AXP -$! -$! Set the goal directories, and creat them if necessary +$! Set the goal directories, and create them if necessary $! $ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES] $ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES] @@ -55,7 +82,6 @@ $! $! Set the goal files, and create them if necessary $! $ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB -$ CRYPTO_EXE :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE $ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB' $! $! OK, time to check options and initialise @@ -71,13 +97,15 @@ $ GOSUB CHECK_OPTIONS $ GOSUB INITIALISE $ GOSUB CHECK_OPT_FILE $! -$! Define what goes into each engine +$! Define what goes into each engine. VAX includes a transfer vector. $! $ ENGINE_ = "" +$ TV_OBJ = "" $ IF ARCH .EQS. "VAX" $ THEN $ ENGINE_ = "engine_vector.mar" -$ EXTRA_OBJ := ,'OBJ_DIR'ENGINE_VECTOR.OBJ +$ TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ" +$ TV_OBJ = ",''TV_OBJ_NAME'" $ ENDIF $ ENGINE_4758CCA = "e_4758cca" $ ENGINE_aep = "e_aep" @@ -87,7 +115,13 @@ $ ENGINE_chil = "e_chil" $ ENGINE_nuron = "e_nuron" $ ENGINE_sureware = "e_sureware" $ ENGINE_ubsec = "e_ubsec" -$ ENGINE_capi = "e_capi" +$ ENGINE_padlock = "e_padlock" +$ +$ ENGINE_ccgost_SUBDIR = "ccgost" +$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ - + "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ - + "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ - + "gost_sign" $! $! Define which programs need to be linked with a TCP/IP library $! @@ -134,6 +168,13 @@ $ ELSE $ WRITE SYS$OUTPUT "Compiling Support Files. (",BUILDALL,")" $ ENDIF $! +$! Create a .OPT file for the object files (for a real engine name). +$! +$ IF ENGINE_NAME .NES. "" +$ THEN +$ OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT +$ ENDIF +$! $! Here's the start of per-engine module loop. $! $ FILE_COUNTER = 0 @@ -150,7 +191,12 @@ $ IF FILE_NAME .EQS. "" THEN GOTO FILE_NEXT $! $! Set up the source and object reference $! -$ SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[].C",,,"SYNTAX_ONLY") +$ IF F$TYPE('LIB_ENGINE'_SUBDIR) .EQS. "" +$ THEN +$ SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[].C",,,"SYNTAX_ONLY") +$ ELSE +$ SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[."+'LIB_ENGINE'_SUBDIR+"].C",,,"SYNTAX_ONLY") +$ ENDIF $ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ" $! $! If we get some problem, we just go on trying to build the next module. @@ -173,13 +219,34 @@ $! $! Do the dirty work. $! $ ON ERROR THEN GOTO FILE_NEXT -$ IF FILE_NAME - ".MAR" .NES. FILE_NAME +$ IF F$EDIT(F$PARSE(SOURCE_FILE,,,"TYPE","SYNTAX_ONLY"),"UPCASE") .EQS. ".MAR" $ THEN $ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ELSE $ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' $ ENDIF $! +$! Write the entry to the .OPT file (for a real engine name). +$! +$ IF ENGINE_NAME .NES. "" +$ THEN +$ WRITE OBJECTS OBJECT_FILE +$ ENDIF +$! +$! Next file +$! +$ GOTO FILE_NEXT +$! +$ FILE_DONE: +$! +$! Do not link the support files. +$! +$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT +$! +$! Close the linker options file (for a real engine name). +$! +$ CLOSE OBJECTS +$! $! Now, there are two ways to handle this. We can either build $! shareable images or stick the engine object file into libcrypto. $! For now, the latter is NOT supported. @@ -193,26 +260,16 @@ $ ENGINE_OPT := SYS$DISK:[]'ARCH'.OPT $ IF TCPIP_LIB .NES. "" $ THEN $ LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE - - 'OBJECT_FILE''EXTRA_OBJ', - + 'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', - 'CRYPTO_LIB'/LIBRARY, - 'ENGINE_OPT'/OPTION,'TCPIP_LIB','OPT_FILE'/OPTION $ ELSE $ LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE - - 'OBJECT_FILE''EXTRA_OBJ', - + 'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', - 'CRYPTO_LIB'/LIBRARY, - 'ENGINE_OPT'/OPTION,'OPT_FILE'/OPTION $ ENDIF $! -$! Clean up -$! -$ DELETE 'OBJECT_FILE';* -$! -$! Next file -$! -$ GOTO FILE_NEXT -$! -$ FILE_DONE: -$! $! Next engine $! $ GOTO ENGINE_NEXT @@ -299,7 +356,7 @@ $! $ IF (F$SEARCH(OPT_FILE).EQS."") $ THEN $! -$! Figure Out If We Need An AXP Or A VAX Linker Option File. +$! Figure Out If We Need A non-VAX Or A VAX Linker Option File. $! $ IF ARCH .EQS. "VAX" $ THEN @@ -319,19 +376,19 @@ $! Else... $! $ ELSE $! -$! Create The AXP Linker Option File. +$! Create The non-VAX Linker Option File. $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For AXP To Link Agianst +! Default System Options File For non-VAX To Link Agianst ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE SYS$SHARE:CMA$OPEN_RTL/SHARE $EOD $! -$! End The VAX/AXP DEC C Option File Check. +$! End The DEC C Option File Check. $! $ ENDIF $! @@ -368,13 +425,13 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If OPT_PHASE Has A Valid Arguement. +$! Else, Check To See If OPT_PHASE Has A Valid Argument. $! $ IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") - .NES. ("," + ACCEPT_PHASE + ",") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = OPT_PHASE $! @@ -396,15 +453,16 @@ $ IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," - $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " where 'xxx' stands for:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " AXP : Alpha architecture." -$ WRITE SYS$OUTPUT " VAX : VAX architecture." +$ WRITE SYS$OUTPUT " ALPHA : Alpha architecture." +$ WRITE SYS$OUTPUT " IA64 : IA64 architecture." +$ WRITE SYS$OUTPUT " VAX : VAX architecture." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -457,7 +515,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -522,7 +580,7 @@ $ ELSE $! $! Check To See If We Have VAXC Or DECC. $! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") +$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -633,7 +691,7 @@ $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -655,7 +713,7 @@ $! $! Compile Using VAXC. $! $ CC = "CC" -$ IF ARCH.EQS."AXP" +$ IF ARCH.NES."VAX" $ THEN $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" $ EXIT @@ -672,7 +730,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -699,7 +757,7 @@ $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -726,7 +784,7 @@ $! Show user the result $! $ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -744,14 +802,14 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! $! Build a MACRO command for the architecture at hand $! $ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'" -$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" +$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" $! $! Show user the result $! @@ -840,7 +898,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/lib/libssl/src/ms/README b/lib/libssl/src/ms/README index 7a45db10810..07f1925d5f0 100644 --- a/lib/libssl/src/ms/README +++ b/lib/libssl/src/ms/README @@ -4,7 +4,7 @@ to build with visual C++ 4.[01]. The results will be in the out directory. -These makefiles and def files were generated my typing +These makefiles and def files were generated by typing perl util\mk1mf.pl VC-NT >ms/nt.mak perl util\mk1mf.pl VC-NT dll >ms/ntdll.mak diff --git a/lib/libssl/src/ms/do_win64a.bat b/lib/libssl/src/ms/do_win64a.bat index 825c6902215..495f1ea7d8b 100755 --- a/lib/libssl/src/ms/do_win64a.bat +++ b/lib/libssl/src/ms/do_win64a.bat @@ -1,9 +1,9 @@ -
-perl util\mkfiles.pl >MINFO
-perl ms\uplink.pl win64a > ms\uptable.asm
-ml64 -c -Foms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl no-asm VC-WIN64A >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN64A >ms\ntdll.mak
-
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+ +perl util\mkfiles.pl >MINFO +perl ms\uplink.pl win64a > ms\uptable.asm +ml64 -c -Foms\uptable.obj ms\uptable.asm +perl util\mk1mf.pl no-asm VC-WIN64A >ms\nt.mak +perl util\mk1mf.pl dll no-asm VC-WIN64A >ms\ntdll.mak + +perl util\mkdef.pl 32 libeay > ms\libeay32.def +perl util\mkdef.pl 32 ssleay > ms\ssleay32.def diff --git a/lib/libssl/src/ms/do_win64i.bat b/lib/libssl/src/ms/do_win64i.bat index 7bfc2f18188..15ebcaaeb6b 100755 --- a/lib/libssl/src/ms/do_win64i.bat +++ b/lib/libssl/src/ms/do_win64i.bat @@ -1,9 +1,9 @@ -
-perl util\mkfiles.pl >MINFO
-perl ms\uplink.pl win64i > ms\uptable.asm
-ias -o ms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl no-asm VC-WIN64I >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN64I >ms\ntdll.mak
-
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+ +perl util\mkfiles.pl >MINFO +perl ms\uplink.pl win64i > ms\uptable.asm +ias -o ms\uptable.obj ms\uptable.asm +perl util\mk1mf.pl no-asm VC-WIN64I >ms\nt.mak +perl util\mk1mf.pl dll no-asm VC-WIN64I >ms\ntdll.mak + +perl util\mkdef.pl 32 libeay > ms\libeay32.def +perl util\mkdef.pl 32 ssleay > ms\ssleay32.def diff --git a/lib/libssl/src/ms/tencce.bat b/lib/libssl/src/ms/tencce.bat index 6a944d7671e..c8b1acd4b44 100644 --- a/lib/libssl/src/ms/tencce.bat +++ b/lib/libssl/src/ms/tencce.bat @@ -1,19 +1,19 @@ -rem called by testencce
-
-echo test %1 %2 %3 %4 %5 %6
-cecopy %input% CE:\OpenSSL
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
-del %out1% >nul 2>&1
-cecopy CE:\OpenSSL\%out1% .
-%cmp% %input% %out1%
-if errorlevel 1 goto err
-
-echo test base64 %1 %2 %3 %4 %5 %6
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
-del %out1% >nul 2>&1
-cecopy CE:\OpenSSL\%out1% .
-%cmp% %input% %out1%
-
-:err
+rem called by testencce + +echo test %1 %2 %3 %4 %5 %6 +cecopy %input% CE:\OpenSSL +cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1% +cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1% +del %out1% >nul 2>&1 +cecopy CE:\OpenSSL\%out1% . +%cmp% %input% %out1% +if errorlevel 1 goto err + +echo test base64 %1 %2 %3 %4 %5 %6 +cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1% +cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1% +del %out1% >nul 2>&1 +cecopy CE:\OpenSSL\%out1% . +%cmp% %input% %out1% + +:err diff --git a/lib/libssl/src/ms/testencce.bat b/lib/libssl/src/ms/testencce.bat index 04faa5d99b6..1da3e0861f2 100644 --- a/lib/libssl/src/ms/testencce.bat +++ b/lib/libssl/src/ms/testencce.bat @@ -1,97 +1,97 @@ -@echo off
-echo start testenc
-
-path=..\ms;%path%
-set ssleay=%1%
-copy ..\ms\testenc.bat >nul
-set input=testenc.bat
-set tmp1=cipher.out
-set out1=clear.out
-set cmp=perl ..\ms\cmp.pl
-
-cecopy %ssleay% CE:\OpenSSL
-
-cd
-call tencce.bat enc
-if errorlevel 1 goto err
-
-call tencce.bat rc4
-if errorlevel 1 goto err
-
-call tencce.bat des-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ecb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3
-if errorlevel 1 goto err
-
-call tencce.bat des-cbc
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-cbc
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-cbc
-if errorlevel 1 goto err
-
-call tencce.bat idea-ecb
-if errorlevel 1 goto err
-
-call tencce.bat idea-cfb
-if errorlevel 1 goto err
-
-call tencce.bat idea-ofb
-if errorlevel 1 goto err
-
-call tencce.bat idea-cbc
-if errorlevel 1 goto err
-
-call tencce.bat rc2-ecb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-cfb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-ofb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-cbc
-if errorlevel 1 goto err
-
-call tencce.bat bf-ecb
-if errorlevel 1 goto err
-
-call tencce.bat bf-cfb
-if errorlevel 1 goto err
-
-call tencce.bat bf-ofb
-if errorlevel 1 goto err
-
-call tencce.bat bf-cbc
-if errorlevel 1 goto err
-
-echo OK
-del %out1% >nul 2>&1
-del %tmp1% >nul 2>&1
-:err
-
+@echo off +echo start testenc + +path=..\ms;%path% +set ssleay=%1% +copy ..\ms\testenc.bat >nul +set input=testenc.bat +set tmp1=cipher.out +set out1=clear.out +set cmp=perl ..\ms\cmp.pl + +cecopy %ssleay% CE:\OpenSSL + +cd +call tencce.bat enc +if errorlevel 1 goto err + +call tencce.bat rc4 +if errorlevel 1 goto err + +call tencce.bat des-cfb +if errorlevel 1 goto err + +call tencce.bat des-ede-cfb +if errorlevel 1 goto err + +call tencce.bat des-ede3-cfb +if errorlevel 1 goto err + +call tencce.bat des-ofb +if errorlevel 1 goto err + +call tencce.bat des-ede-ofb +if errorlevel 1 goto err + +call tencce.bat des-ede3-ofb +if errorlevel 1 goto err + +call tencce.bat des-ecb +if errorlevel 1 goto err + +call tencce.bat des-ede +if errorlevel 1 goto err + +call tencce.bat des-ede3 +if errorlevel 1 goto err + +call tencce.bat des-cbc +if errorlevel 1 goto err + +call tencce.bat des-ede-cbc +if errorlevel 1 goto err + +call tencce.bat des-ede3-cbc +if errorlevel 1 goto err + +call tencce.bat idea-ecb +if errorlevel 1 goto err + +call tencce.bat idea-cfb +if errorlevel 1 goto err + +call tencce.bat idea-ofb +if errorlevel 1 goto err + +call tencce.bat idea-cbc +if errorlevel 1 goto err + +call tencce.bat rc2-ecb +if errorlevel 1 goto err + +call tencce.bat rc2-cfb +if errorlevel 1 goto err + +call tencce.bat rc2-ofb +if errorlevel 1 goto err + +call tencce.bat rc2-cbc +if errorlevel 1 goto err + +call tencce.bat bf-ecb +if errorlevel 1 goto err + +call tencce.bat bf-cfb +if errorlevel 1 goto err + +call tencce.bat bf-ofb +if errorlevel 1 goto err + +call tencce.bat bf-cbc +if errorlevel 1 goto err + +echo OK +del %out1% >nul 2>&1 +del %tmp1% >nul 2>&1 +:err + diff --git a/lib/libssl/src/ms/testpemce.bat b/lib/libssl/src/ms/testpemce.bat index c793c3e5143..ac64a7912ce 100644 --- a/lib/libssl/src/ms/testpemce.bat +++ b/lib/libssl/src/ms/testpemce.bat @@ -1,42 +1,42 @@ -@echo off
-set ssleay=%1%
-set tmp1=pem.out
-set cmp=fc.exe
-
-cecopy %ssleay% CE:\OpenSSL
-
-copy ..\test\testcrl.pem >nul
-call tpemce.bat crl testcrl.pem
-if errorlevel 1 goto err
-
-copy ..\test\testp7.pem >nul
-call tpemce.bat pkcs7 testp7.pem
-if errorlevel 1 goto err
-
-copy ..\test\testreq2.pem >nul
-call tpemce.bat req testreq2.pem
-if errorlevel 1 goto err
-
-copy ..\test\testrsa.pem >nul
-call tpemce.bat rsa testrsa.pem
-if errorlevel 1 goto err
-
-copy ..\test\testx509.pem >nul
-call tpemce.bat x509 testx509.pem
-if errorlevel 1 goto err
-
-copy ..\test\v3-cert1.pem >nul
-call tpemce.bat x509 v3-cert1.pem
-if errorlevel 1 goto err
-
-copy ..\test\v3-cert1.pem >nul
-call tpemce.bat x509 v3-cert1.pem
-if errorlevel 1 goto err
-
-copy ..\test\testsid.pem >nul
-call tpemce.bat sess_id testsid.pem
-if errorlevel 1 goto err
-
-echo OK
-del %tmp1% >nul 2>&1
-:err
+@echo off +set ssleay=%1% +set tmp1=pem.out +set cmp=fc.exe + +cecopy %ssleay% CE:\OpenSSL + +copy ..\test\testcrl.pem >nul +call tpemce.bat crl testcrl.pem +if errorlevel 1 goto err + +copy ..\test\testp7.pem >nul +call tpemce.bat pkcs7 testp7.pem +if errorlevel 1 goto err + +copy ..\test\testreq2.pem >nul +call tpemce.bat req testreq2.pem +if errorlevel 1 goto err + +copy ..\test\testrsa.pem >nul +call tpemce.bat rsa testrsa.pem +if errorlevel 1 goto err + +copy ..\test\testx509.pem >nul +call tpemce.bat x509 testx509.pem +if errorlevel 1 goto err + +copy ..\test\v3-cert1.pem >nul +call tpemce.bat x509 v3-cert1.pem +if errorlevel 1 goto err + +copy ..\test\v3-cert1.pem >nul +call tpemce.bat x509 v3-cert1.pem +if errorlevel 1 goto err + +copy ..\test\testsid.pem >nul +call tpemce.bat sess_id testsid.pem +if errorlevel 1 goto err + +echo OK +del %tmp1% >nul 2>&1 +:err diff --git a/lib/libssl/src/ms/testssce.bat b/lib/libssl/src/ms/testssce.bat index dbb25abdb05..18381ed2faf 100644 --- a/lib/libssl/src/ms/testssce.bat +++ b/lib/libssl/src/ms/testssce.bat @@ -1,104 +1,104 @@ -rem set ssleay=..\out\ssleay
-set ssleay=%1
-
-set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509
-set verifycmd=%ssleay% verify
-
-set CAkey=\OpenSSL\keyCA.ss
-set CAcert=\OpenSSL\certCA.ss
-set CAserial=\OpenSSL\certCA.srl
-set CAreq=\OpenSSL\reqCA.ss
-cecopy ..\test\CAss.cnf CE:\OpenSSL
-set CAconf=\OpenSSL\CAss.cnf
-set CAreq2=\OpenSSL\req2CA.ss
-
-cecopy ..\test\Uss.cnf CE:\OpenSSL
-set Uconf=\OpenSSL\Uss.cnf
-set Ukey=\OpenSSL\keyU.ss
-set Ureq=\OpenSSL\reqU.ss
-set Ucert=\OpenSSL\certU.ss
-
-echo make a certificate request using 'req'
-cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto e_req
-
-echo convert the certificate request into a self signed certificate using 'x509'
-cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_x509
-
-echo --
-echo convert a certificate into a certificate request using 'x509'
-cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_x509_2
-
-cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto e_vrfy_1
-
-cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto e_vrfy_2
-
-cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto e_vrfy_3
-
-echo --
-echo make another certificate request using 'req'
-cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_req_gen
-
-echo --
-echo sign certificate request with the just created CA via 'x509'
-cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto e_x_sign
-
-cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
-echo Certificate details
-cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-
-cecopy CE:%CAcert% .
-cecopy CE:%CAkey% .
-cecopy CE:%CAserial% .
-cecopy CE:%Ucert% .
-cecopy CE:%Ukey% .
-
-echo Everything appeared to work
-echo --
-echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
-
-echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
-echo --
-
-cedel CE:\OpenSSL\err.ss
-
-goto end
-
-:e_req
-echo error using 'req' to generate a certificate request
-goto end
-:e_x509
-echo error using 'x509' to self sign a certificate request
-goto end
-:e_x509_2
-echo error using 'x509' convert a certificate to a certificate request
-goto end
-:e_vrfy_1
-echo first generated request is invalid
-goto end
-:e_vrfy_2
-echo second generated request is invalid
-goto end
-:e_vrfy_3
-echo first generated cert is invalid
-goto end
-:e_req_gen
-echo error using 'req' to generate a certificate request
-goto end
-:e_x_sign
-echo error using 'x509' to sign a certificate request
-goto end
-
-:end
+rem set ssleay=..\out\ssleay +set ssleay=%1 + +set reqcmd=%ssleay% req +set x509cmd=%ssleay% x509 +set verifycmd=%ssleay% verify + +set CAkey=\OpenSSL\keyCA.ss +set CAcert=\OpenSSL\certCA.ss +set CAserial=\OpenSSL\certCA.srl +set CAreq=\OpenSSL\reqCA.ss +cecopy ..\test\CAss.cnf CE:\OpenSSL +set CAconf=\OpenSSL\CAss.cnf +set CAreq2=\OpenSSL\req2CA.ss + +cecopy ..\test\Uss.cnf CE:\OpenSSL +set Uconf=\OpenSSL\Uss.cnf +set Ukey=\OpenSSL\keyU.ss +set Ureq=\OpenSSL\reqU.ss +set Ucert=\OpenSSL\certU.ss + +echo make a certificate request using 'req' +cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new +if errorlevel 1 goto e_req + +echo convert the certificate request into a self signed certificate using 'x509' +cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss" +if errorlevel 1 goto e_x509 + +echo -- +echo convert a certificate into a certificate request using 'x509' +cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss" +if errorlevel 1 goto e_x509_2 + +cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout +if errorlevel 1 goto e_vrfy_1 + +cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout +if errorlevel 1 goto e_vrfy_2 + +cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert% +if errorlevel 1 goto e_vrfy_3 + +echo -- +echo make another certificate request using 'req' +cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss" +if errorlevel 1 goto e_req_gen + +echo -- +echo sign certificate request with the just created CA via 'x509' +cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial% +if errorlevel 1 goto e_x_sign + +cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert% +echo -- +echo Certificate details +cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert% + +cecopy CE:%CAcert% . +cecopy CE:%CAkey% . +cecopy CE:%CAserial% . +cecopy CE:%Ucert% . +cecopy CE:%Ukey% . + +echo Everything appeared to work +echo -- +echo The generated CA certificate is %CAcert% +echo The generated CA private key is %CAkey% +echo The current CA signing serial number is in %CAserial% + +echo The generated user certificate is %Ucert% +echo The generated user private key is %Ukey% +echo -- + +cedel CE:\OpenSSL\err.ss + +goto end + +:e_req +echo error using 'req' to generate a certificate request +goto end +:e_x509 +echo error using 'x509' to self sign a certificate request +goto end +:e_x509_2 +echo error using 'x509' convert a certificate to a certificate request +goto end +:e_vrfy_1 +echo first generated request is invalid +goto end +:e_vrfy_2 +echo second generated request is invalid +goto end +:e_vrfy_3 +echo first generated cert is invalid +goto end +:e_req_gen +echo error using 'req' to generate a certificate request +goto end +:e_x_sign +echo error using 'x509' to sign a certificate request +goto end + +:end diff --git a/lib/libssl/src/ms/tpemce.bat b/lib/libssl/src/ms/tpemce.bat index 17b2acd390d..483f559cfa5 100644 --- a/lib/libssl/src/ms/tpemce.bat +++ b/lib/libssl/src/ms/tpemce.bat @@ -1,8 +1,8 @@ -rem called by testpemce
-
-echo test %1 %2
-cecopy %2 CE:\OpenSSL
-cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1%
-del %tmp1% >nul 2>&1
-cecopy CE:\OpenSSL\%tmp1% .
-%cmp% %2 %tmp1%
+rem called by testpemce + +echo test %1 %2 +cecopy %2 CE:\OpenSSL +cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1% +del %tmp1% >nul 2>&1 +cecopy CE:\OpenSSL\%tmp1% . +%cmp% %2 %tmp1% diff --git a/lib/libssl/src/ms/uplink-common.pl b/lib/libssl/src/ms/uplink-common.pl new file mode 100755 index 00000000000..1d20e6e03ed --- /dev/null +++ b/lib/libssl/src/ms/uplink-common.pl @@ -0,0 +1,22 @@ +#!/usr/bin/env perl +# +# pull APPLINK_MAX value from applink.c... +$applink_c=$0; +$applink_c=~s|[^/\\]+$||g; +$applink_c.="applink.c"; +open(INPUT,$applink_c) || die "can't open $applink_c: $!"; +@max=grep {/APPLINK_MAX\s+(\d+)/} <INPUT>; +close(INPUT); +($#max==0) or die "can't find APPLINK_MAX in $applink_c"; + +$max[0]=~/APPLINK_MAX\s+(\d+)/; +$N=$1; # number of entries in OPENSSL_UplinkTable not including + # OPENSSL_UplinkTable[0], which contains this value... + +1; + +# Idea is to fill the OPENSSL_UplinkTable with pointers to stubs +# which invoke 'void OPENSSL_Uplink (ULONG_PTR *table,int index)'; +# and then dereference themselves. Latter shall result in endless +# loop *unless* OPENSSL_Uplink does not replace 'table[index]' with +# something else, e.g. as 'table[index]=unimplemented;'... diff --git a/lib/libssl/src/ms/uplink-ia64.pl b/lib/libssl/src/ms/uplink-ia64.pl new file mode 100755 index 00000000000..4204c73d586 --- /dev/null +++ b/lib/libssl/src/ms/uplink-ia64.pl @@ -0,0 +1,50 @@ +#!/usr/bin/env perl + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}."); + +require "uplink-common.pl"; + +local $V=8; # max number of args uplink functions may accept... +my $loc0 = "r".(32+$V); +print <<___; +.text +.global OPENSSL_Uplink# +.type OPENSSL_Uplink#,\@function + +___ +for ($i=1;$i<=$N;$i++) { +print <<___; +.proc lazy$i# +lazy$i: + .prologue +{ .mii; .save ar.pfs,$loc0 + alloc loc0=ar.pfs,$V,3,2,0 + .save b0,loc1 + mov loc1=b0 + addl loc2=\@ltoff(OPENSSL_UplinkTable#),gp };; + .body +{ .mmi; ld8 out0=[loc2] + mov out1=$i };; +{ .mib; add loc2=8*$i,out0 + br.call.sptk.many b0=OPENSSL_Uplink# };; +{ .mmi; ld8 r31=[loc2];; + ld8 r30=[r31],8 };; +{ .mii; ld8 gp=[r31] + mov b6=r30 + mov b0=loc1 };; +{ .mib; mov ar.pfs=loc0 + br.many b6 };; +.endp lazy$i# + +___ +} +print <<___; +.data +.global OPENSSL_UplinkTable# +OPENSSL_UplinkTable: data8 $N // amount of following entries +___ +for ($i=1;$i<=$N;$i++) { print " data8 \@fptr(lazy$i#)\n"; } +print <<___; +.size OPENSSL_UplinkTable,.-OPENSSL_UplinkTable# +___ diff --git a/lib/libssl/src/ms/uplink-x86.pl b/lib/libssl/src/ms/uplink-x86.pl new file mode 100755 index 00000000000..0dffc14fcd2 --- /dev/null +++ b/lib/libssl/src/ms/uplink-x86.pl @@ -0,0 +1,33 @@ +#!/usr/bin/env perl + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC, "${dir}.", "${dir}../crypto/perlasm"); +require "x86asm.pl"; + +require "uplink-common.pl"; + +&asm_init($ARGV[0],"uplink-x86"); + +&external_label("OPENSSL_Uplink"); +&public_label("OPENSSL_UplinkTable"); + +for ($i=1;$i<=$N;$i++) { +&function_begin_B("_\$lazy${i}"); + &lea ("eax",&DWP(&label("OPENSSL_UplinkTable"))); + &push ("eax"); + &push ($i); + &call (&label("OPENSSL_Uplink")); + &add ("esp",8); + &pop ("eax"); + &jmp_ptr(&DWP(4*$i,"eax")); +&function_end_B("_\$lazy${i}"); +} + +&dataseg(); +&align(4); +&set_label("OPENSSL_UplinkTable"); +&data_word($N); +for ($i=1;$i<=$N;$i++) { +&data_word(&label("_\$lazy${i}")); +} +&asm_finish(); diff --git a/lib/libssl/src/ms/uplink-x86_64.pl b/lib/libssl/src/ms/uplink-x86_64.pl new file mode 100755 index 00000000000..9acbf6be6f4 --- /dev/null +++ b/lib/libssl/src/ms/uplink-x86_64.pl @@ -0,0 +1,64 @@ +#!/usr/bin/env perl + +$output=shift; +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +open STDOUT,"| $^X ${dir}../crypto/perlasm/x86_64-xlate.pl $output"; +push(@INC,"${dir}."); + +require "uplink-common.pl"; + +$prefix="_lazy"; + +print <<___; +.text +.extern OPENSSL_Uplink +.globl OPENSSL_UplinkTable +___ +for ($i=1;$i<=$N;$i++) { +print <<___; +.type $prefix${i},\@abi-omnipotent +.align 16 +$prefix${i}: + .byte 0x48,0x83,0xEC,0x28 # sub rsp,40 + mov %rcx,48(%rsp) + mov %rdx,56(%rsp) + mov %r8,64(%rsp) + mov %r9,72(%rsp) + lea OPENSSL_UplinkTable(%rip),%rcx + mov \$$i,%rdx + call OPENSSL_Uplink + mov 48(%rsp),%rcx + mov 56(%rsp),%rdx + mov 64(%rsp),%r8 + mov 72(%rsp),%r9 + lea OPENSSL_UplinkTable(%rip),%rax + add \$40,%rsp + jmp *8*$i(%rax) +$prefix${i}_end: +.size $prefix${i},.-$prefix${i} +___ +} +print <<___; +.data +OPENSSL_UplinkTable: + .quad $N +___ +for ($i=1;$i<=$N;$i++) { print " .quad $prefix$i\n"; } +print <<___; +.section .pdata,"r" +.align 4 +___ +for ($i=1;$i<=$N;$i++) { +print <<___; + .rva $prefix${i},$prefix${i}_end,${prefix}_unwind_info +___ +} +print <<___; +.section .xdata,"r" +.align 8 +${prefix}_unwind_info: + .byte 0x01,0x04,0x01,0x00 + .byte 0x04,0x42,0x00,0x00 +___ + +close STDOUT; diff --git a/lib/libssl/src/shlib/win32.bat b/lib/libssl/src/shlib/win32.bat index c807a99d353..2b0faaa17ba 100644 --- a/lib/libssl/src/shlib/win32.bat +++ b/lib/libssl/src/shlib/win32.bat @@ -14,5 +14,5 @@ cl /Focrypto.obj -DWIN32 %OPTIONS% -c crypto\crypto.c cl /Fossl.obj -DWIN32 %OPTIONS% -c ssl\ssl.c cl /Foeay.obj -DWIN32 %OPTIONS% -c apps\eay.c -cl /Fessleay.exe %OPTIONS% eay.obj ssl.obj crypto.obj crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib wsock32.lib +cl /Fessleay.exe %OPTIONS% eay.obj ssl.obj crypto.obj crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib ws2_32.lib diff --git a/lib/libssl/src/shlib/win32dll.bat b/lib/libssl/src/shlib/win32dll.bat index 294c94c81c0..844e3537c8d 100644 --- a/lib/libssl/src/shlib/win32dll.bat +++ b/lib/libssl/src/shlib/win32dll.bat @@ -5,9 +5,9 @@ set OPTIONS2=/W3 /WX /Ox /Gf /nologo set OPTIONS=%OPTIONS1% %OPTIONS2% -cl /Felibeay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\libeay32.def crypto\crypto.c crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib wsock32.lib +cl /Felibeay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\libeay32.def crypto\crypto.c crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib ws2_32.lib cl /Fessleay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\ssleay32.def ssl\ssl.c libeay32.lib -cl /Fessleay.exe /MD -DWIN32 %OPTIONS% apps\eay.c ssleay32.lib libeay32.lib user32.lib wsock32.lib +cl /Fessleay.exe /MD -DWIN32 %OPTIONS% apps\eay.c ssleay32.lib libeay32.lib user32.lib ws2_32.lib diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c index 15a201a25cf..4ce4064cc91 100644 --- a/lib/libssl/src/ssl/d1_both.c +++ b/lib/libssl/src/ssl/d1_both.c @@ -123,6 +123,37 @@ #include <openssl/evp.h> #include <openssl/x509.h> +#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) + +#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ + if ((end) - (start) <= 8) { \ + long ii; \ + for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ + } else { \ + long ii; \ + bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ + for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ + bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ + } } + +#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ + long ii; \ + OPENSSL_assert((msg_len) > 0); \ + is_complete = 1; \ + if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ + if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ + if (bitmask[ii] != 0xff) { is_complete = 0; break; } } + +#if 0 +#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ + long ii; \ + printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ + printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ + printf("\n"); } +#endif + +static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; +static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; /* XDTLS: figure out the right values */ static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; @@ -136,15 +167,15 @@ static unsigned char *dtls1_write_message_header(SSL *s, static void dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len); -static int dtls1_retransmit_buffered_messages(SSL *s); static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok); static hm_fragment * -dtls1_hm_fragment_new(unsigned long frag_len) +dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) { hm_fragment *frag = NULL; unsigned char *buf = NULL; + unsigned char *bitmask = NULL; frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); if ( frag == NULL) @@ -163,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len) /* zero length fragment gets zero frag->fragment */ frag->fragment = buf; + /* Initialize reassembly bitmask if necessary */ + if (reassembly) + { + bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); + if (bitmask == NULL) + { + if (buf != NULL) OPENSSL_free(buf); + OPENSSL_free(frag); + return NULL; + } + memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); + } + + frag->reassembly = bitmask; + return frag; } @@ -170,6 +216,7 @@ static void dtls1_hm_fragment_free(hm_fragment *frag) { if (frag->fragment) OPENSSL_free(frag->fragment); + if (frag->reassembly) OPENSSL_free(frag->reassembly); OPENSSL_free(frag); } @@ -178,7 +225,7 @@ int dtls1_do_write(SSL *s, int type) { int ret; int curr_mtu; - unsigned int len, frag_off; + unsigned int len, frag_off, mac_size, blocksize; /* AHA! Figure out the MTU, and stick to the right size */ if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) @@ -226,11 +273,22 @@ int dtls1_do_write(SSL *s, int type) OPENSSL_assert(s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + if (s->write_hash) + mac_size = EVP_MD_CTX_size(s->write_hash); + else + mac_size = 0; + + if (s->enc_write_ctx && + (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) + blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); + else + blocksize = 0; + frag_off = 0; while( s->init_num) { curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - - DTLS1_RT_HEADER_LENGTH; + DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) { @@ -238,7 +296,8 @@ int dtls1_do_write(SSL *s, int type) ret = BIO_flush(SSL_get_wbio(s)); if ( ret <= 0) return ret; - curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH; + curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - + mac_size - blocksize; } if ( s->init_num > curr_mtu) @@ -280,7 +339,7 @@ int dtls1_do_write(SSL *s, int type) * retransmit */ if ( BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL)) + BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); else @@ -301,7 +360,7 @@ int dtls1_do_write(SSL *s, int type) const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; int xlen; - if (frag_off == 0 && s->client_version != DTLS1_BAD_VER) + if (frag_off == 0 && s->version != DTLS1_BAD_VER) { /* reconstruct message header is if it * is being sent in single fragment */ @@ -352,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) { int i, al; struct hm_header_st *msg_hdr; + unsigned char *p; + unsigned long msg_len; /* s3->tmp is used to store messages that are unexpected, caused * by the absence of an optional handshake message */ @@ -371,76 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) } msg_hdr = &s->d1->r_msg_hdr; - do - { - if ( msg_hdr->frag_off == 0) - { - /* s->d1->r_message_header.msg_len = 0; */ - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - } + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - i = dtls1_get_message_fragment(s, st1, stn, max, ok); - if ( i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ - continue; - else if ( i <= 0 && !*ok) - return i; +again: + i = dtls1_get_message_fragment(s, st1, stn, max, ok); + if ( i == DTLS1_HM_BAD_FRAGMENT || + i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ + goto again; + else if ( i <= 0 && !*ok) + return i; - /* Note that s->init_sum is used as a counter summing - * up fragments' lengths: as soon as they sum up to - * handshake packet length, we assume we have got all - * the fragments. Overlapping fragments would cause - * premature termination, so we don't expect overlaps. - * Well, handling overlaps would require something more - * drastic. Indeed, as it is now there is no way to - * tell if out-of-order fragment from the middle was - * the last. '>=' is the best/least we can do to control - * the potential damage caused by malformed overlaps. */ - if ((unsigned int)s->init_num >= msg_hdr->msg_len) - { - unsigned char *p = (unsigned char *)s->init_buf->data; - unsigned long msg_len = msg_hdr->msg_len; - - /* reconstruct message header as if it was - * sent in single fragment */ - *(p++) = msg_hdr->type; - l2n3(msg_len,p); - s2n (msg_hdr->seq,p); - l2n3(0,p); - l2n3(msg_len,p); - if (s->client_version != DTLS1_BAD_VER) - p -= DTLS1_HM_HEADER_LENGTH, - msg_len += DTLS1_HM_HEADER_LENGTH; - - ssl3_finish_mac(s, p, msg_len); - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, msg_len, - s, s->msg_callback_arg); - - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - - s->d1->handshake_read_seq++; - /* we just read a handshake message from the other side: - * this means that we don't need to retransmit of the - * buffered messages. - * XDTLS: may be able clear out this - * buffer a little sooner (i.e if an out-of-order - * handshake message/record is received at the record - * layer. - * XDTLS: exception is that the server needs to - * know that change cipher spec and finished messages - * have been received by the client before clearing this - * buffer. this can simply be done by waiting for the - * first data segment, but is there a better way? */ - dtls1_clear_record_buffer(s); - - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return s->init_num; - } - else - msg_hdr->frag_off = i; - } while(1) ; + p = (unsigned char *)s->init_buf->data; + msg_len = msg_hdr->msg_len; + + /* reconstruct message header */ + *(p++) = msg_hdr->type; + l2n3(msg_len,p); + s2n (msg_hdr->seq,p); + l2n3(0,p); + l2n3(msg_len,p); + if (s->version != DTLS1_BAD_VER) { + p -= DTLS1_HM_HEADER_LENGTH; + msg_len += DTLS1_HM_HEADER_LENGTH; + } + + ssl3_finish_mac(s, p, msg_len); + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, + p, msg_len, + s, s->msg_callback_arg); + + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + + s->d1->handshake_read_seq++; + /* we just read a handshake message from the other side: + * this means that we don't need to retransmit of the + * buffered messages. + * XDTLS: may be able clear out this + * buffer a little sooner (i.e if an out-of-order + * handshake message/record is received at the record + * layer. + * XDTLS: exception is that the server needs to + * know that change cipher spec and finished messages + * have been received by the client before clearing this + * buffer. this can simply be done by waiting for the + * first data segment, but is there a better way? */ + dtls1_clear_record_buffer(s); + + s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + return s->init_num; f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -474,7 +514,7 @@ static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max { /* msg_len is limited to 2^24, but is effectively checked * against max above */ - if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH)) + if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH)) { SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); return SSL_AD_INTERNAL_ERROR; @@ -516,9 +556,14 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) return 0; frag = (hm_fragment *)item->data; + + /* Don't return if reassembly still in progress */ + if (frag->reassembly != NULL) + return 0; if ( s->d1->handshake_read_seq == frag->msg_header.seq) { + unsigned long frag_len = frag->msg_header.frag_len; pqueue_pop(s->d1->buffered_messages); al=dtls1_preprocess_fragment(s,&frag->msg_header,max); @@ -536,7 +581,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (al==0) { *ok = 1; - return frag->msg_header.frag_len; + return frag_len; } ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -550,18 +595,50 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) static int -dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) -{ - int i=-1; +dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) + { hm_fragment *frag = NULL; pitem *item = NULL; - PQ_64BIT seq64; - unsigned long frag_len = msg_hdr->frag_len; + int i = -1, is_complete; + unsigned char seq64be[8]; + unsigned long frag_len = msg_hdr->frag_len, max_len; if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) goto err; - if (msg_hdr->seq <= s->d1->handshake_read_seq) + /* Determine maximum allowed message size. Depends on (user set) + * maximum certificate length, but 16k is minimum. + */ + if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list) + max_len = s->max_cert_list; + else + max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + + if ((msg_hdr->frag_off+frag_len) > max_len) + goto err; + + /* Try to find item in queue */ + memset(seq64be,0,sizeof(seq64be)); + seq64be[6] = (unsigned char) (msg_hdr->seq>>8); + seq64be[7] = (unsigned char) msg_hdr->seq; + item = pqueue_find(s->d1->buffered_messages, seq64be); + + if (item == NULL) + { + frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); + if ( frag == NULL) + goto err; + memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + frag->msg_header.frag_len = frag->msg_header.msg_len; + frag->msg_header.frag_off = 0; + } + else + frag = (hm_fragment*) item->data; + + /* If message is already reassembled, this must be a + * retransmit and can be dropped. + */ + if (frag->reassembly == NULL) { unsigned char devnull [256]; @@ -573,32 +650,128 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (i<=0) goto err; frag_len -= i; } + return DTLS1_HM_FRAGMENT_RETRY; } - frag = dtls1_hm_fragment_new(frag_len); - if ( frag == NULL) + /* read the body of the fragment (header has already been read */ + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + frag->fragment + msg_hdr->frag_off,frag_len,0); + if (i<=0 || (unsigned long)i!=frag_len) goto err; - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, + (long)(msg_hdr->frag_off + frag_len)); - if (frag_len) + RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, + is_complete); + + if (is_complete) + { + OPENSSL_free(frag->reassembly); + frag->reassembly = NULL; + } + + if (item == NULL) { - /* read the body of the fragment (header has already been read */ - i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, - frag->fragment,frag_len,0); - if (i<=0 || (unsigned long)i!=frag_len) + memset(seq64be,0,sizeof(seq64be)); + seq64be[6] = (unsigned char)(msg_hdr->seq>>8); + seq64be[7] = (unsigned char)(msg_hdr->seq); + + item = pitem_new(seq64be, frag); + if (item == NULL) + { goto err; + i = -1; + } + + pqueue_insert(s->d1->buffered_messages, item); } - pq_64bit_init(&seq64); - pq_64bit_assign_word(&seq64, msg_hdr->seq); + return DTLS1_HM_FRAGMENT_RETRY; + +err: + if (frag != NULL) dtls1_hm_fragment_free(frag); + if (item != NULL) OPENSSL_free(item); + *ok = 0; + return i; + } + - item = pitem_new(seq64, frag); - pq_64bit_free(&seq64); - if ( item == NULL) +static int +dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) +{ + int i=-1; + hm_fragment *frag = NULL; + pitem *item = NULL; + unsigned char seq64be[8]; + unsigned long frag_len = msg_hdr->frag_len; + + if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) goto err; - pqueue_insert(s->d1->buffered_messages, item); + /* Try to find item in queue, to prevent duplicate entries */ + memset(seq64be,0,sizeof(seq64be)); + seq64be[6] = (unsigned char) (msg_hdr->seq>>8); + seq64be[7] = (unsigned char) msg_hdr->seq; + item = pqueue_find(s->d1->buffered_messages, seq64be); + + /* If we already have an entry and this one is a fragment, + * don't discard it and rather try to reassemble it. + */ + if (item != NULL && frag_len < msg_hdr->msg_len) + item = NULL; + + /* Discard the message if sequence number was already there, is + * too far in the future, already in the queue or if we received + * a FINISHED before the SERVER_HELLO, which then must be a stale + * retransmit. + */ + if (msg_hdr->seq <= s->d1->handshake_read_seq || + msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || + (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) + { + unsigned char devnull [256]; + + while (frag_len) + { + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + devnull, + frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); + if (i<=0) goto err; + frag_len -= i; + } + } + else + { + if (frag_len && frag_len < msg_hdr->msg_len) + return dtls1_reassemble_fragment(s, msg_hdr, ok); + + frag = dtls1_hm_fragment_new(frag_len, 0); + if ( frag == NULL) + goto err; + + memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + + if (frag_len) + { + /* read the body of the fragment (header has already been read */ + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + frag->fragment,frag_len,0); + if (i<=0 || (unsigned long)i!=frag_len) + goto err; + } + + memset(seq64be,0,sizeof(seq64be)); + seq64be[6] = (unsigned char)(msg_hdr->seq>>8); + seq64be[7] = (unsigned char)(msg_hdr->seq); + + item = pitem_new(seq64be, frag); + if ( item == NULL) + goto err; + + pqueue_insert(s->d1->buffered_messages, item); + } + return DTLS1_HM_FRAGMENT_RETRY; err: @@ -613,14 +786,14 @@ static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) { unsigned char wire[DTLS1_HM_HEADER_LENGTH]; - unsigned long l, frag_off, frag_len; + unsigned long len, frag_off, frag_len; int i,al; struct hm_header_st msg_hdr; /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { - if (*ok) s->init_num += frag_len; + if (*ok) s->init_num = frag_len; return frag_len; } @@ -645,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ( msg_hdr.seq != s->d1->handshake_read_seq) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - l = msg_hdr.msg_len; + len = msg_hdr.msg_len; frag_off = msg_hdr.frag_off; frag_len = msg_hdr.frag_len; + if (frag_len && frag_len < len) + return dtls1_reassemble_fragment(s, &msg_hdr, ok); + if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && wire[0] == SSL3_MT_HELLO_REQUEST) { @@ -708,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) * s->init_buf->data, but as a counter summing up fragments' * lengths: as soon as they sum up to handshake packet * length, we assume we have got all the fragments. */ - s->init_num += frag_len; + s->init_num = frag_len; return frag_len; f_err: @@ -731,14 +907,30 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) p= &(d[DTLS1_HM_HEADER_LENGTH]); i=s->method->ssl3_enc->final_finish_mac(s, - &(s->s3->finish_dgst1), - &(s->s3->finish_dgst2), sender,slen,s->s3->tmp.finish_md); s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); p+=i; l=i; + /* Copy the finished so we can use it for + * renegotiation checks + */ + if(s->type == SSL_ST_CONNECT) + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_client_finished_len=i; + } + else + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_server_finished_len=i; + } + #ifdef OPENSSL_SYS_WIN16 /* MSVC 1.5 does not clear the top bytes of the word unless * I do this. @@ -779,12 +971,11 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->init_num=DTLS1_CCS_HEADER_LENGTH; - if (s->client_version == DTLS1_BAD_VER) - { + if (s->version == DTLS1_BAD_VER) { s->d1->next_handshake_write_seq++; s2n(s->d1->handshake_write_seq,p); s->init_num+=2; - } + } s->init_off=0; @@ -801,14 +992,30 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); } +static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) + { + int n; + unsigned char *p; + + n=i2d_X509(x,NULL); + if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) + { + SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); + return 0; + } + p=(unsigned char *)&(buf->data[*l]); + l2n3(n,p); + i2d_X509(x,&p); + *l+=n+3; + + return 1; + } unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) { unsigned char *p; - int n,i; + int i; unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; BUF_MEM *buf; - X509_STORE_CTX xs_ctx; - X509_OBJECT obj; /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; @@ -819,54 +1026,35 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) } if (x != NULL) { - if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } - - for (;;) - { - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - if (X509_NAME_cmp(X509_get_subject_name(x), - X509_get_issuer_name(x)) == 0) break; - - i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, - X509_get_issuer_name(x),&obj); - if (i <= 0) break; - x=obj.data.x509; - /* Count is one too high since the X509_STORE_get uped the - * ref count */ - X509_free(x); - } - - X509_STORE_CTX_cleanup(&xs_ctx); - } - - /* Thawte special :-) */ - if (s->ctx->extra_certs != NULL) + X509_STORE_CTX xs_ctx; + + if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) + { + SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); + return(0); + } + + X509_verify_cert(&xs_ctx); + /* Don't leave errors in the queue */ + ERR_clear_error(); + for (i=0; i < sk_X509_num(xs_ctx.chain); i++) + { + x = sk_X509_value(xs_ctx.chain, i); + + if (!dtls1_add_cert_to_buf(buf, &l, x)) + { + X509_STORE_CTX_cleanup(&xs_ctx); + return 0; + } + } + X509_STORE_CTX_cleanup(&xs_ctx); + } + /* Thawte special :-) */ for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) { x=sk_X509_value(s->ctx->extra_certs,i); - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; + if (!dtls1_add_cert_to_buf(buf, &l, x)) + return 0; } l-= (3 + DTLS1_HM_HEADER_LENGTH); @@ -883,18 +1071,13 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) int dtls1_read_failed(SSL *s, int code) { - DTLS1_STATE *state; - BIO *bio; - int send_alert = 0; - if ( code > 0) { fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); return 1; } - bio = SSL_get_rbio(s); - if ( ! BIO_dgram_recv_timedout(bio)) + if (!dtls1_is_timer_expired(s)) { /* not a timeout, none of our business, let higher layers handle this. in fact it's probably an error */ @@ -907,23 +1090,6 @@ int dtls1_read_failed(SSL *s, int code) return code; } - state = s->d1; - state->timeout.num_alerts++; - if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) - { - /* fail the connection, enough alerts have been sent */ - SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED); - return 0; - } - - state->timeout.read_timeouts++; - if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) - { - send_alert = 1; - state->timeout.read_timeouts = 1; - } - - #if 0 /* for now, each alert contains only one record number */ item = pqueue_peek(state->rcvd_records); if ( item ) @@ -934,16 +1100,29 @@ int dtls1_read_failed(SSL *s, int code) #endif #if 0 /* no more alert sending, just retransmit the last set of messages */ - if ( send_alert) - ssl3_send_alert(s,SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); + if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) + ssl3_send_alert(s,SSL3_AL_WARNING, + DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); #endif - return dtls1_retransmit_buffered_messages(s) ; + return dtls1_handle_timeout(s); } +int +dtls1_get_queue_priority(unsigned short seq, int is_ccs) + { + /* The index of the retransmission queue actually is the message sequence number, + * since the queue only contains messages of a single handshake. However, the + * ChangeCipherSpec has no message sequence number and so using only the sequence + * will result in the CCS and Finished having the same index. To prevent this, + * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted. + * This does not only differ CSS and Finished, it also maintains the order of the + * index (important for priority queues) and fits in the unsigned short variable. + */ + return seq * 2 - is_ccs; + } -static int +int dtls1_retransmit_buffered_messages(SSL *s) { pqueue sent = s->d1->sent_messages; @@ -957,8 +1136,9 @@ dtls1_retransmit_buffered_messages(SSL *s) for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { frag = (hm_fragment *)item->data; - if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 && - found) + if ( dtls1_retransmit_message(s, + (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), + 0, &found) <= 0 && found) { fprintf(stderr, "dtls1_retransmit_message() failed\n"); return -1; @@ -973,22 +1153,20 @@ dtls1_buffer_message(SSL *s, int is_ccs) { pitem *item; hm_fragment *frag; - PQ_64BIT seq64; - unsigned int epoch = s->d1->w_epoch; + unsigned char seq64be[8]; /* this function is called immediately after a message has * been serialized */ OPENSSL_assert(s->init_off == 0); - frag = dtls1_hm_fragment_new(s->init_num); + frag = dtls1_hm_fragment_new(s->init_num, 0); memcpy(frag->fragment, s->init_buf->data, s->init_num); if ( is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); - epoch++; + ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num); } else { @@ -1003,11 +1181,20 @@ dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; - pq_64bit_init(&seq64); - pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq); - - item = pitem_new(seq64, frag); - pq_64bit_free(&seq64); + /* save current state*/ + frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; + frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; + frag->msg_header.saved_retransmit_state.compress = s->compress; + frag->msg_header.saved_retransmit_state.session = s->session; + frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; + + memset(seq64be,0,sizeof(seq64be)); + seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs)>>8); + seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs)); + + item = pitem_new(seq64be, frag); if ( item == NULL) { dtls1_hm_fragment_free(frag); @@ -1033,7 +1220,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, pitem *item; hm_fragment *frag ; unsigned long header_length; - PQ_64BIT seq64; + unsigned char seq64be[8]; + struct dtls1_retransmit_state saved_state; + unsigned char save_write_sequence[8]; /* OPENSSL_assert(s->init_num == 0); @@ -1041,11 +1230,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, */ /* XDTLS: the requested message ought to be found, otherwise error */ - pq_64bit_init(&seq64); - pq_64bit_assign_word(&seq64, seq); + memset(seq64be,0,sizeof(seq64be)); + seq64be[6] = (unsigned char)(seq>>8); + seq64be[7] = (unsigned char)seq; - item = pqueue_find(s->d1->sent_messages, seq64); - pq_64bit_free(&seq64); + item = pqueue_find(s->d1->sent_messages, seq64be); if ( item == NULL) { fprintf(stderr, "retransmit: message %d non-existant\n", seq); @@ -1069,9 +1258,45 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, frag->msg_header.msg_len, frag->msg_header.seq, 0, frag->msg_header.frag_len); + /* save current state */ + saved_state.enc_write_ctx = s->enc_write_ctx; + saved_state.write_hash = s->write_hash; + saved_state.compress = s->compress; + saved_state.session = s->session; + saved_state.epoch = s->d1->w_epoch; + saved_state.epoch = s->d1->w_epoch; + s->d1->retransmitting = 1; + + /* restore state in which the message was originally sent */ + s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; + s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; + s->compress = frag->msg_header.saved_retransmit_state.compress; + s->session = frag->msg_header.saved_retransmit_state.session; + s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; + + if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) + { + memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); + memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); + } + ret = dtls1_do_write(s, frag->msg_header.is_ccs ? - SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); + SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); + + /* restore current state */ + s->enc_write_ctx = saved_state.enc_write_ctx; + s->write_hash = saved_state.write_hash; + s->compress = saved_state.compress; + s->session = saved_state.session; + s->d1->w_epoch = saved_state.epoch; + + if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) + { + memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); + memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); + } + s->d1->retransmitting = 0; (void)BIO_flush(SSL_get_wbio(s)); @@ -1160,7 +1385,7 @@ dtls1_min_mtu(void) static unsigned int dtls1_guess_mtu(unsigned int curr_mtu) { - size_t i; + unsigned int i; if ( curr_mtu == 0 ) return g_probable_mtu[0] ; diff --git a/lib/libssl/src/ssl/d1_enc.c b/lib/libssl/src/ssl/d1_enc.c index cf3332e4e43..8fa57347a99 100644 --- a/lib/libssl/src/ssl/d1_enc.c +++ b/lib/libssl/src/ssl/d1_enc.c @@ -136,8 +136,12 @@ int dtls1_enc(SSL *s, int send) if (send) { - if (s->write_hash != NULL) - n=EVP_MD_size(s->write_hash); + if (EVP_MD_CTX_md(s->write_hash)) + { + n=EVP_MD_CTX_size(s->write_hash); + if (n < 0) + return -1; + } ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) @@ -151,15 +155,19 @@ int dtls1_enc(SSL *s, int send) __FILE__, __LINE__); else if ( EVP_CIPHER_block_size(ds->cipher) > 1) { - if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))) + if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) return -1; } } } else { - if (s->read_hash != NULL) - n=EVP_MD_size(s->read_hash); + if (EVP_MD_CTX_md(s->read_hash)) + { + n=EVP_MD_CTX_size(s->read_hash); + if (n < 0) + return -1; + } ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) @@ -206,11 +214,10 @@ int dtls1_enc(SSL *s, int send) { unsigned long ui; printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - (void *)ds,rec->data,rec->input,l); - printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", + ds,rec->data,rec->input,l); + printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", ds->buf_len, ds->cipher->key_len, - (unsigned long)DES_KEY_SZ, - (unsigned long)DES_SCHEDULE_SZ, + DES_KEY_SZ, DES_SCHEDULE_SZ, ds->cipher->iv_len); printf("\t\tIV: "); for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); @@ -235,10 +242,10 @@ int dtls1_enc(SSL *s, int send) #ifdef KSSL_DEBUG { - unsigned long ki; + unsigned long i; printf("\trec->data="); - for (ki=0; ki<l; ki++) - printf(" %02x", rec->data[ki]); printf("\n"); + for (i=0; i<l; i++) + printf(" %02x", rec->data[i]); printf("\n"); } #endif /* KSSL_DEBUG */ diff --git a/lib/libssl/src/ssl/d1_lib.c b/lib/libssl/src/ssl/d1_lib.c index 3568e97a877..96b220e87ce 100644 --- a/lib/libssl/src/ssl/d1_lib.c +++ b/lib/libssl/src/ssl/d1_lib.c @@ -58,10 +58,17 @@ */ #include <stdio.h> +#define USE_SOCKETS #include <openssl/objects.h> #include "ssl_locl.h" +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) +#include <sys/timeb.h> +#endif + +static void get_current_time(struct timeval *t); const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; +int dtls1_listen(SSL *s, struct sockaddr *client); SSL3_ENC_METHOD DTLSv1_enc_data={ dtls1_enc, @@ -84,11 +91,6 @@ long dtls1_default_timeout(void) return(60*60*2); } -IMPLEMENT_dtls1_meth_func(dtlsv1_base_method, - ssl_undefined_function, - ssl_undefined_function, - ssl_bad_method) - int dtls1_new(SSL *s) { DTLS1_STATE *d1; @@ -98,22 +100,12 @@ int dtls1_new(SSL *s) memset(d1,0, sizeof *d1); /* d1->handshake_epoch=0; */ -#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST) - d1->bitmap.length=64; -#else - d1->bitmap.length=sizeof(d1->bitmap.map) * 8; -#endif - pq_64bit_init(&(d1->bitmap.map)); - pq_64bit_init(&(d1->bitmap.max_seq_num)); - - d1->next_bitmap.length = d1->bitmap.length; - pq_64bit_init(&(d1->next_bitmap.map)); - pq_64bit_init(&(d1->next_bitmap.max_seq_num)); d1->unprocessed_rcds.q=pqueue_new(); d1->processed_rcds.q=pqueue_new(); d1->buffered_messages = pqueue_new(); d1->sent_messages=pqueue_new(); + d1->buffered_app_data.q=pqueue_new(); if ( s->server) { @@ -121,12 +113,13 @@ int dtls1_new(SSL *s) } if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q - || ! d1->buffered_messages || ! d1->sent_messages) + || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) { if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); if ( d1->sent_messages) pqueue_free(d1->sent_messages); + if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); OPENSSL_free(d1); return (0); } @@ -175,11 +168,14 @@ void dtls1_free(SSL *s) } pqueue_free(s->d1->sent_messages); - pq_64bit_free(&(s->d1->bitmap.map)); - pq_64bit_free(&(s->d1->bitmap.max_seq_num)); - - pq_64bit_free(&(s->d1->next_bitmap.map)); - pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); + while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) + { + frag = (hm_fragment *)item->data; + OPENSSL_free(frag->fragment); + OPENSSL_free(frag); + pitem_free(item); + } + pqueue_free(s->d1->buffered_app_data.q); OPENSSL_free(s->d1); } @@ -187,7 +183,36 @@ void dtls1_free(SSL *s) void dtls1_clear(SSL *s) { ssl3_clear(s); - s->version=DTLS1_VERSION; + if (s->options & SSL_OP_CISCO_ANYCONNECT) + s->version=DTLS1_BAD_VER; + else + s->version=DTLS1_VERSION; + } + +long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) + { + int ret=0; + + switch (cmd) + { + case DTLS_CTRL_GET_TIMEOUT: + if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) + { + ret = 1; + } + break; + case DTLS_CTRL_HANDLE_TIMEOUT: + ret = dtls1_handle_timeout(s); + break; + case DTLS_CTRL_LISTEN: + ret = dtls1_listen(s, parg); + break; + + default: + ret = ssl3_ctrl(s, cmd, larg, parg); + break; + } + return(ret); } /* @@ -197,15 +222,173 @@ void dtls1_clear(SSL *s) * to explicitly list their SSL_* codes. Currently RC4 is the only one * available, but if new ones emerge, they will have to be added... */ -SSL_CIPHER *dtls1_get_cipher(unsigned int u) +const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { - SSL_CIPHER *ciph = ssl3_get_cipher(u); + const SSL_CIPHER *ciph = ssl3_get_cipher(u); if (ciph != NULL) { - if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) + if (ciph->algorithm_enc == SSL_RC4) return NULL; } return ciph; } + +void dtls1_start_timer(SSL *s) + { + /* If timer is not set, initialize duration with 1 second */ + if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) + { + s->d1->timeout_duration = 1; + } + + /* Set timeout to current time */ + get_current_time(&(s->d1->next_timeout)); + + /* Add duration to current time */ + s->d1->next_timeout.tv_sec += s->d1->timeout_duration; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); + } + +struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) + { + struct timeval timenow; + + /* If no timeout is set, just return NULL */ + if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) + { + return NULL; + } + + /* Get current time */ + get_current_time(&timenow); + + /* If timer already expired, set remaining time to 0 */ + if (s->d1->next_timeout.tv_sec < timenow.tv_sec || + (s->d1->next_timeout.tv_sec == timenow.tv_sec && + s->d1->next_timeout.tv_usec <= timenow.tv_usec)) + { + memset(timeleft, 0, sizeof(struct timeval)); + return timeleft; + } + + /* Calculate time left until timer expires */ + memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); + timeleft->tv_sec -= timenow.tv_sec; + timeleft->tv_usec -= timenow.tv_usec; + if (timeleft->tv_usec < 0) + { + timeleft->tv_sec--; + timeleft->tv_usec += 1000000; + } + + /* If remaining time is less than 15 ms, set it to 0 + * to prevent issues because of small devergences with + * socket timeouts. + */ + if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) + { + memset(timeleft, 0, sizeof(struct timeval)); + } + + + return timeleft; + } + +int dtls1_is_timer_expired(SSL *s) + { + struct timeval timeleft; + + /* Get time left until timeout, return false if no timer running */ + if (dtls1_get_timeout(s, &timeleft) == NULL) + { + return 0; + } + + /* Return false if timer is not expired yet */ + if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) + { + return 0; + } + + /* Timer expired, so return true */ + return 1; + } + +void dtls1_double_timeout(SSL *s) + { + s->d1->timeout_duration *= 2; + if (s->d1->timeout_duration > 60) + s->d1->timeout_duration = 60; + dtls1_start_timer(s); + } + +void dtls1_stop_timer(SSL *s) + { + /* Reset everything */ + memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); + s->d1->timeout_duration = 1; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); + } + +int dtls1_handle_timeout(SSL *s) + { + DTLS1_STATE *state; + + /* if no timer is expired, don't do anything */ + if (!dtls1_is_timer_expired(s)) + { + return 0; + } + + dtls1_double_timeout(s); + state = s->d1; + state->timeout.num_alerts++; + if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) + { + /* fail the connection, enough alerts have been sent */ + SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED); + return 0; + } + + state->timeout.read_timeouts++; + if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) + { + state->timeout.read_timeouts = 1; + } + + dtls1_start_timer(s); + return dtls1_retransmit_buffered_messages(s); + } + +static void get_current_time(struct timeval *t) +{ +#ifdef OPENSSL_SYS_WIN32 + struct _timeb tb; + _ftime(&tb); + t->tv_sec = (long)tb.time; + t->tv_usec = (long)tb.millitm * 1000; +#elif defined(OPENSSL_SYS_VMS) + struct timeb tb; + ftime(&tb); + t->tv_sec = (long)tb.time; + t->tv_usec = (long)tb.millitm * 1000; +#else + gettimeofday(t, NULL); +#endif +} + +int dtls1_listen(SSL *s, struct sockaddr *client) + { + int ret; + + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); + s->d1->listen = 1; + + ret = SSL_accept(s); + if (ret <= 0) return ret; + + (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); + return 1; + } diff --git a/lib/libssl/src/ssl/d1_meth.c b/lib/libssl/src/ssl/d1_meth.c index 8a6cf31947a..5c4004bfe3c 100644 --- a/lib/libssl/src/ssl/d1_meth.c +++ b/lib/libssl/src/ssl/d1_meth.c @@ -61,8 +61,8 @@ #include <openssl/objects.h> #include "ssl_locl.h" -static SSL_METHOD *dtls1_get_method(int ver); -static SSL_METHOD *dtls1_get_method(int ver) +static const SSL_METHOD *dtls1_get_method(int ver); +static const SSL_METHOD *dtls1_get_method(int ver) { if (ver == DTLS1_VERSION) return(DTLSv1_method()); diff --git a/lib/libssl/src/ssl/t1_reneg.c b/lib/libssl/src/ssl/t1_reneg.c new file mode 100644 index 00000000000..9c2cc3c712a --- /dev/null +++ b/lib/libssl/src/ssl/t1_reneg.c @@ -0,0 +1,292 @@ +/* ssl/t1_reneg.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#include <stdio.h> +#include <openssl/objects.h> +#include "ssl_locl.h" + +/* Add the client's renegotiation binding */ +int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, + int maxlen) + { + if(p) + { + if((s->s3->previous_client_finished_len+1) > maxlen) + { + SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); + return 0; + } + + /* Length byte */ + *p = s->s3->previous_client_finished_len; + p++; + + memcpy(p, s->s3->previous_client_finished, + s->s3->previous_client_finished_len); +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "%s RI extension sent by client\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); +#endif + } + + *len=s->s3->previous_client_finished_len + 1; + + + return 1; + } + +/* Parse the client's renegotiation binding and abort if it's not + right */ +int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, + int *al) + { + int ilen; + + /* Parse the length byte */ + if(len < 1) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + ilen = *d; + d++; + + /* Consistency check */ + if((ilen+1) != len) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + + /* Check that the extension matches */ + if(ilen != s->s3->previous_client_finished_len) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + + if(memcmp(d, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "%s RI extension received by server\n", + ilen ? "Non-empty" : "Empty"); +#endif + + s->s3->send_connection_binding=1; + + return 1; + } + +/* Add the server's renegotiation binding */ +int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, + int maxlen) + { + if(p) + { + if((s->s3->previous_client_finished_len + + s->s3->previous_server_finished_len + 1) > maxlen) + { + SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); + return 0; + } + + /* Length byte */ + *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; + p++; + + memcpy(p, s->s3->previous_client_finished, + s->s3->previous_client_finished_len); + p += s->s3->previous_client_finished_len; + + memcpy(p, s->s3->previous_server_finished, + s->s3->previous_server_finished_len); +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "%s RI extension sent by server\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); +#endif + } + + *len=s->s3->previous_client_finished_len + + s->s3->previous_server_finished_len + 1; + + return 1; + } + +/* Parse the server's renegotiation binding and abort if it's not + right */ +int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, + int *al) + { + int expected_len=s->s3->previous_client_finished_len + + s->s3->previous_server_finished_len; + int ilen; + + /* Check for logic errors */ + OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); + OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); + + /* Parse the length byte */ + if(len < 1) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + ilen = *d; + d++; + + /* Consistency check */ + if(ilen+1 != len) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + + /* Check that the extension matches */ + if(ilen != expected_len) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + + if(memcmp(d, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + d += s->s3->previous_client_finished_len; + + if(memcmp(d, s->s3->previous_server_finished, + s->s3->previous_server_finished_len)) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "%s RI extension received by client\n", + ilen ? "Non-empty" : "Empty"); +#endif + s->s3->send_connection_binding=1; + + return 1; + } diff --git a/lib/libssl/src/test/CAtsa.cnf b/lib/libssl/src/test/CAtsa.cnf new file mode 100644 index 00000000000..f5a275bfc23 --- /dev/null +++ b/lib/libssl/src/test/CAtsa.cnf @@ -0,0 +1,163 @@ + +# +# This config is used by the Time Stamp Authority tests. +# + +RANDFILE = ./.rnd + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +TSDNSECT = ts_cert_dn +INDEX = 1 + +[ new_oids ] + +# Policies used by the TSA tests. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#---------------------------------------------------------------------- +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA +certs = $dir/certs # Where the issued certs are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = supplied +stateOrProvinceName = supplied +organizationName = supplied +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#---------------------------------------------------------------------- +[ req ] +default_bits = 1024 +default_md = sha1 +distinguished_name = $ENV::TSDNSECT +encrypt_rsa_key = no +prompt = no +# attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +string_mask = nombstr + +[ ts_ca_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Budapest +organizationName = Gov-CA Ltd. +commonName = ca1 + +[ ts_cert_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Buda +organizationName = Hun-TSA Ltd. +commonName = tsa$ENV::INDEX + +[ tsa_cert ] + +# TSA server cert is not a CA cert. +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ non_tsa_cert ] + +# This is not a CA cert and not a TSA cert, either (timeStamping usage missing) +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +# timeStamping is not supported by this certificate +# extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ v3_req ] + +# Extensions to add to a certificate request +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature + +[ v3_ca ] + +# Extensions for a typical CA + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = cRLSign, keyCertSign + +#---------------------------------------------------------------------- +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate + # (optional) +certs = $dir/tsaca.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key1.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = yes # Must the ESS cert id chain be included? + # (optional, default: no) + +[ tsa_config2 ] + +# This configuration uses a certificate which doesn't have timeStamping usage. +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate + # (optional) +certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key2.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) diff --git a/lib/libssl/src/test/asn1test.c b/lib/libssl/src/test/asn1test.c new file mode 100755 index 00000000000..9f53d803444 --- /dev/null +++ b/lib/libssl/src/test/asn1test.c @@ -0,0 +1,22 @@ +#include <openssl/x509.h> +#include <openssl/asn1_mac.h> + +typedef struct X + { + STACK_OF(X509_EXTENSION) *ext; + } X; + +/* This isn't meant to run particularly, it's just to test type checking */ +int main(int argc, char **argv) + { + X *x = NULL; + unsigned char **pp = NULL; + + M_ASN1_I2D_vars(x); + M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext, + i2d_X509_EXTENSION); + M_ASN1_I2D_seq_total(); + M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext, + i2d_X509_EXTENSION); + M_ASN1_I2D_finish(); + } diff --git a/lib/libssl/src/test/cms-test.pl b/lib/libssl/src/test/cms-test.pl index a84e089ddc4..9c50dff3e9a 100644 --- a/lib/libssl/src/test/cms-test.pl +++ b/lib/libssl/src/test/cms-test.pl @@ -54,8 +54,12 @@ # OpenSSL PKCS#7 and CMS implementations. my $ossl_path; - -if ( -f "../apps/openssl" ) { +my $redir = " 2>cms.err 1>cms.out"; +# Make MSYS work +if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { + $ossl_path = "cmd /c ..\\apps\\openssl"; +} +elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; } elsif ( -f "..\\out32dll\\openssl.exe" ) { @@ -232,7 +236,7 @@ my @smime_cms_tests = ( [ "signed content MIME format, RSA key, signed receipt request", "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" - . " -receipt_request_to test@openssl.org -receipt_request_all" + . " -receipt_request_to test\@openssl.org -receipt_request_all" . " -out test.cms", "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" @@ -333,10 +337,6 @@ my @smime_cms_comp_tests = ( ); -print "PKCS#7 <=> PKCS#7 consistency tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd ); - print "CMS => PKCS#7 compatibility tests\n"; run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); @@ -386,14 +386,14 @@ sub run_smime_tests { $rscmd =~ s/-stream//; $rvcmd =~ s/-stream//; } - system("$scmd$rscmd 2>cms.err 1>cms.out"); + system("$scmd$rscmd$redir"); if ($?) { print "$tnam: generation error\n"; $$rv++; exit 1 if $halt_err; next; } - system("$vcmd$rvcmd 2>cms.err 1>cms.out"); + system("$vcmd$rvcmd$redir"); if ($?) { print "$tnam: verify error\n"; $$rv++; diff --git a/lib/libssl/src/test/igetest.c b/lib/libssl/src/test/igetest.c index a2578d09c5a..1ba900244de 100644 --- a/lib/libssl/src/test/igetest.c +++ b/lib/libssl/src/test/igetest.c @@ -221,9 +221,9 @@ static int run_test_vectors(void) ++errs; } - /* try with in == out */ + /* try with in == out */ memcpy(iv, v->iv, sizeof iv); - memcpy(buf, v->in, v->length); + memcpy(buf, v->in, v->length); AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); if(memcmp(v->out, buf, v->length)) diff --git a/lib/libssl/src/test/pkits-test.pl b/lib/libssl/src/test/pkits-test.pl new file mode 100644 index 00000000000..69dffa16f90 --- /dev/null +++ b/lib/libssl/src/test/pkits-test.pl @@ -0,0 +1,940 @@ +# test/pkits-test.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# Perl utility to run PKITS tests for RFC3280 compliance. + +my $ossl_path; + +if ( -f "../apps/openssl" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pkitsdir = "pkits/smime"; +my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; + +die "Can't find PKITS test data" if !-d $pkitsdir; + +my $nist1 = "2.16.840.1.101.3.2.1.48.1"; +my $nist2 = "2.16.840.1.101.3.2.1.48.2"; +my $nist3 = "2.16.840.1.101.3.2.1.48.3"; +my $nist4 = "2.16.840.1.101.3.2.1.48.4"; +my $nist5 = "2.16.840.1.101.3.2.1.48.5"; +my $nist6 = "2.16.840.1.101.3.2.1.48.6"; + +my $apolicy = "X509v3 Any Policy"; + +# This table contains the chapter headings of the accompanying PKITS +# document. They provide useful informational output and their names +# can be converted into the filename to test. + +my @testlists = ( + [ "4.1", "Signature Verification" ], + [ "4.1.1", "Valid Signatures Test1", 0 ], + [ "4.1.2", "Invalid CA Signature Test2", 7 ], + [ "4.1.3", "Invalid EE Signature Test3", 7 ], + [ "4.1.4", "Valid DSA Signatures Test4", 0 ], + [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], + [ "4.1.6", "Invalid DSA Signature Test6", 7 ], + [ "4.2", "Validity Periods" ], + [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], + [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], + [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], + [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], + [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], + [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], + [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], + [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], + [ "4.3", "Verifying Name Chaining" ], + [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], + [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], + [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], + [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], + [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], + [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], + [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], + [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], + [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], + [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], + [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], + [ "4.4", "Basic Certificate Revocation Tests" ], + [ "4.4.1", "Missing CRL Test1", 3 ], + [ "4.4.2", "Invalid Revoked CA Test2", 23 ], + [ "4.4.3", "Invalid Revoked EE Test3", 23 ], + [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], + [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], + [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], + [ "4.4.7", "Valid Two CRLs Test7", 0 ], + + # The test document suggests these should return certificate revoked... + # Subsquent discussion has concluded they should not due to unhandle + # critical CRL extensions. + [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], + [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], + + [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], + [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], + [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], + [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], + [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], + [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], + [ "4.4.16", "Valid Long Serial Number Test16", 0 ], + [ "4.4.17", "Valid Long Serial Number Test17", 0 ], + [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], + [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], + [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], + + # CRL path is revoked so get a CRL path validation error + [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], + [ "4.5", "Verifying Paths with Self-Issued Certificates" ], + [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], + [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], + [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], + [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], + [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], + [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], + [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], + [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], + [ "4.6", "Verifying Basic Constraints" ], + [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], + [ "4.6.2", "Invalid cA False Test2", 24 ], + [ "4.6.3", "Invalid cA False Test3", 24 ], + [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], + [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], + [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], + [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], + [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], + [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], + [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], + [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], + [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], + [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], + [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], + [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], + [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], + [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], + [ "4.7", "Key Usage" ], + [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], + [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], + [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], + [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], + [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], + + # Certificate policy tests need special handling. They can have several + # sub tests and we need to check the outputs are correct. + + [ "4.8", "Certificate Policies" ], + [ + "4.8.1.1", + "All Certificates Same Policy Test1", + "-policy anyPolicy -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.1.2", + "All Certificates Same Policy Test1", + "-policy $nist1 -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.1.3", + "All Certificates Same Policy Test1", + "-policy $nist2 -explicit_policy", + "True", $nist1, "<empty>", 43 + ], + [ + "4.8.1.4", + "All Certificates Same Policy Test1", + "-policy $nist1 -policy $nist2 -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.2.1", + "All Certificates No Policies Test2", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.8.2.2", + "All Certificates No Policies Test2", + "-policy anyPolicy -explicit_policy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.3.1", + "Different Policies Test3", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.8.3.2", + "Different Policies Test3", + "-policy anyPolicy -explicit_policy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.3.3", + "Different Policies Test3", + "-policy $nist1 -policy $nist2 -explicit_policy", + "True", "<empty>", "<empty>", 43 + ], + + [ + "4.8.4", + "Different Policies Test4", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.5", + "Different Policies Test5", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.6.1", + "Overlapping Policies Test6", + "-policy anyPolicy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.6.2", + "Overlapping Policies Test6", + "-policy $nist1", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.6.3", + "Overlapping Policies Test6", + "-policy $nist2", + "True", $nist1, "<empty>", 43 + ], + [ + "4.8.7", + "Different Policies Test7", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.8", + "Different Policies Test8", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.9", + "Different Policies Test9", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.10.1", + "All Certificates Same Policies Test10", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + [ + "4.8.10.2", + "All Certificates Same Policies Test10", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.8.10.3", + "All Certificates Same Policies Test10", + "-policy anyPolicy", + "True", "$nist1:$nist2", "$nist1:$nist2", 0 + ], + [ + "4.8.11.1", + "All Certificates AnyPolicy Test11", + "-policy anyPolicy", + "True", "$apolicy", "$apolicy", 0 + ], + [ + "4.8.11.2", + "All Certificates AnyPolicy Test11", + "-policy $nist1", + "True", "$apolicy", "$nist1", 0 + ], + [ + "4.8.12", + "Different Policies Test12", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.13.1", + "All Certificates Same Policies Test13", + "-policy $nist1", + "True", "$nist1:$nist2:$nist3", "$nist1", 0 + ], + [ + "4.8.13.2", + "All Certificates Same Policies Test13", + "-policy $nist2", + "True", "$nist1:$nist2:$nist3", "$nist2", 0 + ], + [ + "4.8.13.3", + "All Certificates Same Policies Test13", + "-policy $nist3", + "True", "$nist1:$nist2:$nist3", "$nist3", 0 + ], + [ + "4.8.14.1", "AnyPolicy Test14", + "-policy $nist1", "True", + "$nist1", "$nist1", + 0 + ], + [ + "4.8.14.2", "AnyPolicy Test14", + "-policy $nist2", "True", + "$nist1", "<empty>", + 43 + ], + [ + "4.8.15", + "User Notice Qualifier Test15", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.16", + "User Notice Qualifier Test16", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.17", + "User Notice Qualifier Test17", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.18.1", + "User Notice Qualifier Test18", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + [ + "4.8.18.2", + "User Notice Qualifier Test18", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.8.19", + "User Notice Qualifier Test19", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.20", + "CPS Pointer Qualifier Test20", + "-policy anyPolicy -explicit_policy", + "True", "$nist1", "$nist1", 0 + ], + [ "4.9", "Require Explicit Policy" ], + [ + "4.9.1", + "Valid RequireExplicitPolicy Test1", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.9.2", + "Valid RequireExplicitPolicy Test2", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.9.3", + "Invalid RequireExplicitPolicy Test3", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.9.4", + "Valid RequireExplicitPolicy Test4", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.9.5", + "Invalid RequireExplicitPolicy Test5", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.9.6", + "Valid Self-Issued requireExplicitPolicy Test6", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.9.7", + "Invalid Self-Issued requireExplicitPolicy Test7", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.9.8", + "Invalid Self-Issued requireExplicitPolicy Test8", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ "4.10", "Policy Mappings" ], + [ + "4.10.1.1", + "Valid Policy Mapping Test1", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.1.2", + "Valid Policy Mapping Test1", + "-policy $nist2", + "True", "$nist1", "<empty>", 43 + ], + [ + "4.10.1.3", + "Valid Policy Mapping Test1", + "-policy anyPolicy -inhibit_map", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.2.1", + "Invalid Policy Mapping Test2", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.2.2", + "Invalid Policy Mapping Test2", + "-policy anyPolicy -inhibit_map", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.3.1", + "Valid Policy Mapping Test3", + "-policy $nist1", + "True", "$nist2", "<empty>", 43 + ], + [ + "4.10.3.2", + "Valid Policy Mapping Test3", + "-policy $nist2", + "True", "$nist2", "$nist2", 0 + ], + [ + "4.10.4", + "Invalid Policy Mapping Test4", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.5.1", + "Valid Policy Mapping Test5", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.5.2", + "Valid Policy Mapping Test5", + "-policy $nist6", + "True", "$nist1", "<empty>", 43 + ], + [ + "4.10.6.1", + "Valid Policy Mapping Test6", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.6.2", + "Valid Policy Mapping Test6", + "-policy $nist6", + "True", "$nist1", "<empty>", 43 + ], + [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], + [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], + [ + "4.10.9", + "Valid Policy Mapping Test9", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.10", + "Invalid Policy Mapping Test10", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.11", + "Valid Policy Mapping Test11", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.12.1", + "Valid Policy Mapping Test12", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.12.2", + "Valid Policy Mapping Test12", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.10.13", + "Valid Policy Mapping Test13", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.14", + "Valid Policy Mapping Test14", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ "4.11", "Inhibit Policy Mapping" ], + [ + "4.11.1", + "Invalid inhibitPolicyMapping Test1", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.2", + "Valid inhibitPolicyMapping Test2", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.11.3", + "Invalid inhibitPolicyMapping Test3", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.4", + "Valid inhibitPolicyMapping Test4", + "-policy anyPolicy", + "True", "$nist2", "$nist2", 0 + ], + [ + "4.11.5", + "Invalid inhibitPolicyMapping Test5", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.6", + "Invalid inhibitPolicyMapping Test6", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.7", + "Valid Self-Issued inhibitPolicyMapping Test7", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.11.8", + "Invalid Self-Issued inhibitPolicyMapping Test8", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.9", + "Invalid Self-Issued inhibitPolicyMapping Test9", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.10", + "Invalid Self-Issued inhibitPolicyMapping Test10", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.11", + "Invalid Self-Issued inhibitPolicyMapping Test11", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ "4.12", "Inhibit Any Policy" ], + [ + "4.12.1", + "Invalid inhibitAnyPolicy Test1", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.12.2", + "Valid inhibitAnyPolicy Test2", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.12.3.1", + "inhibitAnyPolicy Test3", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.12.3.2", + "inhibitAnyPolicy Test3", + "-policy anyPolicy -inhibit_any", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.12.4", + "Invalid inhibitAnyPolicy Test4", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.12.5", + "Invalid inhibitAnyPolicy Test5", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.12.6", + "Invalid inhibitAnyPolicy Test6", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], + [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], + [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], + [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], + [ "4.13", "Name Constraints" ], + [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], + [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], + [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], + [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], + [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], + [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], + [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], + [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], + [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], + [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], + [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], + [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], + [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], + [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], + [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], + [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], + [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], + [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], + [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], + [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], + [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], + [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], + [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], + [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], + [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], + [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], + [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], + [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], + [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], + [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], + [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], + [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], + [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], + [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], + [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], + [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], + [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], + [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], + [ "4.14", "Distribution Points" ], + [ "4.14.1", "Valid distributionPoint Test1", 0 ], + [ "4.14.2", "Invalid distributionPoint Test2", 23 ], + [ "4.14.3", "Invalid distributionPoint Test3", 44 ], + [ "4.14.4", "Valid distributionPoint Test4", 0 ], + [ "4.14.5", "Valid distributionPoint Test5", 0 ], + [ "4.14.6", "Invalid distributionPoint Test6", 23 ], + [ "4.14.7", "Valid distributionPoint Test7", 0 ], + [ "4.14.8", "Invalid distributionPoint Test8", 44 ], + [ "4.14.9", "Invalid distributionPoint Test9", 44 ], + [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], + [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], + [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], + [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], + [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], + [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], + [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], + [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], + [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], + [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], + [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], + [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], + [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], + [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], + [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], + [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], + [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], + [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], + [ "4.14.28", "Valid cRLIssuer Test28", 0 ], + [ "4.14.29", "Valid cRLIssuer Test29", 0 ], + + # Although this test is valid it has a circular dependency. As a result + # an attempt is made to reursively checks a CRL path and rejected due to + # a CRL path validation error. PKITS notes suggest this test does not + # need to be run due to this issue. + [ "4.14.30", "Valid cRLIssuer Test30", 54 ], + [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], + [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], + [ "4.14.33", "Valid cRLIssuer Test33", 0 ], + [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], + [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], + [ "4.15", "Delta-CRLs" ], + [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], + [ "4.15.2", "Valid delta-CRL Test2", 0 ], + [ "4.15.3", "Invalid delta-CRL Test3", 23 ], + [ "4.15.4", "Invalid delta-CRL Test4", 23 ], + [ "4.15.5", "Valid delta-CRL Test5", 0 ], + [ "4.15.6", "Invalid delta-CRL Test6", 23 ], + [ "4.15.7", "Valid delta-CRL Test7", 0 ], + [ "4.15.8", "Valid delta-CRL Test8", 0 ], + [ "4.15.9", "Invalid delta-CRL Test9", 23 ], + [ "4.15.10", "Invalid delta-CRL Test10", 12 ], + [ "4.16", "Private Certificate Extensions" ], + [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], + [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], +); + + +my $verbose = 1; + +my $numtest = 0; +my $numfail = 0; + +my $ossl = "ossl/apps/openssl"; + +my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; +$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; +$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; + +system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; + +die "Can't create trust anchor file" if $?; + +print "Running PKITS tests:\n" if $verbose; + +foreach (@testlists) { + my $argnum = @$_; + if ( $argnum == 2 ) { + my ( $tnum, $title ) = @$_; + print "$tnum $title\n" if $verbose; + } + elsif ( $argnum == 3 ) { + my ( $tnum, $title, $exp_ret ) = @$_; + my $filename = $title; + $exp_ret += 32 if $exp_ret; + $filename =~ tr/ -//d; + $filename = "Signed${filename}.eml"; + if ( !-f "$pkitsdir/$filename" ) { + print "\"$filename\" not found\n"; + } + else { + my $ret; + my $test_fail = 0; + my $errmsg = ""; + my $cmd = $ossl_cmd; + $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; + my $cmdout = `$cmd`; + $ret = $? >> 8; + if ( $? & 0xff ) { + $errmsg .= "Abnormal OpenSSL termination\n"; + $test_fail = 1; + } + if ( $exp_ret != $ret ) { + $errmsg .= "Return code:$ret, "; + $errmsg .= "expected $exp_ret\n"; + $test_fail = 1; + } + if ($test_fail) { + print "$tnum $title : Failed!\n"; + print "Filename: $pkitsdir/$filename\n"; + print $errmsg; + print "Command output:\n$cmdout\n"; + $numfail++; + } + $numtest++; + } + } + elsif ( $argnum == 7 ) { + my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) + = @$_; + my $filename = $title; + $exp_ret += 32 if $exp_ret; + $filename =~ tr/ -//d; + $filename = "Signed${filename}.eml"; + if ( !-f "$pkitsdir/$filename" ) { + print "\"$filename\" not found\n"; + } + else { + my $ret; + my $cmdout = ""; + my $errmsg = ""; + my $epol = ""; + my $aset = ""; + my $uset = ""; + my $pol = -1; + my $test_fail = 0; + my $cmd = $ossl_cmd; + $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; + @oparr = `$cmd`; + $ret = $? >> 8; + + if ( $? & 0xff ) { + $errmsg .= "Abnormal OpenSSL termination\n"; + $test_fail = 1; + } + foreach (@oparr) { + my $test_failed = 0; + $cmdout .= $_; + if (/^Require explicit Policy: (.*)$/) { + $epol = $1; + } + if (/^Authority Policies/) { + if (/empty/) { + $aset = "<empty>"; + } + else { + $pol = 1; + } + } + $test_fail = 1 if (/leak/i); + if (/^User Policies/) { + if (/empty/) { + $uset = "<empty>"; + } + else { + $pol = 2; + } + } + if (/\s+Policy: (.*)$/) { + if ( $pol == 1 ) { + $aset .= ":" if $aset ne ""; + $aset .= $1; + } + elsif ( $pol == 2 ) { + $uset .= ":" if $uset ne ""; + $uset .= $1; + } + } + } + + if ( $epol ne $exp_epol ) { + $errmsg .= "Explicit policy:$epol, "; + $errmsg .= "expected $exp_epol\n"; + $test_fail = 1; + } + if ( $aset ne $exp_aset ) { + $errmsg .= "Authority policy set :$aset, "; + $errmsg .= "expected $exp_aset\n"; + $test_fail = 1; + } + if ( $uset ne $exp_uset ) { + $errmsg .= "User policy set :$uset, "; + $errmsg .= "expected $exp_uset\n"; + $test_fail = 1; + } + + if ( $exp_ret != $ret ) { + print "Return code:$ret, expected $exp_ret\n"; + $test_fail = 1; + } + + if ($test_fail) { + print "$tnum $title : Failed!\n"; + print "Filename: $pkitsdir/$filename\n"; + print "Command output:\n$cmdout\n"; + $numfail++; + } + $numtest++; + } + } +} + +if ($numfail) { + print "$numfail tests failed out of $numtest\n"; +} +else { + print "All Tests Successful.\n"; +} + +unlink "pkitsta.pem"; + diff --git a/lib/libssl/src/test/test_padlock b/lib/libssl/src/test/test_padlock new file mode 100755 index 00000000000..5c0f21043ce --- /dev/null +++ b/lib/libssl/src/test/test_padlock @@ -0,0 +1,64 @@ +#!/bin/sh + +PROG=$1 + +if [ -x $PROG ]; then + if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then + : + else + echo "$PROG is not OpenSSL executable" + exit 1 + fi +else + echo "$PROG is not executable" + exit 1; +fi + +if $PROG engine padlock | grep -v no-ACE; then + + HASH=`cat $PROG | $PROG dgst -hex` + + ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ + aes-128-cbc aes-192-cbc aes-256-cbc \ + aes-128-cfb aes-192-cfb aes-256-cfb \ + aes-128-ofb aes-192-ofb aes-256-ofb" + + nerr=0 + + for alg in $ACE_ALGS; do + echo $alg + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \ + $PROG enc -d -k "$HASH" -$alg | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg encrypt test failed" + nerr=`expr $nerr + 1` + fi + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg | \ + $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg decrypt test failed" + nerr=`expr $nerr + 1` + fi + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg -engine padlock | \ + $PROG enc -d -k "$HASH" -$alg -engine padlock | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg en/decrypt test failed" + nerr=`expr $nerr + 1` + fi + done + + if [ $nerr -gt 0 ]; then + echo "PadLock ACE test failed." + exit 1; + fi +else + echo "PadLock ACE is not available" +fi + +exit 0 diff --git a/lib/libssl/src/test/testtsa b/lib/libssl/src/test/testtsa new file mode 100644 index 00000000000..bb653b5f73d --- /dev/null +++ b/lib/libssl/src/test/testtsa @@ -0,0 +1,238 @@ +#!/bin/sh + +# +# A few very basic tests for the 'ts' time stamping authority command. +# + +SH="/bin/sh" +if test "$OSTYPE" = msdosdjgpp; then + PATH="../apps\;$PATH" +else + PATH="../apps:$PATH" +fi +export SH PATH + +OPENSSL_CONF="../CAtsa.cnf" +export OPENSSL_CONF +# Because that's what ../apps/CA.sh really looks at +SSLEAY_CONFIG="-config $OPENSSL_CONF" +export SSLEAY_CONFIG + +OPENSSL="`pwd`/../util/opensslwrap.sh" +export OPENSSL + +error () { + + echo "TSA test failed!" >&2 + exit 1 +} + +setup_dir () { + + rm -rf tsa 2>/dev/null + mkdir tsa + cd ./tsa +} + +clean_up_dir () { + + cd .. + rm -rf tsa +} + +create_ca () { + + echo "Creating a new CA for the TSA tests..." + TSDNSECT=ts_ca_dn + export TSDNSECT + ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ + -out tsaca.pem -keyout tsacakey.pem + test $? != 0 && error +} + +create_tsa_cert () { + + INDEX=$1 + export INDEX + EXT=$2 + TSDNSECT=ts_cert_dn + export TSDNSECT + + ../../util/shlib_wrap.sh ../../apps/openssl req -new \ + -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem + test $? != 0 && error +echo Using extension $EXT + ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ + -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ + -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ + -extfile $OPENSSL_CONF -extensions $EXT + test $? != 0 && error +} + +print_request () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text +} + +create_time_stamp_request1 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq + test $? != 0 && error +} + +create_time_stamp_request2 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ + -out req2.tsq + test $? != 0 && error +} + +create_time_stamp_request3 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq + test $? != 0 && error +} + +print_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text + test $? != 0 && error +} + +create_time_stamp_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 + test $? != 0 && error +} + +time_stamp_response_token_test () { + + RESPONSE2=$2.copy.tsr + TOKEN_DER=$2.token.der + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 + test $? != 0 && error + cmp $RESPONSE2 $2 + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out + test $? != 0 && error +} + +verify_time_stamp_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + test $? != 0 && error +} + +verify_time_stamp_token () { + + # create the token from the response first + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ + -CAfile tsaca.pem -untrusted tsa_cert1.pem + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ + -CAfile tsaca.pem -untrusted tsa_cert1.pem + test $? != 0 && error +} + +verify_time_stamp_response_fail () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + # Checks if the verification failed, as it should have. + test $? = 0 && error + echo Ok +} + +# main functions + +echo "Setting up TSA test directory..." +setup_dir + +echo "Creating CA for TSA tests..." +create_ca + +echo "Creating tsa_cert1.pem TSA server cert..." +create_tsa_cert 1 tsa_cert + +echo "Creating tsa_cert2.pem non-TSA server cert..." +create_tsa_cert 2 non_tsa_cert + +echo "Creating req1.req time stamp request for file testtsa..." +create_time_stamp_request1 + +echo "Printing req1.req..." +print_request req1.tsq + +echo "Generating valid response for req1.req..." +create_time_stamp_response req1.tsq resp1.tsr tsa_config1 + +echo "Printing response..." +print_response resp1.tsr + +echo "Verifying valid response..." +verify_time_stamp_response req1.tsq resp1.tsr ../testtsa + +echo "Verifying valid token..." +verify_time_stamp_token req1.tsq resp1.tsr ../testtsa + +# The tests below are commented out, because invalid signer certificates +# can no longer be specified in the config file. + +# echo "Generating _invalid_ response for req1.req..." +# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 + +# echo "Printing response..." +# print_response resp1_bad.tsr + +# echo "Verifying invalid response, it should fail..." +# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr + +echo "Creating req2.req time stamp request for file testtsa..." +create_time_stamp_request2 + +echo "Printing req2.req..." +print_request req2.tsq + +echo "Generating valid response for req2.req..." +create_time_stamp_response req2.tsq resp2.tsr tsa_config1 + +echo "Checking '-token_in' and '-token_out' options with '-reply'..." +time_stamp_response_token_test req2.tsq resp2.tsr + +echo "Printing response..." +print_response resp2.tsr + +echo "Verifying valid response..." +verify_time_stamp_response req2.tsq resp2.tsr ../testtsa + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req1.tsq resp2.tsr + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req2.tsq resp1.tsr + +echo "Creating req3.req time stamp request for file CAtsa.cnf..." +create_time_stamp_request3 + +echo "Printing req3.req..." +print_request req3.tsq + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req3.tsq resp1.tsr + +echo "Cleaning up..." +clean_up_dir + +exit 0 diff --git a/lib/libssl/src/test/testtsa.com b/lib/libssl/src/test/testtsa.com new file mode 100644 index 00000000000..e3c586f14a2 --- /dev/null +++ b/lib/libssl/src/test/testtsa.com @@ -0,0 +1,248 @@ +$! +$! A few very basic tests for the 'ts' time stamping authority command. +$! +$ +$ __arch := VAX +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK +$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ +$ openssl := mcr 'f$parse(exe_dir+"openssl.exe")' +$ OPENSSL_CONF := [-]CAtsa.cnf +$ ! Because that's what ../apps/CA.sh really looks at +$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF +$ +$ error: +$ subroutine +$ write sys$error "TSA test failed!" +$ exit 3 +$ endsubroutine +$ +$ setup_dir: +$ subroutine +$ +$ if f$search("tsa.dir") .nes "" +$ then +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endif +$ +$ create/dir [.tsa] +$ set default [.tsa] +$ endsubroutine +$ +$ clean_up_dir: +$ subroutine +$ +$ set default [-] +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endsubroutine +$ +$ create_ca: +$ subroutine +$ +$ write sys$output "Creating a new CA for the TSA tests..." +$ TSDNSECT = "ts_ca_dn" +$ openssl req -new -x509 -nodes - + -out tsaca.pem -keyout tsacakey.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_tsa_cert: +$ subroutine +$ +$ INDEX=p1 +$ EXT=p2 +$ TSDNSECT = "ts_cert_dn" +$ +$ openssl req -new - + -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem +$ if $severity .ne. 1 then call error +$ +$ write sys$output "Using extension ''EXT'" +$ openssl x509 -req - + -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - + "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - + -extfile 'OPENSSL_CONF' -extensions "''EXT'" +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_request: +$ subroutine +$ +$ openssl ts -query -in 'p1' -text +$ endsubroutine +$ +$ create_time_stamp_request1: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - + -cert -out req1.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request2: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - + -no_nonce -out req2.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request3: subroutine +$ +$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_response: +$ subroutine +$ +$ openssl ts -reply -in 'p1' -text +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_response: +$ subroutine +$ +$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ time_stamp_response_token_test: +$ subroutine +$ +$ RESPONSE2:='p2'.copy_tsr +$ TOKEN_DER:='p2'.token_der +$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' +$ if $severity .ne. 1 then call error +$ backup/compare 'RESPONSE2' 'p2' +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'p2' -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -queryfile 'p1' -text -token_out +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data 'p3' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_token: +$ subroutine +$ +$ ! create the token from the response first +$ openssl ts -reply -in 'p2' -out 'p2'.token -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response_fail: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ ! Checks if the verification failed, as it should have. +$ if $severity .eq. 1 then call error +$ write sys$output "Ok" +$ endsubroutine +$ +$ ! Main body ---------------------------------------------------------- +$ +$ write sys$output "Setting up TSA test directory..." +$ call setup_dir +$ +$ write sys$output "Creating CA for TSA tests..." +$ call create_ca +$ +$ write sys$output "Creating tsa_cert1.pem TSA server cert..." +$ call create_tsa_cert 1 "tsa_cert" +$ +$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." +$ call create_tsa_cert 2 "non_tsa_cert" +$ +$ write sys$output "Creating req1.req time stamp request for file testtsa..." +$ call create_time_stamp_request1 +$ +$ write sys$output "Printing req1.req..." +$ call print_request req1.tsq +$ +$ write sys$output "Generating valid response for req1.req..." +$ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1 +$ +$ write sys$output "Printing response..." +$ call print_response resp1.tsr +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com +$ +$ write sys$output "Verifying valid token..." +$ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com +$ +$ ! The tests below are commented out, because invalid signer certificates +$ ! can no longer be specified in the config file. +$ +$ ! write sys$output "Generating _invalid_ response for req1.req..." +$ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 +$ +$ ! write sys$output "Printing response..." +$ ! call print_response resp1_bad.tsr +$ +$ ! write sys$output "Verifying invalid response, it should fail..." +$ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr +$ +$ write sys$output "Creating req2.req time stamp request for file testtsa..." +$ call create_time_stamp_request2 +$ +$ write sys$output "Printing req2.req..." +$ call print_request req2.tsq +$ +$ write sys$output "Generating valid response for req2.req..." +$ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1 +$ +$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." +$ call time_stamp_response_token_test req2.tsq resp2.tsr +$ +$ write sys$output "Printing response..." +$ call print_response resp2.tsr +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail req1.tsq resp2.tsr +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail req2.tsq resp1.tsr +$ +$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." +$ call create_time_stamp_request3 +$ +$ write sys$output "Printing req3.req..." +$ call print_request req3.tsq +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail req3.tsq resp1.tsr +$ +$ write sys$output "Cleaning up..." +$ call clean_up_dir +$ +$ exit diff --git a/lib/libssl/src/tools/Makefile b/lib/libssl/src/tools/Makefile index 4ca835c4af5..bb6fb71f3eb 100644 --- a/lib/libssl/src/tools/Makefile +++ b/lib/libssl/src/tools/Makefile @@ -49,6 +49,7 @@ depend: dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) + rm -f c_rehash clean: rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff diff --git a/lib/libssl/src/util/deltree.com b/lib/libssl/src/util/deltree.com new file mode 100644 index 00000000000..9f36b1a5e9d --- /dev/null +++ b/lib/libssl/src/util/deltree.com @@ -0,0 +1,34 @@ +$! DELTREE.COM +$ +$ call deltree 'p1' +$ exit $status +$ +$ deltree: subroutine ! P1 is a name of a directory +$ on control_y then goto dt_STOP +$ on warning then goto dt_exit +$ _dt_def = f$trnlnm("SYS$DISK")+f$directory() +$ if f$parse(p1) .eqs. "" then exit +$ set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")' +$ p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE") +$ _fp = f$parse(".DIR",p1) +$ dt_loop: +$ _f = f$search(_fp) +$ if _f .eqs. "" then goto dt_loopend +$ call deltree [.'f$parse(_f,,,"NAME")']*.* +$ goto dt_loop +$ dt_loopend: +$ _fp = f$parse(p1,".;*") +$ if f$search(_fp) .eqs. "" then goto dt_exit +$ set noon +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp' +$ set on +$ delete/nolog '_fp' +$ dt_exit: +$ set default '_dt_def' +$ goto dt_end +$ dt_STOP: +$ set default '_dt_def' +$ stop/id="" +$ exit +$ dt_end: +$ endsubroutine diff --git a/lib/libssl/src/util/mkrc.pl b/lib/libssl/src/util/mkrc.pl new file mode 100755 index 00000000000..0ceadcf8d14 --- /dev/null +++ b/lib/libssl/src/util/mkrc.pl @@ -0,0 +1,71 @@ +#!/bin/env perl +# +open FD,"crypto/opensslv.h"; +while(<FD>) { + if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)/i) { + $ver = hex($1); + $v1 = ($ver>>28); + $v2 = ($ver>>20)&0xff; + $v3 = ($ver>>12)&0xff; + $v4 = ($ver>> 4)&0xff; + $beta = $ver&0xf; + $version = "$v1.$v2.$v3"; + if ($beta==0xf) { $version .= chr(ord('a')+$v4-1) if ($v4); } + elsif ($beta==0){ $version .= "-dev"; } + else { $version .= "-beta$beta"; } + last; + } +} +close(FD); + +$filename = $ARGV[0]; $filename =~ /(.*)\.([^.]+)$/; +$basename = $1; +$extname = $2; + +if ($extname =~ /dll/i) { $description = "OpenSSL shared library"; } +else { $description = "OpenSSL application"; } + +print <<___; +#include <winver.h> + +LANGUAGE 0x09,0x01 + +1 VERSIONINFO + FILEVERSION $v1,$v2,$v3,$v4 + PRODUCTVERSION $v1,$v2,$v3,$v4 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x01L +#else + FILEFLAGS 0x00L +#endif + FILEOS VOS__WINDOWS32 + FILETYPE VFT_DLL + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + // Required: + VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" + VALUE "FileDescription", "$description\\0" + VALUE "FileVersion", "$version\\0" + VALUE "InternalName", "$basename\\0" + VALUE "OriginalFilename", "$filename\\0" + VALUE "ProductName", "The OpenSSL Toolkit\\0" + VALUE "ProductVersion", "$version\\0" + // Optional: + //VALUE "Comments", "\\0" + VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + //VALUE "LegalTrademarks", "\\0" + //VALUE "PrivateBuild", "\\0" + //VALUE "SpecialBuild", "\\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 0x4b0 + END +END +___ diff --git a/lib/libssl/src/util/pl/netware.pl b/lib/libssl/src/util/pl/netware.pl index 173c9919f24..c78bcfc8742 100644 --- a/lib/libssl/src/util/pl/netware.pl +++ b/lib/libssl/src/util/pl/netware.pl @@ -131,13 +131,14 @@ else # assembler if ($nw_nasm) { + $asm=(`nasm -v 2>NUL` gt `nasmw -v 2>NUL`?"nasm":"nasmw"); if ($gnuc) { - $asm="nasmw -s -f elf"; + $asm.=" -s -f elf"; } else { - $asm="nasmw -s -f coff"; + $asm.=" -s -f coff -d __coff__"; } $afile="-o "; $asm.=" -g" if $debug; @@ -323,13 +324,16 @@ if (!$no_asm) $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm"; $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}"; $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm"; - $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj}"; - $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm"; + $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj} \$(OBJ_D)${o}sha256-nw${obj} \$(OBJ_D)${o}sha512-nw${obj}"; + $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm crypto${o}sha${o}asm${o}sha256-nw.asm crypto${o}sha${o}asm${o}sha512-nw.asm"; $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}"; $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm"; + $whirlpool_asm_obj="\$(OBJ_D)${o}wp-nw${obj}"; + $whirlpool_asm_src="crypto${o}whrlpool${o}asm${o}wp-nw.asm"; $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}"; $cpuid_asm_src="crypto${o}x86cpuid-nw.asm"; - $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM"; + $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DWHIRLPOOL_ASM"; + $cflags.=" -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"; $cflags.=" -DAES_ASM -DRMD160_ASM"; } else @@ -356,6 +360,8 @@ else $sha1_asm_src=''; $rmd160_asm_obj=''; $rmd160_asm_src=''; + $whirlpool_asm_obj=''; + $whirlpool_asm_src=''; $cpuid_asm_obj=''; $cpuid_asm_src=''; } diff --git a/lib/libssl/src/util/shlib_wrap.sh b/lib/libssl/src/util/shlib_wrap.sh index a2f62d696fa..9416d593d2b 100755 --- a/lib/libssl/src/util/shlib_wrap.sh +++ b/lib/libssl/src/util/shlib_wrap.sh @@ -80,7 +80,7 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then # it into a script makes it possible to do so on multi-ABI # platforms. case "$SYSNAME" in - *BSD) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD + *BSD|QNX) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD, QNX *) LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;; # SunOS, Linux, ELF HP-UX esac _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX @@ -88,4 +88,6 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES fi -exec "$@" +cmd="$1${EXE_EXT}" +shift +exec "$cmd" "$@" |